Momentum-Apps/lib/wolfssl/wolfcrypt/src/sp_cortexm.c

/* sp.c
 *
 * Copyright (C) 2006-2023 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

/* Implementation by Sean Parkinson. */

#ifdef HAVE_CONFIG_H
    #include <config.h>
#endif

#include <wolfssl/wolfcrypt/settings.h>

#if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \
    defined(WOLFSSL_HAVE_SP_ECC)

#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/cpuid.h>
#ifdef NO_INLINE
    #include <wolfssl/wolfcrypt/misc.h>
#else
    #define WOLFSSL_MISC_INCLUDED
    #include <wolfcrypt/src/misc.c>
#endif

#ifdef RSA_LOW_MEM
#ifndef WOLFSSL_SP_SMALL
#define WOLFSSL_SP_SMALL
#endif
#endif

#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
#undef WOLFSSL_SP_SMALL_STACK
#define WOLFSSL_SP_SMALL_STACK
#endif

#include <wolfssl/wolfcrypt/sp.h>

#ifdef __IAR_SYSTEMS_ICC__
#define __asm__        asm
#define __volatile__   volatile
#define WOLFSSL_NO_VAR_ASSIGN_REG
#endif /* __IAR_SYSTEMS_ICC__ */
#ifdef __KEIL__
#define __asm__        __asm
#define __volatile__   volatile
#endif

#ifdef WOLFSSL_SP_ARM_CORTEX_M_ASM
#define SP_PRINT_NUM(var, name, total, words, bits)         \
    do {                                                    \
        int ii;                                             \
        fprintf(stderr, name "=0x");                        \
        for (ii = ((bits + 31) / 32) - 1; ii >= 0; ii--)    \
            fprintf(stderr, SP_PRINT_FMT, (var)[ii]);       \
        fprintf(stderr, "\n");                              \
    } while (0)

#define SP_PRINT_VAL(var, name)                             \
    fprintf(stderr, name "=0x" SP_PRINT_FMT "\n", var)

#define SP_PRINT_INT(var, name)                             \
    fprintf(stderr, name "=%d\n", var)

#if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)
#ifndef WOLFSSL_SP_NO_2048
/* Read big endian unsigned byte array into r.
 *
 * r  A single precision integer.
 * size  Maximum number of bytes to convert
 * a  Byte array.
 * n  Number of bytes in array to read.
 */
static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n)
{
    int i;
    int j;
    byte* d;

    for (i = n - 1,j = 0; i >= 3; i -= 4) {
        r[j]  = ((sp_digit)a[i - 0] <<  0) |
                ((sp_digit)a[i - 1] <<  8) |
                ((sp_digit)a[i - 2] << 16) |
                ((sp_digit)a[i - 3] << 24);
        j++;
    }

    if (i >= 0) {
        r[j] = 0;

        d = (byte*)r;
        switch (i) {
            case 2: d[n - 1 - 2] = a[2]; //fallthrough
            case 1: d[n - 1 - 1] = a[1]; //fallthrough
            case 0: d[n - 1 - 0] = a[0]; //fallthrough
        }
        j++;
    }

    for (; j < size; j++) {
        r[j] = 0;
    }
}

/* Convert an mp_int to an array of sp_digit.
 *
 * r  A single precision integer.
 * size  Maximum number of bytes to convert
 * a  A multi-precision integer.
 */
static void sp_2048_from_mp(sp_digit* r, int size, const mp_int* a)
{
#if DIGIT_BIT == 32
    int i;
    sp_digit j = (sp_digit)0 - (sp_digit)a->used;
    int o = 0;

    for (i = 0; i < size; i++) {
        sp_digit mask = (sp_digit)0 - (j >> 31);
        r[i] = a->dp[o] & mask;
        j++;
        o += (int)(j >> 31);
    }
#elif DIGIT_BIT > 32
    unsigned int i;
    int j = 0;
    word32 s = 0;

    r[0] = 0;
    for (i = 0; i < (unsigned int)a->used && j < size; i++) {
        r[j] |= ((sp_digit)a->dp[i] << s);
        r[j] &= 0xffffffff;
        s = 32U - s;
        if (j + 1 >= size) {
            break;
        }
        /* lint allow cast of mismatch word32 and mp_digit */
        r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
        while ((s + 32U) <= (word32)DIGIT_BIT) {
            s += 32U;
            r[j] &= 0xffffffff;
            if (j + 1 >= size) {
                break;
            }
            if (s < (word32)DIGIT_BIT) {
                /* lint allow cast of mismatch word32 and mp_digit */
                r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
            }
            else {
                r[++j] = (sp_digit)0;
            }
        }
        s = (word32)DIGIT_BIT - s;
    }

    for (j++; j < size; j++) {
        r[j] = 0;
    }
#else
    unsigned int i;
    int j = 0;
    int s = 0;

    r[0] = 0;
    for (i = 0; i < (unsigned int)a->used && j < size; i++) {
        r[j] |= ((sp_digit)a->dp[i]) << s;
        if (s + DIGIT_BIT >= 32) {
            r[j] &= 0xffffffff;
            if (j + 1 >= size) {
                break;
            }
            s = 32 - s;
            if (s == DIGIT_BIT) {
                r[++j] = 0;
                s = 0;
            }
            else {
                r[++j] = a->dp[i] >> s;
                s = DIGIT_BIT - s;
            }
        }
        else {
            s += DIGIT_BIT;
        }
    }

    for (j++; j < size; j++) {
        r[j] = 0;
    }
#endif
}

/* Write r as big endian to byte array.
 * Fixed length number of bytes written: 256
 *
 * r  A single precision integer.
 * a  Byte array.
 */
static void sp_2048_to_bin_64(sp_digit* r, byte* a)
{
    int i;
    int j = 0;

    for (i = 63; i >= 0; i--) {
        a[j++] = r[i] >> 24;
        a[j++] = r[i] >> 16;
        a[j++] = r[i] >> 8;
        a[j++] = r[i] >> 0;
    }
}

#if (defined(WOLFSSL_HAVE_SP_RSA) && (!defined(WOLFSSL_RSA_PUBLIC_ONLY) || !defined(WOLFSSL_SP_SMALL))) || defined(WOLFSSL_HAVE_SP_DH)
/* Normalize the values in each word to 32.
 *
 * a  Array of sp_digit to normalize.
 */
#define sp_2048_norm_64(a)

#endif /* (WOLFSSL_HAVE_SP_RSA && (!WOLFSSL_RSA_PUBLIC_ONLY || !WOLFSSL_SP_SMALL)) || WOLFSSL_HAVE_SP_DH */
/* Normalize the values in each word to 32.
 *
 * a  Array of sp_digit to normalize.
 */
#define sp_2048_norm_64(a)

#ifndef WOLFSSL_SP_SMALL
#ifdef WOLFSSL_SP_NO_UMAAL
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x24\n\t"
        "STR	%[r], [sp, #32]\n\t"
        "MOV	%[r], #0x0\n\t"
        "LDR	r12, [%[a]]\n\t"
        /* A[0] * B[0] */
        "LDR	lr, [%[b]]\n\t"
        "UMULL	r3, r4, r12, lr\n\t"
        /* A[0] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "UMULL	r5, r6, r12, lr\n\t"
        /* A[0] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "UMULL	r7, r8, r12, lr\n\t"
        /* A[0] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "UMULL	r9, r10, r12, lr\n\t"
        "STR	r3, [sp]\n\t"
        /* A[0] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "MOV	r11, %[r]\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[0] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADCS	r6, r6, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[0] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADCS	r8, r8, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[0] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADCS	r10, r10, #0x0\n\t"
        "ADC	r3, %[r], #0x0\n\t"
        "UMLAL	r10, r3, r12, lr\n\t"
        /* A[1] * B[0] */
        "LDR	r12, [%[a], #4]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "STR	r4, [sp, #4]\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[1] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[1] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[1] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[1] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[1] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[1] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[1] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r4, %[r], #0x0\n\t"
        "UMLAL	r3, r4, r12, lr\n\t"
        /* A[2] * B[0] */
        "LDR	r12, [%[a], #8]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "STR	r5, [sp, #8]\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[2] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[2] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[2] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[2] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[2] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[2] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[2] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r5, %[r], #0x0\n\t"
        "UMLAL	r4, r5, r12, lr\n\t"
        /* A[3] * B[0] */
        "LDR	r12, [%[a], #12]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "STR	r6, [sp, #12]\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[3] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[3] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[3] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[3] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[3] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[3] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[3] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r6, %[r], #0x0\n\t"
        "UMLAL	r5, r6, r12, lr\n\t"
        /* A[4] * B[0] */
        "LDR	r12, [%[a], #16]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "STR	r7, [sp, #16]\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[4] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[4] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[4] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[4] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[4] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[4] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[4] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r7, %[r], #0x0\n\t"
        "UMLAL	r6, r7, r12, lr\n\t"
        /* A[5] * B[0] */
        "LDR	r12, [%[a], #20]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "STR	r8, [sp, #20]\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[5] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[5] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[5] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[5] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[5] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[5] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[5] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r8, %[r], #0x0\n\t"
        "UMLAL	r7, r8, r12, lr\n\t"
        /* A[6] * B[0] */
        "LDR	r12, [%[a], #24]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "STR	r9, [sp, #24]\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[6] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[6] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[6] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[6] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[6] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[6] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[6] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r9, %[r], #0x0\n\t"
        "UMLAL	r8, r9, r12, lr\n\t"
        /* A[7] * B[0] */
        "LDR	r12, [%[a], #28]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "STR	r10, [sp, #28]\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[7] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[7] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[7] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[7] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[7] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[7] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[7] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r10, %[r], #0x0\n\t"
        "UMLAL	r9, r10, r12, lr\n\t"
        "LDR	%[r], [sp, #32]\n\t"
        "ADD	%[r], %[r], #0x20\n\t"
        "STM	%[r], {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "LDM	sp, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "SUB	%[r], %[r], #0x20\n\t"
        "STM	%[r], {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "ADD	sp, sp, #0x24\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
}

#else
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x2c\n\t"
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
        "STRD	%[r], %[a], [sp, #36]\n\t"
#else
        "STR	%[r], [sp, #36]\n\t"
        "STR	%[a], [sp, #40]\n\t"
#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
        "MOV	lr, %[b]\n\t"
        "LDM	%[a], {r0, r1, r2, r3}\n\t"
        "LDM	lr!, {r4, r5, r6}\n\t"
        "UMULL	r10, r11, r0, r4\n\t"
        "UMULL	r12, r7, r1, r4\n\t"
        "UMAAL	r11, r12, r0, r5\n\t"
        "UMULL	r8, r9, r2, r4\n\t"
        "UMAAL	r12, r8, r1, r5\n\t"
        "UMAAL	r12, r7, r0, r6\n\t"
        "UMAAL	r8, r9, r3, r4\n\t"
        "STM	sp, {r10, r11, r12}\n\t"
        "UMAAL	r7, r8, r2, r5\n\t"
        "LDM	lr!, {r4}\n\t"
        "UMULL	r10, r11, r1, r6\n\t"
        "UMAAL	r8, r9, r2, r6\n\t"
        "UMAAL	r7, r10, r0, r4\n\t"
        "UMAAL	r8, r11, r3, r5\n\t"
        "STR	r7, [sp, #12]\n\t"
        "UMAAL	r8, r10, r1, r4\n\t"
        "UMAAL	r9, r11, r3, r6\n\t"
        "UMAAL	r9, r10, r2, r4\n\t"
        "UMAAL	r10, r11, r3, r4\n\t"
        "LDM	lr, {r4, r5, r6, r7}\n\t"
        "MOV	r12, #0x0\n\t"
        "UMLAL	r8, r12, r0, r4\n\t"
        "UMAAL	r9, r12, r1, r4\n\t"
        "UMAAL	r10, r12, r2, r4\n\t"
        "UMAAL	r11, r12, r3, r4\n\t"
        "MOV	r4, #0x0\n\t"
        "UMLAL	r9, r4, r0, r5\n\t"
        "UMAAL	r10, r4, r1, r5\n\t"
        "UMAAL	r11, r4, r2, r5\n\t"
        "UMAAL	r12, r4, r3, r5\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r0, r6\n\t"
        "UMAAL	r11, r5, r1, r6\n\t"
        "UMAAL	r12, r5, r2, r6\n\t"
        "UMAAL	r4, r5, r3, r6\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r11, r6, r0, r7\n\t"
        "LDR	r0, [sp, #40]\n\t"
        "UMAAL	r12, r6, r1, r7\n\t"
        "ADD	r0, r0, #0x10\n\t"
        "UMAAL	r4, r6, r2, r7\n\t"
        "SUB	lr, lr, #0x10\n\t"
        "UMAAL	r5, r6, r3, r7\n\t"
        "LDM	r0, {r0, r1, r2, r3}\n\t"
        "STR	r6, [sp, #32]\n\t"
        "LDM	lr!, {r6}\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r8, r7, r0, r6\n\t"
        "UMAAL	r9, r7, r1, r6\n\t"
        "STR	r8, [sp, #16]\n\t"
        "UMAAL	r10, r7, r2, r6\n\t"
        "UMAAL	r11, r7, r3, r6\n\t"
        "LDM	lr!, {r6}\n\t"
        "MOV	r8, #0x0\n\t"
        "UMLAL	r9, r8, r0, r6\n\t"
        "UMAAL	r10, r8, r1, r6\n\t"
        "STR	r9, [sp, #20]\n\t"
        "UMAAL	r11, r8, r2, r6\n\t"
        "UMAAL	r12, r8, r3, r6\n\t"
        "LDM	lr!, {r6}\n\t"
        "MOV	r9, #0x0\n\t"
        "UMLAL	r10, r9, r0, r6\n\t"
        "UMAAL	r11, r9, r1, r6\n\t"
        "STR	r10, [sp, #24]\n\t"
        "UMAAL	r12, r9, r2, r6\n\t"
        "UMAAL	r4, r9, r3, r6\n\t"
        "LDM	lr!, {r6}\n\t"
        "MOV	r10, #0x0\n\t"
        "UMLAL	r11, r10, r0, r6\n\t"
        "UMAAL	r12, r10, r1, r6\n\t"
        "STR	r11, [sp, #28]\n\t"
        "UMAAL	r4, r10, r2, r6\n\t"
        "UMAAL	r5, r10, r3, r6\n\t"
        "LDM	lr!, {r11}\n\t"
        "UMAAL	r12, r7, r0, r11\n\t"
        "UMAAL	r4, r7, r1, r11\n\t"
        "LDR	r6, [sp, #32]\n\t"
        "UMAAL	r5, r7, r2, r11\n\t"
        "UMAAL	r6, r7, r3, r11\n\t"
        "LDM	lr!, {r11}\n\t"
        "UMAAL	r4, r8, r0, r11\n\t"
        "UMAAL	r5, r8, r1, r11\n\t"
        "UMAAL	r6, r8, r2, r11\n\t"
        "UMAAL	r7, r8, r3, r11\n\t"
        "LDM	lr, {r11, lr}\n\t"
        "UMAAL	r5, r9, r0, r11\n\t"
        "UMAAL	r6, r10, r0, lr\n\t"
        "UMAAL	r6, r9, r1, r11\n\t"
        "UMAAL	r7, r10, r1, lr\n\t"
        "UMAAL	r7, r9, r2, r11\n\t"
        "UMAAL	r8, r10, r2, lr\n\t"
        "UMAAL	r8, r9, r3, r11\n\t"
        "UMAAL	r9, r10, r3, lr\n\t"
        "MOV	r3, r12\n\t"
        "LDR	lr, [sp, #36]\n\t"
        "ADD	lr, lr, #0x20\n\t"
        "STM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "SUB	lr, lr, #0x20\n\t"
        "LDM	sp, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "STM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "ADD	sp, sp, #0x2c\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc"
    );
}

#endif /* WOLFSSL_SP_NO_UMAAL */
/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADDS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "MOV	%[r], #0x0\n\t"
        "ADC	%[r], %[r], #0x0\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer and result.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_sub_in_place_16(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_2048_sub_in_place_16(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SUBS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	%[a], r9, r9\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_2048_add_16(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADDS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "MOV	%[r], #0x0\n\t"
        "ADC	%[r], %[r], #0x0\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* AND m into each word of a and store in r.
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * m  Mask to AND against each digit.
 */
static void sp_2048_mask_8(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
    int i;

    for (i=0; i<8; i++) {
        r[i] = a[i] & m;
    }
#else
    r[0] = a[0] & m;
    r[1] = a[1] & m;
    r[2] = a[2] & m;
    r[3] = a[3] & m;
    r[4] = a[4] & m;
    r[5] = a[5] & m;
    r[6] = a[6] & m;
    r[7] = a[7] & m;
#endif
}

/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
SP_NOINLINE static void sp_2048_mul_16(sp_digit* r, const sp_digit* a,
        const sp_digit* b)
{
    sp_digit* z0 = r;
    sp_digit z1[16];
    sp_digit a1[8];
    sp_digit b1[8];
    sp_digit* z2 = r + 16;
    sp_digit u;
    sp_digit ca;
    sp_digit cb;

    ca = sp_2048_add_8(a1, a, &a[8]);
    cb = sp_2048_add_8(b1, b, &b[8]);
    u  = ca & cb;

    sp_2048_mul_8(z2, &a[8], &b[8]);
    sp_2048_mul_8(z0, a, b);
    sp_2048_mul_8(z1, a1, b1);

    u += sp_2048_sub_in_place_16(z1, z0);
    u += sp_2048_sub_in_place_16(z1, z2);
    sp_2048_mask_8(a1, a1, 0 - cb);
    u += sp_2048_add_8(z1 + 8, z1 + 8, a1);
    sp_2048_mask_8(b1, b1, 0 - ca);
    u += sp_2048_add_8(z1 + 8, z1 + 8, b1);

    u += sp_2048_add_16(r + 8, r + 8, z1);
    XMEMSET(a1 + 1, 0, sizeof(sp_digit) * (8 - 1));
    a1[0] = u;
    (void)sp_2048_add_8(r + 24, r + 24, a1);
}

/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer and result.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SUBS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	%[a], r9, r9\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADDS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "MOV	%[r], #0x0\n\t"
        "ADC	%[r], %[r], #0x0\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* AND m into each word of a and store in r.
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * m  Mask to AND against each digit.
 */
static void sp_2048_mask_16(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
    int i;

    for (i=0; i<16; i++) {
        r[i] = a[i] & m;
    }
#else
    int i;

    for (i = 0; i < 16; i += 8) {
        r[i+0] = a[i+0] & m;
        r[i+1] = a[i+1] & m;
        r[i+2] = a[i+2] & m;
        r[i+3] = a[i+3] & m;
        r[i+4] = a[i+4] & m;
        r[i+5] = a[i+5] & m;
        r[i+6] = a[i+6] & m;
        r[i+7] = a[i+7] & m;
    }
#endif
}

/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
SP_NOINLINE static void sp_2048_mul_32(sp_digit* r, const sp_digit* a,
        const sp_digit* b)
{
    sp_digit* z0 = r;
    sp_digit z1[32];
    sp_digit a1[16];
    sp_digit b1[16];
    sp_digit* z2 = r + 32;
    sp_digit u;
    sp_digit ca;
    sp_digit cb;

    ca = sp_2048_add_16(a1, a, &a[16]);
    cb = sp_2048_add_16(b1, b, &b[16]);
    u  = ca & cb;

    sp_2048_mul_16(z2, &a[16], &b[16]);
    sp_2048_mul_16(z0, a, b);
    sp_2048_mul_16(z1, a1, b1);

    u += sp_2048_sub_in_place_32(z1, z0);
    u += sp_2048_sub_in_place_32(z1, z2);
    sp_2048_mask_16(a1, a1, 0 - cb);
    u += sp_2048_add_16(z1 + 16, z1 + 16, a1);
    sp_2048_mask_16(b1, b1, 0 - ca);
    u += sp_2048_add_16(z1 + 16, z1 + 16, b1);

    u += sp_2048_add_32(r + 16, r + 16, z1);
    XMEMSET(a1 + 1, 0, sizeof(sp_digit) * (16 - 1));
    a1[0] = u;
    (void)sp_2048_add_16(r + 48, r + 48, a1);
}

/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer and result.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SUBS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	%[a], r9, r9\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADDS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "MOV	%[r], #0x0\n\t"
        "ADC	%[r], %[r], #0x0\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* AND m into each word of a and store in r.
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * m  Mask to AND against each digit.
 */
static void sp_2048_mask_32(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
    int i;

    for (i=0; i<32; i++) {
        r[i] = a[i] & m;
    }
#else
    int i;

    for (i = 0; i < 32; i += 8) {
        r[i+0] = a[i+0] & m;
        r[i+1] = a[i+1] & m;
        r[i+2] = a[i+2] & m;
        r[i+3] = a[i+3] & m;
        r[i+4] = a[i+4] & m;
        r[i+5] = a[i+5] & m;
        r[i+6] = a[i+6] & m;
        r[i+7] = a[i+7] & m;
    }
#endif
}

/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
SP_NOINLINE static void sp_2048_mul_64(sp_digit* r, const sp_digit* a,
        const sp_digit* b)
{
    sp_digit* z0 = r;
    sp_digit z1[64];
    sp_digit a1[32];
    sp_digit b1[32];
    sp_digit* z2 = r + 64;
    sp_digit u;
    sp_digit ca;
    sp_digit cb;

    ca = sp_2048_add_32(a1, a, &a[32]);
    cb = sp_2048_add_32(b1, b, &b[32]);
    u  = ca & cb;

    sp_2048_mul_32(z2, &a[32], &b[32]);
    sp_2048_mul_32(z0, a, b);
    sp_2048_mul_32(z1, a1, b1);

    u += sp_2048_sub_in_place_64(z1, z0);
    u += sp_2048_sub_in_place_64(z1, z2);
    sp_2048_mask_32(a1, a1, 0 - cb);
    u += sp_2048_add_32(z1 + 32, z1 + 32, a1);
    sp_2048_mask_32(b1, b1, 0 - ca);
    u += sp_2048_add_32(z1 + 32, z1 + 32, b1);

    u += sp_2048_add_64(r + 32, r + 32, z1);
    XMEMSET(a1 + 1, 0, sizeof(sp_digit) * (32 - 1));
    a1[0] = u;
    (void)sp_2048_add_32(r + 96, r + 96, a1);
}

#ifdef WOLFSSL_SP_NO_UMAAL
/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p)
#else
SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x44\n\t"
        "STR	%[r], [sp, #64]\n\t"
        "MOV	%[r], #0x0\n\t"
        "LDR	r12, [%[a]]\n\t"
        /* A[0] * A[1] */
        "LDR	lr, [%[a], #4]\n\t"
        "UMULL	r4, r5, r12, lr\n\t"
        /* A[0] * A[3] */
        "LDR	lr, [%[a], #12]\n\t"
        "UMULL	r6, r7, r12, lr\n\t"
        /* A[0] * A[5] */
        "LDR	lr, [%[a], #20]\n\t"
        "UMULL	r8, r9, r12, lr\n\t"
        /* A[0] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "UMULL	r10, r3, r12, lr\n\t"
        /* A[0] * A[2] */
        "LDR	lr, [%[a], #8]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[0] * A[4] */
        "LDR	lr, [%[a], #16]\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[0] * A[6] */
        "LDR	lr, [%[a], #24]\n\t"
        "ADCS	r9, r9, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #4]\n\t"
        "STR	r5, [sp, #8]\n\t"
        /* A[1] * A[2] */
        "LDR	r12, [%[a], #4]\n\t"
        "LDR	lr, [%[a], #8]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "STR	r6, [sp, #12]\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[1] * A[3] */
        "LDR	lr, [%[a], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "STR	r7, [sp, #16]\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[1] * A[4] */
        "LDR	lr, [%[a], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[1] * A[5] */
        "LDR	lr, [%[a], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[1] * A[6] */
        "LDR	lr, [%[a], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[1] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "ADC	r4, %[r], #0x0\n\t"
        "UMLAL	r3, r4, r12, lr\n\t"
        /* A[2] * A[3] */
        "LDR	r12, [%[a], #8]\n\t"
        "LDR	lr, [%[a], #12]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "STR	r8, [sp, #20]\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[2] * A[4] */
        "LDR	lr, [%[a], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "STR	r9, [sp, #24]\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[2] * A[5] */
        "LDR	lr, [%[a], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[2] * A[6] */
        "LDR	lr, [%[a], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[2] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "ADC	r5, %[r], #0x0\n\t"
        "UMLAL	r4, r5, r12, lr\n\t"
        /* A[3] * A[4] */
        "LDR	r12, [%[a], #12]\n\t"
        "LDR	lr, [%[a], #16]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "STR	r10, [sp, #28]\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[3] * A[5] */
        "LDR	lr, [%[a], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[3] * A[6] */
        "LDR	lr, [%[a], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[3] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "ADC	r6, %[r], #0x0\n\t"
        "UMLAL	r5, r6, r12, lr\n\t"
        /* A[4] * A[5] */
        "LDR	r12, [%[a], #16]\n\t"
        "LDR	lr, [%[a], #20]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[4] * A[6] */
        "LDR	lr, [%[a], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[4] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "ADC	r7, %[r], #0x0\n\t"
        "UMLAL	r6, r7, r12, lr\n\t"
        /* A[5] * A[6] */
        "LDR	r12, [%[a], #20]\n\t"
        "LDR	lr, [%[a], #24]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[5] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "ADC	r8, %[r], #0x0\n\t"
        "UMLAL	r7, r8, r12, lr\n\t"
        /* A[6] * A[7] */
        "LDR	r12, [%[a], #24]\n\t"
        "LDR	lr, [%[a], #28]\n\t"
        "MOV	r9, #0x0\n\t"
        "UMLAL	r8, r9, r12, lr\n\t"
        "ADD	lr, sp, #0x20\n\t"
        "STM	lr, {r3, r4, r5, r6, r7, r8, r9}\n\t"
        "ADD	lr, sp, #0x4\n\t"
        "LDM	lr, {r4, r5, r6, r7, r8, r9, r10}\n\t"
        "ADDS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "STM	lr!, {r4, r5, r6, r7, r8, r9, r10}\n\t"
        "LDM	lr, {r3, r4, r5, r6, r7, r8, r9}\n\t"
        "ADCS	r3, r3, r3\n\t"
        "ADCS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADC	r10, %[r], #0x0\n\t"
        "STM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "ADD	lr, sp, #0x4\n\t"
        "LDM	lr, {r4, r5, r6, r7, r8, r9, r10}\n\t"
        "MOV	lr, sp\n\t"
        /* A[0] * A[0] */
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r3, r11, r12, r12\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[1] * A[1] */
        "LDR	r12, [%[a], #4]\n\t"
        "ADCS	r5, r5, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, r12\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[2] * A[2] */
        "LDR	r12, [%[a], #8]\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, r12\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[3] * A[3] */
        "LDR	r12, [%[a], #12]\n\t"
        "ADCS	r9, r9, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, r12\n\t"
        "ADDS	r10, r10, r11\n\t"
        "STM	lr!, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "LDM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        /* A[4] * A[4] */
        "LDR	r12, [%[a], #16]\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, r12\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[5] * A[5] */
        "LDR	r12, [%[a], #20]\n\t"
        "ADCS	r5, r5, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, r12\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[6] * A[6] */
        "LDR	r12, [%[a], #24]\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, r12\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[7] * A[7] */
        "LDR	r12, [%[a], #28]\n\t"
        "ADCS	r9, r9, #0x0\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "UMLAL	r9, r10, r12, r12\n\t"
        "LDR	%[r], [sp, #64]\n\t"
        "ADD	%[r], %[r], #0x20\n\t"
        "STM	%[r], {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "LDM	sp, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "SUB	%[r], %[r], #0x20\n\t"
        "STM	%[r], {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "ADD	sp, sp, #0x44\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
}

#else
/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p)
#else
SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x20\n\t"
        "STR	%[r], [sp, #28]\n\t"
        "LDM	%[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
        "UMULL	r9, r10, r0, r0\n\t"
        "UMULL	r11, r12, r0, r1\n\t"
        "ADDS	r11, r11, r11\n\t"
        "MOV	lr, #0x0\n\t"
        "UMAAL	r10, r11, lr, lr\n\t"
        "STM	sp, {r9, r10}\n\t"
        "MOV	r8, lr\n\t"
        "UMAAL	r8, r12, r0, r2\n\t"
        "ADCS	r8, r8, r8\n\t"
        "UMAAL	r8, r11, r1, r1\n\t"
        "UMULL	r9, r10, r0, r3\n\t"
        "UMAAL	r9, r12, r1, r2\n\t"
        "ADCS	r9, r9, r9\n\t"
        "UMAAL	r9, r11, lr, lr\n\t"
        "STRD	r8, r9, [sp, #8]\n\t"
        "MOV	r9, lr\n\t"
        "UMAAL	r9, r10, r0, r4\n\t"
        "UMAAL	r9, r12, r1, r3\n\t"
        "ADCS	r9, r9, r9\n\t"
        "UMAAL	r9, r11, r2, r2\n\t"
        "STR	r9, [sp, #16]\n\t"
        "UMULL	r9, r8, r0, r5\n\t"
        "UMAAL	r9, r12, r1, r4\n\t"
        "UMAAL	r9, r10, r2, r3\n\t"
        "ADCS	r9, r9, r9\n\t"
        "UMAAL	r9, r11, lr, lr\n\t"
        "STR	r9, [sp, #20]\n\t"
        "MOV	r9, lr\n\t"
        "UMAAL	r9, r8, r0, r6\n\t"
        "UMAAL	r9, r12, r1, r5\n\t"
        "UMAAL	r9, r10, r2, r4\n\t"
        "ADCS	r9, r9, r9\n\t"
        "UMAAL	r9, r11, r3, r3\n\t"
        "STR	r9, [sp, #24]\n\t"
        "UMULL	r0, r9, r0, r7\n\t"
        "UMAAL	r0, r8, r1, r6\n\t"
        "UMAAL	r0, r12, r2, r5\n\t"
        "UMAAL	r0, r10, r3, r4\n\t"
        "ADCS	r0, r0, r0\n\t"
        "UMAAL	r0, r11, lr, lr\n\t"
        /* R[7] = r0 */
        "UMAAL	r9, r8, r1, r7\n\t"
        "UMAAL	r9, r10, r2, r6\n\t"
        "UMAAL	r12, r9, r3, r5\n\t"
        "ADCS	r12, r12, r12\n\t"
        "UMAAL	r12, r11, r4, r4\n\t"
        /* R[8] = r12 */
        "UMAAL	r9, r8, r2, r7\n\t"
        "UMAAL	r10, r9, r3, r6\n\t"
        "MOV	r2, lr\n\t"
        "UMAAL	r10, r2, r4, r5\n\t"
        "ADCS	r10, r10, r10\n\t"
        "UMAAL	r11, r10, lr, lr\n\t"
        /* R[9] = r11 */
        "UMAAL	r2, r8, r3, r7\n\t"
        "UMAAL	r2, r9, r4, r6\n\t"
        "ADCS	r3, r2, r2\n\t"
        "UMAAL	r10, r3, r5, r5\n\t"
        /* R[10] = r10 */
        "MOV	r1, lr\n\t"
        "UMAAL	r1, r8, r4, r7\n\t"
        "UMAAL	r1, r9, r5, r6\n\t"
        "ADCS	r4, r1, r1\n\t"
        "UMAAL	r3, r4, lr, lr\n\t"
        /* R[11] = r3 */
        "UMAAL	r8, r9, r5, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "UMAAL	r4, r8, r6, r6\n\t"
        /* R[12] = r4 */
        "MOV	r5, lr\n\t"
        "UMAAL	r5, r9, r6, r7\n\t"
        "ADCS	r5, r5, r5\n\t"
        "UMAAL	r8, r5, lr, lr\n\t"
        /* R[13] = r8 */
        "ADCS	r9, r9, r9\n\t"
        "UMAAL	r9, r5, r7, r7\n\t"
        "ADCS	r7, r5, lr\n\t"
        /* R[14] = r9 */
        /* R[15] = r7 */
        "LDR	lr, [sp, #28]\n\t"
        "ADD	lr, lr, #0x1c\n\t"
        "STM	lr!, {r0, r12}\n\t"
        "STM	lr!, {r11}\n\t"
        "STM	lr!, {r10}\n\t"
        "STM	lr!, {r3, r4, r8, r9}\n\t"
        "STM	lr!, {r7}\n\t"
        "SUB	lr, lr, #0x40\n\t"
        "LDM	sp, {r0, r1, r2, r3, r4, r5, r6}\n\t"
        "STM	lr, {r0, r1, r2, r3, r4, r5, r6}\n\t"
        "ADD	sp, sp, #0x20\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
}

#endif /* WOLFSSL_SP_NO_UMAAL */
/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_2048_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SUBS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	%[r], r6, r6\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
SP_NOINLINE static void sp_2048_sqr_16(sp_digit* r, const sp_digit* a)
{
    sp_digit* z0 = r;
    sp_digit* z2 = r + 16;
    sp_digit z1[16];
    sp_digit* a1 = z1;
    sp_digit zero[8];
    sp_digit u;
    sp_digit mask;
    sp_digit* p1;
    sp_digit* p2;

    XMEMSET(zero, 0, sizeof(sp_digit) * 8);

    mask = sp_2048_sub_8(a1, a, &a[8]);
    p1 = (sp_digit*)(((sp_digit)zero &   mask ) | ((sp_digit)a1 & (~mask)));
    p2 = (sp_digit*)(((sp_digit)zero & (~mask)) | ((sp_digit)a1 &   mask ));
    (void)sp_2048_sub_8(a1, p1, p2);

    sp_2048_sqr_8(z2, &a[8]);
    sp_2048_sqr_8(z0, a);
    sp_2048_sqr_8(z1, a1);

    u = 0;
    u -= sp_2048_sub_in_place_16(z1, z2);
    u -= sp_2048_sub_in_place_16(z1, z0);
    u += sp_2048_sub_in_place_16(r + 8, z1);
    zero[0] = u;
    (void)sp_2048_add_8(r + 24, r + 24, zero);
}

/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_2048_sub_16(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SUBS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	%[r], r6, r6\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
SP_NOINLINE static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a)
{
    sp_digit* z0 = r;
    sp_digit* z2 = r + 32;
    sp_digit z1[32];
    sp_digit* a1 = z1;
    sp_digit zero[16];
    sp_digit u;
    sp_digit mask;
    sp_digit* p1;
    sp_digit* p2;

    XMEMSET(zero, 0, sizeof(sp_digit) * 16);

    mask = sp_2048_sub_16(a1, a, &a[16]);
    p1 = (sp_digit*)(((sp_digit)zero &   mask ) | ((sp_digit)a1 & (~mask)));
    p2 = (sp_digit*)(((sp_digit)zero & (~mask)) | ((sp_digit)a1 &   mask ));
    (void)sp_2048_sub_16(a1, p1, p2);

    sp_2048_sqr_16(z2, &a[16]);
    sp_2048_sqr_16(z0, a);
    sp_2048_sqr_16(z1, a1);

    u = 0;
    u -= sp_2048_sub_in_place_32(z1, z2);
    u -= sp_2048_sub_in_place_32(z1, z0);
    u += sp_2048_sub_in_place_32(r + 16, z1);
    zero[0] = u;
    (void)sp_2048_add_16(r + 48, r + 48, zero);
}

/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_2048_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SUBS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	%[r], r6, r6\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
SP_NOINLINE static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a)
{
    sp_digit* z0 = r;
    sp_digit* z2 = r + 64;
    sp_digit z1[64];
    sp_digit* a1 = z1;
    sp_digit zero[32];
    sp_digit u;
    sp_digit mask;
    sp_digit* p1;
    sp_digit* p2;

    XMEMSET(zero, 0, sizeof(sp_digit) * 32);

    mask = sp_2048_sub_32(a1, a, &a[32]);
    p1 = (sp_digit*)(((sp_digit)zero &   mask ) | ((sp_digit)a1 & (~mask)));
    p2 = (sp_digit*)(((sp_digit)zero & (~mask)) | ((sp_digit)a1 &   mask ));
    (void)sp_2048_sub_32(a1, p1, p2);

    sp_2048_sqr_32(z2, &a[32]);
    sp_2048_sqr_32(z0, a);
    sp_2048_sqr_32(z1, a1);

    u = 0;
    u -= sp_2048_sub_in_place_64(z1, z2);
    u -= sp_2048_sub_in_place_64(z1, z0);
    u += sp_2048_sub_in_place_64(r + 32, z1);
    zero[0] = u;
    (void)sp_2048_add_32(r + 96, r + 96, zero);
}

#endif /* !WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r3, #0x0\n\t"
        "ADD	r12, %[a], #0x100\n\t"
        "\n"
    "L_sp_2048_add_64_word:\n\t"
        "ADDS	r3, r3, #0xffffffff\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r3, r4, #0x0\n\t"
        "CMP	%[a], r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_2048_add_64_word\n\t"
#else
        "BNE.N	L_sp_2048_add_64_word\n\t"
#endif
        "MOV	%[r], r3\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r10, #0x0\n\t"
        "ADD	r11, %[a], #0x100\n\t"
        "\n"
    "L_sp_2048_sub_in_pkace_64_word:\n\t"
        "RSBS	r10, r10, #0x0\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	r10, r10, r10\n\t"
        "CMP	%[a], r11\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_2048_sub_in_pkace_64_word\n\t"
#else
        "BNE.N	L_sp_2048_sub_in_pkace_64_word\n\t"
#endif
        "MOV	%[a], r10\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
    );
    return (uint32_t)(size_t)a;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_2048_mul_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x200\n\t"
        "LDR	lr, [%[a]]\n\t"
        "LDR	r11, [%[b]]\n\t"
        "UMULL	r8, r6, lr, r11\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_2048_mul_64_outer:\n\t"
        "SUBS	r3, r5, #0xfc\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_2048_mul_64_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "LDR	lr, [%[a], r4]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_2048_mul_64_inner_done\n\t"
#else
        "BGT.N	L_sp_2048_mul_64_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_mul_64_inner\n\t"
#else
        "BLT.N	L_sp_2048_mul_64_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_2048_mul_64_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x1f4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_2048_mul_64_outer\n\t"
#else
        "BLE.N	L_sp_2048_mul_64_outer\n\t"
#endif
        "LDR	lr, [%[a], #252]\n\t"
        "LDR	r11, [%[b], #252]\n\t"
        "UMLAL	r6, r7, lr, r11\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "\n"
    "L_sp_2048_mul_64_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_2048_mul_64_store\n\t"
#else
        "BGT.N	L_sp_2048_mul_64_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_2048_sqr_64(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x200\n\t"
        "LDR	lr, [%[a]]\n\t"
        "UMULL	r8, r6, lr, lr\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_2048_sqr_64_outer:\n\t"
        "SUBS	r3, r5, #0xfc\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_2048_sqr_64_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[a], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_2048_sqr_64_inner_done\n\t"
#else
        "BGT.N	L_sp_2048_sqr_64_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_sqr_64_inner\n\t"
#else
        "BLT.N	L_sp_2048_sqr_64_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "UMULL	r9, r10, lr, lr\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_2048_sqr_64_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x1f4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_2048_sqr_64_outer\n\t"
#else
        "BLE.N	L_sp_2048_sqr_64_outer\n\t"
#endif
        "LDR	lr, [%[a], #252]\n\t"
        "UMLAL	r6, r7, lr, lr\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "\n"
    "L_sp_2048_sqr_64_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_2048_sqr_64_store\n\t"
#else
        "BGT.N	L_sp_2048_sqr_64_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH)
#ifdef WOLFSSL_SP_SMALL
/* AND m into each word of a and store in r.
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * m  Mask to AND against each digit.
 */
static void sp_2048_mask_32(sp_digit* r, const sp_digit* a, sp_digit m)
{
    int i;

    for (i=0; i<32; i++) {
        r[i] = a[i] & m;
    }
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r3, #0x0\n\t"
        "ADD	r12, %[a], #0x80\n\t"
        "\n"
    "L_sp_2048_add_32_word:\n\t"
        "ADDS	r3, r3, #0xffffffff\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r3, r4, #0x0\n\t"
        "CMP	%[a], r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_2048_add_32_word\n\t"
#else
        "BNE.N	L_sp_2048_add_32_word\n\t"
#endif
        "MOV	%[r], r3\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r10, #0x0\n\t"
        "ADD	r11, %[a], #0x80\n\t"
        "\n"
    "L_sp_2048_sub_in_pkace_32_word:\n\t"
        "RSBS	r10, r10, #0x0\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	r10, r10, r10\n\t"
        "CMP	%[a], r11\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_2048_sub_in_pkace_32_word\n\t"
#else
        "BNE.N	L_sp_2048_sub_in_pkace_32_word\n\t"
#endif
        "MOV	%[a], r10\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
    );
    return (uint32_t)(size_t)a;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_2048_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x100\n\t"
        "LDR	lr, [%[a]]\n\t"
        "LDR	r11, [%[b]]\n\t"
        "UMULL	r8, r6, lr, r11\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_2048_mul_32_outer:\n\t"
        "SUBS	r3, r5, #0x7c\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_2048_mul_32_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "LDR	lr, [%[a], r4]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_2048_mul_32_inner_done\n\t"
#else
        "BGT.N	L_sp_2048_mul_32_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_mul_32_inner\n\t"
#else
        "BLT.N	L_sp_2048_mul_32_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_2048_mul_32_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0xf4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_2048_mul_32_outer\n\t"
#else
        "BLE.N	L_sp_2048_mul_32_outer\n\t"
#endif
        "LDR	lr, [%[a], #124]\n\t"
        "LDR	r11, [%[b], #124]\n\t"
        "UMLAL	r6, r7, lr, r11\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "\n"
    "L_sp_2048_mul_32_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_2048_mul_32_store\n\t"
#else
        "BGT.N	L_sp_2048_mul_32_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_2048_sqr_32(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x100\n\t"
        "LDR	lr, [%[a]]\n\t"
        "UMULL	r8, r6, lr, lr\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_2048_sqr_32_outer:\n\t"
        "SUBS	r3, r5, #0x7c\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_2048_sqr_32_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[a], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_2048_sqr_32_inner_done\n\t"
#else
        "BGT.N	L_sp_2048_sqr_32_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_sqr_32_inner\n\t"
#else
        "BLT.N	L_sp_2048_sqr_32_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "UMULL	r9, r10, lr, lr\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_2048_sqr_32_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0xf4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_2048_sqr_32_outer\n\t"
#else
        "BLE.N	L_sp_2048_sqr_32_outer\n\t"
#endif
        "LDR	lr, [%[a], #124]\n\t"
        "UMLAL	r6, r7, lr, lr\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "\n"
    "L_sp_2048_sqr_32_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_2048_sqr_32_store\n\t"
#else
        "BGT.N	L_sp_2048_sqr_32_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#endif /* (WOLFSSL_HAVE_SP_RSA & !WOLFSSL_RSA_PUBLIC_ONLY) | WOLFSSL_HAVE_SP_DH */

/* Calculate the bottom digit of -1/a mod 2^n.
 *
 * a    A single precision number.
 * rho  Bottom word of inverse.
 */
static void sp_2048_mont_setup(const sp_digit* a, sp_digit* rho)
{
    sp_digit x;
    sp_digit b;

    b = a[0];
    x = (((b + 2) & 4) << 1) + b; /* here x*a==1 mod 2**4 */
    x *= 2 - b * x;               /* here x*a==1 mod 2**8 */
    x *= 2 - b * x;               /* here x*a==1 mod 2**16 */
    x *= 2 - b * x;               /* here x*a==1 mod 2**32 */

    /* rho = -1/m mod b */
    *rho = (sp_digit)0 - x;
}

#ifdef WOLFSSL_SP_SMALL
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDR	r8, [%[a]]\n\t"
        "UMULL	r5, r3, %[b], r8\n\t"
        "MOV	r4, #0x0\n\t"
        "STR	r5, [%[r]]\n\t"
        "MOV	r5, #0x0\n\t"
        "MOV	r9, #0x4\n\t"
        "\n"
    "L_sp_2048_mul_d_64_word:\n\t"
        /* A[i] * B */
        "LDR	r8, [%[a], r9]\n\t"
        "UMULL	r6, r7, %[b], r8\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], r9]\n\t"
        "MOV	r3, r4\n\t"
        "MOV	r4, r5\n\t"
        "MOV	r5, #0x0\n\t"
        "ADD	r9, r9, #0x4\n\t"
        "CMP	r9, #0x100\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_mul_d_64_word\n\t"
#else
        "BLT.N	L_sp_2048_mul_d_64_word\n\t"
#endif
        "STR	r3, [%[r], #256]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
}

#else
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMULL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[1] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[2] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[3] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[4] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[5] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[6] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[7] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[8] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[9] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[10] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[11] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[12] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[13] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[14] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[15] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[16] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[17] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[18] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[19] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[20] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[21] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[22] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[23] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[24] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[25] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[26] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[27] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[28] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[29] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[30] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[31] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[32] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[33] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[34] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[35] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[36] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[37] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[38] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[39] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[40] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[41] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[42] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[43] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[44] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[45] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[46] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[47] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[48] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[49] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[50] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[51] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[52] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[53] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[54] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[55] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[56] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[57] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[58] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[59] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[60] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[61] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[62] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[63] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "STR	r4, [%[r]]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH)
/* r = 2^n mod m where n is the number of bits to reduce by.
 * Given m must be 2048 bits, just need to subtract.
 *
 * r  A single precision number.
 * m  A single precision number.
 */
static void sp_2048_mont_norm_32(sp_digit* r, const sp_digit* m)
{
    XMEMSET(r, 0, sizeof(sp_digit) * 32);

    /* r = 2^n mod m */
    sp_2048_sub_in_place_32(r, m);
}

#ifdef WOLFSSL_SP_SMALL
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r8, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "\n"
    "L_sp_2048_cond_sub_32_words:\n\t"
        "SUBS	r4, r8, r4\n\t"
        "LDR	r6, [%[a], r5]\n\t"
        "LDR	r7, [%[b], r5]\n\t"
        "AND	r7, r7, %[m]\n\t"
        "SBCS	r6, r6, r7\n\t"
        "SBC	r4, r8, r8\n\t"
        "STR	r6, [%[r], r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x80\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_cond_sub_32_words\n\t"
#else
        "BLT.N	L_sp_2048_cond_sub_32_words\n\t"
#endif
        "MOV	%[r], r4\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r5, #0x0\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SUBS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "SBC	%[r], r5, r5\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_NO_UMAAL
#ifndef WOLFSSL_SP_SMALL
/* Reduce the number back to 2048 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	lr, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r11, #0x0\n\t"
        "MOV	r3, #0x0\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[a], #4]\n\t"
        "\n"
    "L_sp_2048_mont_reduce_32_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	r10, %[mp], r4\n\t"
        /* a[i+0] += m[0] * mu */
        "MOV	r7, #0x0\n\t"
        "UMLAL	r4, r7, r10, lr\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r9, [%[m], #4]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r5, r6, r10, r9\n\t"
        "MOV	r4, r5\n\t"
        "ADDS	r4, r4, r7\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r9, [%[m], #8]\n\t"
        "LDR	r5, [%[a], #8]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r5, r7, r10, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r9, [%[m], #12]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #12]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r9, [%[m], #16]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #16]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r9, [%[m], #20]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #20]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r9, [%[m], #24]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #24]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r9, [%[m], #28]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #28]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+8] += m[8] * mu */
        "LDR	r9, [%[m], #32]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #32]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+9] += m[9] * mu */
        "LDR	r9, [%[m], #36]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #36]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+10] += m[10] * mu */
        "LDR	r9, [%[m], #40]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #40]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+11] += m[11] * mu */
        "LDR	r9, [%[m], #44]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #44]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+12] += m[12] * mu */
        "LDR	r9, [%[m], #48]\n\t"
        "LDR	r12, [%[a], #48]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #48]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+13] += m[13] * mu */
        "LDR	r9, [%[m], #52]\n\t"
        "LDR	r12, [%[a], #52]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #52]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+14] += m[14] * mu */
        "LDR	r9, [%[m], #56]\n\t"
        "LDR	r12, [%[a], #56]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #56]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+15] += m[15] * mu */
        "LDR	r9, [%[m], #60]\n\t"
        "LDR	r12, [%[a], #60]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #60]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+16] += m[16] * mu */
        "LDR	r9, [%[m], #64]\n\t"
        "LDR	r12, [%[a], #64]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #64]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+17] += m[17] * mu */
        "LDR	r9, [%[m], #68]\n\t"
        "LDR	r12, [%[a], #68]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #68]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+18] += m[18] * mu */
        "LDR	r9, [%[m], #72]\n\t"
        "LDR	r12, [%[a], #72]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #72]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+19] += m[19] * mu */
        "LDR	r9, [%[m], #76]\n\t"
        "LDR	r12, [%[a], #76]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #76]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+20] += m[20] * mu */
        "LDR	r9, [%[m], #80]\n\t"
        "LDR	r12, [%[a], #80]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #80]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+21] += m[21] * mu */
        "LDR	r9, [%[m], #84]\n\t"
        "LDR	r12, [%[a], #84]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #84]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+22] += m[22] * mu */
        "LDR	r9, [%[m], #88]\n\t"
        "LDR	r12, [%[a], #88]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #88]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+23] += m[23] * mu */
        "LDR	r9, [%[m], #92]\n\t"
        "LDR	r12, [%[a], #92]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #92]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+24] += m[24] * mu */
        "LDR	r9, [%[m], #96]\n\t"
        "LDR	r12, [%[a], #96]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #96]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+25] += m[25] * mu */
        "LDR	r9, [%[m], #100]\n\t"
        "LDR	r12, [%[a], #100]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #100]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+26] += m[26] * mu */
        "LDR	r9, [%[m], #104]\n\t"
        "LDR	r12, [%[a], #104]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #104]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+27] += m[27] * mu */
        "LDR	r9, [%[m], #108]\n\t"
        "LDR	r12, [%[a], #108]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #108]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+28] += m[28] * mu */
        "LDR	r9, [%[m], #112]\n\t"
        "LDR	r12, [%[a], #112]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #112]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+29] += m[29] * mu */
        "LDR	r9, [%[m], #116]\n\t"
        "LDR	r12, [%[a], #116]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #116]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+30] += m[30] * mu */
        "LDR	r9, [%[m], #120]\n\t"
        "LDR	r12, [%[a], #120]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #120]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+31] += m[31] * mu */
        "LDR	r9, [%[m], #124]\n\t"
        "LDR	r12, [%[a], #124]\n\t"
        "UMULL	r8, r9, r10, r9\n\t"
        "ADDS	r7, r7, r8\n\t"
        "ADCS	r6, r9, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, r3\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #124]\n\t"
        "LDR	r12, [%[a], #128]\n\t"
        "ADCS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #128]\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* i += 1 */
        "ADD	r11, r11, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r11, #0x80\n\t"
#ifdef __GNUC__
        "BLT	L_sp_2048_mont_reduce_32_word\n\t"
#else
        "BLT.W	L_sp_2048_mont_reduce_32_word\n\t"
#endif
        /* Loop Done */
        "STR	r4, [%[a]]\n\t"
        "STR	r5, [%[a], #4]\n\t"
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp);
}

#else
/* Reduce the number back to 2048 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	r11, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r9, #0x0\n\t"
        /* ca = 0 */
        "MOV	r3, #0x0\n\t"
        "\n"
    "L_sp_2048_mont_reduce_32_word:\n\t"
        /* mu = a[i] * mp */
        "LDR	r10, [%[a]]\n\t"
        "MUL	r8, %[mp], r10\n\t"
        /* j = 0 */
        "MOV	r12, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "\n"
    "L_sp_2048_mont_reduce_32_mul:\n\t"
        /* a[i+j+0] += m[j+0] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+1] += m[j+1] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+2] += m[j+2] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+3] += m[j+3] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        "CMP	r12, #0x80\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_mont_reduce_32_mul\n\t"
#else
        "BLT.N	L_sp_2048_mont_reduce_32_mul\n\t"
#endif
        "LDR	r10, [%[a], #128]\n\t"
        "ADDS	r4, r4, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r10, r10, r4\n\t"
        "ADC	r3, r3, r3\n\t"
        "STR	r10, [%[a], #128]\n\t"
        /* i += 1 */
        "ADD	r9, r9, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r9, #0x80\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_mont_reduce_32_word\n\t"
#else
        "BLT.N	L_sp_2048_mont_reduce_32_word\n\t"
#endif
        /* Loop Done */
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
    sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp);
}

#endif /* !WOLFSSL_SP_SMALL */
#else
#ifndef WOLFSSL_SP_SMALL
/* Reduce the number back to 2048 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* i = 0 */
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "LDR	r6, [%[a]]\n\t"
        "LDR	r7, [%[a], #4]\n\t"
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[a], #12]\n\t"
        "LDR	r10, [%[a], #16]\n\t"
        "\n"
    "L_sp_2048_mont_reduce_32_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	lr, %[mp], r6\n\t"
        /* a[i+0] += m[0] * mu */
        "LDR	r12, [%[m]]\n\t"
        "MOV	r3, #0x0\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r12, [%[m], #4]\n\t"
        "MOV	r6, r7\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r12, [%[m], #8]\n\t"
        "MOV	r7, r8\n\t"
        "UMAAL	r7, r3, lr, r12\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r12, [%[m], #12]\n\t"
        "MOV	r8, r9\n\t"
        "UMAAL	r8, r3, lr, r12\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r12, [%[m], #16]\n\t"
        "MOV	r9, r10\n\t"
        "UMAAL	r9, r3, lr, r12\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r12, [%[m], #20]\n\t"
        "LDR	r10, [%[a], #20]\n\t"
        "UMAAL	r10, r3, lr, r12\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r12, [%[m], #24]\n\t"
        "LDR	r11, [%[a], #24]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #24]\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r12, [%[m], #28]\n\t"
        "LDR	r11, [%[a], #28]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #28]\n\t"
        /* a[i+8] += m[8] * mu */
        "LDR	r12, [%[m], #32]\n\t"
        "LDR	r11, [%[a], #32]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #32]\n\t"
        /* a[i+9] += m[9] * mu */
        "LDR	r12, [%[m], #36]\n\t"
        "LDR	r11, [%[a], #36]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #36]\n\t"
        /* a[i+10] += m[10] * mu */
        "LDR	r12, [%[m], #40]\n\t"
        "LDR	r11, [%[a], #40]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #40]\n\t"
        /* a[i+11] += m[11] * mu */
        "LDR	r12, [%[m], #44]\n\t"
        "LDR	r11, [%[a], #44]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #44]\n\t"
        /* a[i+12] += m[12] * mu */
        "LDR	r12, [%[m], #48]\n\t"
        "LDR	r11, [%[a], #48]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #48]\n\t"
        /* a[i+13] += m[13] * mu */
        "LDR	r12, [%[m], #52]\n\t"
        "LDR	r11, [%[a], #52]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #52]\n\t"
        /* a[i+14] += m[14] * mu */
        "LDR	r12, [%[m], #56]\n\t"
        "LDR	r11, [%[a], #56]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #56]\n\t"
        /* a[i+15] += m[15] * mu */
        "LDR	r12, [%[m], #60]\n\t"
        "LDR	r11, [%[a], #60]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #60]\n\t"
        /* a[i+16] += m[16] * mu */
        "LDR	r12, [%[m], #64]\n\t"
        "LDR	r11, [%[a], #64]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #64]\n\t"
        /* a[i+17] += m[17] * mu */
        "LDR	r12, [%[m], #68]\n\t"
        "LDR	r11, [%[a], #68]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #68]\n\t"
        /* a[i+18] += m[18] * mu */
        "LDR	r12, [%[m], #72]\n\t"
        "LDR	r11, [%[a], #72]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #72]\n\t"
        /* a[i+19] += m[19] * mu */
        "LDR	r12, [%[m], #76]\n\t"
        "LDR	r11, [%[a], #76]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #76]\n\t"
        /* a[i+20] += m[20] * mu */
        "LDR	r12, [%[m], #80]\n\t"
        "LDR	r11, [%[a], #80]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #80]\n\t"
        /* a[i+21] += m[21] * mu */
        "LDR	r12, [%[m], #84]\n\t"
        "LDR	r11, [%[a], #84]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #84]\n\t"
        /* a[i+22] += m[22] * mu */
        "LDR	r12, [%[m], #88]\n\t"
        "LDR	r11, [%[a], #88]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #88]\n\t"
        /* a[i+23] += m[23] * mu */
        "LDR	r12, [%[m], #92]\n\t"
        "LDR	r11, [%[a], #92]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #92]\n\t"
        /* a[i+24] += m[24] * mu */
        "LDR	r12, [%[m], #96]\n\t"
        "LDR	r11, [%[a], #96]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #96]\n\t"
        /* a[i+25] += m[25] * mu */
        "LDR	r12, [%[m], #100]\n\t"
        "LDR	r11, [%[a], #100]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #100]\n\t"
        /* a[i+26] += m[26] * mu */
        "LDR	r12, [%[m], #104]\n\t"
        "LDR	r11, [%[a], #104]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #104]\n\t"
        /* a[i+27] += m[27] * mu */
        "LDR	r12, [%[m], #108]\n\t"
        "LDR	r11, [%[a], #108]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #108]\n\t"
        /* a[i+28] += m[28] * mu */
        "LDR	r12, [%[m], #112]\n\t"
        "LDR	r11, [%[a], #112]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #112]\n\t"
        /* a[i+29] += m[29] * mu */
        "LDR	r12, [%[m], #116]\n\t"
        "LDR	r11, [%[a], #116]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #116]\n\t"
        /* a[i+30] += m[30] * mu */
        "LDR	r12, [%[m], #120]\n\t"
        "LDR	r11, [%[a], #120]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #120]\n\t"
        /* a[i+31] += m[31] * mu */
        "LDR	r12, [%[m], #124]\n\t"
        "LDR	r11, [%[a], #124]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "LDR	lr, [%[a], #128]\n\t"
        "MOV	r12, #0x0\n\t"
        "UMAAL	r3, lr, r12, r12\n\t"
        "STR	r11, [%[a], #124]\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADC	r5, lr, #0x0\n\t"
        "STR	r3, [%[a], #128]\n\t"
        /* i += 1 */
        "ADD	r4, r4, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r4, #0x80\n\t"
#ifdef __GNUC__
        "BLT	L_sp_2048_mont_reduce_32_word\n\t"
#else
        "BLT.W	L_sp_2048_mont_reduce_32_word\n\t"
#endif
        /* Loop Done */
        "STR	r6, [%[a]]\n\t"
        "STR	r7, [%[a], #4]\n\t"
        "STR	r8, [%[a], #8]\n\t"
        "STR	r9, [%[a], #12]\n\t"
        "STR	r10, [%[a], #16]\n\t"
        "MOV	%[mp], r5\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp);
}

#else
/* Reduce the number back to 2048 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	r11, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r9, #0x0\n\t"
        /* ca = 0 */
        "MOV	r3, #0x0\n\t"
        "\n"
    "L_sp_2048_mont_reduce_32_word:\n\t"
        /* mu = a[i] * mp */
        "LDR	r10, [%[a]]\n\t"
        "MUL	r8, %[mp], r10\n\t"
        /* j = 0 */
        "MOV	r12, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "\n"
    "L_sp_2048_mont_reduce_32_mul:\n\t"
        /* a[i+j+0] += m[j+0] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+1] += m[j+1] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+2] += m[j+2] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+3] += m[j+3] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        "CMP	r12, #0x80\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_mont_reduce_32_mul\n\t"
#else
        "BLT.N	L_sp_2048_mont_reduce_32_mul\n\t"
#endif
        "LDR	r10, [%[a], #128]\n\t"
        "ADDS	r4, r4, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r10, r10, r4\n\t"
        "ADC	r3, r3, r3\n\t"
        "STR	r10, [%[a], #128]\n\t"
        /* i += 1 */
        "ADD	r9, r9, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r9, #0x80\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_mont_reduce_32_word\n\t"
#else
        "BLT.N	L_sp_2048_mont_reduce_32_word\n\t"
#endif
        /* Loop Done */
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
    sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp);
}

#endif /* !WOLFSSL_SP_SMALL */
#endif
/* Multiply two Montgomery form numbers mod the modulus (prime).
 * (r = a * b mod m)
 *
 * r   Result of multiplication.
 * a   First number to multiply in Montgomery form.
 * b   Second number to multiply in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_2048_mont_mul_32(sp_digit* r, const sp_digit* a,
        const sp_digit* b, const sp_digit* m, sp_digit mp)
{
    sp_2048_mul_32(r, a, b);
    sp_2048_mont_reduce_32(r, m, mp);
}

/* Square the Montgomery form number. (r = a * a mod m)
 *
 * r   Result of squaring.
 * a   Number to square in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_2048_mont_sqr_32(sp_digit* r, const sp_digit* a,
        const sp_digit* m, sp_digit mp)
{
    sp_2048_sqr_32(r, a);
    sp_2048_mont_reduce_32(r, m, mp);
}

#ifdef WOLFSSL_SP_SMALL
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDR	r8, [%[a]]\n\t"
        "UMULL	r5, r3, %[b], r8\n\t"
        "MOV	r4, #0x0\n\t"
        "STR	r5, [%[r]]\n\t"
        "MOV	r5, #0x0\n\t"
        "MOV	r9, #0x4\n\t"
        "\n"
    "L_sp_2048_mul_d_32_word:\n\t"
        /* A[i] * B */
        "LDR	r8, [%[a], r9]\n\t"
        "UMULL	r6, r7, %[b], r8\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], r9]\n\t"
        "MOV	r3, r4\n\t"
        "MOV	r4, r5\n\t"
        "MOV	r5, #0x0\n\t"
        "ADD	r9, r9, #0x4\n\t"
        "CMP	r9, #0x80\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_mul_d_32_word\n\t"
#else
        "BLT.N	L_sp_2048_mul_d_32_word\n\t"
#endif
        "STR	r3, [%[r], #128]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
}

#else
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMULL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[1] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[2] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[3] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[4] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[5] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[6] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[7] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[8] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[9] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[10] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[11] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[12] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[13] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[14] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[15] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[16] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[17] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[18] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[19] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[20] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[21] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[22] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[23] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[24] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[25] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[26] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[27] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[28] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[29] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[30] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[31] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "STR	r5, [%[r]]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_USE_UDIV
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r8, %[div], #16\n\t"
        "ADD	r5, r8, #0x1\n\t"
        "UDIV	r6, %[d1], r5\n\t"
        "LSL	r7, %[div], #16\n\t"
        "LSL	r6, r6, #16\n\t"
        "UMULL	r3, r4, %[div], r6\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "SUBS	r3, %[d1], r5\n\t"
        "SBC	r9, r9, r9\n\t"
        "ADD	r9, r9, #0x1\n\t"
        "RSB	r10, r9, #0x0\n\t"
        "LSL	r9, r9, #16\n\t"
        "AND	r7, r7, r10\n\t"
        "AND	r8, r8, r10\n\t"
        "SUBS	%[d0], %[d0], r7\n\t"
        "ADD	r6, r6, r9\n\t"
        "SBC	%[d1], %[d1], r8\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "UMULL	r3, r4, %[div], r3\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "MUL	r3, %[div], r3\n\t"
        "SUB	%[d0], %[d0], r3\n\t"
        "UDIV	r3, %[d0], %[div]\n\t"
        "ADD	%[d1], r6, r3\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#else
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r5, %[div], #1\n\t"
        "ADD	r5, r5, #0x1\n\t"
        "MOV	r6, %[d0]\n\t"
        "MOV	r7, %[d1]\n\t"
        /* Do top 32 */
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "MOV	r3, #0x0\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        /* Next 30 bits */
        "MOV	r4, #0x1d\n\t"
        "\n"
    "L_div_2048_word_32_bit:\n\t"
        "LSLS	r6, r6, #1\n\t"
        "ADC	r7, r7, r7\n\t"
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "ADD	r3, r3, r3\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        "SUBS	r4, r4, #0x1\n\t"
        "bpl	L_div_2048_word_32_bit\n\t"
        "ADD	r3, r3, r3\n\t"
        "ADD	r3, r3, #0x1\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "SUBS	r8, %[div], r9\n\t"
        "SBC	r8, r8, r8\n\t"
        "SUB	%[d1], r3, r8\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#endif
/* Compare a with b in constant time.
 *
 * a  A single precision integer.
 * b  A single precision integer.
 * return -ve, 0 or +ve if a is less than, equal to or greater than b
 * respectively.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_int32 sp_2048_cmp_32(const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register const sp_digit* a __asm__ ("r0") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r2, #0xffffffff\n\t"
        "MOV	r8, #0x1\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r3, #0xffffffff\n\t"
#ifdef WOLFSSL_SP_SMALL
        "MOV	r6, #0x7c\n\t"
        "\n"
    "L_sp_2048_cmp_32_words:\n\t"
        "LDR	r4, [%[a], r6]\n\t"
        "LDR	r5, [%[b], r6]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "SUBS	r6, r6, #0x4\n\t"
        "bcs	L_sp_2048_cmp_32_words\n\t"
        "EOR	r2, r2, r3\n\t"
#else
        "LDR	r4, [%[a], #124]\n\t"
        "LDR	r5, [%[b], #124]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #120]\n\t"
        "LDR	r5, [%[b], #120]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #116]\n\t"
        "LDR	r5, [%[b], #116]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #112]\n\t"
        "LDR	r5, [%[b], #112]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #108]\n\t"
        "LDR	r5, [%[b], #108]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #104]\n\t"
        "LDR	r5, [%[b], #104]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #100]\n\t"
        "LDR	r5, [%[b], #100]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #96]\n\t"
        "LDR	r5, [%[b], #96]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #92]\n\t"
        "LDR	r5, [%[b], #92]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #88]\n\t"
        "LDR	r5, [%[b], #88]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #84]\n\t"
        "LDR	r5, [%[b], #84]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #80]\n\t"
        "LDR	r5, [%[b], #80]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #76]\n\t"
        "LDR	r5, [%[b], #76]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #72]\n\t"
        "LDR	r5, [%[b], #72]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #68]\n\t"
        "LDR	r5, [%[b], #68]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #64]\n\t"
        "LDR	r5, [%[b], #64]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #60]\n\t"
        "LDR	r5, [%[b], #60]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #56]\n\t"
        "LDR	r5, [%[b], #56]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #52]\n\t"
        "LDR	r5, [%[b], #52]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #48]\n\t"
        "LDR	r5, [%[b], #48]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #44]\n\t"
        "LDR	r5, [%[b], #44]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #40]\n\t"
        "LDR	r5, [%[b], #40]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #36]\n\t"
        "LDR	r5, [%[b], #36]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #32]\n\t"
        "LDR	r5, [%[b], #32]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #28]\n\t"
        "LDR	r5, [%[b], #28]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #24]\n\t"
        "LDR	r5, [%[b], #24]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #20]\n\t"
        "LDR	r5, [%[b], #20]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #16]\n\t"
        "LDR	r5, [%[b], #16]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #12]\n\t"
        "LDR	r5, [%[b], #12]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #8]\n\t"
        "LDR	r5, [%[b], #8]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #4]\n\t"
        "LDR	r5, [%[b], #4]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[b]]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "EOR	r2, r2, r3\n\t"
#endif /*WOLFSSL_SP_SMALL */
        "MOV	%[a], r2\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Divide d in a and put remainder into r (m*d + r = a)
 * m is not calculated as it is not needed at this time.
 *
 * a  Number to be divided.
 * d  Number to divide with.
 * m  Multiplier result.
 * r  Remainder from the division.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_2048_div_32(const sp_digit* a, const sp_digit* d,
        sp_digit* m, sp_digit* r)
{
    sp_digit t1[64], t2[33];
    sp_digit div, r1;
    int i;

    (void)m;

    div = d[31];
    XMEMCPY(t1, a, sizeof(*t1) * 2 * 32);
    r1 = sp_2048_cmp_32(&t1[32], d) >= 0;
    sp_2048_cond_sub_32(&t1[32], &t1[32], d, (sp_digit)0 - r1);
    for (i = 31; i >= 0; i--) {
        volatile sp_digit mask = (sp_digit)0 - (t1[32 + i] == div);
        sp_digit hi = t1[32 + i] + mask;
        r1 = div_2048_word_32(hi, t1[32 + i - 1], div);
        r1 |= mask;

        sp_2048_mul_d_32(t2, d, r1);
        t1[32 + i] += sp_2048_sub_in_place_32(&t1[i], t2);
        t1[32 + i] -= t2[32];
        sp_2048_mask_32(t2, d, t1[32 + i]);
        t1[32 + i] += sp_2048_add_32(&t1[i], &t1[i], t2);
        sp_2048_mask_32(t2, d, t1[32 + i]);
        t1[32 + i] += sp_2048_add_32(&t1[i], &t1[i], t2);
    }

    r1 = sp_2048_cmp_32(t1, d) >= 0;
    sp_2048_cond_sub_32(r, t1, d, (sp_digit)0 - r1);

    return MP_OKAY;
}

/* Reduce a modulo m into r. (r = a mod m)
 *
 * r  A single precision number that is the reduced result.
 * a  A single precision number that is to be reduced.
 * m  A single precision number that is the modulus to reduce with.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_2048_mod_32(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    return sp_2048_div_32(a, m, NULL, r);
}

#ifdef WOLFSSL_SP_SMALL
/* Modular exponentiate a to the e mod m. (r = a^e mod m)
 *
 * r     A single precision number that is the result of the operation.
 * a     A single precision number being exponentiated.
 * e     A single precision number that is the exponent.
 * bits  The number of bits in the exponent.
 * m     A single precision number that is the modulus.
 * returns  0 on success.
 * returns  MEMORY_E on dynamic memory allocation failure.
 * returns  MP_VAL when base is even or exponent is 0.
 */
static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
        int bits, const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* td = NULL;
#else
    sp_digit td[16 * 64];
#endif
    sp_digit* t[16];
    sp_digit* norm = NULL;
    sp_digit mp = 1;
    sp_digit n;
    sp_digit mask;
    int i;
    int c;
    byte y;
    int err = MP_OKAY;

    if (bits == 0) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        norm = td;
        for (i=0; i<16; i++) {
            t[i] = td + i * 64;
        }

        sp_2048_mont_setup(m, &mp);
        sp_2048_mont_norm_32(norm, m);

        XMEMSET(t[1], 0, sizeof(sp_digit) * 32U);
        if (reduceA != 0) {
            err = sp_2048_mod_32(t[1] + 32, a, m);
            if (err == MP_OKAY) {
                err = sp_2048_mod_32(t[1], t[1], m);
            }
        }
        else {
            XMEMCPY(t[1] + 32, a, sizeof(sp_digit) * 32);
            err = sp_2048_mod_32(t[1], t[1], m);
        }
    }

    if (err == MP_OKAY) {
        sp_2048_mont_sqr_32(t[ 2], t[ 1], m, mp);
        sp_2048_mont_mul_32(t[ 3], t[ 2], t[ 1], m, mp);
        sp_2048_mont_sqr_32(t[ 4], t[ 2], m, mp);
        sp_2048_mont_mul_32(t[ 5], t[ 3], t[ 2], m, mp);
        sp_2048_mont_sqr_32(t[ 6], t[ 3], m, mp);
        sp_2048_mont_mul_32(t[ 7], t[ 4], t[ 3], m, mp);
        sp_2048_mont_sqr_32(t[ 8], t[ 4], m, mp);
        sp_2048_mont_mul_32(t[ 9], t[ 5], t[ 4], m, mp);
        sp_2048_mont_sqr_32(t[10], t[ 5], m, mp);
        sp_2048_mont_mul_32(t[11], t[ 6], t[ 5], m, mp);
        sp_2048_mont_sqr_32(t[12], t[ 6], m, mp);
        sp_2048_mont_mul_32(t[13], t[ 7], t[ 6], m, mp);
        sp_2048_mont_sqr_32(t[14], t[ 7], m, mp);
        sp_2048_mont_mul_32(t[15], t[ 8], t[ 7], m, mp);

        i = (bits - 1) / 32;
        n = e[i--];
        c = bits & 31;
        if (c == 0) {
            c = 32;
        }
        c -= bits % 4;
        if (c == 32) {
            c = 28;
        }
        if (c < 0) {
            /* Number of bits in top word is less than number needed. */
            c = -c;
            y = (byte)(n << c);
            n = e[i--];
            y |= (byte)(n >> (64 - c));
            n <<= c;
            c = 64 - c;
        }
        else if (c == 0) {
            /* All bits in top word used. */
            y = (byte)n;
        }
        else {
            y = (byte)(n >> c);
            n <<= 32 - c;
        }
        XMEMCPY(r, t[y], sizeof(sp_digit) * 32);
        for (; i>=0 || c>=4; ) {
            if (c == 0) {
                n = e[i--];
                y = (byte)(n >> 28);
                n <<= 4;
                c = 28;
            }
            else if (c < 4) {
                y = (byte)(n >> 28);
                n = e[i--];
                c = 4 - c;
                y |= (byte)(n >> (32 - c));
                n <<= c;
                c = 32 - c;
            }
            else {
                y = (byte)((n >> 28) & 0xf);
                n <<= 4;
                c -= 4;
            }

            sp_2048_mont_sqr_32(r, r, m, mp);
            sp_2048_mont_sqr_32(r, r, m, mp);
            sp_2048_mont_sqr_32(r, r, m, mp);
            sp_2048_mont_sqr_32(r, r, m, mp);

            sp_2048_mont_mul_32(r, r, t[y], m, mp);
        }

        XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
        sp_2048_mont_reduce_32(r, m, mp);

        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
        sp_2048_cond_sub_32(r, r, m, mask);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (td != NULL)
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

    return err;
}
#else
/* Modular exponentiate a to the e mod m. (r = a^e mod m)
 *
 * r     A single precision number that is the result of the operation.
 * a     A single precision number being exponentiated.
 * e     A single precision number that is the exponent.
 * bits  The number of bits in the exponent.
 * m     A single precision number that is the modulus.
 * returns  0 on success.
 * returns  MEMORY_E on dynamic memory allocation failure.
 * returns  MP_VAL when base is even or exponent is 0.
 */
static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
        int bits, const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* td = NULL;
#else
    sp_digit td[32 * 64];
#endif
    sp_digit* t[32];
    sp_digit* norm = NULL;
    sp_digit mp = 1;
    sp_digit n;
    sp_digit mask;
    int i;
    int c;
    byte y;
    int err = MP_OKAY;

    if (bits == 0) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 64), NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        norm = td;
        for (i=0; i<32; i++) {
            t[i] = td + i * 64;
        }

        sp_2048_mont_setup(m, &mp);
        sp_2048_mont_norm_32(norm, m);

        XMEMSET(t[1], 0, sizeof(sp_digit) * 32U);
        if (reduceA != 0) {
            err = sp_2048_mod_32(t[1] + 32, a, m);
            if (err == MP_OKAY) {
                err = sp_2048_mod_32(t[1], t[1], m);
            }
        }
        else {
            XMEMCPY(t[1] + 32, a, sizeof(sp_digit) * 32);
            err = sp_2048_mod_32(t[1], t[1], m);
        }
    }

    if (err == MP_OKAY) {
        sp_2048_mont_sqr_32(t[ 2], t[ 1], m, mp);
        sp_2048_mont_mul_32(t[ 3], t[ 2], t[ 1], m, mp);
        sp_2048_mont_sqr_32(t[ 4], t[ 2], m, mp);
        sp_2048_mont_mul_32(t[ 5], t[ 3], t[ 2], m, mp);
        sp_2048_mont_sqr_32(t[ 6], t[ 3], m, mp);
        sp_2048_mont_mul_32(t[ 7], t[ 4], t[ 3], m, mp);
        sp_2048_mont_sqr_32(t[ 8], t[ 4], m, mp);
        sp_2048_mont_mul_32(t[ 9], t[ 5], t[ 4], m, mp);
        sp_2048_mont_sqr_32(t[10], t[ 5], m, mp);
        sp_2048_mont_mul_32(t[11], t[ 6], t[ 5], m, mp);
        sp_2048_mont_sqr_32(t[12], t[ 6], m, mp);
        sp_2048_mont_mul_32(t[13], t[ 7], t[ 6], m, mp);
        sp_2048_mont_sqr_32(t[14], t[ 7], m, mp);
        sp_2048_mont_mul_32(t[15], t[ 8], t[ 7], m, mp);
        sp_2048_mont_sqr_32(t[16], t[ 8], m, mp);
        sp_2048_mont_mul_32(t[17], t[ 9], t[ 8], m, mp);
        sp_2048_mont_sqr_32(t[18], t[ 9], m, mp);
        sp_2048_mont_mul_32(t[19], t[10], t[ 9], m, mp);
        sp_2048_mont_sqr_32(t[20], t[10], m, mp);
        sp_2048_mont_mul_32(t[21], t[11], t[10], m, mp);
        sp_2048_mont_sqr_32(t[22], t[11], m, mp);
        sp_2048_mont_mul_32(t[23], t[12], t[11], m, mp);
        sp_2048_mont_sqr_32(t[24], t[12], m, mp);
        sp_2048_mont_mul_32(t[25], t[13], t[12], m, mp);
        sp_2048_mont_sqr_32(t[26], t[13], m, mp);
        sp_2048_mont_mul_32(t[27], t[14], t[13], m, mp);
        sp_2048_mont_sqr_32(t[28], t[14], m, mp);
        sp_2048_mont_mul_32(t[29], t[15], t[14], m, mp);
        sp_2048_mont_sqr_32(t[30], t[15], m, mp);
        sp_2048_mont_mul_32(t[31], t[16], t[15], m, mp);

        i = (bits - 1) / 32;
        n = e[i--];
        c = bits & 31;
        if (c == 0) {
            c = 32;
        }
        c -= bits % 5;
        if (c == 32) {
            c = 27;
        }
        if (c < 0) {
            /* Number of bits in top word is less than number needed. */
            c = -c;
            y = (byte)(n << c);
            n = e[i--];
            y |= (byte)(n >> (64 - c));
            n <<= c;
            c = 64 - c;
        }
        else if (c == 0) {
            /* All bits in top word used. */
            y = (byte)n;
        }
        else {
            y = (byte)(n >> c);
            n <<= 32 - c;
        }
        XMEMCPY(r, t[y], sizeof(sp_digit) * 32);
        for (; i>=0 || c>=5; ) {
            if (c == 0) {
                n = e[i--];
                y = (byte)(n >> 27);
                n <<= 5;
                c = 27;
            }
            else if (c < 5) {
                y = (byte)(n >> 27);
                n = e[i--];
                c = 5 - c;
                y |= (byte)(n >> (32 - c));
                n <<= c;
                c = 32 - c;
            }
            else {
                y = (byte)((n >> 27) & 0x1f);
                n <<= 5;
                c -= 5;
            }

            sp_2048_mont_sqr_32(r, r, m, mp);
            sp_2048_mont_sqr_32(r, r, m, mp);
            sp_2048_mont_sqr_32(r, r, m, mp);
            sp_2048_mont_sqr_32(r, r, m, mp);
            sp_2048_mont_sqr_32(r, r, m, mp);

            sp_2048_mont_mul_32(r, r, t[y], m, mp);
        }

        XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
        sp_2048_mont_reduce_32(r, m, mp);

        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
        sp_2048_cond_sub_32(r, r, m, mask);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (td != NULL)
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

    return err;
}
#endif /* WOLFSSL_SP_SMALL */

#endif /* (WOLFSSL_HAVE_SP_RSA & !WOLFSSL_RSA_PUBLIC_ONLY) | WOLFSSL_HAVE_SP_DH */

#if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH)
/* r = 2^n mod m where n is the number of bits to reduce by.
 * Given m must be 2048 bits, just need to subtract.
 *
 * r  A single precision number.
 * m  A single precision number.
 */
static void sp_2048_mont_norm_64(sp_digit* r, const sp_digit* m)
{
    XMEMSET(r, 0, sizeof(sp_digit) * 64);

    /* r = 2^n mod m */
    sp_2048_sub_in_place_64(r, m);
}

#endif /* (WOLFSSL_HAVE_SP_RSA & !WOLFSSL_RSA_PUBLIC_ONLY) | WOLFSSL_HAVE_SP_DH */
#ifdef WOLFSSL_SP_SMALL
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r8, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "\n"
    "L_sp_2048_cond_sub_64_words:\n\t"
        "SUBS	r4, r8, r4\n\t"
        "LDR	r6, [%[a], r5]\n\t"
        "LDR	r7, [%[b], r5]\n\t"
        "AND	r7, r7, %[m]\n\t"
        "SBCS	r6, r6, r7\n\t"
        "SBC	r4, r8, r8\n\t"
        "STR	r6, [%[r], r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x100\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_cond_sub_64_words\n\t"
#else
        "BLT.N	L_sp_2048_cond_sub_64_words\n\t"
#endif
        "MOV	%[r], r4\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r5, #0x0\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SUBS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "SBC	%[r], r5, r5\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_NO_UMAAL
#ifndef WOLFSSL_SP_SMALL
/* Reduce the number back to 2048 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	lr, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r11, #0x0\n\t"
        "MOV	r3, #0x0\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[a], #4]\n\t"
        "\n"
    "L_sp_2048_mont_reduce_64_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	r10, %[mp], r4\n\t"
        /* a[i+0] += m[0] * mu */
        "MOV	r7, #0x0\n\t"
        "UMLAL	r4, r7, r10, lr\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r9, [%[m], #4]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r5, r6, r10, r9\n\t"
        "MOV	r4, r5\n\t"
        "ADDS	r4, r4, r7\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r9, [%[m], #8]\n\t"
        "LDR	r5, [%[a], #8]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r5, r7, r10, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r9, [%[m], #12]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #12]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r9, [%[m], #16]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #16]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r9, [%[m], #20]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #20]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r9, [%[m], #24]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #24]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r9, [%[m], #28]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #28]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+8] += m[8] * mu */
        "LDR	r9, [%[m], #32]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #32]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+9] += m[9] * mu */
        "LDR	r9, [%[m], #36]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #36]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+10] += m[10] * mu */
        "LDR	r9, [%[m], #40]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #40]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+11] += m[11] * mu */
        "LDR	r9, [%[m], #44]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #44]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+12] += m[12] * mu */
        "LDR	r9, [%[m], #48]\n\t"
        "LDR	r12, [%[a], #48]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #48]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+13] += m[13] * mu */
        "LDR	r9, [%[m], #52]\n\t"
        "LDR	r12, [%[a], #52]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #52]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+14] += m[14] * mu */
        "LDR	r9, [%[m], #56]\n\t"
        "LDR	r12, [%[a], #56]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #56]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+15] += m[15] * mu */
        "LDR	r9, [%[m], #60]\n\t"
        "LDR	r12, [%[a], #60]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #60]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+16] += m[16] * mu */
        "LDR	r9, [%[m], #64]\n\t"
        "LDR	r12, [%[a], #64]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #64]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+17] += m[17] * mu */
        "LDR	r9, [%[m], #68]\n\t"
        "LDR	r12, [%[a], #68]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #68]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+18] += m[18] * mu */
        "LDR	r9, [%[m], #72]\n\t"
        "LDR	r12, [%[a], #72]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #72]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+19] += m[19] * mu */
        "LDR	r9, [%[m], #76]\n\t"
        "LDR	r12, [%[a], #76]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #76]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+20] += m[20] * mu */
        "LDR	r9, [%[m], #80]\n\t"
        "LDR	r12, [%[a], #80]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #80]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+21] += m[21] * mu */
        "LDR	r9, [%[m], #84]\n\t"
        "LDR	r12, [%[a], #84]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #84]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+22] += m[22] * mu */
        "LDR	r9, [%[m], #88]\n\t"
        "LDR	r12, [%[a], #88]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #88]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+23] += m[23] * mu */
        "LDR	r9, [%[m], #92]\n\t"
        "LDR	r12, [%[a], #92]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #92]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+24] += m[24] * mu */
        "LDR	r9, [%[m], #96]\n\t"
        "LDR	r12, [%[a], #96]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #96]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+25] += m[25] * mu */
        "LDR	r9, [%[m], #100]\n\t"
        "LDR	r12, [%[a], #100]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #100]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+26] += m[26] * mu */
        "LDR	r9, [%[m], #104]\n\t"
        "LDR	r12, [%[a], #104]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #104]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+27] += m[27] * mu */
        "LDR	r9, [%[m], #108]\n\t"
        "LDR	r12, [%[a], #108]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #108]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+28] += m[28] * mu */
        "LDR	r9, [%[m], #112]\n\t"
        "LDR	r12, [%[a], #112]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #112]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+29] += m[29] * mu */
        "LDR	r9, [%[m], #116]\n\t"
        "LDR	r12, [%[a], #116]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #116]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+30] += m[30] * mu */
        "LDR	r9, [%[m], #120]\n\t"
        "LDR	r12, [%[a], #120]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #120]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+31] += m[31] * mu */
        "LDR	r9, [%[m], #124]\n\t"
        "LDR	r12, [%[a], #124]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #124]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+32] += m[32] * mu */
        "LDR	r9, [%[m], #128]\n\t"
        "LDR	r12, [%[a], #128]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #128]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+33] += m[33] * mu */
        "LDR	r9, [%[m], #132]\n\t"
        "LDR	r12, [%[a], #132]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #132]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+34] += m[34] * mu */
        "LDR	r9, [%[m], #136]\n\t"
        "LDR	r12, [%[a], #136]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #136]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+35] += m[35] * mu */
        "LDR	r9, [%[m], #140]\n\t"
        "LDR	r12, [%[a], #140]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #140]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+36] += m[36] * mu */
        "LDR	r9, [%[m], #144]\n\t"
        "LDR	r12, [%[a], #144]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #144]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+37] += m[37] * mu */
        "LDR	r9, [%[m], #148]\n\t"
        "LDR	r12, [%[a], #148]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #148]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+38] += m[38] * mu */
        "LDR	r9, [%[m], #152]\n\t"
        "LDR	r12, [%[a], #152]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #152]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+39] += m[39] * mu */
        "LDR	r9, [%[m], #156]\n\t"
        "LDR	r12, [%[a], #156]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #156]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+40] += m[40] * mu */
        "LDR	r9, [%[m], #160]\n\t"
        "LDR	r12, [%[a], #160]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #160]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+41] += m[41] * mu */
        "LDR	r9, [%[m], #164]\n\t"
        "LDR	r12, [%[a], #164]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #164]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+42] += m[42] * mu */
        "LDR	r9, [%[m], #168]\n\t"
        "LDR	r12, [%[a], #168]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #168]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+43] += m[43] * mu */
        "LDR	r9, [%[m], #172]\n\t"
        "LDR	r12, [%[a], #172]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #172]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+44] += m[44] * mu */
        "LDR	r9, [%[m], #176]\n\t"
        "LDR	r12, [%[a], #176]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #176]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+45] += m[45] * mu */
        "LDR	r9, [%[m], #180]\n\t"
        "LDR	r12, [%[a], #180]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #180]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+46] += m[46] * mu */
        "LDR	r9, [%[m], #184]\n\t"
        "LDR	r12, [%[a], #184]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #184]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+47] += m[47] * mu */
        "LDR	r9, [%[m], #188]\n\t"
        "LDR	r12, [%[a], #188]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #188]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+48] += m[48] * mu */
        "LDR	r9, [%[m], #192]\n\t"
        "LDR	r12, [%[a], #192]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #192]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+49] += m[49] * mu */
        "LDR	r9, [%[m], #196]\n\t"
        "LDR	r12, [%[a], #196]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #196]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+50] += m[50] * mu */
        "LDR	r9, [%[m], #200]\n\t"
        "LDR	r12, [%[a], #200]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #200]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+51] += m[51] * mu */
        "LDR	r9, [%[m], #204]\n\t"
        "LDR	r12, [%[a], #204]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #204]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+52] += m[52] * mu */
        "LDR	r9, [%[m], #208]\n\t"
        "LDR	r12, [%[a], #208]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #208]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+53] += m[53] * mu */
        "LDR	r9, [%[m], #212]\n\t"
        "LDR	r12, [%[a], #212]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #212]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+54] += m[54] * mu */
        "LDR	r9, [%[m], #216]\n\t"
        "LDR	r12, [%[a], #216]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #216]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+55] += m[55] * mu */
        "LDR	r9, [%[m], #220]\n\t"
        "LDR	r12, [%[a], #220]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #220]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+56] += m[56] * mu */
        "LDR	r9, [%[m], #224]\n\t"
        "LDR	r12, [%[a], #224]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #224]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+57] += m[57] * mu */
        "LDR	r9, [%[m], #228]\n\t"
        "LDR	r12, [%[a], #228]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #228]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+58] += m[58] * mu */
        "LDR	r9, [%[m], #232]\n\t"
        "LDR	r12, [%[a], #232]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #232]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+59] += m[59] * mu */
        "LDR	r9, [%[m], #236]\n\t"
        "LDR	r12, [%[a], #236]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #236]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+60] += m[60] * mu */
        "LDR	r9, [%[m], #240]\n\t"
        "LDR	r12, [%[a], #240]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #240]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+61] += m[61] * mu */
        "LDR	r9, [%[m], #244]\n\t"
        "LDR	r12, [%[a], #244]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #244]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+62] += m[62] * mu */
        "LDR	r9, [%[m], #248]\n\t"
        "LDR	r12, [%[a], #248]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #248]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+63] += m[63] * mu */
        "LDR	r9, [%[m], #252]\n\t"
        "LDR	r12, [%[a], #252]\n\t"
        "UMULL	r8, r9, r10, r9\n\t"
        "ADDS	r7, r7, r8\n\t"
        "ADCS	r6, r9, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, r3\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #252]\n\t"
        "LDR	r12, [%[a], #256]\n\t"
        "ADCS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #256]\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* i += 1 */
        "ADD	r11, r11, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r11, #0x100\n\t"
#ifdef __GNUC__
        "BLT	L_sp_2048_mont_reduce_64_word\n\t"
#else
        "BLT.W	L_sp_2048_mont_reduce_64_word\n\t"
#endif
        /* Loop Done */
        "STR	r4, [%[a]]\n\t"
        "STR	r5, [%[a], #4]\n\t"
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp);
}

#else
/* Reduce the number back to 2048 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	r11, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r9, #0x0\n\t"
        /* ca = 0 */
        "MOV	r3, #0x0\n\t"
        "\n"
    "L_sp_2048_mont_reduce_64_word:\n\t"
        /* mu = a[i] * mp */
        "LDR	r10, [%[a]]\n\t"
        "MUL	r8, %[mp], r10\n\t"
        /* j = 0 */
        "MOV	r12, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "\n"
    "L_sp_2048_mont_reduce_64_mul:\n\t"
        /* a[i+j+0] += m[j+0] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+1] += m[j+1] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+2] += m[j+2] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+3] += m[j+3] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        "CMP	r12, #0x100\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_mont_reduce_64_mul\n\t"
#else
        "BLT.N	L_sp_2048_mont_reduce_64_mul\n\t"
#endif
        "LDR	r10, [%[a], #256]\n\t"
        "ADDS	r4, r4, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r10, r10, r4\n\t"
        "ADC	r3, r3, r3\n\t"
        "STR	r10, [%[a], #256]\n\t"
        /* i += 1 */
        "ADD	r9, r9, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r9, #0x100\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_mont_reduce_64_word\n\t"
#else
        "BLT.N	L_sp_2048_mont_reduce_64_word\n\t"
#endif
        /* Loop Done */
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
    sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp);
}

#endif /* !WOLFSSL_SP_SMALL */
#else
#ifndef WOLFSSL_SP_SMALL
/* Reduce the number back to 2048 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* i = 0 */
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "LDR	r6, [%[a]]\n\t"
        "LDR	r7, [%[a], #4]\n\t"
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[a], #12]\n\t"
        "LDR	r10, [%[a], #16]\n\t"
        "\n"
    "L_sp_2048_mont_reduce_64_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	lr, %[mp], r6\n\t"
        /* a[i+0] += m[0] * mu */
        "LDR	r12, [%[m]]\n\t"
        "MOV	r3, #0x0\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r12, [%[m], #4]\n\t"
        "MOV	r6, r7\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r12, [%[m], #8]\n\t"
        "MOV	r7, r8\n\t"
        "UMAAL	r7, r3, lr, r12\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r12, [%[m], #12]\n\t"
        "MOV	r8, r9\n\t"
        "UMAAL	r8, r3, lr, r12\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r12, [%[m], #16]\n\t"
        "MOV	r9, r10\n\t"
        "UMAAL	r9, r3, lr, r12\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r12, [%[m], #20]\n\t"
        "LDR	r10, [%[a], #20]\n\t"
        "UMAAL	r10, r3, lr, r12\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r12, [%[m], #24]\n\t"
        "LDR	r11, [%[a], #24]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #24]\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r12, [%[m], #28]\n\t"
        "LDR	r11, [%[a], #28]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #28]\n\t"
        /* a[i+8] += m[8] * mu */
        "LDR	r12, [%[m], #32]\n\t"
        "LDR	r11, [%[a], #32]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #32]\n\t"
        /* a[i+9] += m[9] * mu */
        "LDR	r12, [%[m], #36]\n\t"
        "LDR	r11, [%[a], #36]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #36]\n\t"
        /* a[i+10] += m[10] * mu */
        "LDR	r12, [%[m], #40]\n\t"
        "LDR	r11, [%[a], #40]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #40]\n\t"
        /* a[i+11] += m[11] * mu */
        "LDR	r12, [%[m], #44]\n\t"
        "LDR	r11, [%[a], #44]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #44]\n\t"
        /* a[i+12] += m[12] * mu */
        "LDR	r12, [%[m], #48]\n\t"
        "LDR	r11, [%[a], #48]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #48]\n\t"
        /* a[i+13] += m[13] * mu */
        "LDR	r12, [%[m], #52]\n\t"
        "LDR	r11, [%[a], #52]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #52]\n\t"
        /* a[i+14] += m[14] * mu */
        "LDR	r12, [%[m], #56]\n\t"
        "LDR	r11, [%[a], #56]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #56]\n\t"
        /* a[i+15] += m[15] * mu */
        "LDR	r12, [%[m], #60]\n\t"
        "LDR	r11, [%[a], #60]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #60]\n\t"
        /* a[i+16] += m[16] * mu */
        "LDR	r12, [%[m], #64]\n\t"
        "LDR	r11, [%[a], #64]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #64]\n\t"
        /* a[i+17] += m[17] * mu */
        "LDR	r12, [%[m], #68]\n\t"
        "LDR	r11, [%[a], #68]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #68]\n\t"
        /* a[i+18] += m[18] * mu */
        "LDR	r12, [%[m], #72]\n\t"
        "LDR	r11, [%[a], #72]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #72]\n\t"
        /* a[i+19] += m[19] * mu */
        "LDR	r12, [%[m], #76]\n\t"
        "LDR	r11, [%[a], #76]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #76]\n\t"
        /* a[i+20] += m[20] * mu */
        "LDR	r12, [%[m], #80]\n\t"
        "LDR	r11, [%[a], #80]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #80]\n\t"
        /* a[i+21] += m[21] * mu */
        "LDR	r12, [%[m], #84]\n\t"
        "LDR	r11, [%[a], #84]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #84]\n\t"
        /* a[i+22] += m[22] * mu */
        "LDR	r12, [%[m], #88]\n\t"
        "LDR	r11, [%[a], #88]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #88]\n\t"
        /* a[i+23] += m[23] * mu */
        "LDR	r12, [%[m], #92]\n\t"
        "LDR	r11, [%[a], #92]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #92]\n\t"
        /* a[i+24] += m[24] * mu */
        "LDR	r12, [%[m], #96]\n\t"
        "LDR	r11, [%[a], #96]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #96]\n\t"
        /* a[i+25] += m[25] * mu */
        "LDR	r12, [%[m], #100]\n\t"
        "LDR	r11, [%[a], #100]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #100]\n\t"
        /* a[i+26] += m[26] * mu */
        "LDR	r12, [%[m], #104]\n\t"
        "LDR	r11, [%[a], #104]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #104]\n\t"
        /* a[i+27] += m[27] * mu */
        "LDR	r12, [%[m], #108]\n\t"
        "LDR	r11, [%[a], #108]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #108]\n\t"
        /* a[i+28] += m[28] * mu */
        "LDR	r12, [%[m], #112]\n\t"
        "LDR	r11, [%[a], #112]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #112]\n\t"
        /* a[i+29] += m[29] * mu */
        "LDR	r12, [%[m], #116]\n\t"
        "LDR	r11, [%[a], #116]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #116]\n\t"
        /* a[i+30] += m[30] * mu */
        "LDR	r12, [%[m], #120]\n\t"
        "LDR	r11, [%[a], #120]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #120]\n\t"
        /* a[i+31] += m[31] * mu */
        "LDR	r12, [%[m], #124]\n\t"
        "LDR	r11, [%[a], #124]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #124]\n\t"
        /* a[i+32] += m[32] * mu */
        "LDR	r12, [%[m], #128]\n\t"
        "LDR	r11, [%[a], #128]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #128]\n\t"
        /* a[i+33] += m[33] * mu */
        "LDR	r12, [%[m], #132]\n\t"
        "LDR	r11, [%[a], #132]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #132]\n\t"
        /* a[i+34] += m[34] * mu */
        "LDR	r12, [%[m], #136]\n\t"
        "LDR	r11, [%[a], #136]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #136]\n\t"
        /* a[i+35] += m[35] * mu */
        "LDR	r12, [%[m], #140]\n\t"
        "LDR	r11, [%[a], #140]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #140]\n\t"
        /* a[i+36] += m[36] * mu */
        "LDR	r12, [%[m], #144]\n\t"
        "LDR	r11, [%[a], #144]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #144]\n\t"
        /* a[i+37] += m[37] * mu */
        "LDR	r12, [%[m], #148]\n\t"
        "LDR	r11, [%[a], #148]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #148]\n\t"
        /* a[i+38] += m[38] * mu */
        "LDR	r12, [%[m], #152]\n\t"
        "LDR	r11, [%[a], #152]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #152]\n\t"
        /* a[i+39] += m[39] * mu */
        "LDR	r12, [%[m], #156]\n\t"
        "LDR	r11, [%[a], #156]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #156]\n\t"
        /* a[i+40] += m[40] * mu */
        "LDR	r12, [%[m], #160]\n\t"
        "LDR	r11, [%[a], #160]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #160]\n\t"
        /* a[i+41] += m[41] * mu */
        "LDR	r12, [%[m], #164]\n\t"
        "LDR	r11, [%[a], #164]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #164]\n\t"
        /* a[i+42] += m[42] * mu */
        "LDR	r12, [%[m], #168]\n\t"
        "LDR	r11, [%[a], #168]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #168]\n\t"
        /* a[i+43] += m[43] * mu */
        "LDR	r12, [%[m], #172]\n\t"
        "LDR	r11, [%[a], #172]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #172]\n\t"
        /* a[i+44] += m[44] * mu */
        "LDR	r12, [%[m], #176]\n\t"
        "LDR	r11, [%[a], #176]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #176]\n\t"
        /* a[i+45] += m[45] * mu */
        "LDR	r12, [%[m], #180]\n\t"
        "LDR	r11, [%[a], #180]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #180]\n\t"
        /* a[i+46] += m[46] * mu */
        "LDR	r12, [%[m], #184]\n\t"
        "LDR	r11, [%[a], #184]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #184]\n\t"
        /* a[i+47] += m[47] * mu */
        "LDR	r12, [%[m], #188]\n\t"
        "LDR	r11, [%[a], #188]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #188]\n\t"
        /* a[i+48] += m[48] * mu */
        "LDR	r12, [%[m], #192]\n\t"
        "LDR	r11, [%[a], #192]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #192]\n\t"
        /* a[i+49] += m[49] * mu */
        "LDR	r12, [%[m], #196]\n\t"
        "LDR	r11, [%[a], #196]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #196]\n\t"
        /* a[i+50] += m[50] * mu */
        "LDR	r12, [%[m], #200]\n\t"
        "LDR	r11, [%[a], #200]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #200]\n\t"
        /* a[i+51] += m[51] * mu */
        "LDR	r12, [%[m], #204]\n\t"
        "LDR	r11, [%[a], #204]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #204]\n\t"
        /* a[i+52] += m[52] * mu */
        "LDR	r12, [%[m], #208]\n\t"
        "LDR	r11, [%[a], #208]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #208]\n\t"
        /* a[i+53] += m[53] * mu */
        "LDR	r12, [%[m], #212]\n\t"
        "LDR	r11, [%[a], #212]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #212]\n\t"
        /* a[i+54] += m[54] * mu */
        "LDR	r12, [%[m], #216]\n\t"
        "LDR	r11, [%[a], #216]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #216]\n\t"
        /* a[i+55] += m[55] * mu */
        "LDR	r12, [%[m], #220]\n\t"
        "LDR	r11, [%[a], #220]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #220]\n\t"
        /* a[i+56] += m[56] * mu */
        "LDR	r12, [%[m], #224]\n\t"
        "LDR	r11, [%[a], #224]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #224]\n\t"
        /* a[i+57] += m[57] * mu */
        "LDR	r12, [%[m], #228]\n\t"
        "LDR	r11, [%[a], #228]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #228]\n\t"
        /* a[i+58] += m[58] * mu */
        "LDR	r12, [%[m], #232]\n\t"
        "LDR	r11, [%[a], #232]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #232]\n\t"
        /* a[i+59] += m[59] * mu */
        "LDR	r12, [%[m], #236]\n\t"
        "LDR	r11, [%[a], #236]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #236]\n\t"
        /* a[i+60] += m[60] * mu */
        "LDR	r12, [%[m], #240]\n\t"
        "LDR	r11, [%[a], #240]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #240]\n\t"
        /* a[i+61] += m[61] * mu */
        "LDR	r12, [%[m], #244]\n\t"
        "LDR	r11, [%[a], #244]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #244]\n\t"
        /* a[i+62] += m[62] * mu */
        "LDR	r12, [%[m], #248]\n\t"
        "LDR	r11, [%[a], #248]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #248]\n\t"
        /* a[i+63] += m[63] * mu */
        "LDR	r12, [%[m], #252]\n\t"
        "LDR	r11, [%[a], #252]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "LDR	lr, [%[a], #256]\n\t"
        "MOV	r12, #0x0\n\t"
        "UMAAL	r3, lr, r12, r12\n\t"
        "STR	r11, [%[a], #252]\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADC	r5, lr, #0x0\n\t"
        "STR	r3, [%[a], #256]\n\t"
        /* i += 1 */
        "ADD	r4, r4, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r4, #0x100\n\t"
#ifdef __GNUC__
        "BLT	L_sp_2048_mont_reduce_64_word\n\t"
#else
        "BLT.W	L_sp_2048_mont_reduce_64_word\n\t"
#endif
        /* Loop Done */
        "STR	r6, [%[a]]\n\t"
        "STR	r7, [%[a], #4]\n\t"
        "STR	r8, [%[a], #8]\n\t"
        "STR	r9, [%[a], #12]\n\t"
        "STR	r10, [%[a], #16]\n\t"
        "MOV	%[mp], r5\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp);
}

#else
/* Reduce the number back to 2048 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	r11, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r9, #0x0\n\t"
        /* ca = 0 */
        "MOV	r3, #0x0\n\t"
        "\n"
    "L_sp_2048_mont_reduce_64_word:\n\t"
        /* mu = a[i] * mp */
        "LDR	r10, [%[a]]\n\t"
        "MUL	r8, %[mp], r10\n\t"
        /* j = 0 */
        "MOV	r12, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "\n"
    "L_sp_2048_mont_reduce_64_mul:\n\t"
        /* a[i+j+0] += m[j+0] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+1] += m[j+1] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+2] += m[j+2] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+3] += m[j+3] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        "CMP	r12, #0x100\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_mont_reduce_64_mul\n\t"
#else
        "BLT.N	L_sp_2048_mont_reduce_64_mul\n\t"
#endif
        "LDR	r10, [%[a], #256]\n\t"
        "ADDS	r4, r4, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r10, r10, r4\n\t"
        "ADC	r3, r3, r3\n\t"
        "STR	r10, [%[a], #256]\n\t"
        /* i += 1 */
        "ADD	r9, r9, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r9, #0x100\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_mont_reduce_64_word\n\t"
#else
        "BLT.N	L_sp_2048_mont_reduce_64_word\n\t"
#endif
        /* Loop Done */
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
    sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp);
}

#endif /* !WOLFSSL_SP_SMALL */
#endif
/* Multiply two Montgomery form numbers mod the modulus (prime).
 * (r = a * b mod m)
 *
 * r   Result of multiplication.
 * a   First number to multiply in Montgomery form.
 * b   Second number to multiply in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_2048_mont_mul_64(sp_digit* r, const sp_digit* a,
        const sp_digit* b, const sp_digit* m, sp_digit mp)
{
    sp_2048_mul_64(r, a, b);
    sp_2048_mont_reduce_64(r, m, mp);
}

/* Square the Montgomery form number. (r = a * a mod m)
 *
 * r   Result of squaring.
 * a   Number to square in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_2048_mont_sqr_64(sp_digit* r, const sp_digit* a,
        const sp_digit* m, sp_digit mp)
{
    sp_2048_sqr_64(r, a);
    sp_2048_mont_reduce_64(r, m, mp);
}

#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r11, #0x0\n\t"
        "ADD	r12, %[a], #0x100\n\t"
        "\n"
    "L_sp_2048_sub_64_word:\n\t"
        "RSBS	r11, r11, #0x0\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	r11, r3, r3\n\t"
        "CMP	%[a], r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_2048_sub_64_word\n\t"
#else
        "BNE.N	L_sp_2048_sub_64_word\n\t"
#endif
        "MOV	%[r], r11\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SUBS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	%[r], r6, r6\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_USE_UDIV
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r8, %[div], #16\n\t"
        "ADD	r5, r8, #0x1\n\t"
        "UDIV	r6, %[d1], r5\n\t"
        "LSL	r7, %[div], #16\n\t"
        "LSL	r6, r6, #16\n\t"
        "UMULL	r3, r4, %[div], r6\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "SUBS	r3, %[d1], r5\n\t"
        "SBC	r9, r9, r9\n\t"
        "ADD	r9, r9, #0x1\n\t"
        "RSB	r10, r9, #0x0\n\t"
        "LSL	r9, r9, #16\n\t"
        "AND	r7, r7, r10\n\t"
        "AND	r8, r8, r10\n\t"
        "SUBS	%[d0], %[d0], r7\n\t"
        "ADD	r6, r6, r9\n\t"
        "SBC	%[d1], %[d1], r8\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "UMULL	r3, r4, %[div], r3\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "MUL	r3, %[div], r3\n\t"
        "SUB	%[d0], %[d0], r3\n\t"
        "UDIV	r3, %[d0], %[div]\n\t"
        "ADD	%[d1], r6, r3\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#else
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r5, %[div], #1\n\t"
        "ADD	r5, r5, #0x1\n\t"
        "MOV	r6, %[d0]\n\t"
        "MOV	r7, %[d1]\n\t"
        /* Do top 32 */
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "MOV	r3, #0x0\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        /* Next 30 bits */
        "MOV	r4, #0x1d\n\t"
        "\n"
    "L_div_2048_word_64_bit:\n\t"
        "LSLS	r6, r6, #1\n\t"
        "ADC	r7, r7, r7\n\t"
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "ADD	r3, r3, r3\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        "SUBS	r4, r4, #0x1\n\t"
        "bpl	L_div_2048_word_64_bit\n\t"
        "ADD	r3, r3, r3\n\t"
        "ADD	r3, r3, #0x1\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "SUBS	r8, %[div], r9\n\t"
        "SBC	r8, r8, r8\n\t"
        "SUB	%[d1], r3, r8\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#endif
/* Divide d in a and put remainder into r (m*d + r = a)
 * m is not calculated as it is not needed at this time.
 *
 * a  Number to be divided.
 * d  Number to divide with.
 * m  Multiplier result.
 * r  Remainder from the division.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_2048_div_64_cond(const sp_digit* a, const sp_digit* d,
        sp_digit* m, sp_digit* r)
{
    sp_digit t1[128], t2[65];
    sp_digit div, r1;
    int i;

    (void)m;

    div = d[63];
    XMEMCPY(t1, a, sizeof(*t1) * 2 * 64);
    for (i = 63; i > 0; i--) {
        if (t1[i + 64] != d[i])
            break;
    }
    if (t1[i + 64] >= d[i]) {
        sp_2048_sub_in_place_64(&t1[64], d);
    }
    for (i = 63; i >= 0; i--) {
        if (t1[64 + i] == div) {
            r1 = SP_DIGIT_MAX;
        }
        else {
            r1 = div_2048_word_64(t1[64 + i], t1[64 + i - 1], div);
        }

        sp_2048_mul_d_64(t2, d, r1);
        t1[64 + i] += sp_2048_sub_in_place_64(&t1[i], t2);
        t1[64 + i] -= t2[64];
        if (t1[64 + i] != 0) {
            t1[64 + i] += sp_2048_add_64(&t1[i], &t1[i], d);
            if (t1[64 + i] != 0)
                t1[64 + i] += sp_2048_add_64(&t1[i], &t1[i], d);
        }
    }

    for (i = 63; i > 0; i--) {
        if (t1[i] != d[i])
            break;
    }
    if (t1[i] >= d[i]) {
        sp_2048_sub_64(r, t1, d);
    }
    else {
        XMEMCPY(r, t1, sizeof(*t1) * 64);
    }

    return MP_OKAY;
}

/* Reduce a modulo m into r. (r = a mod m)
 *
 * r  A single precision number that is the reduced result.
 * a  A single precision number that is to be reduced.
 * m  A single precision number that is the modulus to reduce with.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_2048_mod_64_cond(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    return sp_2048_div_64_cond(a, m, NULL, r);
}

#if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH)
#if defined(WOLFSSL_HAVE_SP_DH) || !defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* AND m into each word of a and store in r.
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * m  Mask to AND against each digit.
 */
static void sp_2048_mask_64(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
    int i;

    for (i=0; i<64; i++) {
        r[i] = a[i] & m;
    }
#else
    int i;

    for (i = 0; i < 64; i += 8) {
        r[i+0] = a[i+0] & m;
        r[i+1] = a[i+1] & m;
        r[i+2] = a[i+2] & m;
        r[i+3] = a[i+3] & m;
        r[i+4] = a[i+4] & m;
        r[i+5] = a[i+5] & m;
        r[i+6] = a[i+6] & m;
        r[i+7] = a[i+7] & m;
    }
#endif
}

/* Compare a with b in constant time.
 *
 * a  A single precision integer.
 * b  A single precision integer.
 * return -ve, 0 or +ve if a is less than, equal to or greater than b
 * respectively.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_int32 sp_2048_cmp_64(const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register const sp_digit* a __asm__ ("r0") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r2, #0xffffffff\n\t"
        "MOV	r8, #0x1\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r3, #0xffffffff\n\t"
#ifdef WOLFSSL_SP_SMALL
        "MOV	r6, #0xfc\n\t"
        "\n"
    "L_sp_2048_cmp_64_words:\n\t"
        "LDR	r4, [%[a], r6]\n\t"
        "LDR	r5, [%[b], r6]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "SUBS	r6, r6, #0x4\n\t"
        "bcs	L_sp_2048_cmp_64_words\n\t"
        "EOR	r2, r2, r3\n\t"
#else
        "LDR	r4, [%[a], #252]\n\t"
        "LDR	r5, [%[b], #252]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #248]\n\t"
        "LDR	r5, [%[b], #248]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #244]\n\t"
        "LDR	r5, [%[b], #244]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #240]\n\t"
        "LDR	r5, [%[b], #240]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #236]\n\t"
        "LDR	r5, [%[b], #236]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #232]\n\t"
        "LDR	r5, [%[b], #232]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #228]\n\t"
        "LDR	r5, [%[b], #228]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #224]\n\t"
        "LDR	r5, [%[b], #224]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #220]\n\t"
        "LDR	r5, [%[b], #220]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #216]\n\t"
        "LDR	r5, [%[b], #216]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #212]\n\t"
        "LDR	r5, [%[b], #212]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #208]\n\t"
        "LDR	r5, [%[b], #208]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #204]\n\t"
        "LDR	r5, [%[b], #204]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #200]\n\t"
        "LDR	r5, [%[b], #200]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #196]\n\t"
        "LDR	r5, [%[b], #196]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #192]\n\t"
        "LDR	r5, [%[b], #192]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #188]\n\t"
        "LDR	r5, [%[b], #188]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #184]\n\t"
        "LDR	r5, [%[b], #184]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #180]\n\t"
        "LDR	r5, [%[b], #180]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #176]\n\t"
        "LDR	r5, [%[b], #176]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #172]\n\t"
        "LDR	r5, [%[b], #172]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #168]\n\t"
        "LDR	r5, [%[b], #168]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #164]\n\t"
        "LDR	r5, [%[b], #164]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #160]\n\t"
        "LDR	r5, [%[b], #160]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #156]\n\t"
        "LDR	r5, [%[b], #156]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #152]\n\t"
        "LDR	r5, [%[b], #152]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #148]\n\t"
        "LDR	r5, [%[b], #148]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #144]\n\t"
        "LDR	r5, [%[b], #144]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #140]\n\t"
        "LDR	r5, [%[b], #140]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #136]\n\t"
        "LDR	r5, [%[b], #136]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #132]\n\t"
        "LDR	r5, [%[b], #132]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #128]\n\t"
        "LDR	r5, [%[b], #128]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #124]\n\t"
        "LDR	r5, [%[b], #124]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #120]\n\t"
        "LDR	r5, [%[b], #120]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #116]\n\t"
        "LDR	r5, [%[b], #116]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #112]\n\t"
        "LDR	r5, [%[b], #112]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #108]\n\t"
        "LDR	r5, [%[b], #108]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #104]\n\t"
        "LDR	r5, [%[b], #104]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #100]\n\t"
        "LDR	r5, [%[b], #100]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #96]\n\t"
        "LDR	r5, [%[b], #96]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #92]\n\t"
        "LDR	r5, [%[b], #92]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #88]\n\t"
        "LDR	r5, [%[b], #88]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #84]\n\t"
        "LDR	r5, [%[b], #84]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #80]\n\t"
        "LDR	r5, [%[b], #80]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #76]\n\t"
        "LDR	r5, [%[b], #76]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #72]\n\t"
        "LDR	r5, [%[b], #72]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #68]\n\t"
        "LDR	r5, [%[b], #68]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #64]\n\t"
        "LDR	r5, [%[b], #64]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #60]\n\t"
        "LDR	r5, [%[b], #60]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #56]\n\t"
        "LDR	r5, [%[b], #56]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #52]\n\t"
        "LDR	r5, [%[b], #52]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #48]\n\t"
        "LDR	r5, [%[b], #48]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #44]\n\t"
        "LDR	r5, [%[b], #44]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #40]\n\t"
        "LDR	r5, [%[b], #40]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #36]\n\t"
        "LDR	r5, [%[b], #36]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #32]\n\t"
        "LDR	r5, [%[b], #32]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #28]\n\t"
        "LDR	r5, [%[b], #28]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #24]\n\t"
        "LDR	r5, [%[b], #24]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #20]\n\t"
        "LDR	r5, [%[b], #20]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #16]\n\t"
        "LDR	r5, [%[b], #16]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #12]\n\t"
        "LDR	r5, [%[b], #12]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #8]\n\t"
        "LDR	r5, [%[b], #8]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #4]\n\t"
        "LDR	r5, [%[b], #4]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[b]]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "EOR	r2, r2, r3\n\t"
#endif /*WOLFSSL_SP_SMALL */
        "MOV	%[a], r2\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Divide d in a and put remainder into r (m*d + r = a)
 * m is not calculated as it is not needed at this time.
 *
 * a  Number to be divided.
 * d  Number to divide with.
 * m  Multiplier result.
 * r  Remainder from the division.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_2048_div_64(const sp_digit* a, const sp_digit* d,
        sp_digit* m, sp_digit* r)
{
    sp_digit t1[128], t2[65];
    sp_digit div, r1;
    int i;

    (void)m;

    div = d[63];
    XMEMCPY(t1, a, sizeof(*t1) * 2 * 64);
    r1 = sp_2048_cmp_64(&t1[64], d) >= 0;
    sp_2048_cond_sub_64(&t1[64], &t1[64], d, (sp_digit)0 - r1);
    for (i = 63; i >= 0; i--) {
        volatile sp_digit mask = (sp_digit)0 - (t1[64 + i] == div);
        sp_digit hi = t1[64 + i] + mask;
        r1 = div_2048_word_64(hi, t1[64 + i - 1], div);
        r1 |= mask;

        sp_2048_mul_d_64(t2, d, r1);
        t1[64 + i] += sp_2048_sub_in_place_64(&t1[i], t2);
        t1[64 + i] -= t2[64];
        sp_2048_mask_64(t2, d, t1[64 + i]);
        t1[64 + i] += sp_2048_add_64(&t1[i], &t1[i], t2);
        sp_2048_mask_64(t2, d, t1[64 + i]);
        t1[64 + i] += sp_2048_add_64(&t1[i], &t1[i], t2);
    }

    r1 = sp_2048_cmp_64(t1, d) >= 0;
    sp_2048_cond_sub_64(r, t1, d, (sp_digit)0 - r1);

    return MP_OKAY;
}

/* Reduce a modulo m into r. (r = a mod m)
 *
 * r  A single precision number that is the reduced result.
 * a  A single precision number that is to be reduced.
 * m  A single precision number that is the modulus to reduce with.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_2048_mod_64(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    return sp_2048_div_64(a, m, NULL, r);
}

#endif /* WOLFSSL_HAVE_SP_DH || !WOLFSSL_RSA_PUBLIC_ONLY */
#if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
                                                     defined(WOLFSSL_HAVE_SP_DH)
#ifdef WOLFSSL_SP_SMALL
/* Modular exponentiate a to the e mod m. (r = a^e mod m)
 *
 * r     A single precision number that is the result of the operation.
 * a     A single precision number being exponentiated.
 * e     A single precision number that is the exponent.
 * bits  The number of bits in the exponent.
 * m     A single precision number that is the modulus.
 * returns  0 on success.
 * returns  MEMORY_E on dynamic memory allocation failure.
 * returns  MP_VAL when base is even or exponent is 0.
 */
static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
        int bits, const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* td = NULL;
#else
    sp_digit td[8 * 128];
#endif
    sp_digit* t[8];
    sp_digit* norm = NULL;
    sp_digit mp = 1;
    sp_digit n;
    sp_digit mask;
    int i;
    int c;
    byte y;
    int err = MP_OKAY;

    if (bits == 0) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 128), NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        norm = td;
        for (i=0; i<8; i++) {
            t[i] = td + i * 128;
        }

        sp_2048_mont_setup(m, &mp);
        sp_2048_mont_norm_64(norm, m);

        XMEMSET(t[1], 0, sizeof(sp_digit) * 64U);
        if (reduceA != 0) {
            err = sp_2048_mod_64(t[1] + 64, a, m);
            if (err == MP_OKAY) {
                err = sp_2048_mod_64(t[1], t[1], m);
            }
        }
        else {
            XMEMCPY(t[1] + 64, a, sizeof(sp_digit) * 64);
            err = sp_2048_mod_64(t[1], t[1], m);
        }
    }

    if (err == MP_OKAY) {
        sp_2048_mont_sqr_64(t[ 2], t[ 1], m, mp);
        sp_2048_mont_mul_64(t[ 3], t[ 2], t[ 1], m, mp);
        sp_2048_mont_sqr_64(t[ 4], t[ 2], m, mp);
        sp_2048_mont_mul_64(t[ 5], t[ 3], t[ 2], m, mp);
        sp_2048_mont_sqr_64(t[ 6], t[ 3], m, mp);
        sp_2048_mont_mul_64(t[ 7], t[ 4], t[ 3], m, mp);

        i = (bits - 1) / 32;
        n = e[i--];
        c = bits & 31;
        if (c == 0) {
            c = 32;
        }
        c -= bits % 3;
        if (c == 32) {
            c = 29;
        }
        if (c < 0) {
            /* Number of bits in top word is less than number needed. */
            c = -c;
            y = (byte)(n << c);
            n = e[i--];
            y |= (byte)(n >> (64 - c));
            n <<= c;
            c = 64 - c;
        }
        else if (c == 0) {
            /* All bits in top word used. */
            y = (byte)n;
        }
        else {
            y = (byte)(n >> c);
            n <<= 32 - c;
        }
        XMEMCPY(r, t[y], sizeof(sp_digit) * 64);
        for (; i>=0 || c>=3; ) {
            if (c == 0) {
                n = e[i--];
                y = (byte)(n >> 29);
                n <<= 3;
                c = 29;
            }
            else if (c < 3) {
                y = (byte)(n >> 29);
                n = e[i--];
                c = 3 - c;
                y |= (byte)(n >> (32 - c));
                n <<= c;
                c = 32 - c;
            }
            else {
                y = (byte)((n >> 29) & 0x7);
                n <<= 3;
                c -= 3;
            }

            sp_2048_mont_sqr_64(r, r, m, mp);
            sp_2048_mont_sqr_64(r, r, m, mp);
            sp_2048_mont_sqr_64(r, r, m, mp);

            sp_2048_mont_mul_64(r, r, t[y], m, mp);
        }

        XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
        sp_2048_mont_reduce_64(r, m, mp);

        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
        sp_2048_cond_sub_64(r, r, m, mask);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (td != NULL)
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

    return err;
}
#else
/* Modular exponentiate a to the e mod m. (r = a^e mod m)
 *
 * r     A single precision number that is the result of the operation.
 * a     A single precision number being exponentiated.
 * e     A single precision number that is the exponent.
 * bits  The number of bits in the exponent.
 * m     A single precision number that is the modulus.
 * returns  0 on success.
 * returns  MEMORY_E on dynamic memory allocation failure.
 * returns  MP_VAL when base is even or exponent is 0.
 */
static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
        int bits, const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* td = NULL;
#else
    sp_digit td[16 * 128];
#endif
    sp_digit* t[16];
    sp_digit* norm = NULL;
    sp_digit mp = 1;
    sp_digit n;
    sp_digit mask;
    int i;
    int c;
    byte y;
    int err = MP_OKAY;

    if (bits == 0) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        norm = td;
        for (i=0; i<16; i++) {
            t[i] = td + i * 128;
        }

        sp_2048_mont_setup(m, &mp);
        sp_2048_mont_norm_64(norm, m);

        XMEMSET(t[1], 0, sizeof(sp_digit) * 64U);
        if (reduceA != 0) {
            err = sp_2048_mod_64(t[1] + 64, a, m);
            if (err == MP_OKAY) {
                err = sp_2048_mod_64(t[1], t[1], m);
            }
        }
        else {
            XMEMCPY(t[1] + 64, a, sizeof(sp_digit) * 64);
            err = sp_2048_mod_64(t[1], t[1], m);
        }
    }

    if (err == MP_OKAY) {
        sp_2048_mont_sqr_64(t[ 2], t[ 1], m, mp);
        sp_2048_mont_mul_64(t[ 3], t[ 2], t[ 1], m, mp);
        sp_2048_mont_sqr_64(t[ 4], t[ 2], m, mp);
        sp_2048_mont_mul_64(t[ 5], t[ 3], t[ 2], m, mp);
        sp_2048_mont_sqr_64(t[ 6], t[ 3], m, mp);
        sp_2048_mont_mul_64(t[ 7], t[ 4], t[ 3], m, mp);
        sp_2048_mont_sqr_64(t[ 8], t[ 4], m, mp);
        sp_2048_mont_mul_64(t[ 9], t[ 5], t[ 4], m, mp);
        sp_2048_mont_sqr_64(t[10], t[ 5], m, mp);
        sp_2048_mont_mul_64(t[11], t[ 6], t[ 5], m, mp);
        sp_2048_mont_sqr_64(t[12], t[ 6], m, mp);
        sp_2048_mont_mul_64(t[13], t[ 7], t[ 6], m, mp);
        sp_2048_mont_sqr_64(t[14], t[ 7], m, mp);
        sp_2048_mont_mul_64(t[15], t[ 8], t[ 7], m, mp);

        i = (bits - 1) / 32;
        n = e[i--];
        c = bits & 31;
        if (c == 0) {
            c = 32;
        }
        c -= bits % 4;
        if (c == 32) {
            c = 28;
        }
        if (c < 0) {
            /* Number of bits in top word is less than number needed. */
            c = -c;
            y = (byte)(n << c);
            n = e[i--];
            y |= (byte)(n >> (64 - c));
            n <<= c;
            c = 64 - c;
        }
        else if (c == 0) {
            /* All bits in top word used. */
            y = (byte)n;
        }
        else {
            y = (byte)(n >> c);
            n <<= 32 - c;
        }
        XMEMCPY(r, t[y], sizeof(sp_digit) * 64);
        for (; i>=0 || c>=4; ) {
            if (c == 0) {
                n = e[i--];
                y = (byte)(n >> 28);
                n <<= 4;
                c = 28;
            }
            else if (c < 4) {
                y = (byte)(n >> 28);
                n = e[i--];
                c = 4 - c;
                y |= (byte)(n >> (32 - c));
                n <<= c;
                c = 32 - c;
            }
            else {
                y = (byte)((n >> 28) & 0xf);
                n <<= 4;
                c -= 4;
            }

            sp_2048_mont_sqr_64(r, r, m, mp);
            sp_2048_mont_sqr_64(r, r, m, mp);
            sp_2048_mont_sqr_64(r, r, m, mp);
            sp_2048_mont_sqr_64(r, r, m, mp);

            sp_2048_mont_mul_64(r, r, t[y], m, mp);
        }

        XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
        sp_2048_mont_reduce_64(r, m, mp);

        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
        sp_2048_cond_sub_64(r, r, m, mask);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (td != NULL)
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

    return err;
}
#endif /* WOLFSSL_SP_SMALL */
#endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || WOLFSSL_HAVE_SP_DH */

#endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || WOLFSSL_HAVE_SP_DH */
#ifdef WOLFSSL_HAVE_SP_RSA
/* RSA public key operation.
 *
 * in      Array of bytes representing the number to exponentiate, base.
 * inLen   Number of bytes in base.
 * em      Public exponent.
 * mm      Modulus.
 * out     Buffer to hold big-endian bytes of exponentiation result.
 *         Must be at least 256 bytes long.
 * outLen  Number of bytes in result.
 * returns 0 on success, MP_TO_E when the outLen is too small, MP_READ_E when
 * an array is too long and MEMORY_E when dynamic memory allocation fails.
 */
int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
    const mp_int* mm, byte* out, word32* outLen)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* a = NULL;
#else
    sp_digit a[64 * 5];
#endif
    sp_digit* m = NULL;
    sp_digit* r = NULL;
    sp_digit *ah = NULL;
    sp_digit e[1] = {0};
    int err = MP_OKAY;

    if (*outLen < 256) {
        err = MP_TO_E;
    }
    else if (mp_count_bits(em) > 32 || inLen > 256 ||
                                                     mp_count_bits(mm) != 2048) {
        err = MP_READ_E;
    }
    else if (mp_iseven(mm)) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL,
                                                              DYNAMIC_TYPE_RSA);
        if (a == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        ah = a + 64;
        r = a + 64 * 2;
        m = r + 64 * 2;

        sp_2048_from_bin(ah, 64, in, inLen);
#if DIGIT_BIT >= 32
        e[0] = em->dp[0];
#else
        e[0] = em->dp[0];
        if (em->used > 1) {
            e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
        }
#endif
        if (e[0] == 0) {
            err = MP_EXPTMOD_E;
        }
    }
    if (err == MP_OKAY) {
        sp_2048_from_mp(m, 64, mm);

        if (e[0] == 0x10001) {
            int i;
            sp_digit mp;

            sp_2048_mont_setup(m, &mp);

            /* Convert to Montgomery form. */
            XMEMSET(a, 0, sizeof(sp_digit) * 64);
            err = sp_2048_mod_64_cond(r, a, m);
            /* Montgomery form: r = a.R mod m */

            if (err == MP_OKAY) {
                /* r = a ^ 0x10000 => r = a squared 16 times */
                for (i = 15; i >= 0; i--) {
                    sp_2048_mont_sqr_64(r, r, m, mp);
                }
                /* mont_red(r.R.R) = (r.R.R / R) mod m = r.R mod m
                 * mont_red(r.R * a) = (r.R.a / R) mod m = r.a mod m
                 */
                sp_2048_mont_mul_64(r, r, ah, m, mp);

                for (i = 63; i > 0; i--) {
                    if (r[i] != m[i]) {
                        break;
                    }
                }
                if (r[i] >= m[i]) {
                    sp_2048_sub_in_place_64(r, m);
                }
            }
        }
        else if (e[0] == 0x3) {
            if (err == MP_OKAY) {
                sp_2048_sqr_64(r, ah);
                err = sp_2048_mod_64_cond(r, r, m);
            }
            if (err == MP_OKAY) {
                sp_2048_mul_64(r, ah, r);
                err = sp_2048_mod_64_cond(r, r, m);
            }
        }
        else {
            int i;
            sp_digit mp;

            sp_2048_mont_setup(m, &mp);

            /* Convert to Montgomery form. */
            XMEMSET(a, 0, sizeof(sp_digit) * 64);
            err = sp_2048_mod_64_cond(a, a, m);

            if (err == MP_OKAY) {
                for (i = 31; i >= 0; i--) {
                    if (e[0] >> i) {
                        break;
                    }
                }

                XMEMCPY(r, a, sizeof(sp_digit) * 64);
                for (i--; i >= 0; i--) {
                    sp_2048_mont_sqr_64(r, r, m, mp);
                    if (((e[0] >> i) & 1) == 1) {
                        sp_2048_mont_mul_64(r, r, a, m, mp);
                    }
                }
                XMEMSET(&r[64], 0, sizeof(sp_digit) * 64);
                sp_2048_mont_reduce_64(r, m, mp);

                for (i = 63; i > 0; i--) {
                    if (r[i] != m[i]) {
                        break;
                    }
                }
                if (r[i] >= m[i]) {
                    sp_2048_sub_in_place_64(r, m);
                }
            }
        }
    }

    if (err == MP_OKAY) {
        sp_2048_to_bin_64(r, out);
        *outLen = 256;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (a != NULL)
        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif

    return err;
}

#ifndef WOLFSSL_RSA_PUBLIC_ONLY
#ifdef WOLFSSL_SP_SMALL
/* Conditionally add a and b using the mask m.
 * m is -1 to add and 0 when not.
 *
 * r  A single precision number representing conditional add result.
 * a  A single precision number to add with.
 * b  A single precision number to add.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r5, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "\n"
    "L_sp_2048_cond_add_32_words:\n\t"
        "ADDS	r5, r5, #0xffffffff\n\t"
        "LDR	r6, [%[a], r4]\n\t"
        "LDR	r7, [%[b], r4]\n\t"
        "AND	r7, r7, %[m]\n\t"
        "ADCS	r6, r6, r7\n\t"
        "ADC	r5, r8, r8\n\t"
        "STR	r6, [%[r], r4]\n\t"
        "ADD	r4, r4, #0x4\n\t"
        "CMP	r4, #0x80\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_2048_cond_add_32_words\n\t"
#else
        "BLT.N	L_sp_2048_cond_add_32_words\n\t"
#endif
        "MOV	%[r], r5\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Conditionally add a and b using the mask m.
 * m is -1 to add and 0 when not.
 *
 * r  A single precision number representing conditional add result.
 * a  A single precision number to add with.
 * b  A single precision number to add.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r10, #0x0\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADDS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "ADC	%[r], r10, r10\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
/* RSA private key operation.
 *
 * in      Array of bytes representing the number to exponentiate, base.
 * inLen   Number of bytes in base.
 * dm      Private exponent.
 * pm      First prime.
 * qm      Second prime.
 * dpm     First prime's CRT exponent.
 * dqm     Second prime's CRT exponent.
 * qim     Inverse of second prime mod p.
 * mm      Modulus.
 * out     Buffer to hold big-endian bytes of exponentiation result.
 *         Must be at least 256 bytes long.
 * outLen  Number of bytes in result.
 * returns 0 on success, MP_TO_E when the outLen is too small, MP_READ_E when
 * an array is too long and MEMORY_E when dynamic memory allocation fails.
 */
int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
    const mp_int* pm, const mp_int* qm, const mp_int* dpm, const mp_int* dqm,
    const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* d = NULL;
#else
    sp_digit  d[64 * 4];
#endif
    sp_digit* a = NULL;
    sp_digit* m = NULL;
    sp_digit* r = NULL;
    int err = MP_OKAY;

    (void)pm;
    (void)qm;
    (void)dpm;
    (void)dqm;
    (void)qim;

    if (*outLen < 256U) {
        err = MP_TO_E;
    }
    if (err == MP_OKAY) {
        if (mp_count_bits(dm) > 2048) {
           err = MP_READ_E;
        }
        else if (inLen > 256) {
            err = MP_READ_E;
        }
        else if (mp_count_bits(mm) != 2048) {
            err = MP_READ_E;
        }
        else if (mp_iseven(mm)) {
            err = MP_VAL;
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 4, NULL,
                                                              DYNAMIC_TYPE_RSA);
        if (d == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        a = d + 64;
        m = a + 128;
        r = a;

        sp_2048_from_bin(a, 64, in, inLen);
        sp_2048_from_mp(d, 64, dm);
        sp_2048_from_mp(m, 64, mm);
        err = sp_2048_mod_exp_64(r, a, d, 2048, m, 0);
    }

    if (err == MP_OKAY) {
        sp_2048_to_bin_64(r, out);
        *outLen = 256;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (d != NULL)
#endif
    {
        /* only "a" and "r" are sensitive and need zeroized (same pointer) */
        if (a != NULL)
            ForceZero(a, sizeof(sp_digit) * 64);
#ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
#endif
    }

    return err;
#else
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* a = NULL;
#else
    sp_digit a[32 * 11];
#endif
    sp_digit* p = NULL;
    sp_digit* q = NULL;
    sp_digit* dp = NULL;
    sp_digit* tmpa = NULL;
    sp_digit* tmpb = NULL;
    sp_digit* r = NULL;
    sp_digit* qi = NULL;
    sp_digit* dq = NULL;
    sp_digit c;
    int err = MP_OKAY;

    (void)dm;
    (void)mm;

    if (*outLen < 256) {
        err = MP_TO_E;
    }
    else if (inLen > 256 || mp_count_bits(mm) != 2048) {
        err = MP_READ_E;
    }
    else if (mp_iseven(mm)) {
        err = MP_VAL;
    }
    else if (mp_iseven(pm)) {
        err = MP_VAL;
    }
    else if (mp_iseven(qm)) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL,
                                                              DYNAMIC_TYPE_RSA);
        if (a == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        p = a + 64 * 2;
        q = p + 32;
        qi = dq = dp = q + 32;
        tmpa = qi + 32;
        tmpb = tmpa + 64;
        r = a;

        sp_2048_from_bin(a, 64, in, inLen);
        sp_2048_from_mp(p, 32, pm);
        sp_2048_from_mp(q, 32, qm);
        sp_2048_from_mp(dp, 32, dpm);

        err = sp_2048_mod_exp_32(tmpa, a, dp, 1024, p, 1);
    }
    if (err == MP_OKAY) {
        sp_2048_from_mp(dq, 32, dqm);
        err = sp_2048_mod_exp_32(tmpb, a, dq, 1024, q, 1);
    }

    if (err == MP_OKAY) {
        c = sp_2048_sub_in_place_32(tmpa, tmpb);
        c += sp_2048_cond_add_32(tmpa, tmpa, p, c);
        sp_2048_cond_add_32(tmpa, tmpa, p, c);

        sp_2048_from_mp(qi, 32, qim);
        sp_2048_mul_32(tmpa, tmpa, qi);
        err = sp_2048_mod_32(tmpa, tmpa, p);
    }

    if (err == MP_OKAY) {
        sp_2048_mul_32(tmpa, q, tmpa);
        XMEMSET(&tmpb[32], 0, sizeof(sp_digit) * 32);
        sp_2048_add_64(r, tmpb, tmpa);

        sp_2048_to_bin_64(r, out);
        *outLen = 256;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (a != NULL)
#endif
    {
        ForceZero(a, sizeof(sp_digit) * 32 * 11);
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
    #endif
    }
#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
    return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
#endif /* WOLFSSL_HAVE_SP_RSA */
#if defined(WOLFSSL_HAVE_SP_DH) || (defined(WOLFSSL_HAVE_SP_RSA) && \
                                              !defined(WOLFSSL_RSA_PUBLIC_ONLY))
/* Convert an array of sp_digit to an mp_int.
 *
 * a  A single precision integer.
 * r  A multi-precision integer.
 */
static int sp_2048_to_mp(const sp_digit* a, mp_int* r)
{
    int err;

    err = mp_grow(r, (2048 + DIGIT_BIT - 1) / DIGIT_BIT);
    if (err == MP_OKAY) { /*lint !e774 case where err is always MP_OKAY*/
#if DIGIT_BIT == 32
        XMEMCPY(r->dp, a, sizeof(sp_digit) * 64);
        r->used = 64;
        mp_clamp(r);
#elif DIGIT_BIT < 32
        int i;
        int j = 0;
        int s = 0;

        r->dp[0] = 0;
        for (i = 0; i < 64; i++) {
            r->dp[j] |= (mp_digit)(a[i] << s);
            r->dp[j] &= ((sp_digit)1 << DIGIT_BIT) - 1;
            s = DIGIT_BIT - s;
            r->dp[++j] = (mp_digit)(a[i] >> s);
            while (s + DIGIT_BIT <= 32) {
                s += DIGIT_BIT;
                r->dp[j++] &= ((sp_digit)1 << DIGIT_BIT) - 1;
                if (s == SP_WORD_SIZE) {
                    r->dp[j] = 0;
                }
                else {
                    r->dp[j] = (mp_digit)(a[i] >> s);
                }
            }
            s = 32 - s;
        }
        r->used = (2048 + DIGIT_BIT - 1) / DIGIT_BIT;
        mp_clamp(r);
#else
        int i;
        int j = 0;
        int s = 0;

        r->dp[0] = 0;
        for (i = 0; i < 64; i++) {
            r->dp[j] |= ((mp_digit)a[i]) << s;
            if (s + 32 >= DIGIT_BIT) {
    #if DIGIT_BIT != 32 && DIGIT_BIT != 64
                r->dp[j] &= ((sp_digit)1 << DIGIT_BIT) - 1;
    #endif
                s = DIGIT_BIT - s;
                r->dp[++j] = a[i] >> s;
                s = 32 - s;
            }
            else {
                s += 32;
            }
        }
        r->used = (2048 + DIGIT_BIT - 1) / DIGIT_BIT;
        mp_clamp(r);
#endif
    }

    return err;
}

/* Perform the modular exponentiation for Diffie-Hellman.
 *
 * base  Base. MP integer.
 * exp   Exponent. MP integer.
 * mod   Modulus. MP integer.
 * res   Result. MP integer.
 * returns 0 on success, MP_READ_E if there are too many bytes in an array
 * and MEMORY_E if memory allocation fails.
 */
int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod,
    mp_int* res)
{
    int err = MP_OKAY;
    sp_digit b[128];
    sp_digit e[64];
    sp_digit m[64];
    sp_digit* r = b;
    int expBits = mp_count_bits(exp);

    if (mp_count_bits(base) > 2048) {
        err = MP_READ_E;
    }
    else if (expBits > 2048) {
        err = MP_READ_E;
    }
    else if (mp_count_bits(mod) != 2048) {
        err = MP_READ_E;
    }
    else if (mp_iseven(mod)) {
        err = MP_VAL;
    }

    if (err == MP_OKAY) {
        sp_2048_from_mp(b, 64, base);
        sp_2048_from_mp(e, 64, exp);
        sp_2048_from_mp(m, 64, mod);

        err = sp_2048_mod_exp_64(r, b, e, expBits, m, 0);
    }

    if (err == MP_OKAY) {
        err = sp_2048_to_mp(r, res);
    }

    XMEMSET(e, 0, sizeof(e));

    return err;
}

#ifdef WOLFSSL_HAVE_SP_DH

#ifdef HAVE_FFDHE_2048
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_2048_lshift_64(sp_digit* r_p, const sp_digit* a_p, byte n_p)
#else
static void sp_2048_lshift_64(sp_digit* r, const sp_digit* a, byte n)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register byte n __asm__ ("r2") = (byte)n_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "RSB	r7, %[n], #0x1f\n\t"
        "LDR	r5, [%[a], #252]\n\t"
        "LSR	r6, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r6, r6, r7\n\t"
        "LDR	r4, [%[a], #248]\n\t"
        "STR	r6, [%[r], #256]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #244]\n\t"
        "STR	r5, [%[r], #252]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #240]\n\t"
        "STR	r4, [%[r], #248]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #236]\n\t"
        "STR	r6, [%[r], #244]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #232]\n\t"
        "STR	r5, [%[r], #240]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #228]\n\t"
        "STR	r4, [%[r], #236]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #224]\n\t"
        "STR	r6, [%[r], #232]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #220]\n\t"
        "STR	r5, [%[r], #228]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #216]\n\t"
        "STR	r4, [%[r], #224]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #212]\n\t"
        "STR	r6, [%[r], #220]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #208]\n\t"
        "STR	r5, [%[r], #216]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #204]\n\t"
        "STR	r4, [%[r], #212]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #200]\n\t"
        "STR	r6, [%[r], #208]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #196]\n\t"
        "STR	r5, [%[r], #204]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #192]\n\t"
        "STR	r4, [%[r], #200]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #188]\n\t"
        "STR	r6, [%[r], #196]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #184]\n\t"
        "STR	r5, [%[r], #192]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #180]\n\t"
        "STR	r4, [%[r], #188]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #176]\n\t"
        "STR	r6, [%[r], #184]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #172]\n\t"
        "STR	r5, [%[r], #180]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #168]\n\t"
        "STR	r4, [%[r], #176]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #164]\n\t"
        "STR	r6, [%[r], #172]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #160]\n\t"
        "STR	r5, [%[r], #168]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #156]\n\t"
        "STR	r4, [%[r], #164]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #152]\n\t"
        "STR	r6, [%[r], #160]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #148]\n\t"
        "STR	r5, [%[r], #156]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #144]\n\t"
        "STR	r4, [%[r], #152]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #140]\n\t"
        "STR	r6, [%[r], #148]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #136]\n\t"
        "STR	r5, [%[r], #144]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #132]\n\t"
        "STR	r4, [%[r], #140]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #128]\n\t"
        "STR	r6, [%[r], #136]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #124]\n\t"
        "STR	r5, [%[r], #132]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #120]\n\t"
        "STR	r4, [%[r], #128]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #116]\n\t"
        "STR	r6, [%[r], #124]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #112]\n\t"
        "STR	r5, [%[r], #120]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #108]\n\t"
        "STR	r4, [%[r], #116]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #104]\n\t"
        "STR	r6, [%[r], #112]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #100]\n\t"
        "STR	r5, [%[r], #108]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #96]\n\t"
        "STR	r4, [%[r], #104]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #92]\n\t"
        "STR	r6, [%[r], #100]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #88]\n\t"
        "STR	r5, [%[r], #96]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #84]\n\t"
        "STR	r4, [%[r], #92]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #80]\n\t"
        "STR	r6, [%[r], #88]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #76]\n\t"
        "STR	r5, [%[r], #84]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #72]\n\t"
        "STR	r4, [%[r], #80]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #68]\n\t"
        "STR	r6, [%[r], #76]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #64]\n\t"
        "STR	r5, [%[r], #72]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #60]\n\t"
        "STR	r4, [%[r], #68]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #56]\n\t"
        "STR	r6, [%[r], #64]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #52]\n\t"
        "STR	r5, [%[r], #60]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #48]\n\t"
        "STR	r4, [%[r], #56]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #44]\n\t"
        "STR	r6, [%[r], #52]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #40]\n\t"
        "STR	r5, [%[r], #48]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #36]\n\t"
        "STR	r4, [%[r], #44]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #32]\n\t"
        "STR	r6, [%[r], #40]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #28]\n\t"
        "STR	r5, [%[r], #36]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #24]\n\t"
        "STR	r4, [%[r], #32]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #20]\n\t"
        "STR	r6, [%[r], #28]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #16]\n\t"
        "STR	r5, [%[r], #24]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #12]\n\t"
        "STR	r4, [%[r], #20]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #8]\n\t"
        "STR	r6, [%[r], #16]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #4]\n\t"
        "STR	r5, [%[r], #12]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a]]\n\t"
        "STR	r4, [%[r], #8]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "STR	r5, [%[r]]\n\t"
        "STR	r6, [%[r], #4]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
        :
        : "memory", "r4", "r5", "r6", "r3", "r7", "cc"
    );
}

/* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
 *
 * r     A single precision number that is the result of the operation.
 * e     A single precision number that is the exponent.
 * bits  The number of bits in the exponent.
 * m     A single precision number that is the modulus.
 * returns  0 on success.
 * returns  MEMORY_E on dynamic memory allocation failure.
 * returns  MP_VAL when base is even.
 */
static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
        const sp_digit* m)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* td = NULL;
#else
    sp_digit td[193];
#endif
    sp_digit* norm = NULL;
    sp_digit* tmp = NULL;
    sp_digit mp = 1;
    sp_digit n;
    sp_digit o;
    sp_digit mask;
    int i;
    int c;
    byte y;
    int err = MP_OKAY;

    if (bits == 0) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        norm = td;
        tmp = td + 128;

        sp_2048_mont_setup(m, &mp);
        sp_2048_mont_norm_64(norm, m);

        i = (bits - 1) / 32;
        n = e[i--];
        c = bits & 31;
        if (c == 0) {
            c = 32;
        }
        c -= bits % 5;
        if (c == 32) {
            c = 27;
        }
        if (c < 0) {
            /* Number of bits in top word is less than number needed. */
            c = -c;
            y = (byte)(n << c);
            n = e[i--];
            y |= (byte)(n >> (64 - c));
            n <<= c;
            c = 64 - c;
        }
        else if (c == 0) {
            /* All bits in top word used. */
            y = (byte)n;
        }
        else {
            y = (byte)(n >> c);
            n <<= 32 - c;
        }
        sp_2048_lshift_64(r, norm, y);
        for (; i>=0 || c>=5; ) {
            if (c == 0) {
                n = e[i--];
                y = (byte)(n >> 27);
                n <<= 5;
                c = 27;
            }
            else if (c < 5) {
                y = (byte)(n >> 27);
                n = e[i--];
                c = 5 - c;
                y |= (byte)(n >> (32 - c));
                n <<= c;
                c = 32 - c;
            }
            else {
                y = (byte)((n >> 27) & 0x1f);
                n <<= 5;
                c -= 5;
            }

            sp_2048_mont_sqr_64(r, r, m, mp);
            sp_2048_mont_sqr_64(r, r, m, mp);
            sp_2048_mont_sqr_64(r, r, m, mp);
            sp_2048_mont_sqr_64(r, r, m, mp);
            sp_2048_mont_sqr_64(r, r, m, mp);

            sp_2048_lshift_64(r, r, y);
            sp_2048_mul_d_64(tmp, norm, r[64]);
            r[64] = 0;
            o = sp_2048_add_64(r, r, tmp);
            sp_2048_cond_sub_64(r, r, m, (sp_digit)0 - o);
        }

        XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
        sp_2048_mont_reduce_64(r, m, mp);

        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
        sp_2048_cond_sub_64(r, r, m, mask);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (td != NULL)
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

    return err;
}
#endif /* HAVE_FFDHE_2048 */

/* Perform the modular exponentiation for Diffie-Hellman.
 *
 * base     Base.
 * exp      Array of bytes that is the exponent.
 * expLen   Length of data, in bytes, in exponent.
 * mod      Modulus.
 * out      Buffer to hold big-endian bytes of exponentiation result.
 *          Must be at least 256 bytes long.
 * outLen   Length, in bytes, of exponentiation result.
 * returns 0 on success, MP_READ_E if there are too many bytes in an array
 * and MEMORY_E if memory allocation fails.
 */
int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
    const mp_int* mod, byte* out, word32* outLen)
{
    int err = MP_OKAY;
    sp_digit b[128];
    sp_digit e[64];
    sp_digit m[64];
    sp_digit* r = b;
    word32 i;

    if (mp_count_bits(base) > 2048) {
        err = MP_READ_E;
    }
    else if (expLen > 256) {
        err = MP_READ_E;
    }
    else if (mp_count_bits(mod) != 2048) {
        err = MP_READ_E;
    }
    else if (mp_iseven(mod)) {
        err = MP_VAL;
    }

    if (err == MP_OKAY) {
        sp_2048_from_mp(b, 64, base);
        sp_2048_from_bin(e, 64, exp, expLen);
        sp_2048_from_mp(m, 64, mod);

    #ifdef HAVE_FFDHE_2048
        if (base->used == 1 && base->dp[0] == 2 && m[63] == (sp_digit)-1)
            err = sp_2048_mod_exp_2_64(r, e, expLen * 8, m);
        else
    #endif
            err = sp_2048_mod_exp_64(r, b, e, expLen * 8, m, 0);

    }

    if (err == MP_OKAY) {
        sp_2048_to_bin_64(r, out);
        *outLen = 256;
        for (i=0; i<256 && out[i] == 0; i++) {
            /* Search for first non-zero. */
        }
        *outLen -= i;
        XMEMMOVE(out, out + i, *outLen);

    }

    XMEMSET(e, 0, sizeof(e));

    return err;
}
#endif /* WOLFSSL_HAVE_SP_DH */

/* Perform the modular exponentiation for Diffie-Hellman.
 *
 * base  Base. MP integer.
 * exp   Exponent. MP integer.
 * mod   Modulus. MP integer.
 * res   Result. MP integer.
 * returns 0 on success, MP_READ_E if there are too many bytes in an array
 * and MEMORY_E if memory allocation fails.
 */
int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod,
    mp_int* res)
{
    int err = MP_OKAY;
    sp_digit b[64];
    sp_digit e[32];
    sp_digit m[32];
    sp_digit* r = b;
    int expBits = mp_count_bits(exp);

    if (mp_count_bits(base) > 1024) {
        err = MP_READ_E;
    }
    else if (expBits > 1024) {
        err = MP_READ_E;
    }
    else if (mp_count_bits(mod) != 1024) {
        err = MP_READ_E;
    }
    else if (mp_iseven(mod)) {
        err = MP_VAL;
    }

    if (err == MP_OKAY) {
        sp_2048_from_mp(b, 32, base);
        sp_2048_from_mp(e, 32, exp);
        sp_2048_from_mp(m, 32, mod);

        err = sp_2048_mod_exp_32(r, b, e, expBits, m, 0);
    }

    if (err == MP_OKAY) {
        XMEMSET(r + 32, 0, sizeof(*r) * 32U);
        err = sp_2048_to_mp(r, res);
        res->used = mod->used;
        mp_clamp(res);
    }

    XMEMSET(e, 0, sizeof(e));

    return err;
}

#endif /* WOLFSSL_HAVE_SP_DH | (WOLFSSL_HAVE_SP_RSA & !WOLFSSL_RSA_PUBLIC_ONLY) */

#endif /* !WOLFSSL_SP_NO_2048 */

#ifndef WOLFSSL_SP_NO_3072
/* Read big endian unsigned byte array into r.
 *
 * r  A single precision integer.
 * size  Maximum number of bytes to convert
 * a  Byte array.
 * n  Number of bytes in array to read.
 */
static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n)
{
    int i;
    int j;
    byte* d;

    for (i = n - 1,j = 0; i >= 3; i -= 4) {
        r[j]  = ((sp_digit)a[i - 0] <<  0) |
                ((sp_digit)a[i - 1] <<  8) |
                ((sp_digit)a[i - 2] << 16) |
                ((sp_digit)a[i - 3] << 24);
        j++;
    }

    if (i >= 0) {
        r[j] = 0;

        d = (byte*)r;
        switch (i) {
            case 2: d[n - 1 - 2] = a[2]; //fallthrough
            case 1: d[n - 1 - 1] = a[1]; //fallthrough
            case 0: d[n - 1 - 0] = a[0]; //fallthrough
        }
        j++;
    }

    for (; j < size; j++) {
        r[j] = 0;
    }
}

/* Convert an mp_int to an array of sp_digit.
 *
 * r  A single precision integer.
 * size  Maximum number of bytes to convert
 * a  A multi-precision integer.
 */
static void sp_3072_from_mp(sp_digit* r, int size, const mp_int* a)
{
#if DIGIT_BIT == 32
    int i;
    sp_digit j = (sp_digit)0 - (sp_digit)a->used;
    int o = 0;

    for (i = 0; i < size; i++) {
        sp_digit mask = (sp_digit)0 - (j >> 31);
        r[i] = a->dp[o] & mask;
        j++;
        o += (int)(j >> 31);
    }
#elif DIGIT_BIT > 32
    unsigned int i;
    int j = 0;
    word32 s = 0;

    r[0] = 0;
    for (i = 0; i < (unsigned int)a->used && j < size; i++) {
        r[j] |= ((sp_digit)a->dp[i] << s);
        r[j] &= 0xffffffff;
        s = 32U - s;
        if (j + 1 >= size) {
            break;
        }
        /* lint allow cast of mismatch word32 and mp_digit */
        r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
        while ((s + 32U) <= (word32)DIGIT_BIT) {
            s += 32U;
            r[j] &= 0xffffffff;
            if (j + 1 >= size) {
                break;
            }
            if (s < (word32)DIGIT_BIT) {
                /* lint allow cast of mismatch word32 and mp_digit */
                r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
            }
            else {
                r[++j] = (sp_digit)0;
            }
        }
        s = (word32)DIGIT_BIT - s;
    }

    for (j++; j < size; j++) {
        r[j] = 0;
    }
#else
    unsigned int i;
    int j = 0;
    int s = 0;

    r[0] = 0;
    for (i = 0; i < (unsigned int)a->used && j < size; i++) {
        r[j] |= ((sp_digit)a->dp[i]) << s;
        if (s + DIGIT_BIT >= 32) {
            r[j] &= 0xffffffff;
            if (j + 1 >= size) {
                break;
            }
            s = 32 - s;
            if (s == DIGIT_BIT) {
                r[++j] = 0;
                s = 0;
            }
            else {
                r[++j] = a->dp[i] >> s;
                s = DIGIT_BIT - s;
            }
        }
        else {
            s += DIGIT_BIT;
        }
    }

    for (j++; j < size; j++) {
        r[j] = 0;
    }
#endif
}

/* Write r as big endian to byte array.
 * Fixed length number of bytes written: 384
 *
 * r  A single precision integer.
 * a  Byte array.
 */
static void sp_3072_to_bin_96(sp_digit* r, byte* a)
{
    int i;
    int j = 0;

    for (i = 95; i >= 0; i--) {
        a[j++] = r[i] >> 24;
        a[j++] = r[i] >> 16;
        a[j++] = r[i] >> 8;
        a[j++] = r[i] >> 0;
    }
}

#if (defined(WOLFSSL_HAVE_SP_RSA) && (!defined(WOLFSSL_RSA_PUBLIC_ONLY) || !defined(WOLFSSL_SP_SMALL))) || defined(WOLFSSL_HAVE_SP_DH)
/* Normalize the values in each word to 32.
 *
 * a  Array of sp_digit to normalize.
 */
#define sp_3072_norm_96(a)

#endif /* (WOLFSSL_HAVE_SP_RSA && (!WOLFSSL_RSA_PUBLIC_ONLY || !WOLFSSL_SP_SMALL)) || WOLFSSL_HAVE_SP_DH */
/* Normalize the values in each word to 32.
 *
 * a  Array of sp_digit to normalize.
 */
#define sp_3072_norm_96(a)

#ifndef WOLFSSL_SP_SMALL
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_3072_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static void sp_3072_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x30\n\t"
        /* A[0] * B[0] */
        "LDR	r11, [%[a]]\n\t"
        "LDR	r12, [%[b]]\n\t"
        "UMULL	r3, r4, r11, r12\n\t"
        "MOV	r5, #0x0\n\t"
        "STR	r3, [sp]\n\t"
        /* A[0] * B[1] */
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[0] */
        "LDR	r8, [%[a], #4]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #4]\n\t"
        /* A[2] * B[0] */
        "LDR	r8, [%[a], #8]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[1] */
        "LDR	r11, [%[a], #4]\n\t"
        "LDR	r12, [%[b], #4]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[0] * B[2] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #8]\n\t"
        /* A[0] * B[3] */
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[2] */
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[1] */
        "LDR	r8, [%[a], #8]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[0] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [sp, #12]\n\t"
        /* A[4] * B[0] */
        "LDR	r8, [%[a], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[1] */
        "LDR	r8, [%[a], #12]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[2] * B[2] */
        "LDR	r11, [%[a], #8]\n\t"
        "LDR	r12, [%[b], #8]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[3] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[0] * B[4] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #16]\n\t"
        /* A[0] * B[5] */
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[4] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[2] * B[3] */
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[2] */
        "LDR	r8, [%[a], #12]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[1] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[0] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #20]\n\t"
        /* A[6] * B[0] */
        "LDR	r8, [%[a], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[1] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[4] * B[2] */
        "LDR	r8, [%[a], #16]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[3] */
        "LDR	r11, [%[a], #12]\n\t"
        "LDR	r12, [%[b], #12]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[4] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[5] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[0] * B[6] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [sp, #24]\n\t"
        /* A[0] * B[7] */
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[6] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[2] * B[5] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[4] */
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[4] * B[3] */
        "LDR	r8, [%[a], #16]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[2] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[1] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[0] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #28]\n\t"
        /* A[8] * B[0] */
        "LDR	r8, [%[a], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[1] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[6] * B[2] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[3] */
        "LDR	r8, [%[a], #20]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[4] */
        "LDR	r11, [%[a], #16]\n\t"
        "LDR	r12, [%[b], #16]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[5] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[2] * B[6] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[7] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[0] * B[8] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #32]\n\t"
        /* A[0] * B[9] */
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[8] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[7] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[6] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[4] * B[5] */
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[4] */
        "LDR	r8, [%[a], #20]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[6] * B[3] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[2] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[1] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[0] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [sp, #36]\n\t"
        /* A[10] * B[0] */
        "LDR	r8, [%[a], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[1] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[8] * B[2] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[3] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[4] */
        "LDR	r8, [%[a], #24]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[5] */
        "LDR	r11, [%[a], #20]\n\t"
        "LDR	r12, [%[b], #20]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[4] * B[6] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[7] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[2] * B[8] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[9] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[0] * B[10] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #40]\n\t"
        /* A[0] * B[11] */
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[10] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[2] * B[9] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[8] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[7] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[6] */
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[6] * B[5] */
        "LDR	r8, [%[a], #24]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[4] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * B[3] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[2] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[1] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[11] * B[0] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #44]\n\t"
        /* A[11] * B[1] */
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[10] * B[2] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[3] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[4] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[5] */
        "LDR	r8, [%[a], #28]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[6] * B[6] */
        "LDR	r11, [%[a], #24]\n\t"
        "LDR	r12, [%[b], #24]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[7] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[4] * B[8] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[9] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[10] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[11] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #48]\n\t"
        /* A[2] * B[11] */
        "LDR	r8, [%[a], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[10] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[4] * B[9] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[8] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[7] */
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[6] */
        "LDR	r8, [%[a], #28]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[8] * B[5] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[4] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * B[3] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[11] * B[2] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #52]\n\t"
        /* A[11] * B[3] */
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[4] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[5] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * B[6] */
        "LDR	r8, [%[a], #32]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[7] */
        "LDR	r11, [%[a], #28]\n\t"
        "LDR	r12, [%[b], #28]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[6] * B[8] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[9] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[10] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[11] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [%[r], #56]\n\t"
        /* A[4] * B[11] */
        "LDR	r8, [%[a], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[10] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[6] * B[9] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[8] */
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[7] */
        "LDR	r8, [%[a], #32]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[6] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[10] * B[5] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[11] * B[4] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #60]\n\t"
        /* A[11] * B[5] */
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * B[6] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[7] */
        "LDR	r8, [%[a], #36]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[8] * B[8] */
        "LDR	r11, [%[a], #32]\n\t"
        "LDR	r12, [%[b], #32]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[9] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[10] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[11] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #64]\n\t"
        /* A[6] * B[11] */
        "LDR	r8, [%[a], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[10] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * B[9] */
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[8] */
        "LDR	r8, [%[a], #36]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[7] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[11] * B[6] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [%[r], #68]\n\t"
        /* A[11] * B[7] */
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[10] * B[8] */
        "LDR	r8, [%[a], #40]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[9] */
        "LDR	r11, [%[a], #36]\n\t"
        "LDR	r12, [%[b], #36]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[10] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[11] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #72]\n\t"
        /* A[8] * B[11] */
        "LDR	r8, [%[a], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[10] */
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * B[9] */
        "LDR	r8, [%[a], #40]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[11] * B[8] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #76]\n\t"
        /* A[11] * B[9] */
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[10] */
        "LDR	r11, [%[a], #40]\n\t"
        "LDR	r12, [%[b], #40]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[11] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [%[r], #80]\n\t"
        /* A[10] * B[11] */
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[11] * B[10] */
        "LDR	r8, [%[a], #44]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #84]\n\t"
        /* A[11] * B[11] */
        "UMLAL	r4, r5, r8, r9\n\t"
        "STR	r4, [%[r], #88]\n\t"
        "STR	r5, [%[r], #92]\n\t"
        "LDM	sp!, {r3, r4, r5, r6}\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	sp!, {r3, r4, r5, r6}\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	sp!, {r3, r4, r5, r6}\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
    );
}

/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADDS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "MOV	%[r], #0x0\n\t"
        "ADC	%[r], %[r], #0x0\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer and result.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_sub_in_place_24(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_3072_sub_in_place_24(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SUBS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	%[a], r9, r9\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_add_24(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_3072_add_24(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADDS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "MOV	%[r], #0x0\n\t"
        "ADC	%[r], %[r], #0x0\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* AND m into each word of a and store in r.
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * m  Mask to AND against each digit.
 */
static void sp_3072_mask_12(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
    int i;

    for (i=0; i<12; i++) {
        r[i] = a[i] & m;
    }
#else
    r[0] = a[0] & m;
    r[1] = a[1] & m;
    r[2] = a[2] & m;
    r[3] = a[3] & m;
    r[4] = a[4] & m;
    r[5] = a[5] & m;
    r[6] = a[6] & m;
    r[7] = a[7] & m;
    r[8] = a[8] & m;
    r[9] = a[9] & m;
    r[10] = a[10] & m;
    r[11] = a[11] & m;
#endif
}

/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
SP_NOINLINE static void sp_3072_mul_24(sp_digit* r, const sp_digit* a,
        const sp_digit* b)
{
    sp_digit* z0 = r;
    sp_digit z1[24];
    sp_digit a1[12];
    sp_digit b1[12];
    sp_digit* z2 = r + 24;
    sp_digit u;
    sp_digit ca;
    sp_digit cb;

    ca = sp_3072_add_12(a1, a, &a[12]);
    cb = sp_3072_add_12(b1, b, &b[12]);
    u  = ca & cb;

    sp_3072_mul_12(z2, &a[12], &b[12]);
    sp_3072_mul_12(z0, a, b);
    sp_3072_mul_12(z1, a1, b1);

    u += sp_3072_sub_in_place_24(z1, z0);
    u += sp_3072_sub_in_place_24(z1, z2);
    sp_3072_mask_12(a1, a1, 0 - cb);
    u += sp_3072_add_12(z1 + 12, z1 + 12, a1);
    sp_3072_mask_12(b1, b1, 0 - ca);
    u += sp_3072_add_12(z1 + 12, z1 + 12, b1);

    u += sp_3072_add_24(r + 12, r + 12, z1);
    XMEMSET(a1 + 1, 0, sizeof(sp_digit) * (12 - 1));
    a1[0] = u;
    (void)sp_3072_add_12(r + 36, r + 36, a1);
}

/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer and result.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SUBS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	%[a], r9, r9\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADDS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "MOV	%[r], #0x0\n\t"
        "ADC	%[r], %[r], #0x0\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* AND m into each word of a and store in r.
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * m  Mask to AND against each digit.
 */
static void sp_3072_mask_24(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
    int i;

    for (i=0; i<24; i++) {
        r[i] = a[i] & m;
    }
#else
    int i;

    for (i = 0; i < 24; i += 8) {
        r[i+0] = a[i+0] & m;
        r[i+1] = a[i+1] & m;
        r[i+2] = a[i+2] & m;
        r[i+3] = a[i+3] & m;
        r[i+4] = a[i+4] & m;
        r[i+5] = a[i+5] & m;
        r[i+6] = a[i+6] & m;
        r[i+7] = a[i+7] & m;
    }
#endif
}

/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
SP_NOINLINE static void sp_3072_mul_48(sp_digit* r, const sp_digit* a,
        const sp_digit* b)
{
    sp_digit* z0 = r;
    sp_digit z1[48];
    sp_digit a1[24];
    sp_digit b1[24];
    sp_digit* z2 = r + 48;
    sp_digit u;
    sp_digit ca;
    sp_digit cb;

    ca = sp_3072_add_24(a1, a, &a[24]);
    cb = sp_3072_add_24(b1, b, &b[24]);
    u  = ca & cb;

    sp_3072_mul_24(z2, &a[24], &b[24]);
    sp_3072_mul_24(z0, a, b);
    sp_3072_mul_24(z1, a1, b1);

    u += sp_3072_sub_in_place_48(z1, z0);
    u += sp_3072_sub_in_place_48(z1, z2);
    sp_3072_mask_24(a1, a1, 0 - cb);
    u += sp_3072_add_24(z1 + 24, z1 + 24, a1);
    sp_3072_mask_24(b1, b1, 0 - ca);
    u += sp_3072_add_24(z1 + 24, z1 + 24, b1);

    u += sp_3072_add_48(r + 24, r + 24, z1);
    XMEMSET(a1 + 1, 0, sizeof(sp_digit) * (24 - 1));
    a1[0] = u;
    (void)sp_3072_add_24(r + 72, r + 72, a1);
}

/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer and result.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SUBS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	%[a], r9, r9\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADDS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "MOV	%[r], #0x0\n\t"
        "ADC	%[r], %[r], #0x0\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* AND m into each word of a and store in r.
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * m  Mask to AND against each digit.
 */
static void sp_3072_mask_48(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
    int i;

    for (i=0; i<48; i++) {
        r[i] = a[i] & m;
    }
#else
    int i;

    for (i = 0; i < 48; i += 8) {
        r[i+0] = a[i+0] & m;
        r[i+1] = a[i+1] & m;
        r[i+2] = a[i+2] & m;
        r[i+3] = a[i+3] & m;
        r[i+4] = a[i+4] & m;
        r[i+5] = a[i+5] & m;
        r[i+6] = a[i+6] & m;
        r[i+7] = a[i+7] & m;
    }
#endif
}

/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
SP_NOINLINE static void sp_3072_mul_96(sp_digit* r, const sp_digit* a,
        const sp_digit* b)
{
    sp_digit* z0 = r;
    sp_digit z1[96];
    sp_digit a1[48];
    sp_digit b1[48];
    sp_digit* z2 = r + 96;
    sp_digit u;
    sp_digit ca;
    sp_digit cb;

    ca = sp_3072_add_48(a1, a, &a[48]);
    cb = sp_3072_add_48(b1, b, &b[48]);
    u  = ca & cb;

    sp_3072_mul_48(z2, &a[48], &b[48]);
    sp_3072_mul_48(z0, a, b);
    sp_3072_mul_48(z1, a1, b1);

    u += sp_3072_sub_in_place_96(z1, z0);
    u += sp_3072_sub_in_place_96(z1, z2);
    sp_3072_mask_48(a1, a1, 0 - cb);
    u += sp_3072_add_48(z1 + 48, z1 + 48, a1);
    sp_3072_mask_48(b1, b1, 0 - ca);
    u += sp_3072_add_48(z1 + 48, z1 + 48, b1);

    u += sp_3072_add_96(r + 48, r + 48, z1);
    XMEMSET(a1 + 1, 0, sizeof(sp_digit) * (48 - 1));
    a1[0] = u;
    (void)sp_3072_add_48(r + 144, r + 144, a1);
}

/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_3072_sqr_12(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_3072_sqr_12(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x30\n\t"
        /* A[0] * A[0] */
        "LDR	r10, [%[a]]\n\t"
        "UMULL	r8, r3, r10, r10\n\t"
        "MOV	r4, #0x0\n\t"
        "STR	r8, [sp]\n\t"
        /* A[0] * A[1] */
        "LDR	r10, [%[a], #4]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "STR	r3, [sp, #4]\n\t"
        /* A[0] * A[2] */
        "LDR	r10, [%[a], #8]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * A[1] */
        "LDR	r10, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #8]\n\t"
        /* A[0] * A[3] */
        "LDR	r10, [%[a], #12]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * A[2] */
        "LDR	r10, [%[a], #8]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r2, [sp, #12]\n\t"
        /* A[0] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        /* A[1] * A[3] */
        "LDR	r10, [%[a], #12]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        /* A[2] * A[2] */
        "LDR	r10, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "STR	r3, [sp, #16]\n\t"
        /* A[0] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[3] */
        "LDR	r10, [%[a], #12]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [sp, #20]\n\t"
        /* A[0] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[3] */
        "LDR	r10, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [sp, #24]\n\t"
        /* A[0] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [sp, #28]\n\t"
        /* A[0] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [sp, #32]\n\t"
        /* A[0] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [sp, #36]\n\t"
        /* A[0] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [sp, #40]\n\t"
        /* A[0] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [sp, #44]\n\t"
        /* A[1] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[2] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [%[r], #48]\n\t"
        /* A[2] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[3] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [%[r], #52]\n\t"
        /* A[3] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[4] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [%[r], #56]\n\t"
        /* A[4] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[5] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [%[r], #60]\n\t"
        /* A[5] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[6] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [%[r], #64]\n\t"
        /* A[6] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[7] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [%[r], #68]\n\t"
        /* A[7] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r2, [%[r], #72]\n\t"
        /* A[8] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        /* A[9] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "STR	r3, [%[r], #76]\n\t"
        /* A[9] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #80]\n\t"
        /* A[10] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r2, [%[r], #84]\n\t"
        /* A[11] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "UMLAL	r3, r4, r10, r10\n\t"
        "STR	r3, [%[r], #88]\n\t"
        "STR	r4, [%[r], #92]\n\t"
        "LDM	sp!, {r2, r3, r4, r8}\n\t"
        "STM	%[r]!, {r2, r3, r4, r8}\n\t"
        "LDM	sp!, {r2, r3, r4, r8}\n\t"
        "STM	%[r]!, {r2, r3, r4, r8}\n\t"
        "LDM	sp!, {r2, r3, r4, r8}\n\t"
        "STM	%[r]!, {r2, r3, r4, r8}\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
    );
}

/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_3072_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SUBS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	%[r], r6, r6\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
SP_NOINLINE static void sp_3072_sqr_24(sp_digit* r, const sp_digit* a)
{
    sp_digit* z0 = r;
    sp_digit* z2 = r + 24;
    sp_digit z1[24];
    sp_digit* a1 = z1;
    sp_digit zero[12];
    sp_digit u;
    sp_digit mask;
    sp_digit* p1;
    sp_digit* p2;

    XMEMSET(zero, 0, sizeof(sp_digit) * 12);

    mask = sp_3072_sub_12(a1, a, &a[12]);
    p1 = (sp_digit*)(((sp_digit)zero &   mask ) | ((sp_digit)a1 & (~mask)));
    p2 = (sp_digit*)(((sp_digit)zero & (~mask)) | ((sp_digit)a1 &   mask ));
    (void)sp_3072_sub_12(a1, p1, p2);

    sp_3072_sqr_12(z2, &a[12]);
    sp_3072_sqr_12(z0, a);
    sp_3072_sqr_12(z1, a1);

    u = 0;
    u -= sp_3072_sub_in_place_24(z1, z2);
    u -= sp_3072_sub_in_place_24(z1, z0);
    u += sp_3072_sub_in_place_24(r + 12, z1);
    zero[0] = u;
    (void)sp_3072_add_12(r + 36, r + 36, zero);
}

/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_sub_24(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_3072_sub_24(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SUBS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	%[r], r6, r6\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
SP_NOINLINE static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a)
{
    sp_digit* z0 = r;
    sp_digit* z2 = r + 48;
    sp_digit z1[48];
    sp_digit* a1 = z1;
    sp_digit zero[24];
    sp_digit u;
    sp_digit mask;
    sp_digit* p1;
    sp_digit* p2;

    XMEMSET(zero, 0, sizeof(sp_digit) * 24);

    mask = sp_3072_sub_24(a1, a, &a[24]);
    p1 = (sp_digit*)(((sp_digit)zero &   mask ) | ((sp_digit)a1 & (~mask)));
    p2 = (sp_digit*)(((sp_digit)zero & (~mask)) | ((sp_digit)a1 &   mask ));
    (void)sp_3072_sub_24(a1, p1, p2);

    sp_3072_sqr_24(z2, &a[24]);
    sp_3072_sqr_24(z0, a);
    sp_3072_sqr_24(z1, a1);

    u = 0;
    u -= sp_3072_sub_in_place_48(z1, z2);
    u -= sp_3072_sub_in_place_48(z1, z0);
    u += sp_3072_sub_in_place_48(r + 24, z1);
    zero[0] = u;
    (void)sp_3072_add_24(r + 72, r + 72, zero);
}

/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_3072_sub_48(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SUBS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	%[r], r6, r6\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
SP_NOINLINE static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a)
{
    sp_digit* z0 = r;
    sp_digit* z2 = r + 96;
    sp_digit z1[96];
    sp_digit* a1 = z1;
    sp_digit zero[48];
    sp_digit u;
    sp_digit mask;
    sp_digit* p1;
    sp_digit* p2;

    XMEMSET(zero, 0, sizeof(sp_digit) * 48);

    mask = sp_3072_sub_48(a1, a, &a[48]);
    p1 = (sp_digit*)(((sp_digit)zero &   mask ) | ((sp_digit)a1 & (~mask)));
    p2 = (sp_digit*)(((sp_digit)zero & (~mask)) | ((sp_digit)a1 &   mask ));
    (void)sp_3072_sub_48(a1, p1, p2);

    sp_3072_sqr_48(z2, &a[48]);
    sp_3072_sqr_48(z0, a);
    sp_3072_sqr_48(z1, a1);

    u = 0;
    u -= sp_3072_sub_in_place_96(z1, z2);
    u -= sp_3072_sub_in_place_96(z1, z0);
    u += sp_3072_sub_in_place_96(r + 48, z1);
    zero[0] = u;
    (void)sp_3072_add_48(r + 144, r + 144, zero);
}

#endif /* !WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r3, #0x0\n\t"
        "ADD	r12, %[a], #0x180\n\t"
        "\n"
    "L_sp_3072_add_96_word:\n\t"
        "ADDS	r3, r3, #0xffffffff\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r3, r4, #0x0\n\t"
        "CMP	%[a], r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_3072_add_96_word\n\t"
#else
        "BNE.N	L_sp_3072_add_96_word\n\t"
#endif
        "MOV	%[r], r3\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r10, #0x0\n\t"
        "ADD	r11, %[a], #0x180\n\t"
        "\n"
    "L_sp_3072_sub_in_pkace_96_word:\n\t"
        "RSBS	r10, r10, #0x0\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	r10, r10, r10\n\t"
        "CMP	%[a], r11\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_3072_sub_in_pkace_96_word\n\t"
#else
        "BNE.N	L_sp_3072_sub_in_pkace_96_word\n\t"
#endif
        "MOV	%[a], r10\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
    );
    return (uint32_t)(size_t)a;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_3072_mul_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x300\n\t"
        "LDR	lr, [%[a]]\n\t"
        "LDR	r11, [%[b]]\n\t"
        "UMULL	r8, r6, lr, r11\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_3072_mul_96_outer:\n\t"
        "SUBS	r3, r5, #0x17c\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_3072_mul_96_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "LDR	lr, [%[a], r4]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_3072_mul_96_inner_done\n\t"
#else
        "BGT.N	L_sp_3072_mul_96_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_mul_96_inner\n\t"
#else
        "BLT.N	L_sp_3072_mul_96_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_3072_mul_96_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x2f4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_3072_mul_96_outer\n\t"
#else
        "BLE.N	L_sp_3072_mul_96_outer\n\t"
#endif
        "LDR	lr, [%[a], #380]\n\t"
        "LDR	r11, [%[b], #380]\n\t"
        "UMLAL	r6, r7, lr, r11\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "\n"
    "L_sp_3072_mul_96_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_3072_mul_96_store\n\t"
#else
        "BGT.N	L_sp_3072_mul_96_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_3072_sqr_96(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x300\n\t"
        "LDR	lr, [%[a]]\n\t"
        "UMULL	r8, r6, lr, lr\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_3072_sqr_96_outer:\n\t"
        "SUBS	r3, r5, #0x17c\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_3072_sqr_96_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[a], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_3072_sqr_96_inner_done\n\t"
#else
        "BGT.N	L_sp_3072_sqr_96_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_sqr_96_inner\n\t"
#else
        "BLT.N	L_sp_3072_sqr_96_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "UMULL	r9, r10, lr, lr\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_3072_sqr_96_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x2f4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_3072_sqr_96_outer\n\t"
#else
        "BLE.N	L_sp_3072_sqr_96_outer\n\t"
#endif
        "LDR	lr, [%[a], #380]\n\t"
        "UMLAL	r6, r7, lr, lr\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "\n"
    "L_sp_3072_sqr_96_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_3072_sqr_96_store\n\t"
#else
        "BGT.N	L_sp_3072_sqr_96_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH)
#ifdef WOLFSSL_SP_SMALL
/* AND m into each word of a and store in r.
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * m  Mask to AND against each digit.
 */
static void sp_3072_mask_48(sp_digit* r, const sp_digit* a, sp_digit m)
{
    int i;

    for (i=0; i<48; i++) {
        r[i] = a[i] & m;
    }
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r3, #0x0\n\t"
        "ADD	r12, %[a], #0xc0\n\t"
        "\n"
    "L_sp_3072_add_48_word:\n\t"
        "ADDS	r3, r3, #0xffffffff\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r3, r4, #0x0\n\t"
        "CMP	%[a], r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_3072_add_48_word\n\t"
#else
        "BNE.N	L_sp_3072_add_48_word\n\t"
#endif
        "MOV	%[r], r3\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r10, #0x0\n\t"
        "ADD	r11, %[a], #0xc0\n\t"
        "\n"
    "L_sp_3072_sub_in_pkace_48_word:\n\t"
        "RSBS	r10, r10, #0x0\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	r10, r10, r10\n\t"
        "CMP	%[a], r11\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_3072_sub_in_pkace_48_word\n\t"
#else
        "BNE.N	L_sp_3072_sub_in_pkace_48_word\n\t"
#endif
        "MOV	%[a], r10\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
    );
    return (uint32_t)(size_t)a;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_3072_mul_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x180\n\t"
        "LDR	lr, [%[a]]\n\t"
        "LDR	r11, [%[b]]\n\t"
        "UMULL	r8, r6, lr, r11\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_3072_mul_48_outer:\n\t"
        "SUBS	r3, r5, #0xbc\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_3072_mul_48_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "LDR	lr, [%[a], r4]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_3072_mul_48_inner_done\n\t"
#else
        "BGT.N	L_sp_3072_mul_48_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_mul_48_inner\n\t"
#else
        "BLT.N	L_sp_3072_mul_48_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_3072_mul_48_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x174\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_3072_mul_48_outer\n\t"
#else
        "BLE.N	L_sp_3072_mul_48_outer\n\t"
#endif
        "LDR	lr, [%[a], #188]\n\t"
        "LDR	r11, [%[b], #188]\n\t"
        "UMLAL	r6, r7, lr, r11\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "\n"
    "L_sp_3072_mul_48_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_3072_mul_48_store\n\t"
#else
        "BGT.N	L_sp_3072_mul_48_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_3072_sqr_48(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x180\n\t"
        "LDR	lr, [%[a]]\n\t"
        "UMULL	r8, r6, lr, lr\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_3072_sqr_48_outer:\n\t"
        "SUBS	r3, r5, #0xbc\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_3072_sqr_48_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[a], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_3072_sqr_48_inner_done\n\t"
#else
        "BGT.N	L_sp_3072_sqr_48_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_sqr_48_inner\n\t"
#else
        "BLT.N	L_sp_3072_sqr_48_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "UMULL	r9, r10, lr, lr\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_3072_sqr_48_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x174\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_3072_sqr_48_outer\n\t"
#else
        "BLE.N	L_sp_3072_sqr_48_outer\n\t"
#endif
        "LDR	lr, [%[a], #188]\n\t"
        "UMLAL	r6, r7, lr, lr\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "\n"
    "L_sp_3072_sqr_48_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_3072_sqr_48_store\n\t"
#else
        "BGT.N	L_sp_3072_sqr_48_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#endif /* (WOLFSSL_HAVE_SP_RSA & !WOLFSSL_RSA_PUBLIC_ONLY) | WOLFSSL_HAVE_SP_DH */

/* Calculate the bottom digit of -1/a mod 2^n.
 *
 * a    A single precision number.
 * rho  Bottom word of inverse.
 */
static void sp_3072_mont_setup(const sp_digit* a, sp_digit* rho)
{
    sp_digit x;
    sp_digit b;

    b = a[0];
    x = (((b + 2) & 4) << 1) + b; /* here x*a==1 mod 2**4 */
    x *= 2 - b * x;               /* here x*a==1 mod 2**8 */
    x *= 2 - b * x;               /* here x*a==1 mod 2**16 */
    x *= 2 - b * x;               /* here x*a==1 mod 2**32 */

    /* rho = -1/m mod b */
    *rho = (sp_digit)0 - x;
}

#ifdef WOLFSSL_SP_SMALL
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDR	r8, [%[a]]\n\t"
        "UMULL	r5, r3, %[b], r8\n\t"
        "MOV	r4, #0x0\n\t"
        "STR	r5, [%[r]]\n\t"
        "MOV	r5, #0x0\n\t"
        "MOV	r9, #0x4\n\t"
        "\n"
    "L_sp_3072_mul_d_96_word:\n\t"
        /* A[i] * B */
        "LDR	r8, [%[a], r9]\n\t"
        "UMULL	r6, r7, %[b], r8\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], r9]\n\t"
        "MOV	r3, r4\n\t"
        "MOV	r4, r5\n\t"
        "MOV	r5, #0x0\n\t"
        "ADD	r9, r9, #0x4\n\t"
        "CMP	r9, #0x180\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_mul_d_96_word\n\t"
#else
        "BLT.N	L_sp_3072_mul_d_96_word\n\t"
#endif
        "STR	r3, [%[r], #384]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
}

#else
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMULL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[1] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[2] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[3] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[4] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[5] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[6] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[7] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[8] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[9] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[10] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[11] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[12] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[13] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[14] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[15] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[16] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[17] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[18] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[19] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[20] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[21] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[22] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[23] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[24] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[25] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[26] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[27] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[28] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[29] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[30] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[31] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[32] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[33] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[34] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[35] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[36] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[37] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[38] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[39] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[40] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[41] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[42] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[43] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[44] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[45] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[46] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[47] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[48] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[49] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[50] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[51] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[52] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[53] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[54] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[55] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[56] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[57] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[58] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[59] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[60] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[61] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[62] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[63] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[64] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[65] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[66] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[67] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[68] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[69] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[70] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[71] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[72] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[73] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[74] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[75] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[76] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[77] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[78] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[79] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[80] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[81] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[82] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[83] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[84] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[85] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[86] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[87] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[88] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[89] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[90] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[91] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[92] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[93] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[94] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[95] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "STR	r3, [%[r]]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH)
/* r = 2^n mod m where n is the number of bits to reduce by.
 * Given m must be 3072 bits, just need to subtract.
 *
 * r  A single precision number.
 * m  A single precision number.
 */
static void sp_3072_mont_norm_48(sp_digit* r, const sp_digit* m)
{
    XMEMSET(r, 0, sizeof(sp_digit) * 48);

    /* r = 2^n mod m */
    sp_3072_sub_in_place_48(r, m);
}

#ifdef WOLFSSL_SP_SMALL
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r8, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "\n"
    "L_sp_3072_cond_sub_48_words:\n\t"
        "SUBS	r4, r8, r4\n\t"
        "LDR	r6, [%[a], r5]\n\t"
        "LDR	r7, [%[b], r5]\n\t"
        "AND	r7, r7, %[m]\n\t"
        "SBCS	r6, r6, r7\n\t"
        "SBC	r4, r8, r8\n\t"
        "STR	r6, [%[r], r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0xc0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_cond_sub_48_words\n\t"
#else
        "BLT.N	L_sp_3072_cond_sub_48_words\n\t"
#endif
        "MOV	%[r], r4\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r5, #0x0\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SUBS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "SBC	%[r], r5, r5\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_NO_UMAAL
#ifndef WOLFSSL_SP_SMALL
/* Reduce the number back to 3072 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	lr, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r11, #0x0\n\t"
        "MOV	r3, #0x0\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[a], #4]\n\t"
        "\n"
    "L_sp_3072_mont_reduce_48_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	r10, %[mp], r4\n\t"
        /* a[i+0] += m[0] * mu */
        "MOV	r7, #0x0\n\t"
        "UMLAL	r4, r7, r10, lr\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r9, [%[m], #4]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r5, r6, r10, r9\n\t"
        "MOV	r4, r5\n\t"
        "ADDS	r4, r4, r7\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r9, [%[m], #8]\n\t"
        "LDR	r5, [%[a], #8]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r5, r7, r10, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r9, [%[m], #12]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #12]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r9, [%[m], #16]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #16]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r9, [%[m], #20]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #20]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r9, [%[m], #24]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #24]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r9, [%[m], #28]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #28]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+8] += m[8] * mu */
        "LDR	r9, [%[m], #32]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #32]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+9] += m[9] * mu */
        "LDR	r9, [%[m], #36]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #36]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+10] += m[10] * mu */
        "LDR	r9, [%[m], #40]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #40]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+11] += m[11] * mu */
        "LDR	r9, [%[m], #44]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #44]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+12] += m[12] * mu */
        "LDR	r9, [%[m], #48]\n\t"
        "LDR	r12, [%[a], #48]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #48]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+13] += m[13] * mu */
        "LDR	r9, [%[m], #52]\n\t"
        "LDR	r12, [%[a], #52]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #52]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+14] += m[14] * mu */
        "LDR	r9, [%[m], #56]\n\t"
        "LDR	r12, [%[a], #56]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #56]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+15] += m[15] * mu */
        "LDR	r9, [%[m], #60]\n\t"
        "LDR	r12, [%[a], #60]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #60]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+16] += m[16] * mu */
        "LDR	r9, [%[m], #64]\n\t"
        "LDR	r12, [%[a], #64]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #64]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+17] += m[17] * mu */
        "LDR	r9, [%[m], #68]\n\t"
        "LDR	r12, [%[a], #68]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #68]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+18] += m[18] * mu */
        "LDR	r9, [%[m], #72]\n\t"
        "LDR	r12, [%[a], #72]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #72]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+19] += m[19] * mu */
        "LDR	r9, [%[m], #76]\n\t"
        "LDR	r12, [%[a], #76]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #76]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+20] += m[20] * mu */
        "LDR	r9, [%[m], #80]\n\t"
        "LDR	r12, [%[a], #80]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #80]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+21] += m[21] * mu */
        "LDR	r9, [%[m], #84]\n\t"
        "LDR	r12, [%[a], #84]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #84]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+22] += m[22] * mu */
        "LDR	r9, [%[m], #88]\n\t"
        "LDR	r12, [%[a], #88]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #88]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+23] += m[23] * mu */
        "LDR	r9, [%[m], #92]\n\t"
        "LDR	r12, [%[a], #92]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #92]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+24] += m[24] * mu */
        "LDR	r9, [%[m], #96]\n\t"
        "LDR	r12, [%[a], #96]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #96]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+25] += m[25] * mu */
        "LDR	r9, [%[m], #100]\n\t"
        "LDR	r12, [%[a], #100]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #100]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+26] += m[26] * mu */
        "LDR	r9, [%[m], #104]\n\t"
        "LDR	r12, [%[a], #104]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #104]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+27] += m[27] * mu */
        "LDR	r9, [%[m], #108]\n\t"
        "LDR	r12, [%[a], #108]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #108]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+28] += m[28] * mu */
        "LDR	r9, [%[m], #112]\n\t"
        "LDR	r12, [%[a], #112]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #112]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+29] += m[29] * mu */
        "LDR	r9, [%[m], #116]\n\t"
        "LDR	r12, [%[a], #116]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #116]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+30] += m[30] * mu */
        "LDR	r9, [%[m], #120]\n\t"
        "LDR	r12, [%[a], #120]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #120]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+31] += m[31] * mu */
        "LDR	r9, [%[m], #124]\n\t"
        "LDR	r12, [%[a], #124]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #124]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+32] += m[32] * mu */
        "LDR	r9, [%[m], #128]\n\t"
        "LDR	r12, [%[a], #128]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #128]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+33] += m[33] * mu */
        "LDR	r9, [%[m], #132]\n\t"
        "LDR	r12, [%[a], #132]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #132]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+34] += m[34] * mu */
        "LDR	r9, [%[m], #136]\n\t"
        "LDR	r12, [%[a], #136]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #136]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+35] += m[35] * mu */
        "LDR	r9, [%[m], #140]\n\t"
        "LDR	r12, [%[a], #140]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #140]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+36] += m[36] * mu */
        "LDR	r9, [%[m], #144]\n\t"
        "LDR	r12, [%[a], #144]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #144]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+37] += m[37] * mu */
        "LDR	r9, [%[m], #148]\n\t"
        "LDR	r12, [%[a], #148]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #148]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+38] += m[38] * mu */
        "LDR	r9, [%[m], #152]\n\t"
        "LDR	r12, [%[a], #152]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #152]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+39] += m[39] * mu */
        "LDR	r9, [%[m], #156]\n\t"
        "LDR	r12, [%[a], #156]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #156]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+40] += m[40] * mu */
        "LDR	r9, [%[m], #160]\n\t"
        "LDR	r12, [%[a], #160]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #160]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+41] += m[41] * mu */
        "LDR	r9, [%[m], #164]\n\t"
        "LDR	r12, [%[a], #164]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #164]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+42] += m[42] * mu */
        "LDR	r9, [%[m], #168]\n\t"
        "LDR	r12, [%[a], #168]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #168]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+43] += m[43] * mu */
        "LDR	r9, [%[m], #172]\n\t"
        "LDR	r12, [%[a], #172]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #172]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+44] += m[44] * mu */
        "LDR	r9, [%[m], #176]\n\t"
        "LDR	r12, [%[a], #176]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #176]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+45] += m[45] * mu */
        "LDR	r9, [%[m], #180]\n\t"
        "LDR	r12, [%[a], #180]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #180]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+46] += m[46] * mu */
        "LDR	r9, [%[m], #184]\n\t"
        "LDR	r12, [%[a], #184]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #184]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+47] += m[47] * mu */
        "LDR	r9, [%[m], #188]\n\t"
        "LDR	r12, [%[a], #188]\n\t"
        "UMULL	r8, r9, r10, r9\n\t"
        "ADDS	r7, r7, r8\n\t"
        "ADCS	r6, r9, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, r3\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #188]\n\t"
        "LDR	r12, [%[a], #192]\n\t"
        "ADCS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #192]\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* i += 1 */
        "ADD	r11, r11, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r11, #0xc0\n\t"
#ifdef __GNUC__
        "BLT	L_sp_3072_mont_reduce_48_word\n\t"
#else
        "BLT.W	L_sp_3072_mont_reduce_48_word\n\t"
#endif
        /* Loop Done */
        "STR	r4, [%[a]]\n\t"
        "STR	r5, [%[a], #4]\n\t"
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp);
}

#else
/* Reduce the number back to 3072 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	r11, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r9, #0x0\n\t"
        /* ca = 0 */
        "MOV	r3, #0x0\n\t"
        "\n"
    "L_sp_3072_mont_reduce_48_word:\n\t"
        /* mu = a[i] * mp */
        "LDR	r10, [%[a]]\n\t"
        "MUL	r8, %[mp], r10\n\t"
        /* j = 0 */
        "MOV	r12, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "\n"
    "L_sp_3072_mont_reduce_48_mul:\n\t"
        /* a[i+j+0] += m[j+0] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+1] += m[j+1] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+2] += m[j+2] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+3] += m[j+3] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        "CMP	r12, #0xc0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_mont_reduce_48_mul\n\t"
#else
        "BLT.N	L_sp_3072_mont_reduce_48_mul\n\t"
#endif
        "LDR	r10, [%[a], #192]\n\t"
        "ADDS	r4, r4, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r10, r10, r4\n\t"
        "ADC	r3, r3, r3\n\t"
        "STR	r10, [%[a], #192]\n\t"
        /* i += 1 */
        "ADD	r9, r9, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r9, #0xc0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_mont_reduce_48_word\n\t"
#else
        "BLT.N	L_sp_3072_mont_reduce_48_word\n\t"
#endif
        /* Loop Done */
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
    sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp);
}

#endif /* !WOLFSSL_SP_SMALL */
#else
#ifndef WOLFSSL_SP_SMALL
/* Reduce the number back to 3072 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* i = 0 */
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "LDR	r6, [%[a]]\n\t"
        "LDR	r7, [%[a], #4]\n\t"
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[a], #12]\n\t"
        "LDR	r10, [%[a], #16]\n\t"
        "\n"
    "L_sp_3072_mont_reduce_48_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	lr, %[mp], r6\n\t"
        /* a[i+0] += m[0] * mu */
        "LDR	r12, [%[m]]\n\t"
        "MOV	r3, #0x0\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r12, [%[m], #4]\n\t"
        "MOV	r6, r7\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r12, [%[m], #8]\n\t"
        "MOV	r7, r8\n\t"
        "UMAAL	r7, r3, lr, r12\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r12, [%[m], #12]\n\t"
        "MOV	r8, r9\n\t"
        "UMAAL	r8, r3, lr, r12\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r12, [%[m], #16]\n\t"
        "MOV	r9, r10\n\t"
        "UMAAL	r9, r3, lr, r12\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r12, [%[m], #20]\n\t"
        "LDR	r10, [%[a], #20]\n\t"
        "UMAAL	r10, r3, lr, r12\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r12, [%[m], #24]\n\t"
        "LDR	r11, [%[a], #24]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #24]\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r12, [%[m], #28]\n\t"
        "LDR	r11, [%[a], #28]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #28]\n\t"
        /* a[i+8] += m[8] * mu */
        "LDR	r12, [%[m], #32]\n\t"
        "LDR	r11, [%[a], #32]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #32]\n\t"
        /* a[i+9] += m[9] * mu */
        "LDR	r12, [%[m], #36]\n\t"
        "LDR	r11, [%[a], #36]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #36]\n\t"
        /* a[i+10] += m[10] * mu */
        "LDR	r12, [%[m], #40]\n\t"
        "LDR	r11, [%[a], #40]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #40]\n\t"
        /* a[i+11] += m[11] * mu */
        "LDR	r12, [%[m], #44]\n\t"
        "LDR	r11, [%[a], #44]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #44]\n\t"
        /* a[i+12] += m[12] * mu */
        "LDR	r12, [%[m], #48]\n\t"
        "LDR	r11, [%[a], #48]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #48]\n\t"
        /* a[i+13] += m[13] * mu */
        "LDR	r12, [%[m], #52]\n\t"
        "LDR	r11, [%[a], #52]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #52]\n\t"
        /* a[i+14] += m[14] * mu */
        "LDR	r12, [%[m], #56]\n\t"
        "LDR	r11, [%[a], #56]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #56]\n\t"
        /* a[i+15] += m[15] * mu */
        "LDR	r12, [%[m], #60]\n\t"
        "LDR	r11, [%[a], #60]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #60]\n\t"
        /* a[i+16] += m[16] * mu */
        "LDR	r12, [%[m], #64]\n\t"
        "LDR	r11, [%[a], #64]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #64]\n\t"
        /* a[i+17] += m[17] * mu */
        "LDR	r12, [%[m], #68]\n\t"
        "LDR	r11, [%[a], #68]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #68]\n\t"
        /* a[i+18] += m[18] * mu */
        "LDR	r12, [%[m], #72]\n\t"
        "LDR	r11, [%[a], #72]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #72]\n\t"
        /* a[i+19] += m[19] * mu */
        "LDR	r12, [%[m], #76]\n\t"
        "LDR	r11, [%[a], #76]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #76]\n\t"
        /* a[i+20] += m[20] * mu */
        "LDR	r12, [%[m], #80]\n\t"
        "LDR	r11, [%[a], #80]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #80]\n\t"
        /* a[i+21] += m[21] * mu */
        "LDR	r12, [%[m], #84]\n\t"
        "LDR	r11, [%[a], #84]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #84]\n\t"
        /* a[i+22] += m[22] * mu */
        "LDR	r12, [%[m], #88]\n\t"
        "LDR	r11, [%[a], #88]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #88]\n\t"
        /* a[i+23] += m[23] * mu */
        "LDR	r12, [%[m], #92]\n\t"
        "LDR	r11, [%[a], #92]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #92]\n\t"
        /* a[i+24] += m[24] * mu */
        "LDR	r12, [%[m], #96]\n\t"
        "LDR	r11, [%[a], #96]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #96]\n\t"
        /* a[i+25] += m[25] * mu */
        "LDR	r12, [%[m], #100]\n\t"
        "LDR	r11, [%[a], #100]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #100]\n\t"
        /* a[i+26] += m[26] * mu */
        "LDR	r12, [%[m], #104]\n\t"
        "LDR	r11, [%[a], #104]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #104]\n\t"
        /* a[i+27] += m[27] * mu */
        "LDR	r12, [%[m], #108]\n\t"
        "LDR	r11, [%[a], #108]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #108]\n\t"
        /* a[i+28] += m[28] * mu */
        "LDR	r12, [%[m], #112]\n\t"
        "LDR	r11, [%[a], #112]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #112]\n\t"
        /* a[i+29] += m[29] * mu */
        "LDR	r12, [%[m], #116]\n\t"
        "LDR	r11, [%[a], #116]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #116]\n\t"
        /* a[i+30] += m[30] * mu */
        "LDR	r12, [%[m], #120]\n\t"
        "LDR	r11, [%[a], #120]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #120]\n\t"
        /* a[i+31] += m[31] * mu */
        "LDR	r12, [%[m], #124]\n\t"
        "LDR	r11, [%[a], #124]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #124]\n\t"
        /* a[i+32] += m[32] * mu */
        "LDR	r12, [%[m], #128]\n\t"
        "LDR	r11, [%[a], #128]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #128]\n\t"
        /* a[i+33] += m[33] * mu */
        "LDR	r12, [%[m], #132]\n\t"
        "LDR	r11, [%[a], #132]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #132]\n\t"
        /* a[i+34] += m[34] * mu */
        "LDR	r12, [%[m], #136]\n\t"
        "LDR	r11, [%[a], #136]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #136]\n\t"
        /* a[i+35] += m[35] * mu */
        "LDR	r12, [%[m], #140]\n\t"
        "LDR	r11, [%[a], #140]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #140]\n\t"
        /* a[i+36] += m[36] * mu */
        "LDR	r12, [%[m], #144]\n\t"
        "LDR	r11, [%[a], #144]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #144]\n\t"
        /* a[i+37] += m[37] * mu */
        "LDR	r12, [%[m], #148]\n\t"
        "LDR	r11, [%[a], #148]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #148]\n\t"
        /* a[i+38] += m[38] * mu */
        "LDR	r12, [%[m], #152]\n\t"
        "LDR	r11, [%[a], #152]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #152]\n\t"
        /* a[i+39] += m[39] * mu */
        "LDR	r12, [%[m], #156]\n\t"
        "LDR	r11, [%[a], #156]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #156]\n\t"
        /* a[i+40] += m[40] * mu */
        "LDR	r12, [%[m], #160]\n\t"
        "LDR	r11, [%[a], #160]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #160]\n\t"
        /* a[i+41] += m[41] * mu */
        "LDR	r12, [%[m], #164]\n\t"
        "LDR	r11, [%[a], #164]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #164]\n\t"
        /* a[i+42] += m[42] * mu */
        "LDR	r12, [%[m], #168]\n\t"
        "LDR	r11, [%[a], #168]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #168]\n\t"
        /* a[i+43] += m[43] * mu */
        "LDR	r12, [%[m], #172]\n\t"
        "LDR	r11, [%[a], #172]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #172]\n\t"
        /* a[i+44] += m[44] * mu */
        "LDR	r12, [%[m], #176]\n\t"
        "LDR	r11, [%[a], #176]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #176]\n\t"
        /* a[i+45] += m[45] * mu */
        "LDR	r12, [%[m], #180]\n\t"
        "LDR	r11, [%[a], #180]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #180]\n\t"
        /* a[i+46] += m[46] * mu */
        "LDR	r12, [%[m], #184]\n\t"
        "LDR	r11, [%[a], #184]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #184]\n\t"
        /* a[i+47] += m[47] * mu */
        "LDR	r12, [%[m], #188]\n\t"
        "LDR	r11, [%[a], #188]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "LDR	lr, [%[a], #192]\n\t"
        "MOV	r12, #0x0\n\t"
        "UMAAL	r3, lr, r12, r12\n\t"
        "STR	r11, [%[a], #188]\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADC	r5, lr, #0x0\n\t"
        "STR	r3, [%[a], #192]\n\t"
        /* i += 1 */
        "ADD	r4, r4, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r4, #0xc0\n\t"
#ifdef __GNUC__
        "BLT	L_sp_3072_mont_reduce_48_word\n\t"
#else
        "BLT.W	L_sp_3072_mont_reduce_48_word\n\t"
#endif
        /* Loop Done */
        "STR	r6, [%[a]]\n\t"
        "STR	r7, [%[a], #4]\n\t"
        "STR	r8, [%[a], #8]\n\t"
        "STR	r9, [%[a], #12]\n\t"
        "STR	r10, [%[a], #16]\n\t"
        "MOV	%[mp], r5\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp);
}

#else
/* Reduce the number back to 3072 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	r11, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r9, #0x0\n\t"
        /* ca = 0 */
        "MOV	r3, #0x0\n\t"
        "\n"
    "L_sp_3072_mont_reduce_48_word:\n\t"
        /* mu = a[i] * mp */
        "LDR	r10, [%[a]]\n\t"
        "MUL	r8, %[mp], r10\n\t"
        /* j = 0 */
        "MOV	r12, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "\n"
    "L_sp_3072_mont_reduce_48_mul:\n\t"
        /* a[i+j+0] += m[j+0] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+1] += m[j+1] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+2] += m[j+2] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+3] += m[j+3] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        "CMP	r12, #0xc0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_mont_reduce_48_mul\n\t"
#else
        "BLT.N	L_sp_3072_mont_reduce_48_mul\n\t"
#endif
        "LDR	r10, [%[a], #192]\n\t"
        "ADDS	r4, r4, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r10, r10, r4\n\t"
        "ADC	r3, r3, r3\n\t"
        "STR	r10, [%[a], #192]\n\t"
        /* i += 1 */
        "ADD	r9, r9, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r9, #0xc0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_mont_reduce_48_word\n\t"
#else
        "BLT.N	L_sp_3072_mont_reduce_48_word\n\t"
#endif
        /* Loop Done */
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
    sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp);
}

#endif /* !WOLFSSL_SP_SMALL */
#endif
/* Multiply two Montgomery form numbers mod the modulus (prime).
 * (r = a * b mod m)
 *
 * r   Result of multiplication.
 * a   First number to multiply in Montgomery form.
 * b   Second number to multiply in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_3072_mont_mul_48(sp_digit* r, const sp_digit* a,
        const sp_digit* b, const sp_digit* m, sp_digit mp)
{
    sp_3072_mul_48(r, a, b);
    sp_3072_mont_reduce_48(r, m, mp);
}

/* Square the Montgomery form number. (r = a * a mod m)
 *
 * r   Result of squaring.
 * a   Number to square in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_3072_mont_sqr_48(sp_digit* r, const sp_digit* a,
        const sp_digit* m, sp_digit mp)
{
    sp_3072_sqr_48(r, a);
    sp_3072_mont_reduce_48(r, m, mp);
}

#ifdef WOLFSSL_SP_SMALL
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDR	r8, [%[a]]\n\t"
        "UMULL	r5, r3, %[b], r8\n\t"
        "MOV	r4, #0x0\n\t"
        "STR	r5, [%[r]]\n\t"
        "MOV	r5, #0x0\n\t"
        "MOV	r9, #0x4\n\t"
        "\n"
    "L_sp_3072_mul_d_48_word:\n\t"
        /* A[i] * B */
        "LDR	r8, [%[a], r9]\n\t"
        "UMULL	r6, r7, %[b], r8\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], r9]\n\t"
        "MOV	r3, r4\n\t"
        "MOV	r4, r5\n\t"
        "MOV	r5, #0x0\n\t"
        "ADD	r9, r9, #0x4\n\t"
        "CMP	r9, #0xc0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_mul_d_48_word\n\t"
#else
        "BLT.N	L_sp_3072_mul_d_48_word\n\t"
#endif
        "STR	r3, [%[r], #192]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
}

#else
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMULL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[1] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[2] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[3] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[4] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[5] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[6] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[7] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[8] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[9] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[10] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[11] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[12] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[13] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[14] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[15] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[16] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[17] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[18] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[19] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[20] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[21] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[22] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[23] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[24] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[25] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[26] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[27] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[28] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[29] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[30] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[31] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[32] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[33] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[34] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[35] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[36] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[37] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[38] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[39] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[40] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[41] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[42] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[43] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[44] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[45] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[46] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[47] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "STR	r3, [%[r]]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_USE_UDIV
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r8, %[div], #16\n\t"
        "ADD	r5, r8, #0x1\n\t"
        "UDIV	r6, %[d1], r5\n\t"
        "LSL	r7, %[div], #16\n\t"
        "LSL	r6, r6, #16\n\t"
        "UMULL	r3, r4, %[div], r6\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "SUBS	r3, %[d1], r5\n\t"
        "SBC	r9, r9, r9\n\t"
        "ADD	r9, r9, #0x1\n\t"
        "RSB	r10, r9, #0x0\n\t"
        "LSL	r9, r9, #16\n\t"
        "AND	r7, r7, r10\n\t"
        "AND	r8, r8, r10\n\t"
        "SUBS	%[d0], %[d0], r7\n\t"
        "ADD	r6, r6, r9\n\t"
        "SBC	%[d1], %[d1], r8\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "UMULL	r3, r4, %[div], r3\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "MUL	r3, %[div], r3\n\t"
        "SUB	%[d0], %[d0], r3\n\t"
        "UDIV	r3, %[d0], %[div]\n\t"
        "ADD	%[d1], r6, r3\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#else
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r5, %[div], #1\n\t"
        "ADD	r5, r5, #0x1\n\t"
        "MOV	r6, %[d0]\n\t"
        "MOV	r7, %[d1]\n\t"
        /* Do top 32 */
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "MOV	r3, #0x0\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        /* Next 30 bits */
        "MOV	r4, #0x1d\n\t"
        "\n"
    "L_div_3072_word_48_bit:\n\t"
        "LSLS	r6, r6, #1\n\t"
        "ADC	r7, r7, r7\n\t"
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "ADD	r3, r3, r3\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        "SUBS	r4, r4, #0x1\n\t"
        "bpl	L_div_3072_word_48_bit\n\t"
        "ADD	r3, r3, r3\n\t"
        "ADD	r3, r3, #0x1\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "SUBS	r8, %[div], r9\n\t"
        "SBC	r8, r8, r8\n\t"
        "SUB	%[d1], r3, r8\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#endif
/* Compare a with b in constant time.
 *
 * a  A single precision integer.
 * b  A single precision integer.
 * return -ve, 0 or +ve if a is less than, equal to or greater than b
 * respectively.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_int32 sp_3072_cmp_48(const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register const sp_digit* a __asm__ ("r0") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r2, #0xffffffff\n\t"
        "MOV	r8, #0x1\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r3, #0xffffffff\n\t"
#ifdef WOLFSSL_SP_SMALL
        "MOV	r6, #0xbc\n\t"
        "\n"
    "L_sp_3072_cmp_48_words:\n\t"
        "LDR	r4, [%[a], r6]\n\t"
        "LDR	r5, [%[b], r6]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "SUBS	r6, r6, #0x4\n\t"
        "bcs	L_sp_3072_cmp_48_words\n\t"
        "EOR	r2, r2, r3\n\t"
#else
        "LDR	r4, [%[a], #188]\n\t"
        "LDR	r5, [%[b], #188]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #184]\n\t"
        "LDR	r5, [%[b], #184]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #180]\n\t"
        "LDR	r5, [%[b], #180]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #176]\n\t"
        "LDR	r5, [%[b], #176]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #172]\n\t"
        "LDR	r5, [%[b], #172]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #168]\n\t"
        "LDR	r5, [%[b], #168]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #164]\n\t"
        "LDR	r5, [%[b], #164]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #160]\n\t"
        "LDR	r5, [%[b], #160]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #156]\n\t"
        "LDR	r5, [%[b], #156]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #152]\n\t"
        "LDR	r5, [%[b], #152]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #148]\n\t"
        "LDR	r5, [%[b], #148]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #144]\n\t"
        "LDR	r5, [%[b], #144]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #140]\n\t"
        "LDR	r5, [%[b], #140]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #136]\n\t"
        "LDR	r5, [%[b], #136]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #132]\n\t"
        "LDR	r5, [%[b], #132]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #128]\n\t"
        "LDR	r5, [%[b], #128]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #124]\n\t"
        "LDR	r5, [%[b], #124]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #120]\n\t"
        "LDR	r5, [%[b], #120]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #116]\n\t"
        "LDR	r5, [%[b], #116]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #112]\n\t"
        "LDR	r5, [%[b], #112]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #108]\n\t"
        "LDR	r5, [%[b], #108]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #104]\n\t"
        "LDR	r5, [%[b], #104]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #100]\n\t"
        "LDR	r5, [%[b], #100]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #96]\n\t"
        "LDR	r5, [%[b], #96]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #92]\n\t"
        "LDR	r5, [%[b], #92]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #88]\n\t"
        "LDR	r5, [%[b], #88]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #84]\n\t"
        "LDR	r5, [%[b], #84]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #80]\n\t"
        "LDR	r5, [%[b], #80]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #76]\n\t"
        "LDR	r5, [%[b], #76]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #72]\n\t"
        "LDR	r5, [%[b], #72]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #68]\n\t"
        "LDR	r5, [%[b], #68]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #64]\n\t"
        "LDR	r5, [%[b], #64]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #60]\n\t"
        "LDR	r5, [%[b], #60]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #56]\n\t"
        "LDR	r5, [%[b], #56]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #52]\n\t"
        "LDR	r5, [%[b], #52]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #48]\n\t"
        "LDR	r5, [%[b], #48]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #44]\n\t"
        "LDR	r5, [%[b], #44]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #40]\n\t"
        "LDR	r5, [%[b], #40]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #36]\n\t"
        "LDR	r5, [%[b], #36]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #32]\n\t"
        "LDR	r5, [%[b], #32]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #28]\n\t"
        "LDR	r5, [%[b], #28]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #24]\n\t"
        "LDR	r5, [%[b], #24]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #20]\n\t"
        "LDR	r5, [%[b], #20]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #16]\n\t"
        "LDR	r5, [%[b], #16]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #12]\n\t"
        "LDR	r5, [%[b], #12]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #8]\n\t"
        "LDR	r5, [%[b], #8]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #4]\n\t"
        "LDR	r5, [%[b], #4]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[b]]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "EOR	r2, r2, r3\n\t"
#endif /*WOLFSSL_SP_SMALL */
        "MOV	%[a], r2\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Divide d in a and put remainder into r (m*d + r = a)
 * m is not calculated as it is not needed at this time.
 *
 * a  Number to be divided.
 * d  Number to divide with.
 * m  Multiplier result.
 * r  Remainder from the division.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_3072_div_48(const sp_digit* a, const sp_digit* d,
        sp_digit* m, sp_digit* r)
{
    sp_digit t1[96], t2[49];
    sp_digit div, r1;
    int i;

    (void)m;

    div = d[47];
    XMEMCPY(t1, a, sizeof(*t1) * 2 * 48);
    r1 = sp_3072_cmp_48(&t1[48], d) >= 0;
    sp_3072_cond_sub_48(&t1[48], &t1[48], d, (sp_digit)0 - r1);
    for (i = 47; i >= 0; i--) {
        volatile sp_digit mask = (sp_digit)0 - (t1[48 + i] == div);
        sp_digit hi = t1[48 + i] + mask;
        r1 = div_3072_word_48(hi, t1[48 + i - 1], div);
        r1 |= mask;

        sp_3072_mul_d_48(t2, d, r1);
        t1[48 + i] += sp_3072_sub_in_place_48(&t1[i], t2);
        t1[48 + i] -= t2[48];
        sp_3072_mask_48(t2, d, t1[48 + i]);
        t1[48 + i] += sp_3072_add_48(&t1[i], &t1[i], t2);
        sp_3072_mask_48(t2, d, t1[48 + i]);
        t1[48 + i] += sp_3072_add_48(&t1[i], &t1[i], t2);
    }

    r1 = sp_3072_cmp_48(t1, d) >= 0;
    sp_3072_cond_sub_48(r, t1, d, (sp_digit)0 - r1);

    return MP_OKAY;
}

/* Reduce a modulo m into r. (r = a mod m)
 *
 * r  A single precision number that is the reduced result.
 * a  A single precision number that is to be reduced.
 * m  A single precision number that is the modulus to reduce with.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_3072_mod_48(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    return sp_3072_div_48(a, m, NULL, r);
}

#ifdef WOLFSSL_SP_SMALL
/* Modular exponentiate a to the e mod m. (r = a^e mod m)
 *
 * r     A single precision number that is the result of the operation.
 * a     A single precision number being exponentiated.
 * e     A single precision number that is the exponent.
 * bits  The number of bits in the exponent.
 * m     A single precision number that is the modulus.
 * returns  0 on success.
 * returns  MEMORY_E on dynamic memory allocation failure.
 * returns  MP_VAL when base is even or exponent is 0.
 */
static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
        int bits, const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* td = NULL;
#else
    sp_digit td[16 * 96];
#endif
    sp_digit* t[16];
    sp_digit* norm = NULL;
    sp_digit mp = 1;
    sp_digit n;
    sp_digit mask;
    int i;
    int c;
    byte y;
    int err = MP_OKAY;

    if (bits == 0) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        norm = td;
        for (i=0; i<16; i++) {
            t[i] = td + i * 96;
        }

        sp_3072_mont_setup(m, &mp);
        sp_3072_mont_norm_48(norm, m);

        XMEMSET(t[1], 0, sizeof(sp_digit) * 48U);
        if (reduceA != 0) {
            err = sp_3072_mod_48(t[1] + 48, a, m);
            if (err == MP_OKAY) {
                err = sp_3072_mod_48(t[1], t[1], m);
            }
        }
        else {
            XMEMCPY(t[1] + 48, a, sizeof(sp_digit) * 48);
            err = sp_3072_mod_48(t[1], t[1], m);
        }
    }

    if (err == MP_OKAY) {
        sp_3072_mont_sqr_48(t[ 2], t[ 1], m, mp);
        sp_3072_mont_mul_48(t[ 3], t[ 2], t[ 1], m, mp);
        sp_3072_mont_sqr_48(t[ 4], t[ 2], m, mp);
        sp_3072_mont_mul_48(t[ 5], t[ 3], t[ 2], m, mp);
        sp_3072_mont_sqr_48(t[ 6], t[ 3], m, mp);
        sp_3072_mont_mul_48(t[ 7], t[ 4], t[ 3], m, mp);
        sp_3072_mont_sqr_48(t[ 8], t[ 4], m, mp);
        sp_3072_mont_mul_48(t[ 9], t[ 5], t[ 4], m, mp);
        sp_3072_mont_sqr_48(t[10], t[ 5], m, mp);
        sp_3072_mont_mul_48(t[11], t[ 6], t[ 5], m, mp);
        sp_3072_mont_sqr_48(t[12], t[ 6], m, mp);
        sp_3072_mont_mul_48(t[13], t[ 7], t[ 6], m, mp);
        sp_3072_mont_sqr_48(t[14], t[ 7], m, mp);
        sp_3072_mont_mul_48(t[15], t[ 8], t[ 7], m, mp);

        i = (bits - 1) / 32;
        n = e[i--];
        c = bits & 31;
        if (c == 0) {
            c = 32;
        }
        c -= bits % 4;
        if (c == 32) {
            c = 28;
        }
        if (c < 0) {
            /* Number of bits in top word is less than number needed. */
            c = -c;
            y = (byte)(n << c);
            n = e[i--];
            y |= (byte)(n >> (64 - c));
            n <<= c;
            c = 64 - c;
        }
        else if (c == 0) {
            /* All bits in top word used. */
            y = (byte)n;
        }
        else {
            y = (byte)(n >> c);
            n <<= 32 - c;
        }
        XMEMCPY(r, t[y], sizeof(sp_digit) * 48);
        for (; i>=0 || c>=4; ) {
            if (c == 0) {
                n = e[i--];
                y = (byte)(n >> 28);
                n <<= 4;
                c = 28;
            }
            else if (c < 4) {
                y = (byte)(n >> 28);
                n = e[i--];
                c = 4 - c;
                y |= (byte)(n >> (32 - c));
                n <<= c;
                c = 32 - c;
            }
            else {
                y = (byte)((n >> 28) & 0xf);
                n <<= 4;
                c -= 4;
            }

            sp_3072_mont_sqr_48(r, r, m, mp);
            sp_3072_mont_sqr_48(r, r, m, mp);
            sp_3072_mont_sqr_48(r, r, m, mp);
            sp_3072_mont_sqr_48(r, r, m, mp);

            sp_3072_mont_mul_48(r, r, t[y], m, mp);
        }

        XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
        sp_3072_mont_reduce_48(r, m, mp);

        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
        sp_3072_cond_sub_48(r, r, m, mask);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (td != NULL)
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

    return err;
}
#else
/* Modular exponentiate a to the e mod m. (r = a^e mod m)
 *
 * r     A single precision number that is the result of the operation.
 * a     A single precision number being exponentiated.
 * e     A single precision number that is the exponent.
 * bits  The number of bits in the exponent.
 * m     A single precision number that is the modulus.
 * returns  0 on success.
 * returns  MEMORY_E on dynamic memory allocation failure.
 * returns  MP_VAL when base is even or exponent is 0.
 */
static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
        int bits, const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* td = NULL;
#else
    sp_digit td[32 * 96];
#endif
    sp_digit* t[32];
    sp_digit* norm = NULL;
    sp_digit mp = 1;
    sp_digit n;
    sp_digit mask;
    int i;
    int c;
    byte y;
    int err = MP_OKAY;

    if (bits == 0) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 96), NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        norm = td;
        for (i=0; i<32; i++) {
            t[i] = td + i * 96;
        }

        sp_3072_mont_setup(m, &mp);
        sp_3072_mont_norm_48(norm, m);

        XMEMSET(t[1], 0, sizeof(sp_digit) * 48U);
        if (reduceA != 0) {
            err = sp_3072_mod_48(t[1] + 48, a, m);
            if (err == MP_OKAY) {
                err = sp_3072_mod_48(t[1], t[1], m);
            }
        }
        else {
            XMEMCPY(t[1] + 48, a, sizeof(sp_digit) * 48);
            err = sp_3072_mod_48(t[1], t[1], m);
        }
    }

    if (err == MP_OKAY) {
        sp_3072_mont_sqr_48(t[ 2], t[ 1], m, mp);
        sp_3072_mont_mul_48(t[ 3], t[ 2], t[ 1], m, mp);
        sp_3072_mont_sqr_48(t[ 4], t[ 2], m, mp);
        sp_3072_mont_mul_48(t[ 5], t[ 3], t[ 2], m, mp);
        sp_3072_mont_sqr_48(t[ 6], t[ 3], m, mp);
        sp_3072_mont_mul_48(t[ 7], t[ 4], t[ 3], m, mp);
        sp_3072_mont_sqr_48(t[ 8], t[ 4], m, mp);
        sp_3072_mont_mul_48(t[ 9], t[ 5], t[ 4], m, mp);
        sp_3072_mont_sqr_48(t[10], t[ 5], m, mp);
        sp_3072_mont_mul_48(t[11], t[ 6], t[ 5], m, mp);
        sp_3072_mont_sqr_48(t[12], t[ 6], m, mp);
        sp_3072_mont_mul_48(t[13], t[ 7], t[ 6], m, mp);
        sp_3072_mont_sqr_48(t[14], t[ 7], m, mp);
        sp_3072_mont_mul_48(t[15], t[ 8], t[ 7], m, mp);
        sp_3072_mont_sqr_48(t[16], t[ 8], m, mp);
        sp_3072_mont_mul_48(t[17], t[ 9], t[ 8], m, mp);
        sp_3072_mont_sqr_48(t[18], t[ 9], m, mp);
        sp_3072_mont_mul_48(t[19], t[10], t[ 9], m, mp);
        sp_3072_mont_sqr_48(t[20], t[10], m, mp);
        sp_3072_mont_mul_48(t[21], t[11], t[10], m, mp);
        sp_3072_mont_sqr_48(t[22], t[11], m, mp);
        sp_3072_mont_mul_48(t[23], t[12], t[11], m, mp);
        sp_3072_mont_sqr_48(t[24], t[12], m, mp);
        sp_3072_mont_mul_48(t[25], t[13], t[12], m, mp);
        sp_3072_mont_sqr_48(t[26], t[13], m, mp);
        sp_3072_mont_mul_48(t[27], t[14], t[13], m, mp);
        sp_3072_mont_sqr_48(t[28], t[14], m, mp);
        sp_3072_mont_mul_48(t[29], t[15], t[14], m, mp);
        sp_3072_mont_sqr_48(t[30], t[15], m, mp);
        sp_3072_mont_mul_48(t[31], t[16], t[15], m, mp);

        i = (bits - 1) / 32;
        n = e[i--];
        c = bits & 31;
        if (c == 0) {
            c = 32;
        }
        c -= bits % 5;
        if (c == 32) {
            c = 27;
        }
        if (c < 0) {
            /* Number of bits in top word is less than number needed. */
            c = -c;
            y = (byte)(n << c);
            n = e[i--];
            y |= (byte)(n >> (64 - c));
            n <<= c;
            c = 64 - c;
        }
        else if (c == 0) {
            /* All bits in top word used. */
            y = (byte)n;
        }
        else {
            y = (byte)(n >> c);
            n <<= 32 - c;
        }
        XMEMCPY(r, t[y], sizeof(sp_digit) * 48);
        for (; i>=0 || c>=5; ) {
            if (c == 0) {
                n = e[i--];
                y = (byte)(n >> 27);
                n <<= 5;
                c = 27;
            }
            else if (c < 5) {
                y = (byte)(n >> 27);
                n = e[i--];
                c = 5 - c;
                y |= (byte)(n >> (32 - c));
                n <<= c;
                c = 32 - c;
            }
            else {
                y = (byte)((n >> 27) & 0x1f);
                n <<= 5;
                c -= 5;
            }

            sp_3072_mont_sqr_48(r, r, m, mp);
            sp_3072_mont_sqr_48(r, r, m, mp);
            sp_3072_mont_sqr_48(r, r, m, mp);
            sp_3072_mont_sqr_48(r, r, m, mp);
            sp_3072_mont_sqr_48(r, r, m, mp);

            sp_3072_mont_mul_48(r, r, t[y], m, mp);
        }

        XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
        sp_3072_mont_reduce_48(r, m, mp);

        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
        sp_3072_cond_sub_48(r, r, m, mask);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (td != NULL)
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

    return err;
}
#endif /* WOLFSSL_SP_SMALL */

#endif /* (WOLFSSL_HAVE_SP_RSA & !WOLFSSL_RSA_PUBLIC_ONLY) | WOLFSSL_HAVE_SP_DH */

#if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH)
/* r = 2^n mod m where n is the number of bits to reduce by.
 * Given m must be 3072 bits, just need to subtract.
 *
 * r  A single precision number.
 * m  A single precision number.
 */
static void sp_3072_mont_norm_96(sp_digit* r, const sp_digit* m)
{
    XMEMSET(r, 0, sizeof(sp_digit) * 96);

    /* r = 2^n mod m */
    sp_3072_sub_in_place_96(r, m);
}

#endif /* (WOLFSSL_HAVE_SP_RSA & !WOLFSSL_RSA_PUBLIC_ONLY) | WOLFSSL_HAVE_SP_DH */
#ifdef WOLFSSL_SP_SMALL
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r8, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "\n"
    "L_sp_3072_cond_sub_96_words:\n\t"
        "SUBS	r4, r8, r4\n\t"
        "LDR	r6, [%[a], r5]\n\t"
        "LDR	r7, [%[b], r5]\n\t"
        "AND	r7, r7, %[m]\n\t"
        "SBCS	r6, r6, r7\n\t"
        "SBC	r4, r8, r8\n\t"
        "STR	r6, [%[r], r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x180\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_cond_sub_96_words\n\t"
#else
        "BLT.N	L_sp_3072_cond_sub_96_words\n\t"
#endif
        "MOV	%[r], r4\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r5, #0x0\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SUBS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "SBC	%[r], r5, r5\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_NO_UMAAL
#ifndef WOLFSSL_SP_SMALL
/* Reduce the number back to 3072 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	lr, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r11, #0x0\n\t"
        "MOV	r3, #0x0\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[a], #4]\n\t"
        "\n"
    "L_sp_3072_mont_reduce_96_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	r10, %[mp], r4\n\t"
        /* a[i+0] += m[0] * mu */
        "MOV	r7, #0x0\n\t"
        "UMLAL	r4, r7, r10, lr\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r9, [%[m], #4]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r5, r6, r10, r9\n\t"
        "MOV	r4, r5\n\t"
        "ADDS	r4, r4, r7\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r9, [%[m], #8]\n\t"
        "LDR	r5, [%[a], #8]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r5, r7, r10, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r9, [%[m], #12]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #12]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r9, [%[m], #16]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #16]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r9, [%[m], #20]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #20]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r9, [%[m], #24]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #24]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r9, [%[m], #28]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #28]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+8] += m[8] * mu */
        "LDR	r9, [%[m], #32]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #32]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+9] += m[9] * mu */
        "LDR	r9, [%[m], #36]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #36]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+10] += m[10] * mu */
        "LDR	r9, [%[m], #40]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #40]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+11] += m[11] * mu */
        "LDR	r9, [%[m], #44]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #44]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+12] += m[12] * mu */
        "LDR	r9, [%[m], #48]\n\t"
        "LDR	r12, [%[a], #48]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #48]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+13] += m[13] * mu */
        "LDR	r9, [%[m], #52]\n\t"
        "LDR	r12, [%[a], #52]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #52]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+14] += m[14] * mu */
        "LDR	r9, [%[m], #56]\n\t"
        "LDR	r12, [%[a], #56]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #56]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+15] += m[15] * mu */
        "LDR	r9, [%[m], #60]\n\t"
        "LDR	r12, [%[a], #60]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #60]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+16] += m[16] * mu */
        "LDR	r9, [%[m], #64]\n\t"
        "LDR	r12, [%[a], #64]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #64]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+17] += m[17] * mu */
        "LDR	r9, [%[m], #68]\n\t"
        "LDR	r12, [%[a], #68]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #68]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+18] += m[18] * mu */
        "LDR	r9, [%[m], #72]\n\t"
        "LDR	r12, [%[a], #72]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #72]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+19] += m[19] * mu */
        "LDR	r9, [%[m], #76]\n\t"
        "LDR	r12, [%[a], #76]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #76]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+20] += m[20] * mu */
        "LDR	r9, [%[m], #80]\n\t"
        "LDR	r12, [%[a], #80]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #80]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+21] += m[21] * mu */
        "LDR	r9, [%[m], #84]\n\t"
        "LDR	r12, [%[a], #84]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #84]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+22] += m[22] * mu */
        "LDR	r9, [%[m], #88]\n\t"
        "LDR	r12, [%[a], #88]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #88]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+23] += m[23] * mu */
        "LDR	r9, [%[m], #92]\n\t"
        "LDR	r12, [%[a], #92]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #92]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+24] += m[24] * mu */
        "LDR	r9, [%[m], #96]\n\t"
        "LDR	r12, [%[a], #96]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #96]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+25] += m[25] * mu */
        "LDR	r9, [%[m], #100]\n\t"
        "LDR	r12, [%[a], #100]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #100]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+26] += m[26] * mu */
        "LDR	r9, [%[m], #104]\n\t"
        "LDR	r12, [%[a], #104]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #104]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+27] += m[27] * mu */
        "LDR	r9, [%[m], #108]\n\t"
        "LDR	r12, [%[a], #108]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #108]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+28] += m[28] * mu */
        "LDR	r9, [%[m], #112]\n\t"
        "LDR	r12, [%[a], #112]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #112]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+29] += m[29] * mu */
        "LDR	r9, [%[m], #116]\n\t"
        "LDR	r12, [%[a], #116]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #116]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+30] += m[30] * mu */
        "LDR	r9, [%[m], #120]\n\t"
        "LDR	r12, [%[a], #120]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #120]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+31] += m[31] * mu */
        "LDR	r9, [%[m], #124]\n\t"
        "LDR	r12, [%[a], #124]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #124]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+32] += m[32] * mu */
        "LDR	r9, [%[m], #128]\n\t"
        "LDR	r12, [%[a], #128]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #128]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+33] += m[33] * mu */
        "LDR	r9, [%[m], #132]\n\t"
        "LDR	r12, [%[a], #132]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #132]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+34] += m[34] * mu */
        "LDR	r9, [%[m], #136]\n\t"
        "LDR	r12, [%[a], #136]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #136]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+35] += m[35] * mu */
        "LDR	r9, [%[m], #140]\n\t"
        "LDR	r12, [%[a], #140]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #140]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+36] += m[36] * mu */
        "LDR	r9, [%[m], #144]\n\t"
        "LDR	r12, [%[a], #144]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #144]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+37] += m[37] * mu */
        "LDR	r9, [%[m], #148]\n\t"
        "LDR	r12, [%[a], #148]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #148]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+38] += m[38] * mu */
        "LDR	r9, [%[m], #152]\n\t"
        "LDR	r12, [%[a], #152]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #152]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+39] += m[39] * mu */
        "LDR	r9, [%[m], #156]\n\t"
        "LDR	r12, [%[a], #156]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #156]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+40] += m[40] * mu */
        "LDR	r9, [%[m], #160]\n\t"
        "LDR	r12, [%[a], #160]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #160]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+41] += m[41] * mu */
        "LDR	r9, [%[m], #164]\n\t"
        "LDR	r12, [%[a], #164]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #164]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+42] += m[42] * mu */
        "LDR	r9, [%[m], #168]\n\t"
        "LDR	r12, [%[a], #168]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #168]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+43] += m[43] * mu */
        "LDR	r9, [%[m], #172]\n\t"
        "LDR	r12, [%[a], #172]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #172]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+44] += m[44] * mu */
        "LDR	r9, [%[m], #176]\n\t"
        "LDR	r12, [%[a], #176]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #176]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+45] += m[45] * mu */
        "LDR	r9, [%[m], #180]\n\t"
        "LDR	r12, [%[a], #180]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #180]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+46] += m[46] * mu */
        "LDR	r9, [%[m], #184]\n\t"
        "LDR	r12, [%[a], #184]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #184]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+47] += m[47] * mu */
        "LDR	r9, [%[m], #188]\n\t"
        "LDR	r12, [%[a], #188]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #188]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+48] += m[48] * mu */
        "LDR	r9, [%[m], #192]\n\t"
        "LDR	r12, [%[a], #192]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #192]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+49] += m[49] * mu */
        "LDR	r9, [%[m], #196]\n\t"
        "LDR	r12, [%[a], #196]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #196]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+50] += m[50] * mu */
        "LDR	r9, [%[m], #200]\n\t"
        "LDR	r12, [%[a], #200]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #200]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+51] += m[51] * mu */
        "LDR	r9, [%[m], #204]\n\t"
        "LDR	r12, [%[a], #204]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #204]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+52] += m[52] * mu */
        "LDR	r9, [%[m], #208]\n\t"
        "LDR	r12, [%[a], #208]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #208]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+53] += m[53] * mu */
        "LDR	r9, [%[m], #212]\n\t"
        "LDR	r12, [%[a], #212]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #212]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+54] += m[54] * mu */
        "LDR	r9, [%[m], #216]\n\t"
        "LDR	r12, [%[a], #216]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #216]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+55] += m[55] * mu */
        "LDR	r9, [%[m], #220]\n\t"
        "LDR	r12, [%[a], #220]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #220]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+56] += m[56] * mu */
        "LDR	r9, [%[m], #224]\n\t"
        "LDR	r12, [%[a], #224]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #224]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+57] += m[57] * mu */
        "LDR	r9, [%[m], #228]\n\t"
        "LDR	r12, [%[a], #228]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #228]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+58] += m[58] * mu */
        "LDR	r9, [%[m], #232]\n\t"
        "LDR	r12, [%[a], #232]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #232]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+59] += m[59] * mu */
        "LDR	r9, [%[m], #236]\n\t"
        "LDR	r12, [%[a], #236]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #236]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+60] += m[60] * mu */
        "LDR	r9, [%[m], #240]\n\t"
        "LDR	r12, [%[a], #240]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #240]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+61] += m[61] * mu */
        "LDR	r9, [%[m], #244]\n\t"
        "LDR	r12, [%[a], #244]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #244]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+62] += m[62] * mu */
        "LDR	r9, [%[m], #248]\n\t"
        "LDR	r12, [%[a], #248]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #248]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+63] += m[63] * mu */
        "LDR	r9, [%[m], #252]\n\t"
        "LDR	r12, [%[a], #252]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #252]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+64] += m[64] * mu */
        "LDR	r9, [%[m], #256]\n\t"
        "LDR	r12, [%[a], #256]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #256]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+65] += m[65] * mu */
        "LDR	r9, [%[m], #260]\n\t"
        "LDR	r12, [%[a], #260]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #260]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+66] += m[66] * mu */
        "LDR	r9, [%[m], #264]\n\t"
        "LDR	r12, [%[a], #264]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #264]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+67] += m[67] * mu */
        "LDR	r9, [%[m], #268]\n\t"
        "LDR	r12, [%[a], #268]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #268]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+68] += m[68] * mu */
        "LDR	r9, [%[m], #272]\n\t"
        "LDR	r12, [%[a], #272]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #272]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+69] += m[69] * mu */
        "LDR	r9, [%[m], #276]\n\t"
        "LDR	r12, [%[a], #276]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #276]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+70] += m[70] * mu */
        "LDR	r9, [%[m], #280]\n\t"
        "LDR	r12, [%[a], #280]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #280]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+71] += m[71] * mu */
        "LDR	r9, [%[m], #284]\n\t"
        "LDR	r12, [%[a], #284]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #284]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+72] += m[72] * mu */
        "LDR	r9, [%[m], #288]\n\t"
        "LDR	r12, [%[a], #288]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #288]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+73] += m[73] * mu */
        "LDR	r9, [%[m], #292]\n\t"
        "LDR	r12, [%[a], #292]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #292]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+74] += m[74] * mu */
        "LDR	r9, [%[m], #296]\n\t"
        "LDR	r12, [%[a], #296]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #296]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+75] += m[75] * mu */
        "LDR	r9, [%[m], #300]\n\t"
        "LDR	r12, [%[a], #300]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #300]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+76] += m[76] * mu */
        "LDR	r9, [%[m], #304]\n\t"
        "LDR	r12, [%[a], #304]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #304]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+77] += m[77] * mu */
        "LDR	r9, [%[m], #308]\n\t"
        "LDR	r12, [%[a], #308]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #308]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+78] += m[78] * mu */
        "LDR	r9, [%[m], #312]\n\t"
        "LDR	r12, [%[a], #312]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #312]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+79] += m[79] * mu */
        "LDR	r9, [%[m], #316]\n\t"
        "LDR	r12, [%[a], #316]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #316]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+80] += m[80] * mu */
        "LDR	r9, [%[m], #320]\n\t"
        "LDR	r12, [%[a], #320]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #320]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+81] += m[81] * mu */
        "LDR	r9, [%[m], #324]\n\t"
        "LDR	r12, [%[a], #324]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #324]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+82] += m[82] * mu */
        "LDR	r9, [%[m], #328]\n\t"
        "LDR	r12, [%[a], #328]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #328]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+83] += m[83] * mu */
        "LDR	r9, [%[m], #332]\n\t"
        "LDR	r12, [%[a], #332]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #332]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+84] += m[84] * mu */
        "LDR	r9, [%[m], #336]\n\t"
        "LDR	r12, [%[a], #336]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #336]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+85] += m[85] * mu */
        "LDR	r9, [%[m], #340]\n\t"
        "LDR	r12, [%[a], #340]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #340]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+86] += m[86] * mu */
        "LDR	r9, [%[m], #344]\n\t"
        "LDR	r12, [%[a], #344]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #344]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+87] += m[87] * mu */
        "LDR	r9, [%[m], #348]\n\t"
        "LDR	r12, [%[a], #348]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #348]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+88] += m[88] * mu */
        "LDR	r9, [%[m], #352]\n\t"
        "LDR	r12, [%[a], #352]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #352]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+89] += m[89] * mu */
        "LDR	r9, [%[m], #356]\n\t"
        "LDR	r12, [%[a], #356]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #356]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+90] += m[90] * mu */
        "LDR	r9, [%[m], #360]\n\t"
        "LDR	r12, [%[a], #360]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #360]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+91] += m[91] * mu */
        "LDR	r9, [%[m], #364]\n\t"
        "LDR	r12, [%[a], #364]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #364]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+92] += m[92] * mu */
        "LDR	r9, [%[m], #368]\n\t"
        "LDR	r12, [%[a], #368]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #368]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+93] += m[93] * mu */
        "LDR	r9, [%[m], #372]\n\t"
        "LDR	r12, [%[a], #372]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #372]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+94] += m[94] * mu */
        "LDR	r9, [%[m], #376]\n\t"
        "LDR	r12, [%[a], #376]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #376]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+95] += m[95] * mu */
        "LDR	r9, [%[m], #380]\n\t"
        "LDR	r12, [%[a], #380]\n\t"
        "UMULL	r8, r9, r10, r9\n\t"
        "ADDS	r7, r7, r8\n\t"
        "ADCS	r6, r9, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, r3\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #380]\n\t"
        "LDR	r12, [%[a], #384]\n\t"
        "ADCS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #384]\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* i += 1 */
        "ADD	r11, r11, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r11, #0x180\n\t"
#ifdef __GNUC__
        "BLT	L_sp_3072_mont_reduce_96_word\n\t"
#else
        "BLT.W	L_sp_3072_mont_reduce_96_word\n\t"
#endif
        /* Loop Done */
        "STR	r4, [%[a]]\n\t"
        "STR	r5, [%[a], #4]\n\t"
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp);
}

#else
/* Reduce the number back to 3072 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	r11, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r9, #0x0\n\t"
        /* ca = 0 */
        "MOV	r3, #0x0\n\t"
        "\n"
    "L_sp_3072_mont_reduce_96_word:\n\t"
        /* mu = a[i] * mp */
        "LDR	r10, [%[a]]\n\t"
        "MUL	r8, %[mp], r10\n\t"
        /* j = 0 */
        "MOV	r12, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "\n"
    "L_sp_3072_mont_reduce_96_mul:\n\t"
        /* a[i+j+0] += m[j+0] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+1] += m[j+1] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+2] += m[j+2] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+3] += m[j+3] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        "CMP	r12, #0x180\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_mont_reduce_96_mul\n\t"
#else
        "BLT.N	L_sp_3072_mont_reduce_96_mul\n\t"
#endif
        "LDR	r10, [%[a], #384]\n\t"
        "ADDS	r4, r4, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r10, r10, r4\n\t"
        "ADC	r3, r3, r3\n\t"
        "STR	r10, [%[a], #384]\n\t"
        /* i += 1 */
        "ADD	r9, r9, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r9, #0x180\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_mont_reduce_96_word\n\t"
#else
        "BLT.N	L_sp_3072_mont_reduce_96_word\n\t"
#endif
        /* Loop Done */
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
    sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp);
}

#endif /* !WOLFSSL_SP_SMALL */
#else
#ifndef WOLFSSL_SP_SMALL
/* Reduce the number back to 3072 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* i = 0 */
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "LDR	r6, [%[a]]\n\t"
        "LDR	r7, [%[a], #4]\n\t"
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[a], #12]\n\t"
        "LDR	r10, [%[a], #16]\n\t"
        "\n"
    "L_sp_3072_mont_reduce_96_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	lr, %[mp], r6\n\t"
        /* a[i+0] += m[0] * mu */
        "LDR	r12, [%[m]]\n\t"
        "MOV	r3, #0x0\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r12, [%[m], #4]\n\t"
        "MOV	r6, r7\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r12, [%[m], #8]\n\t"
        "MOV	r7, r8\n\t"
        "UMAAL	r7, r3, lr, r12\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r12, [%[m], #12]\n\t"
        "MOV	r8, r9\n\t"
        "UMAAL	r8, r3, lr, r12\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r12, [%[m], #16]\n\t"
        "MOV	r9, r10\n\t"
        "UMAAL	r9, r3, lr, r12\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r12, [%[m], #20]\n\t"
        "LDR	r10, [%[a], #20]\n\t"
        "UMAAL	r10, r3, lr, r12\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r12, [%[m], #24]\n\t"
        "LDR	r11, [%[a], #24]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #24]\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r12, [%[m], #28]\n\t"
        "LDR	r11, [%[a], #28]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #28]\n\t"
        /* a[i+8] += m[8] * mu */
        "LDR	r12, [%[m], #32]\n\t"
        "LDR	r11, [%[a], #32]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #32]\n\t"
        /* a[i+9] += m[9] * mu */
        "LDR	r12, [%[m], #36]\n\t"
        "LDR	r11, [%[a], #36]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #36]\n\t"
        /* a[i+10] += m[10] * mu */
        "LDR	r12, [%[m], #40]\n\t"
        "LDR	r11, [%[a], #40]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #40]\n\t"
        /* a[i+11] += m[11] * mu */
        "LDR	r12, [%[m], #44]\n\t"
        "LDR	r11, [%[a], #44]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #44]\n\t"
        /* a[i+12] += m[12] * mu */
        "LDR	r12, [%[m], #48]\n\t"
        "LDR	r11, [%[a], #48]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #48]\n\t"
        /* a[i+13] += m[13] * mu */
        "LDR	r12, [%[m], #52]\n\t"
        "LDR	r11, [%[a], #52]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #52]\n\t"
        /* a[i+14] += m[14] * mu */
        "LDR	r12, [%[m], #56]\n\t"
        "LDR	r11, [%[a], #56]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #56]\n\t"
        /* a[i+15] += m[15] * mu */
        "LDR	r12, [%[m], #60]\n\t"
        "LDR	r11, [%[a], #60]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #60]\n\t"
        /* a[i+16] += m[16] * mu */
        "LDR	r12, [%[m], #64]\n\t"
        "LDR	r11, [%[a], #64]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #64]\n\t"
        /* a[i+17] += m[17] * mu */
        "LDR	r12, [%[m], #68]\n\t"
        "LDR	r11, [%[a], #68]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #68]\n\t"
        /* a[i+18] += m[18] * mu */
        "LDR	r12, [%[m], #72]\n\t"
        "LDR	r11, [%[a], #72]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #72]\n\t"
        /* a[i+19] += m[19] * mu */
        "LDR	r12, [%[m], #76]\n\t"
        "LDR	r11, [%[a], #76]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #76]\n\t"
        /* a[i+20] += m[20] * mu */
        "LDR	r12, [%[m], #80]\n\t"
        "LDR	r11, [%[a], #80]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #80]\n\t"
        /* a[i+21] += m[21] * mu */
        "LDR	r12, [%[m], #84]\n\t"
        "LDR	r11, [%[a], #84]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #84]\n\t"
        /* a[i+22] += m[22] * mu */
        "LDR	r12, [%[m], #88]\n\t"
        "LDR	r11, [%[a], #88]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #88]\n\t"
        /* a[i+23] += m[23] * mu */
        "LDR	r12, [%[m], #92]\n\t"
        "LDR	r11, [%[a], #92]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #92]\n\t"
        /* a[i+24] += m[24] * mu */
        "LDR	r12, [%[m], #96]\n\t"
        "LDR	r11, [%[a], #96]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #96]\n\t"
        /* a[i+25] += m[25] * mu */
        "LDR	r12, [%[m], #100]\n\t"
        "LDR	r11, [%[a], #100]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #100]\n\t"
        /* a[i+26] += m[26] * mu */
        "LDR	r12, [%[m], #104]\n\t"
        "LDR	r11, [%[a], #104]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #104]\n\t"
        /* a[i+27] += m[27] * mu */
        "LDR	r12, [%[m], #108]\n\t"
        "LDR	r11, [%[a], #108]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #108]\n\t"
        /* a[i+28] += m[28] * mu */
        "LDR	r12, [%[m], #112]\n\t"
        "LDR	r11, [%[a], #112]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #112]\n\t"
        /* a[i+29] += m[29] * mu */
        "LDR	r12, [%[m], #116]\n\t"
        "LDR	r11, [%[a], #116]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #116]\n\t"
        /* a[i+30] += m[30] * mu */
        "LDR	r12, [%[m], #120]\n\t"
        "LDR	r11, [%[a], #120]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #120]\n\t"
        /* a[i+31] += m[31] * mu */
        "LDR	r12, [%[m], #124]\n\t"
        "LDR	r11, [%[a], #124]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #124]\n\t"
        /* a[i+32] += m[32] * mu */
        "LDR	r12, [%[m], #128]\n\t"
        "LDR	r11, [%[a], #128]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #128]\n\t"
        /* a[i+33] += m[33] * mu */
        "LDR	r12, [%[m], #132]\n\t"
        "LDR	r11, [%[a], #132]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #132]\n\t"
        /* a[i+34] += m[34] * mu */
        "LDR	r12, [%[m], #136]\n\t"
        "LDR	r11, [%[a], #136]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #136]\n\t"
        /* a[i+35] += m[35] * mu */
        "LDR	r12, [%[m], #140]\n\t"
        "LDR	r11, [%[a], #140]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #140]\n\t"
        /* a[i+36] += m[36] * mu */
        "LDR	r12, [%[m], #144]\n\t"
        "LDR	r11, [%[a], #144]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #144]\n\t"
        /* a[i+37] += m[37] * mu */
        "LDR	r12, [%[m], #148]\n\t"
        "LDR	r11, [%[a], #148]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #148]\n\t"
        /* a[i+38] += m[38] * mu */
        "LDR	r12, [%[m], #152]\n\t"
        "LDR	r11, [%[a], #152]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #152]\n\t"
        /* a[i+39] += m[39] * mu */
        "LDR	r12, [%[m], #156]\n\t"
        "LDR	r11, [%[a], #156]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #156]\n\t"
        /* a[i+40] += m[40] * mu */
        "LDR	r12, [%[m], #160]\n\t"
        "LDR	r11, [%[a], #160]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #160]\n\t"
        /* a[i+41] += m[41] * mu */
        "LDR	r12, [%[m], #164]\n\t"
        "LDR	r11, [%[a], #164]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #164]\n\t"
        /* a[i+42] += m[42] * mu */
        "LDR	r12, [%[m], #168]\n\t"
        "LDR	r11, [%[a], #168]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #168]\n\t"
        /* a[i+43] += m[43] * mu */
        "LDR	r12, [%[m], #172]\n\t"
        "LDR	r11, [%[a], #172]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #172]\n\t"
        /* a[i+44] += m[44] * mu */
        "LDR	r12, [%[m], #176]\n\t"
        "LDR	r11, [%[a], #176]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #176]\n\t"
        /* a[i+45] += m[45] * mu */
        "LDR	r12, [%[m], #180]\n\t"
        "LDR	r11, [%[a], #180]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #180]\n\t"
        /* a[i+46] += m[46] * mu */
        "LDR	r12, [%[m], #184]\n\t"
        "LDR	r11, [%[a], #184]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #184]\n\t"
        /* a[i+47] += m[47] * mu */
        "LDR	r12, [%[m], #188]\n\t"
        "LDR	r11, [%[a], #188]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #188]\n\t"
        /* a[i+48] += m[48] * mu */
        "LDR	r12, [%[m], #192]\n\t"
        "LDR	r11, [%[a], #192]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #192]\n\t"
        /* a[i+49] += m[49] * mu */
        "LDR	r12, [%[m], #196]\n\t"
        "LDR	r11, [%[a], #196]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #196]\n\t"
        /* a[i+50] += m[50] * mu */
        "LDR	r12, [%[m], #200]\n\t"
        "LDR	r11, [%[a], #200]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #200]\n\t"
        /* a[i+51] += m[51] * mu */
        "LDR	r12, [%[m], #204]\n\t"
        "LDR	r11, [%[a], #204]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #204]\n\t"
        /* a[i+52] += m[52] * mu */
        "LDR	r12, [%[m], #208]\n\t"
        "LDR	r11, [%[a], #208]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #208]\n\t"
        /* a[i+53] += m[53] * mu */
        "LDR	r12, [%[m], #212]\n\t"
        "LDR	r11, [%[a], #212]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #212]\n\t"
        /* a[i+54] += m[54] * mu */
        "LDR	r12, [%[m], #216]\n\t"
        "LDR	r11, [%[a], #216]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #216]\n\t"
        /* a[i+55] += m[55] * mu */
        "LDR	r12, [%[m], #220]\n\t"
        "LDR	r11, [%[a], #220]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #220]\n\t"
        /* a[i+56] += m[56] * mu */
        "LDR	r12, [%[m], #224]\n\t"
        "LDR	r11, [%[a], #224]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #224]\n\t"
        /* a[i+57] += m[57] * mu */
        "LDR	r12, [%[m], #228]\n\t"
        "LDR	r11, [%[a], #228]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #228]\n\t"
        /* a[i+58] += m[58] * mu */
        "LDR	r12, [%[m], #232]\n\t"
        "LDR	r11, [%[a], #232]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #232]\n\t"
        /* a[i+59] += m[59] * mu */
        "LDR	r12, [%[m], #236]\n\t"
        "LDR	r11, [%[a], #236]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #236]\n\t"
        /* a[i+60] += m[60] * mu */
        "LDR	r12, [%[m], #240]\n\t"
        "LDR	r11, [%[a], #240]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #240]\n\t"
        /* a[i+61] += m[61] * mu */
        "LDR	r12, [%[m], #244]\n\t"
        "LDR	r11, [%[a], #244]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #244]\n\t"
        /* a[i+62] += m[62] * mu */
        "LDR	r12, [%[m], #248]\n\t"
        "LDR	r11, [%[a], #248]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #248]\n\t"
        /* a[i+63] += m[63] * mu */
        "LDR	r12, [%[m], #252]\n\t"
        "LDR	r11, [%[a], #252]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #252]\n\t"
        /* a[i+64] += m[64] * mu */
        "LDR	r12, [%[m], #256]\n\t"
        "LDR	r11, [%[a], #256]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #256]\n\t"
        /* a[i+65] += m[65] * mu */
        "LDR	r12, [%[m], #260]\n\t"
        "LDR	r11, [%[a], #260]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #260]\n\t"
        /* a[i+66] += m[66] * mu */
        "LDR	r12, [%[m], #264]\n\t"
        "LDR	r11, [%[a], #264]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #264]\n\t"
        /* a[i+67] += m[67] * mu */
        "LDR	r12, [%[m], #268]\n\t"
        "LDR	r11, [%[a], #268]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #268]\n\t"
        /* a[i+68] += m[68] * mu */
        "LDR	r12, [%[m], #272]\n\t"
        "LDR	r11, [%[a], #272]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #272]\n\t"
        /* a[i+69] += m[69] * mu */
        "LDR	r12, [%[m], #276]\n\t"
        "LDR	r11, [%[a], #276]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #276]\n\t"
        /* a[i+70] += m[70] * mu */
        "LDR	r12, [%[m], #280]\n\t"
        "LDR	r11, [%[a], #280]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #280]\n\t"
        /* a[i+71] += m[71] * mu */
        "LDR	r12, [%[m], #284]\n\t"
        "LDR	r11, [%[a], #284]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #284]\n\t"
        /* a[i+72] += m[72] * mu */
        "LDR	r12, [%[m], #288]\n\t"
        "LDR	r11, [%[a], #288]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #288]\n\t"
        /* a[i+73] += m[73] * mu */
        "LDR	r12, [%[m], #292]\n\t"
        "LDR	r11, [%[a], #292]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #292]\n\t"
        /* a[i+74] += m[74] * mu */
        "LDR	r12, [%[m], #296]\n\t"
        "LDR	r11, [%[a], #296]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #296]\n\t"
        /* a[i+75] += m[75] * mu */
        "LDR	r12, [%[m], #300]\n\t"
        "LDR	r11, [%[a], #300]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #300]\n\t"
        /* a[i+76] += m[76] * mu */
        "LDR	r12, [%[m], #304]\n\t"
        "LDR	r11, [%[a], #304]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #304]\n\t"
        /* a[i+77] += m[77] * mu */
        "LDR	r12, [%[m], #308]\n\t"
        "LDR	r11, [%[a], #308]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #308]\n\t"
        /* a[i+78] += m[78] * mu */
        "LDR	r12, [%[m], #312]\n\t"
        "LDR	r11, [%[a], #312]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #312]\n\t"
        /* a[i+79] += m[79] * mu */
        "LDR	r12, [%[m], #316]\n\t"
        "LDR	r11, [%[a], #316]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #316]\n\t"
        /* a[i+80] += m[80] * mu */
        "LDR	r12, [%[m], #320]\n\t"
        "LDR	r11, [%[a], #320]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #320]\n\t"
        /* a[i+81] += m[81] * mu */
        "LDR	r12, [%[m], #324]\n\t"
        "LDR	r11, [%[a], #324]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #324]\n\t"
        /* a[i+82] += m[82] * mu */
        "LDR	r12, [%[m], #328]\n\t"
        "LDR	r11, [%[a], #328]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #328]\n\t"
        /* a[i+83] += m[83] * mu */
        "LDR	r12, [%[m], #332]\n\t"
        "LDR	r11, [%[a], #332]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #332]\n\t"
        /* a[i+84] += m[84] * mu */
        "LDR	r12, [%[m], #336]\n\t"
        "LDR	r11, [%[a], #336]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #336]\n\t"
        /* a[i+85] += m[85] * mu */
        "LDR	r12, [%[m], #340]\n\t"
        "LDR	r11, [%[a], #340]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #340]\n\t"
        /* a[i+86] += m[86] * mu */
        "LDR	r12, [%[m], #344]\n\t"
        "LDR	r11, [%[a], #344]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #344]\n\t"
        /* a[i+87] += m[87] * mu */
        "LDR	r12, [%[m], #348]\n\t"
        "LDR	r11, [%[a], #348]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #348]\n\t"
        /* a[i+88] += m[88] * mu */
        "LDR	r12, [%[m], #352]\n\t"
        "LDR	r11, [%[a], #352]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #352]\n\t"
        /* a[i+89] += m[89] * mu */
        "LDR	r12, [%[m], #356]\n\t"
        "LDR	r11, [%[a], #356]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #356]\n\t"
        /* a[i+90] += m[90] * mu */
        "LDR	r12, [%[m], #360]\n\t"
        "LDR	r11, [%[a], #360]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #360]\n\t"
        /* a[i+91] += m[91] * mu */
        "LDR	r12, [%[m], #364]\n\t"
        "LDR	r11, [%[a], #364]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #364]\n\t"
        /* a[i+92] += m[92] * mu */
        "LDR	r12, [%[m], #368]\n\t"
        "LDR	r11, [%[a], #368]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #368]\n\t"
        /* a[i+93] += m[93] * mu */
        "LDR	r12, [%[m], #372]\n\t"
        "LDR	r11, [%[a], #372]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #372]\n\t"
        /* a[i+94] += m[94] * mu */
        "LDR	r12, [%[m], #376]\n\t"
        "LDR	r11, [%[a], #376]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #376]\n\t"
        /* a[i+95] += m[95] * mu */
        "LDR	r12, [%[m], #380]\n\t"
        "LDR	r11, [%[a], #380]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "LDR	lr, [%[a], #384]\n\t"
        "MOV	r12, #0x0\n\t"
        "UMAAL	r3, lr, r12, r12\n\t"
        "STR	r11, [%[a], #380]\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADC	r5, lr, #0x0\n\t"
        "STR	r3, [%[a], #384]\n\t"
        /* i += 1 */
        "ADD	r4, r4, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r4, #0x180\n\t"
#ifdef __GNUC__
        "BLT	L_sp_3072_mont_reduce_96_word\n\t"
#else
        "BLT.W	L_sp_3072_mont_reduce_96_word\n\t"
#endif
        /* Loop Done */
        "STR	r6, [%[a]]\n\t"
        "STR	r7, [%[a], #4]\n\t"
        "STR	r8, [%[a], #8]\n\t"
        "STR	r9, [%[a], #12]\n\t"
        "STR	r10, [%[a], #16]\n\t"
        "MOV	%[mp], r5\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp);
}

#else
/* Reduce the number back to 3072 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	r11, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r9, #0x0\n\t"
        /* ca = 0 */
        "MOV	r3, #0x0\n\t"
        "\n"
    "L_sp_3072_mont_reduce_96_word:\n\t"
        /* mu = a[i] * mp */
        "LDR	r10, [%[a]]\n\t"
        "MUL	r8, %[mp], r10\n\t"
        /* j = 0 */
        "MOV	r12, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "\n"
    "L_sp_3072_mont_reduce_96_mul:\n\t"
        /* a[i+j+0] += m[j+0] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+1] += m[j+1] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+2] += m[j+2] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+3] += m[j+3] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        "CMP	r12, #0x180\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_mont_reduce_96_mul\n\t"
#else
        "BLT.N	L_sp_3072_mont_reduce_96_mul\n\t"
#endif
        "LDR	r10, [%[a], #384]\n\t"
        "ADDS	r4, r4, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r10, r10, r4\n\t"
        "ADC	r3, r3, r3\n\t"
        "STR	r10, [%[a], #384]\n\t"
        /* i += 1 */
        "ADD	r9, r9, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r9, #0x180\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_mont_reduce_96_word\n\t"
#else
        "BLT.N	L_sp_3072_mont_reduce_96_word\n\t"
#endif
        /* Loop Done */
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
    sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp);
}

#endif /* !WOLFSSL_SP_SMALL */
#endif
/* Multiply two Montgomery form numbers mod the modulus (prime).
 * (r = a * b mod m)
 *
 * r   Result of multiplication.
 * a   First number to multiply in Montgomery form.
 * b   Second number to multiply in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_3072_mont_mul_96(sp_digit* r, const sp_digit* a,
        const sp_digit* b, const sp_digit* m, sp_digit mp)
{
    sp_3072_mul_96(r, a, b);
    sp_3072_mont_reduce_96(r, m, mp);
}

/* Square the Montgomery form number. (r = a * a mod m)
 *
 * r   Result of squaring.
 * a   Number to square in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_3072_mont_sqr_96(sp_digit* r, const sp_digit* a,
        const sp_digit* m, sp_digit mp)
{
    sp_3072_sqr_96(r, a);
    sp_3072_mont_reduce_96(r, m, mp);
}

#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r11, #0x0\n\t"
        "ADD	r12, %[a], #0x180\n\t"
        "\n"
    "L_sp_3072_sub_96_word:\n\t"
        "RSBS	r11, r11, #0x0\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	r11, r3, r3\n\t"
        "CMP	%[a], r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_3072_sub_96_word\n\t"
#else
        "BNE.N	L_sp_3072_sub_96_word\n\t"
#endif
        "MOV	%[r], r11\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SUBS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	%[r], r6, r6\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_USE_UDIV
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r8, %[div], #16\n\t"
        "ADD	r5, r8, #0x1\n\t"
        "UDIV	r6, %[d1], r5\n\t"
        "LSL	r7, %[div], #16\n\t"
        "LSL	r6, r6, #16\n\t"
        "UMULL	r3, r4, %[div], r6\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "SUBS	r3, %[d1], r5\n\t"
        "SBC	r9, r9, r9\n\t"
        "ADD	r9, r9, #0x1\n\t"
        "RSB	r10, r9, #0x0\n\t"
        "LSL	r9, r9, #16\n\t"
        "AND	r7, r7, r10\n\t"
        "AND	r8, r8, r10\n\t"
        "SUBS	%[d0], %[d0], r7\n\t"
        "ADD	r6, r6, r9\n\t"
        "SBC	%[d1], %[d1], r8\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "UMULL	r3, r4, %[div], r3\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "MUL	r3, %[div], r3\n\t"
        "SUB	%[d0], %[d0], r3\n\t"
        "UDIV	r3, %[d0], %[div]\n\t"
        "ADD	%[d1], r6, r3\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#else
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r5, %[div], #1\n\t"
        "ADD	r5, r5, #0x1\n\t"
        "MOV	r6, %[d0]\n\t"
        "MOV	r7, %[d1]\n\t"
        /* Do top 32 */
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "MOV	r3, #0x0\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        /* Next 30 bits */
        "MOV	r4, #0x1d\n\t"
        "\n"
    "L_div_3072_word_96_bit:\n\t"
        "LSLS	r6, r6, #1\n\t"
        "ADC	r7, r7, r7\n\t"
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "ADD	r3, r3, r3\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        "SUBS	r4, r4, #0x1\n\t"
        "bpl	L_div_3072_word_96_bit\n\t"
        "ADD	r3, r3, r3\n\t"
        "ADD	r3, r3, #0x1\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "SUBS	r8, %[div], r9\n\t"
        "SBC	r8, r8, r8\n\t"
        "SUB	%[d1], r3, r8\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#endif
/* Divide d in a and put remainder into r (m*d + r = a)
 * m is not calculated as it is not needed at this time.
 *
 * a  Number to be divided.
 * d  Number to divide with.
 * m  Multiplier result.
 * r  Remainder from the division.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_3072_div_96_cond(const sp_digit* a, const sp_digit* d,
        sp_digit* m, sp_digit* r)
{
    sp_digit t1[192], t2[97];
    sp_digit div, r1;
    int i;

    (void)m;

    div = d[95];
    XMEMCPY(t1, a, sizeof(*t1) * 2 * 96);
    for (i = 95; i > 0; i--) {
        if (t1[i + 96] != d[i])
            break;
    }
    if (t1[i + 96] >= d[i]) {
        sp_3072_sub_in_place_96(&t1[96], d);
    }
    for (i = 95; i >= 0; i--) {
        if (t1[96 + i] == div) {
            r1 = SP_DIGIT_MAX;
        }
        else {
            r1 = div_3072_word_96(t1[96 + i], t1[96 + i - 1], div);
        }

        sp_3072_mul_d_96(t2, d, r1);
        t1[96 + i] += sp_3072_sub_in_place_96(&t1[i], t2);
        t1[96 + i] -= t2[96];
        if (t1[96 + i] != 0) {
            t1[96 + i] += sp_3072_add_96(&t1[i], &t1[i], d);
            if (t1[96 + i] != 0)
                t1[96 + i] += sp_3072_add_96(&t1[i], &t1[i], d);
        }
    }

    for (i = 95; i > 0; i--) {
        if (t1[i] != d[i])
            break;
    }
    if (t1[i] >= d[i]) {
        sp_3072_sub_96(r, t1, d);
    }
    else {
        XMEMCPY(r, t1, sizeof(*t1) * 96);
    }

    return MP_OKAY;
}

/* Reduce a modulo m into r. (r = a mod m)
 *
 * r  A single precision number that is the reduced result.
 * a  A single precision number that is to be reduced.
 * m  A single precision number that is the modulus to reduce with.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_3072_mod_96_cond(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    return sp_3072_div_96_cond(a, m, NULL, r);
}

#if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH)
#if defined(WOLFSSL_HAVE_SP_DH) || !defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* AND m into each word of a and store in r.
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * m  Mask to AND against each digit.
 */
static void sp_3072_mask_96(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
    int i;

    for (i=0; i<96; i++) {
        r[i] = a[i] & m;
    }
#else
    int i;

    for (i = 0; i < 96; i += 8) {
        r[i+0] = a[i+0] & m;
        r[i+1] = a[i+1] & m;
        r[i+2] = a[i+2] & m;
        r[i+3] = a[i+3] & m;
        r[i+4] = a[i+4] & m;
        r[i+5] = a[i+5] & m;
        r[i+6] = a[i+6] & m;
        r[i+7] = a[i+7] & m;
    }
#endif
}

/* Compare a with b in constant time.
 *
 * a  A single precision integer.
 * b  A single precision integer.
 * return -ve, 0 or +ve if a is less than, equal to or greater than b
 * respectively.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register const sp_digit* a __asm__ ("r0") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r2, #0xffffffff\n\t"
        "MOV	r8, #0x1\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r3, #0xffffffff\n\t"
#ifdef WOLFSSL_SP_SMALL
        "MOV	r6, #0x17c\n\t"
        "\n"
    "L_sp_3072_cmp_96_words:\n\t"
        "LDR	r4, [%[a], r6]\n\t"
        "LDR	r5, [%[b], r6]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "SUBS	r6, r6, #0x4\n\t"
        "bcs	L_sp_3072_cmp_96_words\n\t"
        "EOR	r2, r2, r3\n\t"
#else
        "LDR	r4, [%[a], #380]\n\t"
        "LDR	r5, [%[b], #380]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #376]\n\t"
        "LDR	r5, [%[b], #376]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #372]\n\t"
        "LDR	r5, [%[b], #372]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #368]\n\t"
        "LDR	r5, [%[b], #368]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #364]\n\t"
        "LDR	r5, [%[b], #364]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #360]\n\t"
        "LDR	r5, [%[b], #360]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #356]\n\t"
        "LDR	r5, [%[b], #356]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #352]\n\t"
        "LDR	r5, [%[b], #352]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #348]\n\t"
        "LDR	r5, [%[b], #348]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #344]\n\t"
        "LDR	r5, [%[b], #344]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #340]\n\t"
        "LDR	r5, [%[b], #340]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #336]\n\t"
        "LDR	r5, [%[b], #336]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #332]\n\t"
        "LDR	r5, [%[b], #332]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #328]\n\t"
        "LDR	r5, [%[b], #328]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #324]\n\t"
        "LDR	r5, [%[b], #324]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #320]\n\t"
        "LDR	r5, [%[b], #320]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #316]\n\t"
        "LDR	r5, [%[b], #316]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #312]\n\t"
        "LDR	r5, [%[b], #312]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #308]\n\t"
        "LDR	r5, [%[b], #308]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #304]\n\t"
        "LDR	r5, [%[b], #304]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #300]\n\t"
        "LDR	r5, [%[b], #300]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #296]\n\t"
        "LDR	r5, [%[b], #296]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #292]\n\t"
        "LDR	r5, [%[b], #292]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #288]\n\t"
        "LDR	r5, [%[b], #288]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #284]\n\t"
        "LDR	r5, [%[b], #284]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #280]\n\t"
        "LDR	r5, [%[b], #280]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #276]\n\t"
        "LDR	r5, [%[b], #276]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #272]\n\t"
        "LDR	r5, [%[b], #272]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #268]\n\t"
        "LDR	r5, [%[b], #268]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #264]\n\t"
        "LDR	r5, [%[b], #264]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #260]\n\t"
        "LDR	r5, [%[b], #260]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #256]\n\t"
        "LDR	r5, [%[b], #256]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #252]\n\t"
        "LDR	r5, [%[b], #252]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #248]\n\t"
        "LDR	r5, [%[b], #248]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #244]\n\t"
        "LDR	r5, [%[b], #244]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #240]\n\t"
        "LDR	r5, [%[b], #240]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #236]\n\t"
        "LDR	r5, [%[b], #236]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #232]\n\t"
        "LDR	r5, [%[b], #232]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #228]\n\t"
        "LDR	r5, [%[b], #228]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #224]\n\t"
        "LDR	r5, [%[b], #224]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #220]\n\t"
        "LDR	r5, [%[b], #220]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #216]\n\t"
        "LDR	r5, [%[b], #216]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #212]\n\t"
        "LDR	r5, [%[b], #212]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #208]\n\t"
        "LDR	r5, [%[b], #208]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #204]\n\t"
        "LDR	r5, [%[b], #204]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #200]\n\t"
        "LDR	r5, [%[b], #200]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #196]\n\t"
        "LDR	r5, [%[b], #196]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #192]\n\t"
        "LDR	r5, [%[b], #192]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #188]\n\t"
        "LDR	r5, [%[b], #188]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #184]\n\t"
        "LDR	r5, [%[b], #184]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #180]\n\t"
        "LDR	r5, [%[b], #180]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #176]\n\t"
        "LDR	r5, [%[b], #176]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #172]\n\t"
        "LDR	r5, [%[b], #172]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #168]\n\t"
        "LDR	r5, [%[b], #168]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #164]\n\t"
        "LDR	r5, [%[b], #164]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #160]\n\t"
        "LDR	r5, [%[b], #160]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #156]\n\t"
        "LDR	r5, [%[b], #156]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #152]\n\t"
        "LDR	r5, [%[b], #152]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #148]\n\t"
        "LDR	r5, [%[b], #148]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #144]\n\t"
        "LDR	r5, [%[b], #144]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #140]\n\t"
        "LDR	r5, [%[b], #140]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #136]\n\t"
        "LDR	r5, [%[b], #136]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #132]\n\t"
        "LDR	r5, [%[b], #132]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #128]\n\t"
        "LDR	r5, [%[b], #128]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #124]\n\t"
        "LDR	r5, [%[b], #124]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #120]\n\t"
        "LDR	r5, [%[b], #120]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #116]\n\t"
        "LDR	r5, [%[b], #116]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #112]\n\t"
        "LDR	r5, [%[b], #112]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #108]\n\t"
        "LDR	r5, [%[b], #108]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #104]\n\t"
        "LDR	r5, [%[b], #104]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #100]\n\t"
        "LDR	r5, [%[b], #100]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #96]\n\t"
        "LDR	r5, [%[b], #96]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #92]\n\t"
        "LDR	r5, [%[b], #92]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #88]\n\t"
        "LDR	r5, [%[b], #88]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #84]\n\t"
        "LDR	r5, [%[b], #84]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #80]\n\t"
        "LDR	r5, [%[b], #80]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #76]\n\t"
        "LDR	r5, [%[b], #76]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #72]\n\t"
        "LDR	r5, [%[b], #72]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #68]\n\t"
        "LDR	r5, [%[b], #68]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #64]\n\t"
        "LDR	r5, [%[b], #64]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #60]\n\t"
        "LDR	r5, [%[b], #60]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #56]\n\t"
        "LDR	r5, [%[b], #56]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #52]\n\t"
        "LDR	r5, [%[b], #52]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #48]\n\t"
        "LDR	r5, [%[b], #48]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #44]\n\t"
        "LDR	r5, [%[b], #44]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #40]\n\t"
        "LDR	r5, [%[b], #40]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #36]\n\t"
        "LDR	r5, [%[b], #36]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #32]\n\t"
        "LDR	r5, [%[b], #32]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #28]\n\t"
        "LDR	r5, [%[b], #28]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #24]\n\t"
        "LDR	r5, [%[b], #24]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #20]\n\t"
        "LDR	r5, [%[b], #20]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #16]\n\t"
        "LDR	r5, [%[b], #16]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #12]\n\t"
        "LDR	r5, [%[b], #12]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #8]\n\t"
        "LDR	r5, [%[b], #8]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #4]\n\t"
        "LDR	r5, [%[b], #4]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[b]]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "EOR	r2, r2, r3\n\t"
#endif /*WOLFSSL_SP_SMALL */
        "MOV	%[a], r2\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Divide d in a and put remainder into r (m*d + r = a)
 * m is not calculated as it is not needed at this time.
 *
 * a  Number to be divided.
 * d  Number to divide with.
 * m  Multiplier result.
 * r  Remainder from the division.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_3072_div_96(const sp_digit* a, const sp_digit* d,
        sp_digit* m, sp_digit* r)
{
    sp_digit t1[192], t2[97];
    sp_digit div, r1;
    int i;

    (void)m;

    div = d[95];
    XMEMCPY(t1, a, sizeof(*t1) * 2 * 96);
    r1 = sp_3072_cmp_96(&t1[96], d) >= 0;
    sp_3072_cond_sub_96(&t1[96], &t1[96], d, (sp_digit)0 - r1);
    for (i = 95; i >= 0; i--) {
        volatile sp_digit mask = (sp_digit)0 - (t1[96 + i] == div);
        sp_digit hi = t1[96 + i] + mask;
        r1 = div_3072_word_96(hi, t1[96 + i - 1], div);
        r1 |= mask;

        sp_3072_mul_d_96(t2, d, r1);
        t1[96 + i] += sp_3072_sub_in_place_96(&t1[i], t2);
        t1[96 + i] -= t2[96];
        sp_3072_mask_96(t2, d, t1[96 + i]);
        t1[96 + i] += sp_3072_add_96(&t1[i], &t1[i], t2);
        sp_3072_mask_96(t2, d, t1[96 + i]);
        t1[96 + i] += sp_3072_add_96(&t1[i], &t1[i], t2);
    }

    r1 = sp_3072_cmp_96(t1, d) >= 0;
    sp_3072_cond_sub_96(r, t1, d, (sp_digit)0 - r1);

    return MP_OKAY;
}

/* Reduce a modulo m into r. (r = a mod m)
 *
 * r  A single precision number that is the reduced result.
 * a  A single precision number that is to be reduced.
 * m  A single precision number that is the modulus to reduce with.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_3072_mod_96(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    return sp_3072_div_96(a, m, NULL, r);
}

#endif /* WOLFSSL_HAVE_SP_DH || !WOLFSSL_RSA_PUBLIC_ONLY */
#if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
                                                     defined(WOLFSSL_HAVE_SP_DH)
#ifdef WOLFSSL_SP_SMALL
/* Modular exponentiate a to the e mod m. (r = a^e mod m)
 *
 * r     A single precision number that is the result of the operation.
 * a     A single precision number being exponentiated.
 * e     A single precision number that is the exponent.
 * bits  The number of bits in the exponent.
 * m     A single precision number that is the modulus.
 * returns  0 on success.
 * returns  MEMORY_E on dynamic memory allocation failure.
 * returns  MP_VAL when base is even or exponent is 0.
 */
static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
        int bits, const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* td = NULL;
#else
    sp_digit td[8 * 192];
#endif
    sp_digit* t[8];
    sp_digit* norm = NULL;
    sp_digit mp = 1;
    sp_digit n;
    sp_digit mask;
    int i;
    int c;
    byte y;
    int err = MP_OKAY;

    if (bits == 0) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 192), NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        norm = td;
        for (i=0; i<8; i++) {
            t[i] = td + i * 192;
        }

        sp_3072_mont_setup(m, &mp);
        sp_3072_mont_norm_96(norm, m);

        XMEMSET(t[1], 0, sizeof(sp_digit) * 96U);
        if (reduceA != 0) {
            err = sp_3072_mod_96(t[1] + 96, a, m);
            if (err == MP_OKAY) {
                err = sp_3072_mod_96(t[1], t[1], m);
            }
        }
        else {
            XMEMCPY(t[1] + 96, a, sizeof(sp_digit) * 96);
            err = sp_3072_mod_96(t[1], t[1], m);
        }
    }

    if (err == MP_OKAY) {
        sp_3072_mont_sqr_96(t[ 2], t[ 1], m, mp);
        sp_3072_mont_mul_96(t[ 3], t[ 2], t[ 1], m, mp);
        sp_3072_mont_sqr_96(t[ 4], t[ 2], m, mp);
        sp_3072_mont_mul_96(t[ 5], t[ 3], t[ 2], m, mp);
        sp_3072_mont_sqr_96(t[ 6], t[ 3], m, mp);
        sp_3072_mont_mul_96(t[ 7], t[ 4], t[ 3], m, mp);

        i = (bits - 1) / 32;
        n = e[i--];
        c = bits & 31;
        if (c == 0) {
            c = 32;
        }
        c -= bits % 3;
        if (c == 32) {
            c = 29;
        }
        if (c < 0) {
            /* Number of bits in top word is less than number needed. */
            c = -c;
            y = (byte)(n << c);
            n = e[i--];
            y |= (byte)(n >> (64 - c));
            n <<= c;
            c = 64 - c;
        }
        else if (c == 0) {
            /* All bits in top word used. */
            y = (byte)n;
        }
        else {
            y = (byte)(n >> c);
            n <<= 32 - c;
        }
        XMEMCPY(r, t[y], sizeof(sp_digit) * 96);
        for (; i>=0 || c>=3; ) {
            if (c == 0) {
                n = e[i--];
                y = (byte)(n >> 29);
                n <<= 3;
                c = 29;
            }
            else if (c < 3) {
                y = (byte)(n >> 29);
                n = e[i--];
                c = 3 - c;
                y |= (byte)(n >> (32 - c));
                n <<= c;
                c = 32 - c;
            }
            else {
                y = (byte)((n >> 29) & 0x7);
                n <<= 3;
                c -= 3;
            }

            sp_3072_mont_sqr_96(r, r, m, mp);
            sp_3072_mont_sqr_96(r, r, m, mp);
            sp_3072_mont_sqr_96(r, r, m, mp);

            sp_3072_mont_mul_96(r, r, t[y], m, mp);
        }

        XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
        sp_3072_mont_reduce_96(r, m, mp);

        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
        sp_3072_cond_sub_96(r, r, m, mask);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (td != NULL)
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

    return err;
}
#else
/* Modular exponentiate a to the e mod m. (r = a^e mod m)
 *
 * r     A single precision number that is the result of the operation.
 * a     A single precision number being exponentiated.
 * e     A single precision number that is the exponent.
 * bits  The number of bits in the exponent.
 * m     A single precision number that is the modulus.
 * returns  0 on success.
 * returns  MEMORY_E on dynamic memory allocation failure.
 * returns  MP_VAL when base is even or exponent is 0.
 */
static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
        int bits, const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* td = NULL;
#else
    sp_digit td[16 * 192];
#endif
    sp_digit* t[16];
    sp_digit* norm = NULL;
    sp_digit mp = 1;
    sp_digit n;
    sp_digit mask;
    int i;
    int c;
    byte y;
    int err = MP_OKAY;

    if (bits == 0) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 192), NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        norm = td;
        for (i=0; i<16; i++) {
            t[i] = td + i * 192;
        }

        sp_3072_mont_setup(m, &mp);
        sp_3072_mont_norm_96(norm, m);

        XMEMSET(t[1], 0, sizeof(sp_digit) * 96U);
        if (reduceA != 0) {
            err = sp_3072_mod_96(t[1] + 96, a, m);
            if (err == MP_OKAY) {
                err = sp_3072_mod_96(t[1], t[1], m);
            }
        }
        else {
            XMEMCPY(t[1] + 96, a, sizeof(sp_digit) * 96);
            err = sp_3072_mod_96(t[1], t[1], m);
        }
    }

    if (err == MP_OKAY) {
        sp_3072_mont_sqr_96(t[ 2], t[ 1], m, mp);
        sp_3072_mont_mul_96(t[ 3], t[ 2], t[ 1], m, mp);
        sp_3072_mont_sqr_96(t[ 4], t[ 2], m, mp);
        sp_3072_mont_mul_96(t[ 5], t[ 3], t[ 2], m, mp);
        sp_3072_mont_sqr_96(t[ 6], t[ 3], m, mp);
        sp_3072_mont_mul_96(t[ 7], t[ 4], t[ 3], m, mp);
        sp_3072_mont_sqr_96(t[ 8], t[ 4], m, mp);
        sp_3072_mont_mul_96(t[ 9], t[ 5], t[ 4], m, mp);
        sp_3072_mont_sqr_96(t[10], t[ 5], m, mp);
        sp_3072_mont_mul_96(t[11], t[ 6], t[ 5], m, mp);
        sp_3072_mont_sqr_96(t[12], t[ 6], m, mp);
        sp_3072_mont_mul_96(t[13], t[ 7], t[ 6], m, mp);
        sp_3072_mont_sqr_96(t[14], t[ 7], m, mp);
        sp_3072_mont_mul_96(t[15], t[ 8], t[ 7], m, mp);

        i = (bits - 1) / 32;
        n = e[i--];
        c = bits & 31;
        if (c == 0) {
            c = 32;
        }
        c -= bits % 4;
        if (c == 32) {
            c = 28;
        }
        if (c < 0) {
            /* Number of bits in top word is less than number needed. */
            c = -c;
            y = (byte)(n << c);
            n = e[i--];
            y |= (byte)(n >> (64 - c));
            n <<= c;
            c = 64 - c;
        }
        else if (c == 0) {
            /* All bits in top word used. */
            y = (byte)n;
        }
        else {
            y = (byte)(n >> c);
            n <<= 32 - c;
        }
        XMEMCPY(r, t[y], sizeof(sp_digit) * 96);
        for (; i>=0 || c>=4; ) {
            if (c == 0) {
                n = e[i--];
                y = (byte)(n >> 28);
                n <<= 4;
                c = 28;
            }
            else if (c < 4) {
                y = (byte)(n >> 28);
                n = e[i--];
                c = 4 - c;
                y |= (byte)(n >> (32 - c));
                n <<= c;
                c = 32 - c;
            }
            else {
                y = (byte)((n >> 28) & 0xf);
                n <<= 4;
                c -= 4;
            }

            sp_3072_mont_sqr_96(r, r, m, mp);
            sp_3072_mont_sqr_96(r, r, m, mp);
            sp_3072_mont_sqr_96(r, r, m, mp);
            sp_3072_mont_sqr_96(r, r, m, mp);

            sp_3072_mont_mul_96(r, r, t[y], m, mp);
        }

        XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
        sp_3072_mont_reduce_96(r, m, mp);

        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
        sp_3072_cond_sub_96(r, r, m, mask);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (td != NULL)
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

    return err;
}
#endif /* WOLFSSL_SP_SMALL */
#endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || WOLFSSL_HAVE_SP_DH */

#endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || WOLFSSL_HAVE_SP_DH */
#ifdef WOLFSSL_HAVE_SP_RSA
/* RSA public key operation.
 *
 * in      Array of bytes representing the number to exponentiate, base.
 * inLen   Number of bytes in base.
 * em      Public exponent.
 * mm      Modulus.
 * out     Buffer to hold big-endian bytes of exponentiation result.
 *         Must be at least 384 bytes long.
 * outLen  Number of bytes in result.
 * returns 0 on success, MP_TO_E when the outLen is too small, MP_READ_E when
 * an array is too long and MEMORY_E when dynamic memory allocation fails.
 */
int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
    const mp_int* mm, byte* out, word32* outLen)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* a = NULL;
#else
    sp_digit a[96 * 5];
#endif
    sp_digit* m = NULL;
    sp_digit* r = NULL;
    sp_digit *ah = NULL;
    sp_digit e[1] = {0};
    int err = MP_OKAY;

    if (*outLen < 384) {
        err = MP_TO_E;
    }
    else if (mp_count_bits(em) > 32 || inLen > 384 ||
                                                     mp_count_bits(mm) != 3072) {
        err = MP_READ_E;
    }
    else if (mp_iseven(mm)) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 5, NULL,
                                                              DYNAMIC_TYPE_RSA);
        if (a == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        ah = a + 96;
        r = a + 96 * 2;
        m = r + 96 * 2;

        sp_3072_from_bin(ah, 96, in, inLen);
#if DIGIT_BIT >= 32
        e[0] = em->dp[0];
#else
        e[0] = em->dp[0];
        if (em->used > 1) {
            e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
        }
#endif
        if (e[0] == 0) {
            err = MP_EXPTMOD_E;
        }
    }
    if (err == MP_OKAY) {
        sp_3072_from_mp(m, 96, mm);

        if (e[0] == 0x10001) {
            int i;
            sp_digit mp;

            sp_3072_mont_setup(m, &mp);

            /* Convert to Montgomery form. */
            XMEMSET(a, 0, sizeof(sp_digit) * 96);
            err = sp_3072_mod_96_cond(r, a, m);
            /* Montgomery form: r = a.R mod m */

            if (err == MP_OKAY) {
                /* r = a ^ 0x10000 => r = a squared 16 times */
                for (i = 15; i >= 0; i--) {
                    sp_3072_mont_sqr_96(r, r, m, mp);
                }
                /* mont_red(r.R.R) = (r.R.R / R) mod m = r.R mod m
                 * mont_red(r.R * a) = (r.R.a / R) mod m = r.a mod m
                 */
                sp_3072_mont_mul_96(r, r, ah, m, mp);

                for (i = 95; i > 0; i--) {
                    if (r[i] != m[i]) {
                        break;
                    }
                }
                if (r[i] >= m[i]) {
                    sp_3072_sub_in_place_96(r, m);
                }
            }
        }
        else if (e[0] == 0x3) {
            if (err == MP_OKAY) {
                sp_3072_sqr_96(r, ah);
                err = sp_3072_mod_96_cond(r, r, m);
            }
            if (err == MP_OKAY) {
                sp_3072_mul_96(r, ah, r);
                err = sp_3072_mod_96_cond(r, r, m);
            }
        }
        else {
            int i;
            sp_digit mp;

            sp_3072_mont_setup(m, &mp);

            /* Convert to Montgomery form. */
            XMEMSET(a, 0, sizeof(sp_digit) * 96);
            err = sp_3072_mod_96_cond(a, a, m);

            if (err == MP_OKAY) {
                for (i = 31; i >= 0; i--) {
                    if (e[0] >> i) {
                        break;
                    }
                }

                XMEMCPY(r, a, sizeof(sp_digit) * 96);
                for (i--; i >= 0; i--) {
                    sp_3072_mont_sqr_96(r, r, m, mp);
                    if (((e[0] >> i) & 1) == 1) {
                        sp_3072_mont_mul_96(r, r, a, m, mp);
                    }
                }
                XMEMSET(&r[96], 0, sizeof(sp_digit) * 96);
                sp_3072_mont_reduce_96(r, m, mp);

                for (i = 95; i > 0; i--) {
                    if (r[i] != m[i]) {
                        break;
                    }
                }
                if (r[i] >= m[i]) {
                    sp_3072_sub_in_place_96(r, m);
                }
            }
        }
    }

    if (err == MP_OKAY) {
        sp_3072_to_bin_96(r, out);
        *outLen = 384;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (a != NULL)
        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif

    return err;
}

#ifndef WOLFSSL_RSA_PUBLIC_ONLY
#ifdef WOLFSSL_SP_SMALL
/* Conditionally add a and b using the mask m.
 * m is -1 to add and 0 when not.
 *
 * r  A single precision number representing conditional add result.
 * a  A single precision number to add with.
 * b  A single precision number to add.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r5, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "\n"
    "L_sp_3072_cond_add_48_words:\n\t"
        "ADDS	r5, r5, #0xffffffff\n\t"
        "LDR	r6, [%[a], r4]\n\t"
        "LDR	r7, [%[b], r4]\n\t"
        "AND	r7, r7, %[m]\n\t"
        "ADCS	r6, r6, r7\n\t"
        "ADC	r5, r8, r8\n\t"
        "STR	r6, [%[r], r4]\n\t"
        "ADD	r4, r4, #0x4\n\t"
        "CMP	r4, #0xc0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_3072_cond_add_48_words\n\t"
#else
        "BLT.N	L_sp_3072_cond_add_48_words\n\t"
#endif
        "MOV	%[r], r5\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Conditionally add a and b using the mask m.
 * m is -1 to add and 0 when not.
 *
 * r  A single precision number representing conditional add result.
 * a  A single precision number to add with.
 * b  A single precision number to add.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r10, #0x0\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADDS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "ADC	%[r], r10, r10\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
/* RSA private key operation.
 *
 * in      Array of bytes representing the number to exponentiate, base.
 * inLen   Number of bytes in base.
 * dm      Private exponent.
 * pm      First prime.
 * qm      Second prime.
 * dpm     First prime's CRT exponent.
 * dqm     Second prime's CRT exponent.
 * qim     Inverse of second prime mod p.
 * mm      Modulus.
 * out     Buffer to hold big-endian bytes of exponentiation result.
 *         Must be at least 384 bytes long.
 * outLen  Number of bytes in result.
 * returns 0 on success, MP_TO_E when the outLen is too small, MP_READ_E when
 * an array is too long and MEMORY_E when dynamic memory allocation fails.
 */
int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
    const mp_int* pm, const mp_int* qm, const mp_int* dpm, const mp_int* dqm,
    const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* d = NULL;
#else
    sp_digit  d[96 * 4];
#endif
    sp_digit* a = NULL;
    sp_digit* m = NULL;
    sp_digit* r = NULL;
    int err = MP_OKAY;

    (void)pm;
    (void)qm;
    (void)dpm;
    (void)dqm;
    (void)qim;

    if (*outLen < 384U) {
        err = MP_TO_E;
    }
    if (err == MP_OKAY) {
        if (mp_count_bits(dm) > 3072) {
           err = MP_READ_E;
        }
        else if (inLen > 384) {
            err = MP_READ_E;
        }
        else if (mp_count_bits(mm) != 3072) {
            err = MP_READ_E;
        }
        else if (mp_iseven(mm)) {
            err = MP_VAL;
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 4, NULL,
                                                              DYNAMIC_TYPE_RSA);
        if (d == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        a = d + 96;
        m = a + 192;
        r = a;

        sp_3072_from_bin(a, 96, in, inLen);
        sp_3072_from_mp(d, 96, dm);
        sp_3072_from_mp(m, 96, mm);
        err = sp_3072_mod_exp_96(r, a, d, 3072, m, 0);
    }

    if (err == MP_OKAY) {
        sp_3072_to_bin_96(r, out);
        *outLen = 384;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (d != NULL)
#endif
    {
        /* only "a" and "r" are sensitive and need zeroized (same pointer) */
        if (a != NULL)
            ForceZero(a, sizeof(sp_digit) * 96);
#ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
#endif
    }

    return err;
#else
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* a = NULL;
#else
    sp_digit a[48 * 11];
#endif
    sp_digit* p = NULL;
    sp_digit* q = NULL;
    sp_digit* dp = NULL;
    sp_digit* tmpa = NULL;
    sp_digit* tmpb = NULL;
    sp_digit* r = NULL;
    sp_digit* qi = NULL;
    sp_digit* dq = NULL;
    sp_digit c;
    int err = MP_OKAY;

    (void)dm;
    (void)mm;

    if (*outLen < 384) {
        err = MP_TO_E;
    }
    else if (inLen > 384 || mp_count_bits(mm) != 3072) {
        err = MP_READ_E;
    }
    else if (mp_iseven(mm)) {
        err = MP_VAL;
    }
    else if (mp_iseven(pm)) {
        err = MP_VAL;
    }
    else if (mp_iseven(qm)) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 11, NULL,
                                                              DYNAMIC_TYPE_RSA);
        if (a == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        p = a + 96 * 2;
        q = p + 48;
        qi = dq = dp = q + 48;
        tmpa = qi + 48;
        tmpb = tmpa + 96;
        r = a;

        sp_3072_from_bin(a, 96, in, inLen);
        sp_3072_from_mp(p, 48, pm);
        sp_3072_from_mp(q, 48, qm);
        sp_3072_from_mp(dp, 48, dpm);

        err = sp_3072_mod_exp_48(tmpa, a, dp, 1536, p, 1);
    }
    if (err == MP_OKAY) {
        sp_3072_from_mp(dq, 48, dqm);
        err = sp_3072_mod_exp_48(tmpb, a, dq, 1536, q, 1);
    }

    if (err == MP_OKAY) {
        c = sp_3072_sub_in_place_48(tmpa, tmpb);
        c += sp_3072_cond_add_48(tmpa, tmpa, p, c);
        sp_3072_cond_add_48(tmpa, tmpa, p, c);

        sp_3072_from_mp(qi, 48, qim);
        sp_3072_mul_48(tmpa, tmpa, qi);
        err = sp_3072_mod_48(tmpa, tmpa, p);
    }

    if (err == MP_OKAY) {
        sp_3072_mul_48(tmpa, q, tmpa);
        XMEMSET(&tmpb[48], 0, sizeof(sp_digit) * 48);
        sp_3072_add_96(r, tmpb, tmpa);

        sp_3072_to_bin_96(r, out);
        *outLen = 384;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (a != NULL)
#endif
    {
        ForceZero(a, sizeof(sp_digit) * 48 * 11);
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
    #endif
    }
#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
    return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
#endif /* WOLFSSL_HAVE_SP_RSA */
#if defined(WOLFSSL_HAVE_SP_DH) || (defined(WOLFSSL_HAVE_SP_RSA) && \
                                              !defined(WOLFSSL_RSA_PUBLIC_ONLY))
/* Convert an array of sp_digit to an mp_int.
 *
 * a  A single precision integer.
 * r  A multi-precision integer.
 */
static int sp_3072_to_mp(const sp_digit* a, mp_int* r)
{
    int err;

    err = mp_grow(r, (3072 + DIGIT_BIT - 1) / DIGIT_BIT);
    if (err == MP_OKAY) { /*lint !e774 case where err is always MP_OKAY*/
#if DIGIT_BIT == 32
        XMEMCPY(r->dp, a, sizeof(sp_digit) * 96);
        r->used = 96;
        mp_clamp(r);
#elif DIGIT_BIT < 32
        int i;
        int j = 0;
        int s = 0;

        r->dp[0] = 0;
        for (i = 0; i < 96; i++) {
            r->dp[j] |= (mp_digit)(a[i] << s);
            r->dp[j] &= ((sp_digit)1 << DIGIT_BIT) - 1;
            s = DIGIT_BIT - s;
            r->dp[++j] = (mp_digit)(a[i] >> s);
            while (s + DIGIT_BIT <= 32) {
                s += DIGIT_BIT;
                r->dp[j++] &= ((sp_digit)1 << DIGIT_BIT) - 1;
                if (s == SP_WORD_SIZE) {
                    r->dp[j] = 0;
                }
                else {
                    r->dp[j] = (mp_digit)(a[i] >> s);
                }
            }
            s = 32 - s;
        }
        r->used = (3072 + DIGIT_BIT - 1) / DIGIT_BIT;
        mp_clamp(r);
#else
        int i;
        int j = 0;
        int s = 0;

        r->dp[0] = 0;
        for (i = 0; i < 96; i++) {
            r->dp[j] |= ((mp_digit)a[i]) << s;
            if (s + 32 >= DIGIT_BIT) {
    #if DIGIT_BIT != 32 && DIGIT_BIT != 64
                r->dp[j] &= ((sp_digit)1 << DIGIT_BIT) - 1;
    #endif
                s = DIGIT_BIT - s;
                r->dp[++j] = a[i] >> s;
                s = 32 - s;
            }
            else {
                s += 32;
            }
        }
        r->used = (3072 + DIGIT_BIT - 1) / DIGIT_BIT;
        mp_clamp(r);
#endif
    }

    return err;
}

/* Perform the modular exponentiation for Diffie-Hellman.
 *
 * base  Base. MP integer.
 * exp   Exponent. MP integer.
 * mod   Modulus. MP integer.
 * res   Result. MP integer.
 * returns 0 on success, MP_READ_E if there are too many bytes in an array
 * and MEMORY_E if memory allocation fails.
 */
int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod,
    mp_int* res)
{
    int err = MP_OKAY;
    sp_digit b[192];
    sp_digit e[96];
    sp_digit m[96];
    sp_digit* r = b;
    int expBits = mp_count_bits(exp);

    if (mp_count_bits(base) > 3072) {
        err = MP_READ_E;
    }
    else if (expBits > 3072) {
        err = MP_READ_E;
    }
    else if (mp_count_bits(mod) != 3072) {
        err = MP_READ_E;
    }
    else if (mp_iseven(mod)) {
        err = MP_VAL;
    }

    if (err == MP_OKAY) {
        sp_3072_from_mp(b, 96, base);
        sp_3072_from_mp(e, 96, exp);
        sp_3072_from_mp(m, 96, mod);

        err = sp_3072_mod_exp_96(r, b, e, expBits, m, 0);
    }

    if (err == MP_OKAY) {
        err = sp_3072_to_mp(r, res);
    }

    XMEMSET(e, 0, sizeof(e));

    return err;
}

#ifdef WOLFSSL_HAVE_SP_DH

#ifdef HAVE_FFDHE_3072
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_3072_lshift_96(sp_digit* r_p, const sp_digit* a_p, byte n_p)
#else
static void sp_3072_lshift_96(sp_digit* r, const sp_digit* a, byte n)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register byte n __asm__ ("r2") = (byte)n_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "RSB	r7, %[n], #0x1f\n\t"
        "LDR	r5, [%[a], #380]\n\t"
        "LSR	r6, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r6, r6, r7\n\t"
        "LDR	r4, [%[a], #376]\n\t"
        "STR	r6, [%[r], #384]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #372]\n\t"
        "STR	r5, [%[r], #380]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #368]\n\t"
        "STR	r4, [%[r], #376]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #364]\n\t"
        "STR	r6, [%[r], #372]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #360]\n\t"
        "STR	r5, [%[r], #368]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #356]\n\t"
        "STR	r4, [%[r], #364]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #352]\n\t"
        "STR	r6, [%[r], #360]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #348]\n\t"
        "STR	r5, [%[r], #356]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #344]\n\t"
        "STR	r4, [%[r], #352]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #340]\n\t"
        "STR	r6, [%[r], #348]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #336]\n\t"
        "STR	r5, [%[r], #344]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #332]\n\t"
        "STR	r4, [%[r], #340]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #328]\n\t"
        "STR	r6, [%[r], #336]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #324]\n\t"
        "STR	r5, [%[r], #332]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #320]\n\t"
        "STR	r4, [%[r], #328]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #316]\n\t"
        "STR	r6, [%[r], #324]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #312]\n\t"
        "STR	r5, [%[r], #320]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #308]\n\t"
        "STR	r4, [%[r], #316]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #304]\n\t"
        "STR	r6, [%[r], #312]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #300]\n\t"
        "STR	r5, [%[r], #308]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #296]\n\t"
        "STR	r4, [%[r], #304]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #292]\n\t"
        "STR	r6, [%[r], #300]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #288]\n\t"
        "STR	r5, [%[r], #296]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #284]\n\t"
        "STR	r4, [%[r], #292]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #280]\n\t"
        "STR	r6, [%[r], #288]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #276]\n\t"
        "STR	r5, [%[r], #284]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #272]\n\t"
        "STR	r4, [%[r], #280]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #268]\n\t"
        "STR	r6, [%[r], #276]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #264]\n\t"
        "STR	r5, [%[r], #272]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #260]\n\t"
        "STR	r4, [%[r], #268]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #256]\n\t"
        "STR	r6, [%[r], #264]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #252]\n\t"
        "STR	r5, [%[r], #260]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #248]\n\t"
        "STR	r4, [%[r], #256]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #244]\n\t"
        "STR	r6, [%[r], #252]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #240]\n\t"
        "STR	r5, [%[r], #248]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #236]\n\t"
        "STR	r4, [%[r], #244]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #232]\n\t"
        "STR	r6, [%[r], #240]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #228]\n\t"
        "STR	r5, [%[r], #236]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #224]\n\t"
        "STR	r4, [%[r], #232]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #220]\n\t"
        "STR	r6, [%[r], #228]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #216]\n\t"
        "STR	r5, [%[r], #224]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #212]\n\t"
        "STR	r4, [%[r], #220]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #208]\n\t"
        "STR	r6, [%[r], #216]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #204]\n\t"
        "STR	r5, [%[r], #212]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #200]\n\t"
        "STR	r4, [%[r], #208]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #196]\n\t"
        "STR	r6, [%[r], #204]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #192]\n\t"
        "STR	r5, [%[r], #200]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #188]\n\t"
        "STR	r4, [%[r], #196]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #184]\n\t"
        "STR	r6, [%[r], #192]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #180]\n\t"
        "STR	r5, [%[r], #188]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #176]\n\t"
        "STR	r4, [%[r], #184]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #172]\n\t"
        "STR	r6, [%[r], #180]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #168]\n\t"
        "STR	r5, [%[r], #176]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #164]\n\t"
        "STR	r4, [%[r], #172]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #160]\n\t"
        "STR	r6, [%[r], #168]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #156]\n\t"
        "STR	r5, [%[r], #164]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #152]\n\t"
        "STR	r4, [%[r], #160]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #148]\n\t"
        "STR	r6, [%[r], #156]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #144]\n\t"
        "STR	r5, [%[r], #152]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #140]\n\t"
        "STR	r4, [%[r], #148]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #136]\n\t"
        "STR	r6, [%[r], #144]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #132]\n\t"
        "STR	r5, [%[r], #140]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #128]\n\t"
        "STR	r4, [%[r], #136]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #124]\n\t"
        "STR	r6, [%[r], #132]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #120]\n\t"
        "STR	r5, [%[r], #128]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #116]\n\t"
        "STR	r4, [%[r], #124]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #112]\n\t"
        "STR	r6, [%[r], #120]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #108]\n\t"
        "STR	r5, [%[r], #116]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #104]\n\t"
        "STR	r4, [%[r], #112]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #100]\n\t"
        "STR	r6, [%[r], #108]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #96]\n\t"
        "STR	r5, [%[r], #104]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #92]\n\t"
        "STR	r4, [%[r], #100]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #88]\n\t"
        "STR	r6, [%[r], #96]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #84]\n\t"
        "STR	r5, [%[r], #92]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #80]\n\t"
        "STR	r4, [%[r], #88]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #76]\n\t"
        "STR	r6, [%[r], #84]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #72]\n\t"
        "STR	r5, [%[r], #80]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #68]\n\t"
        "STR	r4, [%[r], #76]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #64]\n\t"
        "STR	r6, [%[r], #72]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #60]\n\t"
        "STR	r5, [%[r], #68]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #56]\n\t"
        "STR	r4, [%[r], #64]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #52]\n\t"
        "STR	r6, [%[r], #60]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #48]\n\t"
        "STR	r5, [%[r], #56]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #44]\n\t"
        "STR	r4, [%[r], #52]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #40]\n\t"
        "STR	r6, [%[r], #48]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #36]\n\t"
        "STR	r5, [%[r], #44]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #32]\n\t"
        "STR	r4, [%[r], #40]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #28]\n\t"
        "STR	r6, [%[r], #36]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #24]\n\t"
        "STR	r5, [%[r], #32]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #20]\n\t"
        "STR	r4, [%[r], #28]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #16]\n\t"
        "STR	r6, [%[r], #24]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #12]\n\t"
        "STR	r5, [%[r], #20]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #8]\n\t"
        "STR	r4, [%[r], #16]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #4]\n\t"
        "STR	r6, [%[r], #12]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a]]\n\t"
        "STR	r5, [%[r], #8]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "STR	r6, [%[r]]\n\t"
        "STR	r4, [%[r], #4]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
        :
        : "memory", "r4", "r5", "r6", "r3", "r7", "cc"
    );
}

/* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
 *
 * r     A single precision number that is the result of the operation.
 * e     A single precision number that is the exponent.
 * bits  The number of bits in the exponent.
 * m     A single precision number that is the modulus.
 * returns  0 on success.
 * returns  MEMORY_E on dynamic memory allocation failure.
 * returns  MP_VAL when base is even.
 */
static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
        const sp_digit* m)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* td = NULL;
#else
    sp_digit td[289];
#endif
    sp_digit* norm = NULL;
    sp_digit* tmp = NULL;
    sp_digit mp = 1;
    sp_digit n;
    sp_digit o;
    sp_digit mask;
    int i;
    int c;
    byte y;
    int err = MP_OKAY;

    if (bits == 0) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 289, NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        norm = td;
        tmp = td + 192;

        sp_3072_mont_setup(m, &mp);
        sp_3072_mont_norm_96(norm, m);

        i = (bits - 1) / 32;
        n = e[i--];
        c = bits & 31;
        if (c == 0) {
            c = 32;
        }
        c -= bits % 5;
        if (c == 32) {
            c = 27;
        }
        if (c < 0) {
            /* Number of bits in top word is less than number needed. */
            c = -c;
            y = (byte)(n << c);
            n = e[i--];
            y |= (byte)(n >> (64 - c));
            n <<= c;
            c = 64 - c;
        }
        else if (c == 0) {
            /* All bits in top word used. */
            y = (byte)n;
        }
        else {
            y = (byte)(n >> c);
            n <<= 32 - c;
        }
        sp_3072_lshift_96(r, norm, y);
        for (; i>=0 || c>=5; ) {
            if (c == 0) {
                n = e[i--];
                y = (byte)(n >> 27);
                n <<= 5;
                c = 27;
            }
            else if (c < 5) {
                y = (byte)(n >> 27);
                n = e[i--];
                c = 5 - c;
                y |= (byte)(n >> (32 - c));
                n <<= c;
                c = 32 - c;
            }
            else {
                y = (byte)((n >> 27) & 0x1f);
                n <<= 5;
                c -= 5;
            }

            sp_3072_mont_sqr_96(r, r, m, mp);
            sp_3072_mont_sqr_96(r, r, m, mp);
            sp_3072_mont_sqr_96(r, r, m, mp);
            sp_3072_mont_sqr_96(r, r, m, mp);
            sp_3072_mont_sqr_96(r, r, m, mp);

            sp_3072_lshift_96(r, r, y);
            sp_3072_mul_d_96(tmp, norm, r[96]);
            r[96] = 0;
            o = sp_3072_add_96(r, r, tmp);
            sp_3072_cond_sub_96(r, r, m, (sp_digit)0 - o);
        }

        XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
        sp_3072_mont_reduce_96(r, m, mp);

        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
        sp_3072_cond_sub_96(r, r, m, mask);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (td != NULL)
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

    return err;
}
#endif /* HAVE_FFDHE_3072 */

/* Perform the modular exponentiation for Diffie-Hellman.
 *
 * base     Base.
 * exp      Array of bytes that is the exponent.
 * expLen   Length of data, in bytes, in exponent.
 * mod      Modulus.
 * out      Buffer to hold big-endian bytes of exponentiation result.
 *          Must be at least 384 bytes long.
 * outLen   Length, in bytes, of exponentiation result.
 * returns 0 on success, MP_READ_E if there are too many bytes in an array
 * and MEMORY_E if memory allocation fails.
 */
int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
    const mp_int* mod, byte* out, word32* outLen)
{
    int err = MP_OKAY;
    sp_digit b[192];
    sp_digit e[96];
    sp_digit m[96];
    sp_digit* r = b;
    word32 i;

    if (mp_count_bits(base) > 3072) {
        err = MP_READ_E;
    }
    else if (expLen > 384) {
        err = MP_READ_E;
    }
    else if (mp_count_bits(mod) != 3072) {
        err = MP_READ_E;
    }
    else if (mp_iseven(mod)) {
        err = MP_VAL;
    }

    if (err == MP_OKAY) {
        sp_3072_from_mp(b, 96, base);
        sp_3072_from_bin(e, 96, exp, expLen);
        sp_3072_from_mp(m, 96, mod);

    #ifdef HAVE_FFDHE_3072
        if (base->used == 1 && base->dp[0] == 2 && m[95] == (sp_digit)-1)
            err = sp_3072_mod_exp_2_96(r, e, expLen * 8, m);
        else
    #endif
            err = sp_3072_mod_exp_96(r, b, e, expLen * 8, m, 0);

    }

    if (err == MP_OKAY) {
        sp_3072_to_bin_96(r, out);
        *outLen = 384;
        for (i=0; i<384 && out[i] == 0; i++) {
            /* Search for first non-zero. */
        }
        *outLen -= i;
        XMEMMOVE(out, out + i, *outLen);

    }

    XMEMSET(e, 0, sizeof(e));

    return err;
}
#endif /* WOLFSSL_HAVE_SP_DH */

/* Perform the modular exponentiation for Diffie-Hellman.
 *
 * base  Base. MP integer.
 * exp   Exponent. MP integer.
 * mod   Modulus. MP integer.
 * res   Result. MP integer.
 * returns 0 on success, MP_READ_E if there are too many bytes in an array
 * and MEMORY_E if memory allocation fails.
 */
int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod,
    mp_int* res)
{
    int err = MP_OKAY;
    sp_digit b[96];
    sp_digit e[48];
    sp_digit m[48];
    sp_digit* r = b;
    int expBits = mp_count_bits(exp);

    if (mp_count_bits(base) > 1536) {
        err = MP_READ_E;
    }
    else if (expBits > 1536) {
        err = MP_READ_E;
    }
    else if (mp_count_bits(mod) != 1536) {
        err = MP_READ_E;
    }
    else if (mp_iseven(mod)) {
        err = MP_VAL;
    }

    if (err == MP_OKAY) {
        sp_3072_from_mp(b, 48, base);
        sp_3072_from_mp(e, 48, exp);
        sp_3072_from_mp(m, 48, mod);

        err = sp_3072_mod_exp_48(r, b, e, expBits, m, 0);
    }

    if (err == MP_OKAY) {
        XMEMSET(r + 48, 0, sizeof(*r) * 48U);
        err = sp_3072_to_mp(r, res);
        res->used = mod->used;
        mp_clamp(res);
    }

    XMEMSET(e, 0, sizeof(e));

    return err;
}

#endif /* WOLFSSL_HAVE_SP_DH | (WOLFSSL_HAVE_SP_RSA & !WOLFSSL_RSA_PUBLIC_ONLY) */

#endif /* !WOLFSSL_SP_NO_3072 */

#ifdef WOLFSSL_SP_4096
/* Read big endian unsigned byte array into r.
 *
 * r  A single precision integer.
 * size  Maximum number of bytes to convert
 * a  Byte array.
 * n  Number of bytes in array to read.
 */
static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n)
{
    int i;
    int j;
    byte* d;

    for (i = n - 1,j = 0; i >= 3; i -= 4) {
        r[j]  = ((sp_digit)a[i - 0] <<  0) |
                ((sp_digit)a[i - 1] <<  8) |
                ((sp_digit)a[i - 2] << 16) |
                ((sp_digit)a[i - 3] << 24);
        j++;
    }

    if (i >= 0) {
        r[j] = 0;

        d = (byte*)r;
        switch (i) {
            case 2: d[n - 1 - 2] = a[2]; //fallthrough
            case 1: d[n - 1 - 1] = a[1]; //fallthrough
            case 0: d[n - 1 - 0] = a[0]; //fallthrough
        }
        j++;
    }

    for (; j < size; j++) {
        r[j] = 0;
    }
}

/* Convert an mp_int to an array of sp_digit.
 *
 * r  A single precision integer.
 * size  Maximum number of bytes to convert
 * a  A multi-precision integer.
 */
static void sp_4096_from_mp(sp_digit* r, int size, const mp_int* a)
{
#if DIGIT_BIT == 32
    int i;
    sp_digit j = (sp_digit)0 - (sp_digit)a->used;
    int o = 0;

    for (i = 0; i < size; i++) {
        sp_digit mask = (sp_digit)0 - (j >> 31);
        r[i] = a->dp[o] & mask;
        j++;
        o += (int)(j >> 31);
    }
#elif DIGIT_BIT > 32
    unsigned int i;
    int j = 0;
    word32 s = 0;

    r[0] = 0;
    for (i = 0; i < (unsigned int)a->used && j < size; i++) {
        r[j] |= ((sp_digit)a->dp[i] << s);
        r[j] &= 0xffffffff;
        s = 32U - s;
        if (j + 1 >= size) {
            break;
        }
        /* lint allow cast of mismatch word32 and mp_digit */
        r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
        while ((s + 32U) <= (word32)DIGIT_BIT) {
            s += 32U;
            r[j] &= 0xffffffff;
            if (j + 1 >= size) {
                break;
            }
            if (s < (word32)DIGIT_BIT) {
                /* lint allow cast of mismatch word32 and mp_digit */
                r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
            }
            else {
                r[++j] = (sp_digit)0;
            }
        }
        s = (word32)DIGIT_BIT - s;
    }

    for (j++; j < size; j++) {
        r[j] = 0;
    }
#else
    unsigned int i;
    int j = 0;
    int s = 0;

    r[0] = 0;
    for (i = 0; i < (unsigned int)a->used && j < size; i++) {
        r[j] |= ((sp_digit)a->dp[i]) << s;
        if (s + DIGIT_BIT >= 32) {
            r[j] &= 0xffffffff;
            if (j + 1 >= size) {
                break;
            }
            s = 32 - s;
            if (s == DIGIT_BIT) {
                r[++j] = 0;
                s = 0;
            }
            else {
                r[++j] = a->dp[i] >> s;
                s = DIGIT_BIT - s;
            }
        }
        else {
            s += DIGIT_BIT;
        }
    }

    for (j++; j < size; j++) {
        r[j] = 0;
    }
#endif
}

/* Write r as big endian to byte array.
 * Fixed length number of bytes written: 512
 *
 * r  A single precision integer.
 * a  Byte array.
 */
static void sp_4096_to_bin_128(sp_digit* r, byte* a)
{
    int i;
    int j = 0;

    for (i = 127; i >= 0; i--) {
        a[j++] = r[i] >> 24;
        a[j++] = r[i] >> 16;
        a[j++] = r[i] >> 8;
        a[j++] = r[i] >> 0;
    }
}

#if (defined(WOLFSSL_HAVE_SP_RSA) && (!defined(WOLFSSL_RSA_PUBLIC_ONLY) || !defined(WOLFSSL_SP_SMALL))) || defined(WOLFSSL_HAVE_SP_DH)
/* Normalize the values in each word to 32.
 *
 * a  Array of sp_digit to normalize.
 */
#define sp_4096_norm_128(a)

#endif /* (WOLFSSL_HAVE_SP_RSA && (!WOLFSSL_RSA_PUBLIC_ONLY || !WOLFSSL_SP_SMALL)) || WOLFSSL_HAVE_SP_DH */
/* Normalize the values in each word to 32.
 *
 * a  Array of sp_digit to normalize.
 */
#define sp_4096_norm_128(a)

#ifndef WOLFSSL_SP_SMALL
/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer and result.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SUBS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	%[a], r9, r9\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADDS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "MOV	%[r], #0x0\n\t"
        "ADC	%[r], %[r], #0x0\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
SP_NOINLINE static void sp_4096_mul_128(sp_digit* r, const sp_digit* a,
        const sp_digit* b)
{
    sp_digit* z0 = r;
    sp_digit z1[128];
    sp_digit a1[64];
    sp_digit b1[64];
    sp_digit* z2 = r + 128;
    sp_digit u;
    sp_digit ca;
    sp_digit cb;

    ca = sp_2048_add_64(a1, a, &a[64]);
    cb = sp_2048_add_64(b1, b, &b[64]);
    u  = ca & cb;

    sp_2048_mul_64(z2, &a[64], &b[64]);
    sp_2048_mul_64(z0, a, b);
    sp_2048_mul_64(z1, a1, b1);

    u += sp_4096_sub_in_place_128(z1, z0);
    u += sp_4096_sub_in_place_128(z1, z2);
    sp_2048_mask_64(a1, a1, 0 - cb);
    u += sp_2048_add_64(z1 + 64, z1 + 64, a1);
    sp_2048_mask_64(b1, b1, 0 - ca);
    u += sp_2048_add_64(z1 + 64, z1 + 64, b1);

    u += sp_4096_add_128(r + 64, r + 64, z1);
    XMEMSET(a1 + 1, 0, sizeof(sp_digit) * (64 - 1));
    a1[0] = u;
    (void)sp_2048_add_64(r + 192, r + 192, a1);
}

/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
SP_NOINLINE static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a)
{
    sp_digit* z0 = r;
    sp_digit* z2 = r + 128;
    sp_digit z1[128];
    sp_digit* a1 = z1;
    sp_digit zero[64];
    sp_digit u;
    sp_digit mask;
    sp_digit* p1;
    sp_digit* p2;

    XMEMSET(zero, 0, sizeof(sp_digit) * 64);

    mask = sp_2048_sub_64(a1, a, &a[64]);
    p1 = (sp_digit*)(((sp_digit)zero &   mask ) | ((sp_digit)a1 & (~mask)));
    p2 = (sp_digit*)(((sp_digit)zero & (~mask)) | ((sp_digit)a1 &   mask ));
    (void)sp_2048_sub_64(a1, p1, p2);

    sp_2048_sqr_64(z2, &a[64]);
    sp_2048_sqr_64(z0, a);
    sp_2048_sqr_64(z1, a1);

    u = 0;
    u -= sp_4096_sub_in_place_128(z1, z2);
    u -= sp_4096_sub_in_place_128(z1, z0);
    u += sp_4096_sub_in_place_128(r + 64, z1);
    zero[0] = u;
    (void)sp_2048_add_64(r + 192, r + 192, zero);
}

#endif /* !WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r3, #0x0\n\t"
        "ADD	r12, %[a], #0x200\n\t"
        "\n"
    "L_sp_4096_add_128_word:\n\t"
        "ADDS	r3, r3, #0xffffffff\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r3, r4, #0x0\n\t"
        "CMP	%[a], r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_4096_add_128_word\n\t"
#else
        "BNE.N	L_sp_4096_add_128_word\n\t"
#endif
        "MOV	%[r], r3\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r10, #0x0\n\t"
        "ADD	r11, %[a], #0x200\n\t"
        "\n"
    "L_sp_4096_sub_in_pkace_128_word:\n\t"
        "RSBS	r10, r10, #0x0\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	r10, r10, r10\n\t"
        "CMP	%[a], r11\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_4096_sub_in_pkace_128_word\n\t"
#else
        "BNE.N	L_sp_4096_sub_in_pkace_128_word\n\t"
#endif
        "MOV	%[a], r10\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
    );
    return (uint32_t)(size_t)a;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_4096_mul_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x400\n\t"
        "LDR	lr, [%[a]]\n\t"
        "LDR	r11, [%[b]]\n\t"
        "UMULL	r8, r6, lr, r11\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_4096_mul_128_outer:\n\t"
        "SUBS	r3, r5, #0x1fc\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_4096_mul_128_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "LDR	lr, [%[a], r4]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_4096_mul_128_inner_done\n\t"
#else
        "BGT.N	L_sp_4096_mul_128_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_4096_mul_128_inner\n\t"
#else
        "BLT.N	L_sp_4096_mul_128_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_4096_mul_128_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x3f4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_4096_mul_128_outer\n\t"
#else
        "BLE.N	L_sp_4096_mul_128_outer\n\t"
#endif
        "LDR	lr, [%[a], #508]\n\t"
        "LDR	r11, [%[b], #508]\n\t"
        "UMLAL	r6, r7, lr, r11\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "\n"
    "L_sp_4096_mul_128_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_4096_mul_128_store\n\t"
#else
        "BGT.N	L_sp_4096_mul_128_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_4096_sqr_128(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x400\n\t"
        "LDR	lr, [%[a]]\n\t"
        "UMULL	r8, r6, lr, lr\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_4096_sqr_128_outer:\n\t"
        "SUBS	r3, r5, #0x1fc\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_4096_sqr_128_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[a], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_4096_sqr_128_inner_done\n\t"
#else
        "BGT.N	L_sp_4096_sqr_128_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_4096_sqr_128_inner\n\t"
#else
        "BLT.N	L_sp_4096_sqr_128_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "UMULL	r9, r10, lr, lr\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_4096_sqr_128_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x3f4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_4096_sqr_128_outer\n\t"
#else
        "BLE.N	L_sp_4096_sqr_128_outer\n\t"
#endif
        "LDR	lr, [%[a], #508]\n\t"
        "UMLAL	r6, r7, lr, lr\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "\n"
    "L_sp_4096_sqr_128_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_4096_sqr_128_store\n\t"
#else
        "BGT.N	L_sp_4096_sqr_128_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
/* Calculate the bottom digit of -1/a mod 2^n.
 *
 * a    A single precision number.
 * rho  Bottom word of inverse.
 */
static void sp_4096_mont_setup(const sp_digit* a, sp_digit* rho)
{
    sp_digit x;
    sp_digit b;

    b = a[0];
    x = (((b + 2) & 4) << 1) + b; /* here x*a==1 mod 2**4 */
    x *= 2 - b * x;               /* here x*a==1 mod 2**8 */
    x *= 2 - b * x;               /* here x*a==1 mod 2**16 */
    x *= 2 - b * x;               /* here x*a==1 mod 2**32 */

    /* rho = -1/m mod b */
    *rho = (sp_digit)0 - x;
}

#ifdef WOLFSSL_SP_SMALL
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDR	r8, [%[a]]\n\t"
        "UMULL	r5, r3, %[b], r8\n\t"
        "MOV	r4, #0x0\n\t"
        "STR	r5, [%[r]]\n\t"
        "MOV	r5, #0x0\n\t"
        "MOV	r9, #0x4\n\t"
        "\n"
    "L_sp_4096_mul_d_128_word:\n\t"
        /* A[i] * B */
        "LDR	r8, [%[a], r9]\n\t"
        "UMULL	r6, r7, %[b], r8\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], r9]\n\t"
        "MOV	r3, r4\n\t"
        "MOV	r4, r5\n\t"
        "MOV	r5, #0x0\n\t"
        "ADD	r9, r9, #0x4\n\t"
        "CMP	r9, #0x200\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_4096_mul_d_128_word\n\t"
#else
        "BLT.N	L_sp_4096_mul_d_128_word\n\t"
#endif
        "STR	r3, [%[r], #512]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
}

#else
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMULL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[1] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[2] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[3] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[4] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[5] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[6] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[7] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[8] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[9] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[10] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[11] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[12] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[13] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[14] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[15] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[16] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[17] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[18] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[19] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[20] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[21] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[22] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[23] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[24] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[25] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[26] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[27] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[28] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[29] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[30] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[31] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[32] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[33] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[34] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[35] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[36] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[37] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[38] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[39] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[40] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[41] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[42] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[43] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[44] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[45] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[46] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[47] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[48] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[49] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[50] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[51] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[52] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[53] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[54] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[55] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[56] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[57] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[58] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[59] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[60] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[61] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[62] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[63] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[64] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[65] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[66] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[67] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[68] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[69] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[70] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[71] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[72] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[73] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[74] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[75] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[76] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[77] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[78] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[79] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[80] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[81] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[82] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[83] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[84] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[85] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[86] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[87] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[88] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[89] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[90] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[91] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[92] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[93] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[94] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[95] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[96] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[97] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[98] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[99] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[100] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[101] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[102] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[103] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[104] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[105] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[106] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[107] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[108] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[109] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[110] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[111] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[112] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[113] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[114] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[115] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[116] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[117] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[118] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[119] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[120] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[121] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[122] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[123] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[124] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[125] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[126] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[127] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "STR	r5, [%[r]]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH)
/* r = 2^n mod m where n is the number of bits to reduce by.
 * Given m must be 4096 bits, just need to subtract.
 *
 * r  A single precision number.
 * m  A single precision number.
 */
static void sp_4096_mont_norm_128(sp_digit* r, const sp_digit* m)
{
    XMEMSET(r, 0, sizeof(sp_digit) * 128);

    /* r = 2^n mod m */
    sp_4096_sub_in_place_128(r, m);
}

#endif /* (WOLFSSL_HAVE_SP_RSA & !WOLFSSL_RSA_PUBLIC_ONLY) | WOLFSSL_HAVE_SP_DH */
#ifdef WOLFSSL_SP_SMALL
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r8, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "\n"
    "L_sp_4096_cond_sub_128_words:\n\t"
        "SUBS	r4, r8, r4\n\t"
        "LDR	r6, [%[a], r5]\n\t"
        "LDR	r7, [%[b], r5]\n\t"
        "AND	r7, r7, %[m]\n\t"
        "SBCS	r6, r6, r7\n\t"
        "SBC	r4, r8, r8\n\t"
        "STR	r6, [%[r], r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x200\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_4096_cond_sub_128_words\n\t"
#else
        "BLT.N	L_sp_4096_cond_sub_128_words\n\t"
#endif
        "MOV	%[r], r4\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r5, #0x0\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SUBS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "SBC	%[r], r5, r5\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_NO_UMAAL
#ifndef WOLFSSL_SP_SMALL
/* Reduce the number back to 4096 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	lr, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r11, #0x0\n\t"
        "MOV	r3, #0x0\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[a], #4]\n\t"
        "\n"
    "L_sp_4096_mont_reduce_128_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	r10, %[mp], r4\n\t"
        /* a[i+0] += m[0] * mu */
        "MOV	r7, #0x0\n\t"
        "UMLAL	r4, r7, r10, lr\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r9, [%[m], #4]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r5, r6, r10, r9\n\t"
        "MOV	r4, r5\n\t"
        "ADDS	r4, r4, r7\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r9, [%[m], #8]\n\t"
        "LDR	r5, [%[a], #8]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r5, r7, r10, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r9, [%[m], #12]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #12]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r9, [%[m], #16]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #16]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r9, [%[m], #20]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #20]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r9, [%[m], #24]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #24]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r9, [%[m], #28]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #28]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+8] += m[8] * mu */
        "LDR	r9, [%[m], #32]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #32]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+9] += m[9] * mu */
        "LDR	r9, [%[m], #36]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #36]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+10] += m[10] * mu */
        "LDR	r9, [%[m], #40]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #40]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+11] += m[11] * mu */
        "LDR	r9, [%[m], #44]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #44]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+12] += m[12] * mu */
        "LDR	r9, [%[m], #48]\n\t"
        "LDR	r12, [%[a], #48]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #48]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+13] += m[13] * mu */
        "LDR	r9, [%[m], #52]\n\t"
        "LDR	r12, [%[a], #52]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #52]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+14] += m[14] * mu */
        "LDR	r9, [%[m], #56]\n\t"
        "LDR	r12, [%[a], #56]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #56]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+15] += m[15] * mu */
        "LDR	r9, [%[m], #60]\n\t"
        "LDR	r12, [%[a], #60]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #60]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+16] += m[16] * mu */
        "LDR	r9, [%[m], #64]\n\t"
        "LDR	r12, [%[a], #64]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #64]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+17] += m[17] * mu */
        "LDR	r9, [%[m], #68]\n\t"
        "LDR	r12, [%[a], #68]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #68]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+18] += m[18] * mu */
        "LDR	r9, [%[m], #72]\n\t"
        "LDR	r12, [%[a], #72]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #72]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+19] += m[19] * mu */
        "LDR	r9, [%[m], #76]\n\t"
        "LDR	r12, [%[a], #76]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #76]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+20] += m[20] * mu */
        "LDR	r9, [%[m], #80]\n\t"
        "LDR	r12, [%[a], #80]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #80]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+21] += m[21] * mu */
        "LDR	r9, [%[m], #84]\n\t"
        "LDR	r12, [%[a], #84]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #84]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+22] += m[22] * mu */
        "LDR	r9, [%[m], #88]\n\t"
        "LDR	r12, [%[a], #88]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #88]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+23] += m[23] * mu */
        "LDR	r9, [%[m], #92]\n\t"
        "LDR	r12, [%[a], #92]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #92]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+24] += m[24] * mu */
        "LDR	r9, [%[m], #96]\n\t"
        "LDR	r12, [%[a], #96]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #96]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+25] += m[25] * mu */
        "LDR	r9, [%[m], #100]\n\t"
        "LDR	r12, [%[a], #100]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #100]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+26] += m[26] * mu */
        "LDR	r9, [%[m], #104]\n\t"
        "LDR	r12, [%[a], #104]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #104]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+27] += m[27] * mu */
        "LDR	r9, [%[m], #108]\n\t"
        "LDR	r12, [%[a], #108]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #108]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+28] += m[28] * mu */
        "LDR	r9, [%[m], #112]\n\t"
        "LDR	r12, [%[a], #112]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #112]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+29] += m[29] * mu */
        "LDR	r9, [%[m], #116]\n\t"
        "LDR	r12, [%[a], #116]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #116]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+30] += m[30] * mu */
        "LDR	r9, [%[m], #120]\n\t"
        "LDR	r12, [%[a], #120]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #120]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+31] += m[31] * mu */
        "LDR	r9, [%[m], #124]\n\t"
        "LDR	r12, [%[a], #124]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #124]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+32] += m[32] * mu */
        "LDR	r9, [%[m], #128]\n\t"
        "LDR	r12, [%[a], #128]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #128]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+33] += m[33] * mu */
        "LDR	r9, [%[m], #132]\n\t"
        "LDR	r12, [%[a], #132]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #132]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+34] += m[34] * mu */
        "LDR	r9, [%[m], #136]\n\t"
        "LDR	r12, [%[a], #136]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #136]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+35] += m[35] * mu */
        "LDR	r9, [%[m], #140]\n\t"
        "LDR	r12, [%[a], #140]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #140]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+36] += m[36] * mu */
        "LDR	r9, [%[m], #144]\n\t"
        "LDR	r12, [%[a], #144]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #144]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+37] += m[37] * mu */
        "LDR	r9, [%[m], #148]\n\t"
        "LDR	r12, [%[a], #148]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #148]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+38] += m[38] * mu */
        "LDR	r9, [%[m], #152]\n\t"
        "LDR	r12, [%[a], #152]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #152]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+39] += m[39] * mu */
        "LDR	r9, [%[m], #156]\n\t"
        "LDR	r12, [%[a], #156]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #156]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+40] += m[40] * mu */
        "LDR	r9, [%[m], #160]\n\t"
        "LDR	r12, [%[a], #160]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #160]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+41] += m[41] * mu */
        "LDR	r9, [%[m], #164]\n\t"
        "LDR	r12, [%[a], #164]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #164]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+42] += m[42] * mu */
        "LDR	r9, [%[m], #168]\n\t"
        "LDR	r12, [%[a], #168]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #168]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+43] += m[43] * mu */
        "LDR	r9, [%[m], #172]\n\t"
        "LDR	r12, [%[a], #172]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #172]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+44] += m[44] * mu */
        "LDR	r9, [%[m], #176]\n\t"
        "LDR	r12, [%[a], #176]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #176]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+45] += m[45] * mu */
        "LDR	r9, [%[m], #180]\n\t"
        "LDR	r12, [%[a], #180]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #180]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+46] += m[46] * mu */
        "LDR	r9, [%[m], #184]\n\t"
        "LDR	r12, [%[a], #184]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #184]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+47] += m[47] * mu */
        "LDR	r9, [%[m], #188]\n\t"
        "LDR	r12, [%[a], #188]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #188]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+48] += m[48] * mu */
        "LDR	r9, [%[m], #192]\n\t"
        "LDR	r12, [%[a], #192]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #192]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+49] += m[49] * mu */
        "LDR	r9, [%[m], #196]\n\t"
        "LDR	r12, [%[a], #196]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #196]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+50] += m[50] * mu */
        "LDR	r9, [%[m], #200]\n\t"
        "LDR	r12, [%[a], #200]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #200]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+51] += m[51] * mu */
        "LDR	r9, [%[m], #204]\n\t"
        "LDR	r12, [%[a], #204]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #204]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+52] += m[52] * mu */
        "LDR	r9, [%[m], #208]\n\t"
        "LDR	r12, [%[a], #208]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #208]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+53] += m[53] * mu */
        "LDR	r9, [%[m], #212]\n\t"
        "LDR	r12, [%[a], #212]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #212]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+54] += m[54] * mu */
        "LDR	r9, [%[m], #216]\n\t"
        "LDR	r12, [%[a], #216]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #216]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+55] += m[55] * mu */
        "LDR	r9, [%[m], #220]\n\t"
        "LDR	r12, [%[a], #220]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #220]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+56] += m[56] * mu */
        "LDR	r9, [%[m], #224]\n\t"
        "LDR	r12, [%[a], #224]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #224]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+57] += m[57] * mu */
        "LDR	r9, [%[m], #228]\n\t"
        "LDR	r12, [%[a], #228]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #228]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+58] += m[58] * mu */
        "LDR	r9, [%[m], #232]\n\t"
        "LDR	r12, [%[a], #232]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #232]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+59] += m[59] * mu */
        "LDR	r9, [%[m], #236]\n\t"
        "LDR	r12, [%[a], #236]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #236]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+60] += m[60] * mu */
        "LDR	r9, [%[m], #240]\n\t"
        "LDR	r12, [%[a], #240]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #240]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+61] += m[61] * mu */
        "LDR	r9, [%[m], #244]\n\t"
        "LDR	r12, [%[a], #244]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #244]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+62] += m[62] * mu */
        "LDR	r9, [%[m], #248]\n\t"
        "LDR	r12, [%[a], #248]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #248]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+63] += m[63] * mu */
        "LDR	r9, [%[m], #252]\n\t"
        "LDR	r12, [%[a], #252]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #252]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+64] += m[64] * mu */
        "LDR	r9, [%[m], #256]\n\t"
        "LDR	r12, [%[a], #256]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #256]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+65] += m[65] * mu */
        "LDR	r9, [%[m], #260]\n\t"
        "LDR	r12, [%[a], #260]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #260]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+66] += m[66] * mu */
        "LDR	r9, [%[m], #264]\n\t"
        "LDR	r12, [%[a], #264]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #264]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+67] += m[67] * mu */
        "LDR	r9, [%[m], #268]\n\t"
        "LDR	r12, [%[a], #268]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #268]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+68] += m[68] * mu */
        "LDR	r9, [%[m], #272]\n\t"
        "LDR	r12, [%[a], #272]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #272]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+69] += m[69] * mu */
        "LDR	r9, [%[m], #276]\n\t"
        "LDR	r12, [%[a], #276]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #276]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+70] += m[70] * mu */
        "LDR	r9, [%[m], #280]\n\t"
        "LDR	r12, [%[a], #280]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #280]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+71] += m[71] * mu */
        "LDR	r9, [%[m], #284]\n\t"
        "LDR	r12, [%[a], #284]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #284]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+72] += m[72] * mu */
        "LDR	r9, [%[m], #288]\n\t"
        "LDR	r12, [%[a], #288]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #288]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+73] += m[73] * mu */
        "LDR	r9, [%[m], #292]\n\t"
        "LDR	r12, [%[a], #292]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #292]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+74] += m[74] * mu */
        "LDR	r9, [%[m], #296]\n\t"
        "LDR	r12, [%[a], #296]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #296]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+75] += m[75] * mu */
        "LDR	r9, [%[m], #300]\n\t"
        "LDR	r12, [%[a], #300]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #300]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+76] += m[76] * mu */
        "LDR	r9, [%[m], #304]\n\t"
        "LDR	r12, [%[a], #304]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #304]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+77] += m[77] * mu */
        "LDR	r9, [%[m], #308]\n\t"
        "LDR	r12, [%[a], #308]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #308]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+78] += m[78] * mu */
        "LDR	r9, [%[m], #312]\n\t"
        "LDR	r12, [%[a], #312]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #312]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+79] += m[79] * mu */
        "LDR	r9, [%[m], #316]\n\t"
        "LDR	r12, [%[a], #316]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #316]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+80] += m[80] * mu */
        "LDR	r9, [%[m], #320]\n\t"
        "LDR	r12, [%[a], #320]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #320]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+81] += m[81] * mu */
        "LDR	r9, [%[m], #324]\n\t"
        "LDR	r12, [%[a], #324]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #324]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+82] += m[82] * mu */
        "LDR	r9, [%[m], #328]\n\t"
        "LDR	r12, [%[a], #328]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #328]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+83] += m[83] * mu */
        "LDR	r9, [%[m], #332]\n\t"
        "LDR	r12, [%[a], #332]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #332]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+84] += m[84] * mu */
        "LDR	r9, [%[m], #336]\n\t"
        "LDR	r12, [%[a], #336]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #336]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+85] += m[85] * mu */
        "LDR	r9, [%[m], #340]\n\t"
        "LDR	r12, [%[a], #340]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #340]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+86] += m[86] * mu */
        "LDR	r9, [%[m], #344]\n\t"
        "LDR	r12, [%[a], #344]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #344]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+87] += m[87] * mu */
        "LDR	r9, [%[m], #348]\n\t"
        "LDR	r12, [%[a], #348]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #348]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+88] += m[88] * mu */
        "LDR	r9, [%[m], #352]\n\t"
        "LDR	r12, [%[a], #352]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #352]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+89] += m[89] * mu */
        "LDR	r9, [%[m], #356]\n\t"
        "LDR	r12, [%[a], #356]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #356]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+90] += m[90] * mu */
        "LDR	r9, [%[m], #360]\n\t"
        "LDR	r12, [%[a], #360]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #360]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+91] += m[91] * mu */
        "LDR	r9, [%[m], #364]\n\t"
        "LDR	r12, [%[a], #364]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #364]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+92] += m[92] * mu */
        "LDR	r9, [%[m], #368]\n\t"
        "LDR	r12, [%[a], #368]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #368]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+93] += m[93] * mu */
        "LDR	r9, [%[m], #372]\n\t"
        "LDR	r12, [%[a], #372]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #372]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+94] += m[94] * mu */
        "LDR	r9, [%[m], #376]\n\t"
        "LDR	r12, [%[a], #376]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #376]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+95] += m[95] * mu */
        "LDR	r9, [%[m], #380]\n\t"
        "LDR	r12, [%[a], #380]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #380]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+96] += m[96] * mu */
        "LDR	r9, [%[m], #384]\n\t"
        "LDR	r12, [%[a], #384]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #384]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+97] += m[97] * mu */
        "LDR	r9, [%[m], #388]\n\t"
        "LDR	r12, [%[a], #388]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #388]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+98] += m[98] * mu */
        "LDR	r9, [%[m], #392]\n\t"
        "LDR	r12, [%[a], #392]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #392]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+99] += m[99] * mu */
        "LDR	r9, [%[m], #396]\n\t"
        "LDR	r12, [%[a], #396]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #396]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+100] += m[100] * mu */
        "LDR	r9, [%[m], #400]\n\t"
        "LDR	r12, [%[a], #400]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #400]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+101] += m[101] * mu */
        "LDR	r9, [%[m], #404]\n\t"
        "LDR	r12, [%[a], #404]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #404]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+102] += m[102] * mu */
        "LDR	r9, [%[m], #408]\n\t"
        "LDR	r12, [%[a], #408]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #408]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+103] += m[103] * mu */
        "LDR	r9, [%[m], #412]\n\t"
        "LDR	r12, [%[a], #412]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #412]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+104] += m[104] * mu */
        "LDR	r9, [%[m], #416]\n\t"
        "LDR	r12, [%[a], #416]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #416]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+105] += m[105] * mu */
        "LDR	r9, [%[m], #420]\n\t"
        "LDR	r12, [%[a], #420]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #420]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+106] += m[106] * mu */
        "LDR	r9, [%[m], #424]\n\t"
        "LDR	r12, [%[a], #424]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #424]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+107] += m[107] * mu */
        "LDR	r9, [%[m], #428]\n\t"
        "LDR	r12, [%[a], #428]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #428]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+108] += m[108] * mu */
        "LDR	r9, [%[m], #432]\n\t"
        "LDR	r12, [%[a], #432]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #432]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+109] += m[109] * mu */
        "LDR	r9, [%[m], #436]\n\t"
        "LDR	r12, [%[a], #436]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #436]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+110] += m[110] * mu */
        "LDR	r9, [%[m], #440]\n\t"
        "LDR	r12, [%[a], #440]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #440]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+111] += m[111] * mu */
        "LDR	r9, [%[m], #444]\n\t"
        "LDR	r12, [%[a], #444]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #444]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+112] += m[112] * mu */
        "LDR	r9, [%[m], #448]\n\t"
        "LDR	r12, [%[a], #448]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #448]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+113] += m[113] * mu */
        "LDR	r9, [%[m], #452]\n\t"
        "LDR	r12, [%[a], #452]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #452]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+114] += m[114] * mu */
        "LDR	r9, [%[m], #456]\n\t"
        "LDR	r12, [%[a], #456]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #456]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+115] += m[115] * mu */
        "LDR	r9, [%[m], #460]\n\t"
        "LDR	r12, [%[a], #460]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #460]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+116] += m[116] * mu */
        "LDR	r9, [%[m], #464]\n\t"
        "LDR	r12, [%[a], #464]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #464]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+117] += m[117] * mu */
        "LDR	r9, [%[m], #468]\n\t"
        "LDR	r12, [%[a], #468]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #468]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+118] += m[118] * mu */
        "LDR	r9, [%[m], #472]\n\t"
        "LDR	r12, [%[a], #472]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #472]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+119] += m[119] * mu */
        "LDR	r9, [%[m], #476]\n\t"
        "LDR	r12, [%[a], #476]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #476]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+120] += m[120] * mu */
        "LDR	r9, [%[m], #480]\n\t"
        "LDR	r12, [%[a], #480]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #480]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+121] += m[121] * mu */
        "LDR	r9, [%[m], #484]\n\t"
        "LDR	r12, [%[a], #484]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #484]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+122] += m[122] * mu */
        "LDR	r9, [%[m], #488]\n\t"
        "LDR	r12, [%[a], #488]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #488]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+123] += m[123] * mu */
        "LDR	r9, [%[m], #492]\n\t"
        "LDR	r12, [%[a], #492]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #492]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+124] += m[124] * mu */
        "LDR	r9, [%[m], #496]\n\t"
        "LDR	r12, [%[a], #496]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #496]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+125] += m[125] * mu */
        "LDR	r9, [%[m], #500]\n\t"
        "LDR	r12, [%[a], #500]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #500]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+126] += m[126] * mu */
        "LDR	r9, [%[m], #504]\n\t"
        "LDR	r12, [%[a], #504]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #504]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+127] += m[127] * mu */
        "LDR	r9, [%[m], #508]\n\t"
        "LDR	r12, [%[a], #508]\n\t"
        "UMULL	r8, r9, r10, r9\n\t"
        "ADDS	r7, r7, r8\n\t"
        "ADCS	r6, r9, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, r3\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #508]\n\t"
        "LDR	r12, [%[a], #512]\n\t"
        "ADCS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #512]\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* i += 1 */
        "ADD	r11, r11, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r11, #0x200\n\t"
#ifdef __GNUC__
        "BLT	L_sp_4096_mont_reduce_128_word\n\t"
#else
        "BLT.W	L_sp_4096_mont_reduce_128_word\n\t"
#endif
        /* Loop Done */
        "STR	r4, [%[a]]\n\t"
        "STR	r5, [%[a], #4]\n\t"
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp);
}

#else
/* Reduce the number back to 4096 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	r11, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r9, #0x0\n\t"
        /* ca = 0 */
        "MOV	r3, #0x0\n\t"
        "\n"
    "L_sp_4096_mont_reduce_128_word:\n\t"
        /* mu = a[i] * mp */
        "LDR	r10, [%[a]]\n\t"
        "MUL	r8, %[mp], r10\n\t"
        /* j = 0 */
        "MOV	r12, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "\n"
    "L_sp_4096_mont_reduce_128_mul:\n\t"
        /* a[i+j+0] += m[j+0] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+1] += m[j+1] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+2] += m[j+2] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+3] += m[j+3] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r8, r7\n\t"
        "ADDS	r10, r10, r4\n\t"
        "STR	r10, [%[a], r12]\n\t"
        "ADC	r4, r5, #0x0\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        "CMP	r12, #0x200\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_4096_mont_reduce_128_mul\n\t"
#else
        "BLT.N	L_sp_4096_mont_reduce_128_mul\n\t"
#endif
        "LDR	r10, [%[a], #512]\n\t"
        "ADDS	r4, r4, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r10, r10, r4\n\t"
        "ADC	r3, r3, r3\n\t"
        "STR	r10, [%[a], #512]\n\t"
        /* i += 1 */
        "ADD	r9, r9, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r9, #0x200\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_4096_mont_reduce_128_word\n\t"
#else
        "BLT.N	L_sp_4096_mont_reduce_128_word\n\t"
#endif
        /* Loop Done */
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
    sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp);
}

#endif /* !WOLFSSL_SP_SMALL */
#else
#ifndef WOLFSSL_SP_SMALL
/* Reduce the number back to 4096 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* i = 0 */
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "LDR	r6, [%[a]]\n\t"
        "LDR	r7, [%[a], #4]\n\t"
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[a], #12]\n\t"
        "LDR	r10, [%[a], #16]\n\t"
        "\n"
    "L_sp_4096_mont_reduce_128_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	lr, %[mp], r6\n\t"
        /* a[i+0] += m[0] * mu */
        "LDR	r12, [%[m]]\n\t"
        "MOV	r3, #0x0\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r12, [%[m], #4]\n\t"
        "MOV	r6, r7\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r12, [%[m], #8]\n\t"
        "MOV	r7, r8\n\t"
        "UMAAL	r7, r3, lr, r12\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r12, [%[m], #12]\n\t"
        "MOV	r8, r9\n\t"
        "UMAAL	r8, r3, lr, r12\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r12, [%[m], #16]\n\t"
        "MOV	r9, r10\n\t"
        "UMAAL	r9, r3, lr, r12\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r12, [%[m], #20]\n\t"
        "LDR	r10, [%[a], #20]\n\t"
        "UMAAL	r10, r3, lr, r12\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r12, [%[m], #24]\n\t"
        "LDR	r11, [%[a], #24]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #24]\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r12, [%[m], #28]\n\t"
        "LDR	r11, [%[a], #28]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #28]\n\t"
        /* a[i+8] += m[8] * mu */
        "LDR	r12, [%[m], #32]\n\t"
        "LDR	r11, [%[a], #32]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #32]\n\t"
        /* a[i+9] += m[9] * mu */
        "LDR	r12, [%[m], #36]\n\t"
        "LDR	r11, [%[a], #36]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #36]\n\t"
        /* a[i+10] += m[10] * mu */
        "LDR	r12, [%[m], #40]\n\t"
        "LDR	r11, [%[a], #40]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #40]\n\t"
        /* a[i+11] += m[11] * mu */
        "LDR	r12, [%[m], #44]\n\t"
        "LDR	r11, [%[a], #44]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #44]\n\t"
        /* a[i+12] += m[12] * mu */
        "LDR	r12, [%[m], #48]\n\t"
        "LDR	r11, [%[a], #48]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #48]\n\t"
        /* a[i+13] += m[13] * mu */
        "LDR	r12, [%[m], #52]\n\t"
        "LDR	r11, [%[a], #52]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #52]\n\t"
        /* a[i+14] += m[14] * mu */
        "LDR	r12, [%[m], #56]\n\t"
        "LDR	r11, [%[a], #56]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #56]\n\t"
        /* a[i+15] += m[15] * mu */
        "LDR	r12, [%[m], #60]\n\t"
        "LDR	r11, [%[a], #60]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #60]\n\t"
        /* a[i+16] += m[16] * mu */
        "LDR	r12, [%[m], #64]\n\t"
        "LDR	r11, [%[a], #64]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #64]\n\t"
        /* a[i+17] += m[17] * mu */
        "LDR	r12, [%[m], #68]\n\t"
        "LDR	r11, [%[a], #68]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #68]\n\t"
        /* a[i+18] += m[18] * mu */
        "LDR	r12, [%[m], #72]\n\t"
        "LDR	r11, [%[a], #72]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #72]\n\t"
        /* a[i+19] += m[19] * mu */
        "LDR	r12, [%[m], #76]\n\t"
        "LDR	r11, [%[a], #76]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #76]\n\t"
        /* a[i+20] += m[20] * mu */
        "LDR	r12, [%[m], #80]\n\t"
        "LDR	r11, [%[a], #80]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #80]\n\t"
        /* a[i+21] += m[21] * mu */
        "LDR	r12, [%[m], #84]\n\t"
        "LDR	r11, [%[a], #84]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #84]\n\t"
        /* a[i+22] += m[22] * mu */
        "LDR	r12, [%[m], #88]\n\t"
        "LDR	r11, [%[a], #88]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #88]\n\t"
        /* a[i+23] += m[23] * mu */
        "LDR	r12, [%[m], #92]\n\t"
        "LDR	r11, [%[a], #92]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #92]\n\t"
        /* a[i+24] += m[24] * mu */
        "LDR	r12, [%[m], #96]\n\t"
        "LDR	r11, [%[a], #96]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #96]\n\t"
        /* a[i+25] += m[25] * mu */
        "LDR	r12, [%[m], #100]\n\t"
        "LDR	r11, [%[a], #100]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #100]\n\t"
        /* a[i+26] += m[26] * mu */
        "LDR	r12, [%[m], #104]\n\t"
        "LDR	r11, [%[a], #104]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #104]\n\t"
        /* a[i+27] += m[27] * mu */
        "LDR	r12, [%[m], #108]\n\t"
        "LDR	r11, [%[a], #108]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #108]\n\t"
        /* a[i+28] += m[28] * mu */
        "LDR	r12, [%[m], #112]\n\t"
        "LDR	r11, [%[a], #112]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #112]\n\t"
        /* a[i+29] += m[29] * mu */
        "LDR	r12, [%[m], #116]\n\t"
        "LDR	r11, [%[a], #116]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #116]\n\t"
        /* a[i+30] += m[30] * mu */
        "LDR	r12, [%[m], #120]\n\t"
        "LDR	r11, [%[a], #120]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #120]\n\t"
        /* a[i+31] += m[31] * mu */
        "LDR	r12, [%[m], #124]\n\t"
        "LDR	r11, [%[a], #124]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #124]\n\t"
        /* a[i+32] += m[32] * mu */
        "LDR	r12, [%[m], #128]\n\t"
        "LDR	r11, [%[a], #128]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #128]\n\t"
        /* a[i+33] += m[33] * mu */
        "LDR	r12, [%[m], #132]\n\t"
        "LDR	r11, [%[a], #132]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #132]\n\t"
        /* a[i+34] += m[34] * mu */
        "LDR	r12, [%[m], #136]\n\t"
        "LDR	r11, [%[a], #136]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #136]\n\t"
        /* a[i+35] += m[35] * mu */
        "LDR	r12, [%[m], #140]\n\t"
        "LDR	r11, [%[a], #140]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #140]\n\t"
        /* a[i+36] += m[36] * mu */
        "LDR	r12, [%[m], #144]\n\t"
        "LDR	r11, [%[a], #144]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #144]\n\t"
        /* a[i+37] += m[37] * mu */
        "LDR	r12, [%[m], #148]\n\t"
        "LDR	r11, [%[a], #148]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #148]\n\t"
        /* a[i+38] += m[38] * mu */
        "LDR	r12, [%[m], #152]\n\t"
        "LDR	r11, [%[a], #152]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #152]\n\t"
        /* a[i+39] += m[39] * mu */
        "LDR	r12, [%[m], #156]\n\t"
        "LDR	r11, [%[a], #156]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #156]\n\t"
        /* a[i+40] += m[40] * mu */
        "LDR	r12, [%[m], #160]\n\t"
        "LDR	r11, [%[a], #160]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #160]\n\t"
        /* a[i+41] += m[41] * mu */
        "LDR	r12, [%[m], #164]\n\t"
        "LDR	r11, [%[a], #164]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #164]\n\t"
        /* a[i+42] += m[42] * mu */
        "LDR	r12, [%[m], #168]\n\t"
        "LDR	r11, [%[a], #168]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #168]\n\t"
        /* a[i+43] += m[43] * mu */
        "LDR	r12, [%[m], #172]\n\t"
        "LDR	r11, [%[a], #172]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #172]\n\t"
        /* a[i+44] += m[44] * mu */
        "LDR	r12, [%[m], #176]\n\t"
        "LDR	r11, [%[a], #176]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #176]\n\t"
        /* a[i+45] += m[45] * mu */
        "LDR	r12, [%[m], #180]\n\t"
        "LDR	r11, [%[a], #180]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #180]\n\t"
        /* a[i+46] += m[46] * mu */
        "LDR	r12, [%[m], #184]\n\t"
        "LDR	r11, [%[a], #184]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #184]\n\t"
        /* a[i+47] += m[47] * mu */
        "LDR	r12, [%[m], #188]\n\t"
        "LDR	r11, [%[a], #188]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #188]\n\t"
        /* a[i+48] += m[48] * mu */
        "LDR	r12, [%[m], #192]\n\t"
        "LDR	r11, [%[a], #192]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #192]\n\t"
        /* a[i+49] += m[49] * mu */
        "LDR	r12, [%[m], #196]\n\t"
        "LDR	r11, [%[a], #196]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #196]\n\t"
        /* a[i+50] += m[50] * mu */
        "LDR	r12, [%[m], #200]\n\t"
        "LDR	r11, [%[a], #200]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #200]\n\t"
        /* a[i+51] += m[51] * mu */
        "LDR	r12, [%[m], #204]\n\t"
        "LDR	r11, [%[a], #204]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #204]\n\t"
        /* a[i+52] += m[52] * mu */
        "LDR	r12, [%[m], #208]\n\t"
        "LDR	r11, [%[a], #208]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #208]\n\t"
        /* a[i+53] += m[53] * mu */
        "LDR	r12, [%[m], #212]\n\t"
        "LDR	r11, [%[a], #212]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #212]\n\t"
        /* a[i+54] += m[54] * mu */
        "LDR	r12, [%[m], #216]\n\t"
        "LDR	r11, [%[a], #216]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #216]\n\t"
        /* a[i+55] += m[55] * mu */
        "LDR	r12, [%[m], #220]\n\t"
        "LDR	r11, [%[a], #220]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #220]\n\t"
        /* a[i+56] += m[56] * mu */
        "LDR	r12, [%[m], #224]\n\t"
        "LDR	r11, [%[a], #224]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #224]\n\t"
        /* a[i+57] += m[57] * mu */
        "LDR	r12, [%[m], #228]\n\t"
        "LDR	r11, [%[a], #228]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #228]\n\t"
        /* a[i+58] += m[58] * mu */
        "LDR	r12, [%[m], #232]\n\t"
        "LDR	r11, [%[a], #232]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #232]\n\t"
        /* a[i+59] += m[59] * mu */
        "LDR	r12, [%[m], #236]\n\t"
        "LDR	r11, [%[a], #236]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #236]\n\t"
        /* a[i+60] += m[60] * mu */
        "LDR	r12, [%[m], #240]\n\t"
        "LDR	r11, [%[a], #240]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #240]\n\t"
        /* a[i+61] += m[61] * mu */
        "LDR	r12, [%[m], #244]\n\t"
        "LDR	r11, [%[a], #244]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #244]\n\t"
        /* a[i+62] += m[62] * mu */
        "LDR	r12, [%[m], #248]\n\t"
        "LDR	r11, [%[a], #248]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #248]\n\t"
        /* a[i+63] += m[63] * mu */
        "LDR	r12, [%[m], #252]\n\t"
        "LDR	r11, [%[a], #252]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #252]\n\t"
        /* a[i+64] += m[64] * mu */
        "LDR	r12, [%[m], #256]\n\t"
        "LDR	r11, [%[a], #256]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #256]\n\t"
        /* a[i+65] += m[65] * mu */
        "LDR	r12, [%[m], #260]\n\t"
        "LDR	r11, [%[a], #260]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #260]\n\t"
        /* a[i+66] += m[66] * mu */
        "LDR	r12, [%[m], #264]\n\t"
        "LDR	r11, [%[a], #264]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #264]\n\t"
        /* a[i+67] += m[67] * mu */
        "LDR	r12, [%[m], #268]\n\t"
        "LDR	r11, [%[a], #268]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #268]\n\t"
        /* a[i+68] += m[68] * mu */
        "LDR	r12, [%[m], #272]\n\t"
        "LDR	r11, [%[a], #272]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #272]\n\t"
        /* a[i+69] += m[69] * mu */
        "LDR	r12, [%[m], #276]\n\t"
        "LDR	r11, [%[a], #276]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #276]\n\t"
        /* a[i+70] += m[70] * mu */
        "LDR	r12, [%[m], #280]\n\t"
        "LDR	r11, [%[a], #280]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #280]\n\t"
        /* a[i+71] += m[71] * mu */
        "LDR	r12, [%[m], #284]\n\t"
        "LDR	r11, [%[a], #284]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #284]\n\t"
        /* a[i+72] += m[72] * mu */
        "LDR	r12, [%[m], #288]\n\t"
        "LDR	r11, [%[a], #288]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #288]\n\t"
        /* a[i+73] += m[73] * mu */
        "LDR	r12, [%[m], #292]\n\t"
        "LDR	r11, [%[a], #292]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #292]\n\t"
        /* a[i+74] += m[74] * mu */
        "LDR	r12, [%[m], #296]\n\t"
        "LDR	r11, [%[a], #296]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #296]\n\t"
        /* a[i+75] += m[75] * mu */
        "LDR	r12, [%[m], #300]\n\t"
        "LDR	r11, [%[a], #300]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #300]\n\t"
        /* a[i+76] += m[76] * mu */
        "LDR	r12, [%[m], #304]\n\t"
        "LDR	r11, [%[a], #304]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #304]\n\t"
        /* a[i+77] += m[77] * mu */
        "LDR	r12, [%[m], #308]\n\t"
        "LDR	r11, [%[a], #308]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #308]\n\t"
        /* a[i+78] += m[78] * mu */
        "LDR	r12, [%[m], #312]\n\t"
        "LDR	r11, [%[a], #312]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #312]\n\t"
        /* a[i+79] += m[79] * mu */
        "LDR	r12, [%[m], #316]\n\t"
        "LDR	r11, [%[a], #316]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #316]\n\t"
        /* a[i+80] += m[80] * mu */
        "LDR	r12, [%[m], #320]\n\t"
        "LDR	r11, [%[a], #320]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #320]\n\t"
        /* a[i+81] += m[81] * mu */
        "LDR	r12, [%[m], #324]\n\t"
        "LDR	r11, [%[a], #324]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #324]\n\t"
        /* a[i+82] += m[82] * mu */
        "LDR	r12, [%[m], #328]\n\t"
        "LDR	r11, [%[a], #328]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #328]\n\t"
        /* a[i+83] += m[83] * mu */
        "LDR	r12, [%[m], #332]\n\t"
        "LDR	r11, [%[a], #332]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #332]\n\t"
        /* a[i+84] += m[84] * mu */
        "LDR	r12, [%[m], #336]\n\t"
        "LDR	r11, [%[a], #336]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #336]\n\t"
        /* a[i+85] += m[85] * mu */
        "LDR	r12, [%[m], #340]\n\t"
        "LDR	r11, [%[a], #340]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #340]\n\t"
        /* a[i+86] += m[86] * mu */
        "LDR	r12, [%[m], #344]\n\t"
        "LDR	r11, [%[a], #344]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #344]\n\t"
        /* a[i+87] += m[87] * mu */
        "LDR	r12, [%[m], #348]\n\t"
        "LDR	r11, [%[a], #348]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #348]\n\t"
        /* a[i+88] += m[88] * mu */
        "LDR	r12, [%[m], #352]\n\t"
        "LDR	r11, [%[a], #352]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #352]\n\t"
        /* a[i+89] += m[89] * mu */
        "LDR	r12, [%[m], #356]\n\t"
        "LDR	r11, [%[a], #356]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #356]\n\t"
        /* a[i+90] += m[90] * mu */
        "LDR	r12, [%[m], #360]\n\t"
        "LDR	r11, [%[a], #360]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #360]\n\t"
        /* a[i+91] += m[91] * mu */
        "LDR	r12, [%[m], #364]\n\t"
        "LDR	r11, [%[a], #364]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #364]\n\t"
        /* a[i+92] += m[92] * mu */
        "LDR	r12, [%[m], #368]\n\t"
        "LDR	r11, [%[a], #368]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #368]\n\t"
        /* a[i+93] += m[93] * mu */
        "LDR	r12, [%[m], #372]\n\t"
        "LDR	r11, [%[a], #372]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #372]\n\t"
        /* a[i+94] += m[94] * mu */
        "LDR	r12, [%[m], #376]\n\t"
        "LDR	r11, [%[a], #376]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #376]\n\t"
        /* a[i+95] += m[95] * mu */
        "LDR	r12, [%[m], #380]\n\t"
        "LDR	r11, [%[a], #380]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #380]\n\t"
        /* a[i+96] += m[96] * mu */
        "LDR	r12, [%[m], #384]\n\t"
        "LDR	r11, [%[a], #384]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #384]\n\t"
        /* a[i+97] += m[97] * mu */
        "LDR	r12, [%[m], #388]\n\t"
        "LDR	r11, [%[a], #388]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #388]\n\t"
        /* a[i+98] += m[98] * mu */
        "LDR	r12, [%[m], #392]\n\t"
        "LDR	r11, [%[a], #392]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #392]\n\t"
        /* a[i+99] += m[99] * mu */
        "LDR	r12, [%[m], #396]\n\t"
        "LDR	r11, [%[a], #396]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #396]\n\t"
        /* a[i+100] += m[100] * mu */
        "LDR	r12, [%[m], #400]\n\t"
        "LDR	r11, [%[a], #400]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #400]\n\t"
        /* a[i+101] += m[101] * mu */
        "LDR	r12, [%[m], #404]\n\t"
        "LDR	r11, [%[a], #404]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #404]\n\t"
        /* a[i+102] += m[102] * mu */
        "LDR	r12, [%[m], #408]\n\t"
        "LDR	r11, [%[a], #408]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #408]\n\t"
        /* a[i+103] += m[103] * mu */
        "LDR	r12, [%[m], #412]\n\t"
        "LDR	r11, [%[a], #412]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #412]\n\t"
        /* a[i+104] += m[104] * mu */
        "LDR	r12, [%[m], #416]\n\t"
        "LDR	r11, [%[a], #416]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #416]\n\t"
        /* a[i+105] += m[105] * mu */
        "LDR	r12, [%[m], #420]\n\t"
        "LDR	r11, [%[a], #420]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #420]\n\t"
        /* a[i+106] += m[106] * mu */
        "LDR	r12, [%[m], #424]\n\t"
        "LDR	r11, [%[a], #424]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #424]\n\t"
        /* a[i+107] += m[107] * mu */
        "LDR	r12, [%[m], #428]\n\t"
        "LDR	r11, [%[a], #428]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #428]\n\t"
        /* a[i+108] += m[108] * mu */
        "LDR	r12, [%[m], #432]\n\t"
        "LDR	r11, [%[a], #432]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #432]\n\t"
        /* a[i+109] += m[109] * mu */
        "LDR	r12, [%[m], #436]\n\t"
        "LDR	r11, [%[a], #436]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #436]\n\t"
        /* a[i+110] += m[110] * mu */
        "LDR	r12, [%[m], #440]\n\t"
        "LDR	r11, [%[a], #440]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #440]\n\t"
        /* a[i+111] += m[111] * mu */
        "LDR	r12, [%[m], #444]\n\t"
        "LDR	r11, [%[a], #444]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #444]\n\t"
        /* a[i+112] += m[112] * mu */
        "LDR	r12, [%[m], #448]\n\t"
        "LDR	r11, [%[a], #448]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #448]\n\t"
        /* a[i+113] += m[113] * mu */
        "LDR	r12, [%[m], #452]\n\t"
        "LDR	r11, [%[a], #452]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #452]\n\t"
        /* a[i+114] += m[114] * mu */
        "LDR	r12, [%[m], #456]\n\t"
        "LDR	r11, [%[a], #456]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #456]\n\t"
        /* a[i+115] += m[115] * mu */
        "LDR	r12, [%[m], #460]\n\t"
        "LDR	r11, [%[a], #460]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #460]\n\t"
        /* a[i+116] += m[116] * mu */
        "LDR	r12, [%[m], #464]\n\t"
        "LDR	r11, [%[a], #464]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #464]\n\t"
        /* a[i+117] += m[117] * mu */
        "LDR	r12, [%[m], #468]\n\t"
        "LDR	r11, [%[a], #468]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #468]\n\t"
        /* a[i+118] += m[118] * mu */
        "LDR	r12, [%[m], #472]\n\t"
        "LDR	r11, [%[a], #472]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #472]\n\t"
        /* a[i+119] += m[119] * mu */
        "LDR	r12, [%[m], #476]\n\t"
        "LDR	r11, [%[a], #476]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #476]\n\t"
        /* a[i+120] += m[120] * mu */
        "LDR	r12, [%[m], #480]\n\t"
        "LDR	r11, [%[a], #480]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #480]\n\t"
        /* a[i+121] += m[121] * mu */
        "LDR	r12, [%[m], #484]\n\t"
        "LDR	r11, [%[a], #484]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #484]\n\t"
        /* a[i+122] += m[122] * mu */
        "LDR	r12, [%[m], #488]\n\t"
        "LDR	r11, [%[a], #488]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #488]\n\t"
        /* a[i+123] += m[123] * mu */
        "LDR	r12, [%[m], #492]\n\t"
        "LDR	r11, [%[a], #492]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #492]\n\t"
        /* a[i+124] += m[124] * mu */
        "LDR	r12, [%[m], #496]\n\t"
        "LDR	r11, [%[a], #496]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #496]\n\t"
        /* a[i+125] += m[125] * mu */
        "LDR	r12, [%[m], #500]\n\t"
        "LDR	r11, [%[a], #500]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #500]\n\t"
        /* a[i+126] += m[126] * mu */
        "LDR	r12, [%[m], #504]\n\t"
        "LDR	r11, [%[a], #504]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #504]\n\t"
        /* a[i+127] += m[127] * mu */
        "LDR	r12, [%[m], #508]\n\t"
        "LDR	r11, [%[a], #508]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "LDR	lr, [%[a], #512]\n\t"
        "MOV	r12, #0x0\n\t"
        "UMAAL	r3, lr, r12, r12\n\t"
        "STR	r11, [%[a], #508]\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADC	r5, lr, #0x0\n\t"
        "STR	r3, [%[a], #512]\n\t"
        /* i += 1 */
        "ADD	r4, r4, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r4, #0x200\n\t"
#ifdef __GNUC__
        "BLT	L_sp_4096_mont_reduce_128_word\n\t"
#else
        "BLT.W	L_sp_4096_mont_reduce_128_word\n\t"
#endif
        /* Loop Done */
        "STR	r6, [%[a]]\n\t"
        "STR	r7, [%[a], #4]\n\t"
        "STR	r8, [%[a], #8]\n\t"
        "STR	r9, [%[a], #12]\n\t"
        "STR	r10, [%[a], #16]\n\t"
        "MOV	%[mp], r5\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp);
}

#else
/* Reduce the number back to 4096 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	r11, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r9, #0x0\n\t"
        /* ca = 0 */
        "MOV	r3, #0x0\n\t"
        "\n"
    "L_sp_4096_mont_reduce_128_word:\n\t"
        /* mu = a[i] * mp */
        "LDR	r10, [%[a]]\n\t"
        "MUL	r8, %[mp], r10\n\t"
        /* j = 0 */
        "MOV	r12, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "\n"
    "L_sp_4096_mont_reduce_128_mul:\n\t"
        /* a[i+j+0] += m[j+0] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+1] += m[j+1] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+2] += m[j+2] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        /* a[i+j+3] += m[j+3] * mu */
        "LDR	r7, [%[m], r12]\n\t"
        "LDR	r10, [%[a], r12]\n\t"
        "UMAAL	r10, r4, r8, r7\n\t"
        "STR	r10, [%[a], r12]\n\t"
        /* j += 1 */
        "ADD	r12, r12, #0x4\n\t"
        "CMP	r12, #0x200\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_4096_mont_reduce_128_mul\n\t"
#else
        "BLT.N	L_sp_4096_mont_reduce_128_mul\n\t"
#endif
        "LDR	r10, [%[a], #512]\n\t"
        "ADDS	r4, r4, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r10, r10, r4\n\t"
        "ADC	r3, r3, r3\n\t"
        "STR	r10, [%[a], #512]\n\t"
        /* i += 1 */
        "ADD	r9, r9, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r9, #0x200\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_4096_mont_reduce_128_word\n\t"
#else
        "BLT.N	L_sp_4096_mont_reduce_128_word\n\t"
#endif
        /* Loop Done */
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
    sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp);
}

#endif /* !WOLFSSL_SP_SMALL */
#endif
/* Multiply two Montgomery form numbers mod the modulus (prime).
 * (r = a * b mod m)
 *
 * r   Result of multiplication.
 * a   First number to multiply in Montgomery form.
 * b   Second number to multiply in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_4096_mont_mul_128(sp_digit* r, const sp_digit* a,
        const sp_digit* b, const sp_digit* m, sp_digit mp)
{
    sp_4096_mul_128(r, a, b);
    sp_4096_mont_reduce_128(r, m, mp);
}

/* Square the Montgomery form number. (r = a * a mod m)
 *
 * r   Result of squaring.
 * a   Number to square in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_4096_mont_sqr_128(sp_digit* r, const sp_digit* a,
        const sp_digit* m, sp_digit mp)
{
    sp_4096_sqr_128(r, a);
    sp_4096_mont_reduce_128(r, m, mp);
}

#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r11, #0x0\n\t"
        "ADD	r12, %[a], #0x200\n\t"
        "\n"
    "L_sp_4096_sub_128_word:\n\t"
        "RSBS	r11, r11, #0x0\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	r11, r3, r3\n\t"
        "CMP	%[a], r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_4096_sub_128_word\n\t"
#else
        "BNE.N	L_sp_4096_sub_128_word\n\t"
#endif
        "MOV	%[r], r11\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SUBS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	%[r], r6, r6\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_USE_UDIV
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r8, %[div], #16\n\t"
        "ADD	r5, r8, #0x1\n\t"
        "UDIV	r6, %[d1], r5\n\t"
        "LSL	r7, %[div], #16\n\t"
        "LSL	r6, r6, #16\n\t"
        "UMULL	r3, r4, %[div], r6\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "SUBS	r3, %[d1], r5\n\t"
        "SBC	r9, r9, r9\n\t"
        "ADD	r9, r9, #0x1\n\t"
        "RSB	r10, r9, #0x0\n\t"
        "LSL	r9, r9, #16\n\t"
        "AND	r7, r7, r10\n\t"
        "AND	r8, r8, r10\n\t"
        "SUBS	%[d0], %[d0], r7\n\t"
        "ADD	r6, r6, r9\n\t"
        "SBC	%[d1], %[d1], r8\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "UMULL	r3, r4, %[div], r3\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "MUL	r3, %[div], r3\n\t"
        "SUB	%[d0], %[d0], r3\n\t"
        "UDIV	r3, %[d0], %[div]\n\t"
        "ADD	%[d1], r6, r3\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#else
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r5, %[div], #1\n\t"
        "ADD	r5, r5, #0x1\n\t"
        "MOV	r6, %[d0]\n\t"
        "MOV	r7, %[d1]\n\t"
        /* Do top 32 */
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "MOV	r3, #0x0\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        /* Next 30 bits */
        "MOV	r4, #0x1d\n\t"
        "\n"
    "L_div_4096_word_128_bit:\n\t"
        "LSLS	r6, r6, #1\n\t"
        "ADC	r7, r7, r7\n\t"
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "ADD	r3, r3, r3\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        "SUBS	r4, r4, #0x1\n\t"
        "bpl	L_div_4096_word_128_bit\n\t"
        "ADD	r3, r3, r3\n\t"
        "ADD	r3, r3, #0x1\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "SUBS	r8, %[div], r9\n\t"
        "SBC	r8, r8, r8\n\t"
        "SUB	%[d1], r3, r8\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#endif
/* Divide d in a and put remainder into r (m*d + r = a)
 * m is not calculated as it is not needed at this time.
 *
 * a  Number to be divided.
 * d  Number to divide with.
 * m  Multiplier result.
 * r  Remainder from the division.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_4096_div_128_cond(const sp_digit* a, const sp_digit* d,
        sp_digit* m, sp_digit* r)
{
    sp_digit t1[256], t2[129];
    sp_digit div, r1;
    int i;

    (void)m;

    div = d[127];
    XMEMCPY(t1, a, sizeof(*t1) * 2 * 128);
    for (i = 127; i > 0; i--) {
        if (t1[i + 128] != d[i])
            break;
    }
    if (t1[i + 128] >= d[i]) {
        sp_4096_sub_in_place_128(&t1[128], d);
    }
    for (i = 127; i >= 0; i--) {
        if (t1[128 + i] == div) {
            r1 = SP_DIGIT_MAX;
        }
        else {
            r1 = div_4096_word_128(t1[128 + i], t1[128 + i - 1], div);
        }

        sp_4096_mul_d_128(t2, d, r1);
        t1[128 + i] += sp_4096_sub_in_place_128(&t1[i], t2);
        t1[128 + i] -= t2[128];
        if (t1[128 + i] != 0) {
            t1[128 + i] += sp_4096_add_128(&t1[i], &t1[i], d);
            if (t1[128 + i] != 0)
                t1[128 + i] += sp_4096_add_128(&t1[i], &t1[i], d);
        }
    }

    for (i = 127; i > 0; i--) {
        if (t1[i] != d[i])
            break;
    }
    if (t1[i] >= d[i]) {
        sp_4096_sub_128(r, t1, d);
    }
    else {
        XMEMCPY(r, t1, sizeof(*t1) * 128);
    }

    return MP_OKAY;
}

/* Reduce a modulo m into r. (r = a mod m)
 *
 * r  A single precision number that is the reduced result.
 * a  A single precision number that is to be reduced.
 * m  A single precision number that is the modulus to reduce with.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_4096_mod_128_cond(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    return sp_4096_div_128_cond(a, m, NULL, r);
}

#if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH)
#if defined(WOLFSSL_HAVE_SP_DH) || !defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* AND m into each word of a and store in r.
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * m  Mask to AND against each digit.
 */
static void sp_4096_mask_128(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
    int i;

    for (i=0; i<128; i++) {
        r[i] = a[i] & m;
    }
#else
    int i;

    for (i = 0; i < 128; i += 8) {
        r[i+0] = a[i+0] & m;
        r[i+1] = a[i+1] & m;
        r[i+2] = a[i+2] & m;
        r[i+3] = a[i+3] & m;
        r[i+4] = a[i+4] & m;
        r[i+5] = a[i+5] & m;
        r[i+6] = a[i+6] & m;
        r[i+7] = a[i+7] & m;
    }
#endif
}

/* Compare a with b in constant time.
 *
 * a  A single precision integer.
 * b  A single precision integer.
 * return -ve, 0 or +ve if a is less than, equal to or greater than b
 * respectively.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register const sp_digit* a __asm__ ("r0") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r2, #0xffffffff\n\t"
        "MOV	r8, #0x1\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r3, #0xffffffff\n\t"
#ifdef WOLFSSL_SP_SMALL
        "MOV	r6, #0x1fc\n\t"
        "\n"
    "L_sp_4096_cmp_128_words:\n\t"
        "LDR	r4, [%[a], r6]\n\t"
        "LDR	r5, [%[b], r6]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "SUBS	r6, r6, #0x4\n\t"
        "bcs	L_sp_4096_cmp_128_words\n\t"
        "EOR	r2, r2, r3\n\t"
#else
        "LDR	r4, [%[a], #508]\n\t"
        "LDR	r5, [%[b], #508]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #504]\n\t"
        "LDR	r5, [%[b], #504]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #500]\n\t"
        "LDR	r5, [%[b], #500]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #496]\n\t"
        "LDR	r5, [%[b], #496]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #492]\n\t"
        "LDR	r5, [%[b], #492]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #488]\n\t"
        "LDR	r5, [%[b], #488]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #484]\n\t"
        "LDR	r5, [%[b], #484]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #480]\n\t"
        "LDR	r5, [%[b], #480]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #476]\n\t"
        "LDR	r5, [%[b], #476]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #472]\n\t"
        "LDR	r5, [%[b], #472]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #468]\n\t"
        "LDR	r5, [%[b], #468]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #464]\n\t"
        "LDR	r5, [%[b], #464]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #460]\n\t"
        "LDR	r5, [%[b], #460]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #456]\n\t"
        "LDR	r5, [%[b], #456]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #452]\n\t"
        "LDR	r5, [%[b], #452]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #448]\n\t"
        "LDR	r5, [%[b], #448]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #444]\n\t"
        "LDR	r5, [%[b], #444]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #440]\n\t"
        "LDR	r5, [%[b], #440]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #436]\n\t"
        "LDR	r5, [%[b], #436]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #432]\n\t"
        "LDR	r5, [%[b], #432]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #428]\n\t"
        "LDR	r5, [%[b], #428]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #424]\n\t"
        "LDR	r5, [%[b], #424]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #420]\n\t"
        "LDR	r5, [%[b], #420]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #416]\n\t"
        "LDR	r5, [%[b], #416]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #412]\n\t"
        "LDR	r5, [%[b], #412]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #408]\n\t"
        "LDR	r5, [%[b], #408]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #404]\n\t"
        "LDR	r5, [%[b], #404]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #400]\n\t"
        "LDR	r5, [%[b], #400]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #396]\n\t"
        "LDR	r5, [%[b], #396]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #392]\n\t"
        "LDR	r5, [%[b], #392]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #388]\n\t"
        "LDR	r5, [%[b], #388]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #384]\n\t"
        "LDR	r5, [%[b], #384]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #380]\n\t"
        "LDR	r5, [%[b], #380]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #376]\n\t"
        "LDR	r5, [%[b], #376]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #372]\n\t"
        "LDR	r5, [%[b], #372]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #368]\n\t"
        "LDR	r5, [%[b], #368]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #364]\n\t"
        "LDR	r5, [%[b], #364]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #360]\n\t"
        "LDR	r5, [%[b], #360]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #356]\n\t"
        "LDR	r5, [%[b], #356]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #352]\n\t"
        "LDR	r5, [%[b], #352]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #348]\n\t"
        "LDR	r5, [%[b], #348]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #344]\n\t"
        "LDR	r5, [%[b], #344]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #340]\n\t"
        "LDR	r5, [%[b], #340]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #336]\n\t"
        "LDR	r5, [%[b], #336]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #332]\n\t"
        "LDR	r5, [%[b], #332]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #328]\n\t"
        "LDR	r5, [%[b], #328]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #324]\n\t"
        "LDR	r5, [%[b], #324]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #320]\n\t"
        "LDR	r5, [%[b], #320]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #316]\n\t"
        "LDR	r5, [%[b], #316]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #312]\n\t"
        "LDR	r5, [%[b], #312]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #308]\n\t"
        "LDR	r5, [%[b], #308]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #304]\n\t"
        "LDR	r5, [%[b], #304]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #300]\n\t"
        "LDR	r5, [%[b], #300]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #296]\n\t"
        "LDR	r5, [%[b], #296]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #292]\n\t"
        "LDR	r5, [%[b], #292]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #288]\n\t"
        "LDR	r5, [%[b], #288]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #284]\n\t"
        "LDR	r5, [%[b], #284]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #280]\n\t"
        "LDR	r5, [%[b], #280]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #276]\n\t"
        "LDR	r5, [%[b], #276]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #272]\n\t"
        "LDR	r5, [%[b], #272]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #268]\n\t"
        "LDR	r5, [%[b], #268]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #264]\n\t"
        "LDR	r5, [%[b], #264]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #260]\n\t"
        "LDR	r5, [%[b], #260]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #256]\n\t"
        "LDR	r5, [%[b], #256]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #252]\n\t"
        "LDR	r5, [%[b], #252]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #248]\n\t"
        "LDR	r5, [%[b], #248]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #244]\n\t"
        "LDR	r5, [%[b], #244]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #240]\n\t"
        "LDR	r5, [%[b], #240]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #236]\n\t"
        "LDR	r5, [%[b], #236]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #232]\n\t"
        "LDR	r5, [%[b], #232]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #228]\n\t"
        "LDR	r5, [%[b], #228]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #224]\n\t"
        "LDR	r5, [%[b], #224]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #220]\n\t"
        "LDR	r5, [%[b], #220]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #216]\n\t"
        "LDR	r5, [%[b], #216]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #212]\n\t"
        "LDR	r5, [%[b], #212]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #208]\n\t"
        "LDR	r5, [%[b], #208]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #204]\n\t"
        "LDR	r5, [%[b], #204]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #200]\n\t"
        "LDR	r5, [%[b], #200]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #196]\n\t"
        "LDR	r5, [%[b], #196]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #192]\n\t"
        "LDR	r5, [%[b], #192]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #188]\n\t"
        "LDR	r5, [%[b], #188]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #184]\n\t"
        "LDR	r5, [%[b], #184]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #180]\n\t"
        "LDR	r5, [%[b], #180]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #176]\n\t"
        "LDR	r5, [%[b], #176]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #172]\n\t"
        "LDR	r5, [%[b], #172]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #168]\n\t"
        "LDR	r5, [%[b], #168]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #164]\n\t"
        "LDR	r5, [%[b], #164]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #160]\n\t"
        "LDR	r5, [%[b], #160]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #156]\n\t"
        "LDR	r5, [%[b], #156]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #152]\n\t"
        "LDR	r5, [%[b], #152]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #148]\n\t"
        "LDR	r5, [%[b], #148]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #144]\n\t"
        "LDR	r5, [%[b], #144]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #140]\n\t"
        "LDR	r5, [%[b], #140]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #136]\n\t"
        "LDR	r5, [%[b], #136]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #132]\n\t"
        "LDR	r5, [%[b], #132]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #128]\n\t"
        "LDR	r5, [%[b], #128]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #124]\n\t"
        "LDR	r5, [%[b], #124]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #120]\n\t"
        "LDR	r5, [%[b], #120]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #116]\n\t"
        "LDR	r5, [%[b], #116]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #112]\n\t"
        "LDR	r5, [%[b], #112]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #108]\n\t"
        "LDR	r5, [%[b], #108]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #104]\n\t"
        "LDR	r5, [%[b], #104]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #100]\n\t"
        "LDR	r5, [%[b], #100]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #96]\n\t"
        "LDR	r5, [%[b], #96]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #92]\n\t"
        "LDR	r5, [%[b], #92]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #88]\n\t"
        "LDR	r5, [%[b], #88]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #84]\n\t"
        "LDR	r5, [%[b], #84]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #80]\n\t"
        "LDR	r5, [%[b], #80]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #76]\n\t"
        "LDR	r5, [%[b], #76]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #72]\n\t"
        "LDR	r5, [%[b], #72]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #68]\n\t"
        "LDR	r5, [%[b], #68]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #64]\n\t"
        "LDR	r5, [%[b], #64]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #60]\n\t"
        "LDR	r5, [%[b], #60]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #56]\n\t"
        "LDR	r5, [%[b], #56]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #52]\n\t"
        "LDR	r5, [%[b], #52]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #48]\n\t"
        "LDR	r5, [%[b], #48]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #44]\n\t"
        "LDR	r5, [%[b], #44]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #40]\n\t"
        "LDR	r5, [%[b], #40]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #36]\n\t"
        "LDR	r5, [%[b], #36]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #32]\n\t"
        "LDR	r5, [%[b], #32]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #28]\n\t"
        "LDR	r5, [%[b], #28]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #24]\n\t"
        "LDR	r5, [%[b], #24]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #20]\n\t"
        "LDR	r5, [%[b], #20]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #16]\n\t"
        "LDR	r5, [%[b], #16]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #12]\n\t"
        "LDR	r5, [%[b], #12]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #8]\n\t"
        "LDR	r5, [%[b], #8]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #4]\n\t"
        "LDR	r5, [%[b], #4]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[b]]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "EOR	r2, r2, r3\n\t"
#endif /*WOLFSSL_SP_SMALL */
        "MOV	%[a], r2\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Divide d in a and put remainder into r (m*d + r = a)
 * m is not calculated as it is not needed at this time.
 *
 * a  Number to be divided.
 * d  Number to divide with.
 * m  Multiplier result.
 * r  Remainder from the division.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_4096_div_128(const sp_digit* a, const sp_digit* d,
        sp_digit* m, sp_digit* r)
{
    sp_digit t1[256], t2[129];
    sp_digit div, r1;
    int i;

    (void)m;

    div = d[127];
    XMEMCPY(t1, a, sizeof(*t1) * 2 * 128);
    r1 = sp_4096_cmp_128(&t1[128], d) >= 0;
    sp_4096_cond_sub_128(&t1[128], &t1[128], d, (sp_digit)0 - r1);
    for (i = 127; i >= 0; i--) {
        volatile sp_digit mask = (sp_digit)0 - (t1[128 + i] == div);
        sp_digit hi = t1[128 + i] + mask;
        r1 = div_4096_word_128(hi, t1[128 + i - 1], div);
        r1 |= mask;

        sp_4096_mul_d_128(t2, d, r1);
        t1[128 + i] += sp_4096_sub_in_place_128(&t1[i], t2);
        t1[128 + i] -= t2[128];
        sp_4096_mask_128(t2, d, t1[128 + i]);
        t1[128 + i] += sp_4096_add_128(&t1[i], &t1[i], t2);
        sp_4096_mask_128(t2, d, t1[128 + i]);
        t1[128 + i] += sp_4096_add_128(&t1[i], &t1[i], t2);
    }

    r1 = sp_4096_cmp_128(t1, d) >= 0;
    sp_4096_cond_sub_128(r, t1, d, (sp_digit)0 - r1);

    return MP_OKAY;
}

/* Reduce a modulo m into r. (r = a mod m)
 *
 * r  A single precision number that is the reduced result.
 * a  A single precision number that is to be reduced.
 * m  A single precision number that is the modulus to reduce with.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_4096_mod_128(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    return sp_4096_div_128(a, m, NULL, r);
}

#endif /* WOLFSSL_HAVE_SP_DH || !WOLFSSL_RSA_PUBLIC_ONLY */
#if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
                                                     defined(WOLFSSL_HAVE_SP_DH)
#ifdef WOLFSSL_SP_SMALL
/* Modular exponentiate a to the e mod m. (r = a^e mod m)
 *
 * r     A single precision number that is the result of the operation.
 * a     A single precision number being exponentiated.
 * e     A single precision number that is the exponent.
 * bits  The number of bits in the exponent.
 * m     A single precision number that is the modulus.
 * returns  0 on success.
 * returns  MEMORY_E on dynamic memory allocation failure.
 * returns  MP_VAL when base is even or exponent is 0.
 */
static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e,
        int bits, const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* td = NULL;
#else
    sp_digit td[8 * 256];
#endif
    sp_digit* t[8];
    sp_digit* norm = NULL;
    sp_digit mp = 1;
    sp_digit n;
    sp_digit mask;
    int i;
    int c;
    byte y;
    int err = MP_OKAY;

    if (bits == 0) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 256), NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        norm = td;
        for (i=0; i<8; i++) {
            t[i] = td + i * 256;
        }

        sp_4096_mont_setup(m, &mp);
        sp_4096_mont_norm_128(norm, m);

        XMEMSET(t[1], 0, sizeof(sp_digit) * 128U);
        if (reduceA != 0) {
            err = sp_4096_mod_128(t[1] + 128, a, m);
            if (err == MP_OKAY) {
                err = sp_4096_mod_128(t[1], t[1], m);
            }
        }
        else {
            XMEMCPY(t[1] + 128, a, sizeof(sp_digit) * 128);
            err = sp_4096_mod_128(t[1], t[1], m);
        }
    }

    if (err == MP_OKAY) {
        sp_4096_mont_sqr_128(t[ 2], t[ 1], m, mp);
        sp_4096_mont_mul_128(t[ 3], t[ 2], t[ 1], m, mp);
        sp_4096_mont_sqr_128(t[ 4], t[ 2], m, mp);
        sp_4096_mont_mul_128(t[ 5], t[ 3], t[ 2], m, mp);
        sp_4096_mont_sqr_128(t[ 6], t[ 3], m, mp);
        sp_4096_mont_mul_128(t[ 7], t[ 4], t[ 3], m, mp);

        i = (bits - 1) / 32;
        n = e[i--];
        c = bits & 31;
        if (c == 0) {
            c = 32;
        }
        c -= bits % 3;
        if (c == 32) {
            c = 29;
        }
        if (c < 0) {
            /* Number of bits in top word is less than number needed. */
            c = -c;
            y = (byte)(n << c);
            n = e[i--];
            y |= (byte)(n >> (64 - c));
            n <<= c;
            c = 64 - c;
        }
        else if (c == 0) {
            /* All bits in top word used. */
            y = (byte)n;
        }
        else {
            y = (byte)(n >> c);
            n <<= 32 - c;
        }
        XMEMCPY(r, t[y], sizeof(sp_digit) * 128);
        for (; i>=0 || c>=3; ) {
            if (c == 0) {
                n = e[i--];
                y = (byte)(n >> 29);
                n <<= 3;
                c = 29;
            }
            else if (c < 3) {
                y = (byte)(n >> 29);
                n = e[i--];
                c = 3 - c;
                y |= (byte)(n >> (32 - c));
                n <<= c;
                c = 32 - c;
            }
            else {
                y = (byte)((n >> 29) & 0x7);
                n <<= 3;
                c -= 3;
            }

            sp_4096_mont_sqr_128(r, r, m, mp);
            sp_4096_mont_sqr_128(r, r, m, mp);
            sp_4096_mont_sqr_128(r, r, m, mp);

            sp_4096_mont_mul_128(r, r, t[y], m, mp);
        }

        XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
        sp_4096_mont_reduce_128(r, m, mp);

        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
        sp_4096_cond_sub_128(r, r, m, mask);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (td != NULL)
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

    return err;
}
#else
/* Modular exponentiate a to the e mod m. (r = a^e mod m)
 *
 * r     A single precision number that is the result of the operation.
 * a     A single precision number being exponentiated.
 * e     A single precision number that is the exponent.
 * bits  The number of bits in the exponent.
 * m     A single precision number that is the modulus.
 * returns  0 on success.
 * returns  MEMORY_E on dynamic memory allocation failure.
 * returns  MP_VAL when base is even or exponent is 0.
 */
static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e,
        int bits, const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* td = NULL;
#else
    sp_digit td[16 * 256];
#endif
    sp_digit* t[16];
    sp_digit* norm = NULL;
    sp_digit mp = 1;
    sp_digit n;
    sp_digit mask;
    int i;
    int c;
    byte y;
    int err = MP_OKAY;

    if (bits == 0) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 256), NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        norm = td;
        for (i=0; i<16; i++) {
            t[i] = td + i * 256;
        }

        sp_4096_mont_setup(m, &mp);
        sp_4096_mont_norm_128(norm, m);

        XMEMSET(t[1], 0, sizeof(sp_digit) * 128U);
        if (reduceA != 0) {
            err = sp_4096_mod_128(t[1] + 128, a, m);
            if (err == MP_OKAY) {
                err = sp_4096_mod_128(t[1], t[1], m);
            }
        }
        else {
            XMEMCPY(t[1] + 128, a, sizeof(sp_digit) * 128);
            err = sp_4096_mod_128(t[1], t[1], m);
        }
    }

    if (err == MP_OKAY) {
        sp_4096_mont_sqr_128(t[ 2], t[ 1], m, mp);
        sp_4096_mont_mul_128(t[ 3], t[ 2], t[ 1], m, mp);
        sp_4096_mont_sqr_128(t[ 4], t[ 2], m, mp);
        sp_4096_mont_mul_128(t[ 5], t[ 3], t[ 2], m, mp);
        sp_4096_mont_sqr_128(t[ 6], t[ 3], m, mp);
        sp_4096_mont_mul_128(t[ 7], t[ 4], t[ 3], m, mp);
        sp_4096_mont_sqr_128(t[ 8], t[ 4], m, mp);
        sp_4096_mont_mul_128(t[ 9], t[ 5], t[ 4], m, mp);
        sp_4096_mont_sqr_128(t[10], t[ 5], m, mp);
        sp_4096_mont_mul_128(t[11], t[ 6], t[ 5], m, mp);
        sp_4096_mont_sqr_128(t[12], t[ 6], m, mp);
        sp_4096_mont_mul_128(t[13], t[ 7], t[ 6], m, mp);
        sp_4096_mont_sqr_128(t[14], t[ 7], m, mp);
        sp_4096_mont_mul_128(t[15], t[ 8], t[ 7], m, mp);

        i = (bits - 1) / 32;
        n = e[i--];
        c = bits & 31;
        if (c == 0) {
            c = 32;
        }
        c -= bits % 4;
        if (c == 32) {
            c = 28;
        }
        if (c < 0) {
            /* Number of bits in top word is less than number needed. */
            c = -c;
            y = (byte)(n << c);
            n = e[i--];
            y |= (byte)(n >> (64 - c));
            n <<= c;
            c = 64 - c;
        }
        else if (c == 0) {
            /* All bits in top word used. */
            y = (byte)n;
        }
        else {
            y = (byte)(n >> c);
            n <<= 32 - c;
        }
        XMEMCPY(r, t[y], sizeof(sp_digit) * 128);
        for (; i>=0 || c>=4; ) {
            if (c == 0) {
                n = e[i--];
                y = (byte)(n >> 28);
                n <<= 4;
                c = 28;
            }
            else if (c < 4) {
                y = (byte)(n >> 28);
                n = e[i--];
                c = 4 - c;
                y |= (byte)(n >> (32 - c));
                n <<= c;
                c = 32 - c;
            }
            else {
                y = (byte)((n >> 28) & 0xf);
                n <<= 4;
                c -= 4;
            }

            sp_4096_mont_sqr_128(r, r, m, mp);
            sp_4096_mont_sqr_128(r, r, m, mp);
            sp_4096_mont_sqr_128(r, r, m, mp);
            sp_4096_mont_sqr_128(r, r, m, mp);

            sp_4096_mont_mul_128(r, r, t[y], m, mp);
        }

        XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
        sp_4096_mont_reduce_128(r, m, mp);

        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
        sp_4096_cond_sub_128(r, r, m, mask);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (td != NULL)
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

    return err;
}
#endif /* WOLFSSL_SP_SMALL */
#endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || WOLFSSL_HAVE_SP_DH */

#endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || WOLFSSL_HAVE_SP_DH */
#ifdef WOLFSSL_HAVE_SP_RSA
/* RSA public key operation.
 *
 * in      Array of bytes representing the number to exponentiate, base.
 * inLen   Number of bytes in base.
 * em      Public exponent.
 * mm      Modulus.
 * out     Buffer to hold big-endian bytes of exponentiation result.
 *         Must be at least 512 bytes long.
 * outLen  Number of bytes in result.
 * returns 0 on success, MP_TO_E when the outLen is too small, MP_READ_E when
 * an array is too long and MEMORY_E when dynamic memory allocation fails.
 */
int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
    const mp_int* mm, byte* out, word32* outLen)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* a = NULL;
#else
    sp_digit a[128 * 5];
#endif
    sp_digit* m = NULL;
    sp_digit* r = NULL;
    sp_digit *ah = NULL;
    sp_digit e[1] = {0};
    int err = MP_OKAY;

    if (*outLen < 512) {
        err = MP_TO_E;
    }
    else if (mp_count_bits(em) > 32 || inLen > 512 ||
                                                     mp_count_bits(mm) != 4096) {
        err = MP_READ_E;
    }
    else if (mp_iseven(mm)) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 5, NULL,
                                                              DYNAMIC_TYPE_RSA);
        if (a == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        ah = a + 128;
        r = a + 128 * 2;
        m = r + 128 * 2;

        sp_4096_from_bin(ah, 128, in, inLen);
#if DIGIT_BIT >= 32
        e[0] = em->dp[0];
#else
        e[0] = em->dp[0];
        if (em->used > 1) {
            e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
        }
#endif
        if (e[0] == 0) {
            err = MP_EXPTMOD_E;
        }
    }
    if (err == MP_OKAY) {
        sp_4096_from_mp(m, 128, mm);

        if (e[0] == 0x10001) {
            int i;
            sp_digit mp;

            sp_4096_mont_setup(m, &mp);

            /* Convert to Montgomery form. */
            XMEMSET(a, 0, sizeof(sp_digit) * 128);
            err = sp_4096_mod_128_cond(r, a, m);
            /* Montgomery form: r = a.R mod m */

            if (err == MP_OKAY) {
                /* r = a ^ 0x10000 => r = a squared 16 times */
                for (i = 15; i >= 0; i--) {
                    sp_4096_mont_sqr_128(r, r, m, mp);
                }
                /* mont_red(r.R.R) = (r.R.R / R) mod m = r.R mod m
                 * mont_red(r.R * a) = (r.R.a / R) mod m = r.a mod m
                 */
                sp_4096_mont_mul_128(r, r, ah, m, mp);

                for (i = 127; i > 0; i--) {
                    if (r[i] != m[i]) {
                        break;
                    }
                }
                if (r[i] >= m[i]) {
                    sp_4096_sub_in_place_128(r, m);
                }
            }
        }
        else if (e[0] == 0x3) {
            if (err == MP_OKAY) {
                sp_4096_sqr_128(r, ah);
                err = sp_4096_mod_128_cond(r, r, m);
            }
            if (err == MP_OKAY) {
                sp_4096_mul_128(r, ah, r);
                err = sp_4096_mod_128_cond(r, r, m);
            }
        }
        else {
            int i;
            sp_digit mp;

            sp_4096_mont_setup(m, &mp);

            /* Convert to Montgomery form. */
            XMEMSET(a, 0, sizeof(sp_digit) * 128);
            err = sp_4096_mod_128_cond(a, a, m);

            if (err == MP_OKAY) {
                for (i = 31; i >= 0; i--) {
                    if (e[0] >> i) {
                        break;
                    }
                }

                XMEMCPY(r, a, sizeof(sp_digit) * 128);
                for (i--; i >= 0; i--) {
                    sp_4096_mont_sqr_128(r, r, m, mp);
                    if (((e[0] >> i) & 1) == 1) {
                        sp_4096_mont_mul_128(r, r, a, m, mp);
                    }
                }
                XMEMSET(&r[128], 0, sizeof(sp_digit) * 128);
                sp_4096_mont_reduce_128(r, m, mp);

                for (i = 127; i > 0; i--) {
                    if (r[i] != m[i]) {
                        break;
                    }
                }
                if (r[i] >= m[i]) {
                    sp_4096_sub_in_place_128(r, m);
                }
            }
        }
    }

    if (err == MP_OKAY) {
        sp_4096_to_bin_128(r, out);
        *outLen = 512;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (a != NULL)
        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif

    return err;
}

#ifndef WOLFSSL_RSA_PUBLIC_ONLY
#ifdef WOLFSSL_SP_SMALL
/* Conditionally add a and b using the mask m.
 * m is -1 to add and 0 when not.
 *
 * r  A single precision number representing conditional add result.
 * a  A single precision number to add with.
 * b  A single precision number to add.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r5, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "\n"
    "L_sp_4096_cond_add_64_words:\n\t"
        "ADDS	r5, r5, #0xffffffff\n\t"
        "LDR	r6, [%[a], r4]\n\t"
        "LDR	r7, [%[b], r4]\n\t"
        "AND	r7, r7, %[m]\n\t"
        "ADCS	r6, r6, r7\n\t"
        "ADC	r5, r8, r8\n\t"
        "STR	r6, [%[r], r4]\n\t"
        "ADD	r4, r4, #0x4\n\t"
        "CMP	r4, #0x100\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_4096_cond_add_64_words\n\t"
#else
        "BLT.N	L_sp_4096_cond_add_64_words\n\t"
#endif
        "MOV	%[r], r5\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Conditionally add a and b using the mask m.
 * m is -1 to add and 0 when not.
 *
 * r  A single precision number representing conditional add result.
 * a  A single precision number to add with.
 * b  A single precision number to add.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r10, #0x0\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADDS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "ADC	%[r], r10, r10\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
/* RSA private key operation.
 *
 * in      Array of bytes representing the number to exponentiate, base.
 * inLen   Number of bytes in base.
 * dm      Private exponent.
 * pm      First prime.
 * qm      Second prime.
 * dpm     First prime's CRT exponent.
 * dqm     Second prime's CRT exponent.
 * qim     Inverse of second prime mod p.
 * mm      Modulus.
 * out     Buffer to hold big-endian bytes of exponentiation result.
 *         Must be at least 512 bytes long.
 * outLen  Number of bytes in result.
 * returns 0 on success, MP_TO_E when the outLen is too small, MP_READ_E when
 * an array is too long and MEMORY_E when dynamic memory allocation fails.
 */
int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
    const mp_int* pm, const mp_int* qm, const mp_int* dpm, const mp_int* dqm,
    const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* d = NULL;
#else
    sp_digit  d[128 * 4];
#endif
    sp_digit* a = NULL;
    sp_digit* m = NULL;
    sp_digit* r = NULL;
    int err = MP_OKAY;

    (void)pm;
    (void)qm;
    (void)dpm;
    (void)dqm;
    (void)qim;

    if (*outLen < 512U) {
        err = MP_TO_E;
    }
    if (err == MP_OKAY) {
        if (mp_count_bits(dm) > 4096) {
           err = MP_READ_E;
        }
        else if (inLen > 512) {
            err = MP_READ_E;
        }
        else if (mp_count_bits(mm) != 4096) {
            err = MP_READ_E;
        }
        else if (mp_iseven(mm)) {
            err = MP_VAL;
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 4, NULL,
                                                              DYNAMIC_TYPE_RSA);
        if (d == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        a = d + 128;
        m = a + 256;
        r = a;

        sp_4096_from_bin(a, 128, in, inLen);
        sp_4096_from_mp(d, 128, dm);
        sp_4096_from_mp(m, 128, mm);
        err = sp_4096_mod_exp_128(r, a, d, 4096, m, 0);
    }

    if (err == MP_OKAY) {
        sp_4096_to_bin_128(r, out);
        *outLen = 512;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (d != NULL)
#endif
    {
        /* only "a" and "r" are sensitive and need zeroized (same pointer) */
        if (a != NULL)
            ForceZero(a, sizeof(sp_digit) * 128);
#ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
#endif
    }

    return err;
#else
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* a = NULL;
#else
    sp_digit a[64 * 11];
#endif
    sp_digit* p = NULL;
    sp_digit* q = NULL;
    sp_digit* dp = NULL;
    sp_digit* tmpa = NULL;
    sp_digit* tmpb = NULL;
    sp_digit* r = NULL;
    sp_digit* qi = NULL;
    sp_digit* dq = NULL;
    sp_digit c;
    int err = MP_OKAY;

    (void)dm;
    (void)mm;

    if (*outLen < 512) {
        err = MP_TO_E;
    }
    else if (inLen > 512 || mp_count_bits(mm) != 4096) {
        err = MP_READ_E;
    }
    else if (mp_iseven(mm)) {
        err = MP_VAL;
    }
    else if (mp_iseven(pm)) {
        err = MP_VAL;
    }
    else if (mp_iseven(qm)) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 11, NULL,
                                                              DYNAMIC_TYPE_RSA);
        if (a == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        p = a + 128 * 2;
        q = p + 64;
        qi = dq = dp = q + 64;
        tmpa = qi + 64;
        tmpb = tmpa + 128;
        r = a;

        sp_4096_from_bin(a, 128, in, inLen);
        sp_4096_from_mp(p, 64, pm);
        sp_4096_from_mp(q, 64, qm);
        sp_4096_from_mp(dp, 64, dpm);

        err = sp_2048_mod_exp_64(tmpa, a, dp, 2048, p, 1);
    }
    if (err == MP_OKAY) {
        sp_4096_from_mp(dq, 64, dqm);
        err = sp_2048_mod_exp_64(tmpb, a, dq, 2048, q, 1);
    }

    if (err == MP_OKAY) {
        c = sp_2048_sub_in_place_64(tmpa, tmpb);
        c += sp_4096_cond_add_64(tmpa, tmpa, p, c);
        sp_4096_cond_add_64(tmpa, tmpa, p, c);

        sp_2048_from_mp(qi, 64, qim);
        sp_2048_mul_64(tmpa, tmpa, qi);
        err = sp_2048_mod_64(tmpa, tmpa, p);
    }

    if (err == MP_OKAY) {
        sp_2048_mul_64(tmpa, q, tmpa);
        XMEMSET(&tmpb[64], 0, sizeof(sp_digit) * 64);
        sp_4096_add_128(r, tmpb, tmpa);

        sp_4096_to_bin_128(r, out);
        *outLen = 512;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (a != NULL)
#endif
    {
        ForceZero(a, sizeof(sp_digit) * 64 * 11);
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
    #endif
    }
#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
    return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
#endif /* WOLFSSL_HAVE_SP_RSA */
#if defined(WOLFSSL_HAVE_SP_DH) || (defined(WOLFSSL_HAVE_SP_RSA) && \
                                              !defined(WOLFSSL_RSA_PUBLIC_ONLY))
/* Convert an array of sp_digit to an mp_int.
 *
 * a  A single precision integer.
 * r  A multi-precision integer.
 */
static int sp_4096_to_mp(const sp_digit* a, mp_int* r)
{
    int err;

    err = mp_grow(r, (4096 + DIGIT_BIT - 1) / DIGIT_BIT);
    if (err == MP_OKAY) { /*lint !e774 case where err is always MP_OKAY*/
#if DIGIT_BIT == 32
        XMEMCPY(r->dp, a, sizeof(sp_digit) * 128);
        r->used = 128;
        mp_clamp(r);
#elif DIGIT_BIT < 32
        int i;
        int j = 0;
        int s = 0;

        r->dp[0] = 0;
        for (i = 0; i < 128; i++) {
            r->dp[j] |= (mp_digit)(a[i] << s);
            r->dp[j] &= ((sp_digit)1 << DIGIT_BIT) - 1;
            s = DIGIT_BIT - s;
            r->dp[++j] = (mp_digit)(a[i] >> s);
            while (s + DIGIT_BIT <= 32) {
                s += DIGIT_BIT;
                r->dp[j++] &= ((sp_digit)1 << DIGIT_BIT) - 1;
                if (s == SP_WORD_SIZE) {
                    r->dp[j] = 0;
                }
                else {
                    r->dp[j] = (mp_digit)(a[i] >> s);
                }
            }
            s = 32 - s;
        }
        r->used = (4096 + DIGIT_BIT - 1) / DIGIT_BIT;
        mp_clamp(r);
#else
        int i;
        int j = 0;
        int s = 0;

        r->dp[0] = 0;
        for (i = 0; i < 128; i++) {
            r->dp[j] |= ((mp_digit)a[i]) << s;
            if (s + 32 >= DIGIT_BIT) {
    #if DIGIT_BIT != 32 && DIGIT_BIT != 64
                r->dp[j] &= ((sp_digit)1 << DIGIT_BIT) - 1;
    #endif
                s = DIGIT_BIT - s;
                r->dp[++j] = a[i] >> s;
                s = 32 - s;
            }
            else {
                s += 32;
            }
        }
        r->used = (4096 + DIGIT_BIT - 1) / DIGIT_BIT;
        mp_clamp(r);
#endif
    }

    return err;
}

/* Perform the modular exponentiation for Diffie-Hellman.
 *
 * base  Base. MP integer.
 * exp   Exponent. MP integer.
 * mod   Modulus. MP integer.
 * res   Result. MP integer.
 * returns 0 on success, MP_READ_E if there are too many bytes in an array
 * and MEMORY_E if memory allocation fails.
 */
int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod,
    mp_int* res)
{
    int err = MP_OKAY;
    sp_digit b[256];
    sp_digit e[128];
    sp_digit m[128];
    sp_digit* r = b;
    int expBits = mp_count_bits(exp);

    if (mp_count_bits(base) > 4096) {
        err = MP_READ_E;
    }
    else if (expBits > 4096) {
        err = MP_READ_E;
    }
    else if (mp_count_bits(mod) != 4096) {
        err = MP_READ_E;
    }
    else if (mp_iseven(mod)) {
        err = MP_VAL;
    }

    if (err == MP_OKAY) {
        sp_4096_from_mp(b, 128, base);
        sp_4096_from_mp(e, 128, exp);
        sp_4096_from_mp(m, 128, mod);

        err = sp_4096_mod_exp_128(r, b, e, expBits, m, 0);
    }

    if (err == MP_OKAY) {
        err = sp_4096_to_mp(r, res);
    }

    XMEMSET(e, 0, sizeof(e));

    return err;
}

#ifdef WOLFSSL_HAVE_SP_DH

#ifdef HAVE_FFDHE_4096
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_4096_lshift_128(sp_digit* r_p, const sp_digit* a_p, byte n_p)
#else
static void sp_4096_lshift_128(sp_digit* r, const sp_digit* a, byte n)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register byte n __asm__ ("r2") = (byte)n_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "RSB	r7, %[n], #0x1f\n\t"
        "LDR	r5, [%[a], #508]\n\t"
        "LSR	r6, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r6, r6, r7\n\t"
        "LDR	r4, [%[a], #504]\n\t"
        "STR	r6, [%[r], #512]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #500]\n\t"
        "STR	r5, [%[r], #508]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #496]\n\t"
        "STR	r4, [%[r], #504]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #492]\n\t"
        "STR	r6, [%[r], #500]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #488]\n\t"
        "STR	r5, [%[r], #496]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #484]\n\t"
        "STR	r4, [%[r], #492]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #480]\n\t"
        "STR	r6, [%[r], #488]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #476]\n\t"
        "STR	r5, [%[r], #484]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #472]\n\t"
        "STR	r4, [%[r], #480]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #468]\n\t"
        "STR	r6, [%[r], #476]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #464]\n\t"
        "STR	r5, [%[r], #472]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #460]\n\t"
        "STR	r4, [%[r], #468]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #456]\n\t"
        "STR	r6, [%[r], #464]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #452]\n\t"
        "STR	r5, [%[r], #460]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #448]\n\t"
        "STR	r4, [%[r], #456]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #444]\n\t"
        "STR	r6, [%[r], #452]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #440]\n\t"
        "STR	r5, [%[r], #448]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #436]\n\t"
        "STR	r4, [%[r], #444]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #432]\n\t"
        "STR	r6, [%[r], #440]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #428]\n\t"
        "STR	r5, [%[r], #436]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #424]\n\t"
        "STR	r4, [%[r], #432]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #420]\n\t"
        "STR	r6, [%[r], #428]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #416]\n\t"
        "STR	r5, [%[r], #424]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #412]\n\t"
        "STR	r4, [%[r], #420]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #408]\n\t"
        "STR	r6, [%[r], #416]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #404]\n\t"
        "STR	r5, [%[r], #412]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #400]\n\t"
        "STR	r4, [%[r], #408]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #396]\n\t"
        "STR	r6, [%[r], #404]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #392]\n\t"
        "STR	r5, [%[r], #400]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #388]\n\t"
        "STR	r4, [%[r], #396]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #384]\n\t"
        "STR	r6, [%[r], #392]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #380]\n\t"
        "STR	r5, [%[r], #388]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #376]\n\t"
        "STR	r4, [%[r], #384]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #372]\n\t"
        "STR	r6, [%[r], #380]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #368]\n\t"
        "STR	r5, [%[r], #376]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #364]\n\t"
        "STR	r4, [%[r], #372]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #360]\n\t"
        "STR	r6, [%[r], #368]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #356]\n\t"
        "STR	r5, [%[r], #364]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #352]\n\t"
        "STR	r4, [%[r], #360]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #348]\n\t"
        "STR	r6, [%[r], #356]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #344]\n\t"
        "STR	r5, [%[r], #352]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #340]\n\t"
        "STR	r4, [%[r], #348]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #336]\n\t"
        "STR	r6, [%[r], #344]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #332]\n\t"
        "STR	r5, [%[r], #340]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #328]\n\t"
        "STR	r4, [%[r], #336]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #324]\n\t"
        "STR	r6, [%[r], #332]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #320]\n\t"
        "STR	r5, [%[r], #328]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #316]\n\t"
        "STR	r4, [%[r], #324]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #312]\n\t"
        "STR	r6, [%[r], #320]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #308]\n\t"
        "STR	r5, [%[r], #316]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #304]\n\t"
        "STR	r4, [%[r], #312]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #300]\n\t"
        "STR	r6, [%[r], #308]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #296]\n\t"
        "STR	r5, [%[r], #304]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #292]\n\t"
        "STR	r4, [%[r], #300]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #288]\n\t"
        "STR	r6, [%[r], #296]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #284]\n\t"
        "STR	r5, [%[r], #292]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #280]\n\t"
        "STR	r4, [%[r], #288]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #276]\n\t"
        "STR	r6, [%[r], #284]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #272]\n\t"
        "STR	r5, [%[r], #280]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #268]\n\t"
        "STR	r4, [%[r], #276]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #264]\n\t"
        "STR	r6, [%[r], #272]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #260]\n\t"
        "STR	r5, [%[r], #268]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #256]\n\t"
        "STR	r4, [%[r], #264]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #252]\n\t"
        "STR	r6, [%[r], #260]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #248]\n\t"
        "STR	r5, [%[r], #256]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #244]\n\t"
        "STR	r4, [%[r], #252]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #240]\n\t"
        "STR	r6, [%[r], #248]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #236]\n\t"
        "STR	r5, [%[r], #244]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #232]\n\t"
        "STR	r4, [%[r], #240]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #228]\n\t"
        "STR	r6, [%[r], #236]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #224]\n\t"
        "STR	r5, [%[r], #232]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #220]\n\t"
        "STR	r4, [%[r], #228]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #216]\n\t"
        "STR	r6, [%[r], #224]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #212]\n\t"
        "STR	r5, [%[r], #220]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #208]\n\t"
        "STR	r4, [%[r], #216]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #204]\n\t"
        "STR	r6, [%[r], #212]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #200]\n\t"
        "STR	r5, [%[r], #208]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #196]\n\t"
        "STR	r4, [%[r], #204]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #192]\n\t"
        "STR	r6, [%[r], #200]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #188]\n\t"
        "STR	r5, [%[r], #196]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #184]\n\t"
        "STR	r4, [%[r], #192]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #180]\n\t"
        "STR	r6, [%[r], #188]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #176]\n\t"
        "STR	r5, [%[r], #184]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #172]\n\t"
        "STR	r4, [%[r], #180]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #168]\n\t"
        "STR	r6, [%[r], #176]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #164]\n\t"
        "STR	r5, [%[r], #172]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #160]\n\t"
        "STR	r4, [%[r], #168]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #156]\n\t"
        "STR	r6, [%[r], #164]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #152]\n\t"
        "STR	r5, [%[r], #160]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #148]\n\t"
        "STR	r4, [%[r], #156]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #144]\n\t"
        "STR	r6, [%[r], #152]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #140]\n\t"
        "STR	r5, [%[r], #148]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #136]\n\t"
        "STR	r4, [%[r], #144]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #132]\n\t"
        "STR	r6, [%[r], #140]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #128]\n\t"
        "STR	r5, [%[r], #136]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #124]\n\t"
        "STR	r4, [%[r], #132]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #120]\n\t"
        "STR	r6, [%[r], #128]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #116]\n\t"
        "STR	r5, [%[r], #124]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #112]\n\t"
        "STR	r4, [%[r], #120]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #108]\n\t"
        "STR	r6, [%[r], #116]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #104]\n\t"
        "STR	r5, [%[r], #112]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #100]\n\t"
        "STR	r4, [%[r], #108]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #96]\n\t"
        "STR	r6, [%[r], #104]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #92]\n\t"
        "STR	r5, [%[r], #100]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #88]\n\t"
        "STR	r4, [%[r], #96]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #84]\n\t"
        "STR	r6, [%[r], #92]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #80]\n\t"
        "STR	r5, [%[r], #88]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #76]\n\t"
        "STR	r4, [%[r], #84]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #72]\n\t"
        "STR	r6, [%[r], #80]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #68]\n\t"
        "STR	r5, [%[r], #76]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #64]\n\t"
        "STR	r4, [%[r], #72]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #60]\n\t"
        "STR	r6, [%[r], #68]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #56]\n\t"
        "STR	r5, [%[r], #64]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #52]\n\t"
        "STR	r4, [%[r], #60]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #48]\n\t"
        "STR	r6, [%[r], #56]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #44]\n\t"
        "STR	r5, [%[r], #52]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #40]\n\t"
        "STR	r4, [%[r], #48]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #36]\n\t"
        "STR	r6, [%[r], #44]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #32]\n\t"
        "STR	r5, [%[r], #40]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #28]\n\t"
        "STR	r4, [%[r], #36]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #24]\n\t"
        "STR	r6, [%[r], #32]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #20]\n\t"
        "STR	r5, [%[r], #28]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #16]\n\t"
        "STR	r4, [%[r], #24]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #12]\n\t"
        "STR	r6, [%[r], #20]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #8]\n\t"
        "STR	r5, [%[r], #16]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #4]\n\t"
        "STR	r4, [%[r], #12]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a]]\n\t"
        "STR	r6, [%[r], #8]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "STR	r4, [%[r]]\n\t"
        "STR	r5, [%[r], #4]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
        :
        : "memory", "r4", "r5", "r6", "r3", "r7", "cc"
    );
}

/* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
 *
 * r     A single precision number that is the result of the operation.
 * e     A single precision number that is the exponent.
 * bits  The number of bits in the exponent.
 * m     A single precision number that is the modulus.
 * returns  0 on success.
 * returns  MEMORY_E on dynamic memory allocation failure.
 * returns  MP_VAL when base is even.
 */
static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
        const sp_digit* m)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* td = NULL;
#else
    sp_digit td[385];
#endif
    sp_digit* norm = NULL;
    sp_digit* tmp = NULL;
    sp_digit mp = 1;
    sp_digit n;
    sp_digit o;
    sp_digit mask;
    int i;
    int c;
    byte y;
    int err = MP_OKAY;

    if (bits == 0) {
        err = MP_VAL;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 385, NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        norm = td;
        tmp = td + 256;

        sp_4096_mont_setup(m, &mp);
        sp_4096_mont_norm_128(norm, m);

        i = (bits - 1) / 32;
        n = e[i--];
        c = bits & 31;
        if (c == 0) {
            c = 32;
        }
        c -= bits % 5;
        if (c == 32) {
            c = 27;
        }
        if (c < 0) {
            /* Number of bits in top word is less than number needed. */
            c = -c;
            y = (byte)(n << c);
            n = e[i--];
            y |= (byte)(n >> (64 - c));
            n <<= c;
            c = 64 - c;
        }
        else if (c == 0) {
            /* All bits in top word used. */
            y = (byte)n;
        }
        else {
            y = (byte)(n >> c);
            n <<= 32 - c;
        }
        sp_4096_lshift_128(r, norm, y);
        for (; i>=0 || c>=5; ) {
            if (c == 0) {
                n = e[i--];
                y = (byte)(n >> 27);
                n <<= 5;
                c = 27;
            }
            else if (c < 5) {
                y = (byte)(n >> 27);
                n = e[i--];
                c = 5 - c;
                y |= (byte)(n >> (32 - c));
                n <<= c;
                c = 32 - c;
            }
            else {
                y = (byte)((n >> 27) & 0x1f);
                n <<= 5;
                c -= 5;
            }

            sp_4096_mont_sqr_128(r, r, m, mp);
            sp_4096_mont_sqr_128(r, r, m, mp);
            sp_4096_mont_sqr_128(r, r, m, mp);
            sp_4096_mont_sqr_128(r, r, m, mp);
            sp_4096_mont_sqr_128(r, r, m, mp);

            sp_4096_lshift_128(r, r, y);
            sp_4096_mul_d_128(tmp, norm, r[128]);
            r[128] = 0;
            o = sp_4096_add_128(r, r, tmp);
            sp_4096_cond_sub_128(r, r, m, (sp_digit)0 - o);
        }

        XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
        sp_4096_mont_reduce_128(r, m, mp);

        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
        sp_4096_cond_sub_128(r, r, m, mask);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (td != NULL)
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

    return err;
}
#endif /* HAVE_FFDHE_4096 */

/* Perform the modular exponentiation for Diffie-Hellman.
 *
 * base     Base.
 * exp      Array of bytes that is the exponent.
 * expLen   Length of data, in bytes, in exponent.
 * mod      Modulus.
 * out      Buffer to hold big-endian bytes of exponentiation result.
 *          Must be at least 512 bytes long.
 * outLen   Length, in bytes, of exponentiation result.
 * returns 0 on success, MP_READ_E if there are too many bytes in an array
 * and MEMORY_E if memory allocation fails.
 */
int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
    const mp_int* mod, byte* out, word32* outLen)
{
    int err = MP_OKAY;
    sp_digit b[256];
    sp_digit e[128];
    sp_digit m[128];
    sp_digit* r = b;
    word32 i;

    if (mp_count_bits(base) > 4096) {
        err = MP_READ_E;
    }
    else if (expLen > 512) {
        err = MP_READ_E;
    }
    else if (mp_count_bits(mod) != 4096) {
        err = MP_READ_E;
    }
    else if (mp_iseven(mod)) {
        err = MP_VAL;
    }

    if (err == MP_OKAY) {
        sp_4096_from_mp(b, 128, base);
        sp_4096_from_bin(e, 128, exp, expLen);
        sp_4096_from_mp(m, 128, mod);

    #ifdef HAVE_FFDHE_4096
        if (base->used == 1 && base->dp[0] == 2 && m[127] == (sp_digit)-1)
            err = sp_4096_mod_exp_2_128(r, e, expLen * 8, m);
        else
    #endif
            err = sp_4096_mod_exp_128(r, b, e, expLen * 8, m, 0);

    }

    if (err == MP_OKAY) {
        sp_4096_to_bin_128(r, out);
        *outLen = 512;
        for (i=0; i<512 && out[i] == 0; i++) {
            /* Search for first non-zero. */
        }
        *outLen -= i;
        XMEMMOVE(out, out + i, *outLen);

    }

    XMEMSET(e, 0, sizeof(e));

    return err;
}
#endif /* WOLFSSL_HAVE_SP_DH */

#endif /* WOLFSSL_HAVE_SP_DH | (WOLFSSL_HAVE_SP_RSA & !WOLFSSL_RSA_PUBLIC_ONLY) */

#endif /* WOLFSSL_SP_4096 */

#endif /* WOLFSSL_HAVE_SP_RSA | WOLFSSL_HAVE_SP_DH */
#ifdef WOLFSSL_HAVE_SP_ECC
#ifndef WOLFSSL_SP_NO_256

/* Point structure to use. */
typedef struct sp_point_256 {
    /* X ordinate of point. */
    sp_digit x[2 * 8];
    /* Y ordinate of point. */
    sp_digit y[2 * 8];
    /* Z ordinate of point. */
    sp_digit z[2 * 8];
    /* Indicates point is at infinity. */
    int infinity;
} sp_point_256;

/* The modulus (prime) of the curve P256. */
static const sp_digit p256_mod[8] = {
    0xffffffff,0xffffffff,0xffffffff,0x00000000,0x00000000,0x00000000,
    0x00000001,0xffffffff
};
/* The Montgomery normalizer for modulus of the curve P256. */
static const sp_digit p256_norm_mod[8] = {
    0x00000001,0x00000000,0x00000000,0xffffffff,0xffffffff,0xffffffff,
    0xfffffffe,0x00000000
};
/* The Montgomery multiplier for modulus of the curve P256. */
static const sp_digit p256_mp_mod = 0x00000001;
#if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \
                                            defined(HAVE_ECC_VERIFY)
/* The order of the curve P256. */
static const sp_digit p256_order[8] = {
    0xfc632551,0xf3b9cac2,0xa7179e84,0xbce6faad,0xffffffff,0xffffffff,
    0x00000000,0xffffffff
};
#endif
/* The order of the curve P256 minus 2. */
static const sp_digit p256_order2[8] = {
    0xfc63254f,0xf3b9cac2,0xa7179e84,0xbce6faad,0xffffffff,0xffffffff,
    0x00000000,0xffffffff
};
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
/* The Montgomery normalizer for order of the curve P256. */
static const sp_digit p256_norm_order[8] = {
    0x039cdaaf,0x0c46353d,0x58e8617b,0x43190552,0x00000000,0x00000000,
    0xffffffff,0x00000000
};
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
/* The Montgomery multiplier for order of the curve P256. */
static const sp_digit p256_mp_order = 0xee00bc4f;
#endif
/* The base point of curve P256. */
static const sp_point_256 p256_base = {
    /* X ordinate */
    {
        0xd898c296,0xf4a13945,0x2deb33a0,0x77037d81,0x63a440f2,0xf8bce6e5,
        0xe12c4247,0x6b17d1f2,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0
    },
    /* Y ordinate */
    {
        0x37bf51f5,0xcbb64068,0x6b315ece,0x2bce3357,0x7c0f9e16,0x8ee7eb4a,
        0xfe1a7f9b,0x4fe342e2,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0
    },
    /* Z ordinate */
    {
        0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
        0x00000000,0x00000000,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0
    },
    /* infinity */
    0
};
#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY)
static const sp_digit p256_b[8] = {
    0x27d2604b,0x3bce3c3e,0xcc53b0f6,0x651d06b0,0x769886bc,0xb3ebbd55,
    0xaa3a93e7,0x5ac635d8
};
#endif

#ifdef WOLFSSL_SP_SMALL
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x40\n\t"
        "LDR	lr, [%[a]]\n\t"
        "LDR	r11, [%[b]]\n\t"
        "UMULL	r8, r6, lr, r11\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_256_mul_8_outer:\n\t"
        "SUBS	r3, r5, #0x1c\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_256_mul_8_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "LDR	lr, [%[a], r4]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_256_mul_8_inner_done\n\t"
#else
        "BGT.N	L_sp_256_mul_8_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_256_mul_8_inner\n\t"
#else
        "BLT.N	L_sp_256_mul_8_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_256_mul_8_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x34\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_256_mul_8_outer\n\t"
#else
        "BLE.N	L_sp_256_mul_8_outer\n\t"
#endif
        "LDR	lr, [%[a], #28]\n\t"
        "LDR	r11, [%[b], #28]\n\t"
        "UMLAL	r6, r7, lr, r11\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "\n"
    "L_sp_256_mul_8_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_256_mul_8_store\n\t"
#else
        "BGT.N	L_sp_256_mul_8_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

#else
#ifdef WOLFSSL_SP_NO_UMAAL
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x24\n\t"
        "STR	%[r], [sp, #32]\n\t"
        "MOV	%[r], #0x0\n\t"
        "LDR	r12, [%[a]]\n\t"
        /* A[0] * B[0] */
        "LDR	lr, [%[b]]\n\t"
        "UMULL	r3, r4, r12, lr\n\t"
        /* A[0] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "UMULL	r5, r6, r12, lr\n\t"
        /* A[0] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "UMULL	r7, r8, r12, lr\n\t"
        /* A[0] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "UMULL	r9, r10, r12, lr\n\t"
        "STR	r3, [sp]\n\t"
        /* A[0] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "MOV	r11, %[r]\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[0] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADCS	r6, r6, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[0] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADCS	r8, r8, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[0] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADCS	r10, r10, #0x0\n\t"
        "ADC	r3, %[r], #0x0\n\t"
        "UMLAL	r10, r3, r12, lr\n\t"
        /* A[1] * B[0] */
        "LDR	r12, [%[a], #4]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "STR	r4, [sp, #4]\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[1] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[1] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[1] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[1] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[1] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[1] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[1] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r4, %[r], #0x0\n\t"
        "UMLAL	r3, r4, r12, lr\n\t"
        /* A[2] * B[0] */
        "LDR	r12, [%[a], #8]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "STR	r5, [sp, #8]\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[2] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[2] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[2] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[2] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[2] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[2] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[2] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r5, %[r], #0x0\n\t"
        "UMLAL	r4, r5, r12, lr\n\t"
        /* A[3] * B[0] */
        "LDR	r12, [%[a], #12]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "STR	r6, [sp, #12]\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[3] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[3] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[3] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[3] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[3] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[3] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[3] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r6, %[r], #0x0\n\t"
        "UMLAL	r5, r6, r12, lr\n\t"
        /* A[4] * B[0] */
        "LDR	r12, [%[a], #16]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "STR	r7, [sp, #16]\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[4] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[4] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[4] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[4] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[4] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[4] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[4] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r7, %[r], #0x0\n\t"
        "UMLAL	r6, r7, r12, lr\n\t"
        /* A[5] * B[0] */
        "LDR	r12, [%[a], #20]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "STR	r8, [sp, #20]\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[5] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[5] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[5] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[5] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[5] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[5] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[5] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r8, %[r], #0x0\n\t"
        "UMLAL	r7, r8, r12, lr\n\t"
        /* A[6] * B[0] */
        "LDR	r12, [%[a], #24]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "STR	r9, [sp, #24]\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[6] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[6] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[6] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[6] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[6] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[6] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[6] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r9, %[r], #0x0\n\t"
        "UMLAL	r8, r9, r12, lr\n\t"
        /* A[7] * B[0] */
        "LDR	r12, [%[a], #28]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "STR	r10, [sp, #28]\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[7] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[7] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[7] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[7] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[7] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[7] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[7] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r10, %[r], #0x0\n\t"
        "UMLAL	r9, r10, r12, lr\n\t"
        "LDR	%[r], [sp, #32]\n\t"
        "ADD	%[r], %[r], #0x20\n\t"
        "STM	%[r], {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "LDM	sp, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "SUB	%[r], %[r], #0x20\n\t"
        "STM	%[r], {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "ADD	sp, sp, #0x24\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
}

#else
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x2c\n\t"
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
        "STRD	%[r], %[a], [sp, #36]\n\t"
#else
        "STR	%[r], [sp, #36]\n\t"
        "STR	%[a], [sp, #40]\n\t"
#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
        "MOV	lr, %[b]\n\t"
        "LDM	%[a], {r0, r1, r2, r3}\n\t"
        "LDM	lr!, {r4, r5, r6}\n\t"
        "UMULL	r10, r11, r0, r4\n\t"
        "UMULL	r12, r7, r1, r4\n\t"
        "UMAAL	r11, r12, r0, r5\n\t"
        "UMULL	r8, r9, r2, r4\n\t"
        "UMAAL	r12, r8, r1, r5\n\t"
        "UMAAL	r12, r7, r0, r6\n\t"
        "UMAAL	r8, r9, r3, r4\n\t"
        "STM	sp, {r10, r11, r12}\n\t"
        "UMAAL	r7, r8, r2, r5\n\t"
        "LDM	lr!, {r4}\n\t"
        "UMULL	r10, r11, r1, r6\n\t"
        "UMAAL	r8, r9, r2, r6\n\t"
        "UMAAL	r7, r10, r0, r4\n\t"
        "UMAAL	r8, r11, r3, r5\n\t"
        "STR	r7, [sp, #12]\n\t"
        "UMAAL	r8, r10, r1, r4\n\t"
        "UMAAL	r9, r11, r3, r6\n\t"
        "UMAAL	r9, r10, r2, r4\n\t"
        "UMAAL	r10, r11, r3, r4\n\t"
        "LDM	lr, {r4, r5, r6, r7}\n\t"
        "MOV	r12, #0x0\n\t"
        "UMLAL	r8, r12, r0, r4\n\t"
        "UMAAL	r9, r12, r1, r4\n\t"
        "UMAAL	r10, r12, r2, r4\n\t"
        "UMAAL	r11, r12, r3, r4\n\t"
        "MOV	r4, #0x0\n\t"
        "UMLAL	r9, r4, r0, r5\n\t"
        "UMAAL	r10, r4, r1, r5\n\t"
        "UMAAL	r11, r4, r2, r5\n\t"
        "UMAAL	r12, r4, r3, r5\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r0, r6\n\t"
        "UMAAL	r11, r5, r1, r6\n\t"
        "UMAAL	r12, r5, r2, r6\n\t"
        "UMAAL	r4, r5, r3, r6\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r11, r6, r0, r7\n\t"
        "LDR	r0, [sp, #40]\n\t"
        "UMAAL	r12, r6, r1, r7\n\t"
        "ADD	r0, r0, #0x10\n\t"
        "UMAAL	r4, r6, r2, r7\n\t"
        "SUB	lr, lr, #0x10\n\t"
        "UMAAL	r5, r6, r3, r7\n\t"
        "LDM	r0, {r0, r1, r2, r3}\n\t"
        "STR	r6, [sp, #32]\n\t"
        "LDM	lr!, {r6}\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r8, r7, r0, r6\n\t"
        "UMAAL	r9, r7, r1, r6\n\t"
        "STR	r8, [sp, #16]\n\t"
        "UMAAL	r10, r7, r2, r6\n\t"
        "UMAAL	r11, r7, r3, r6\n\t"
        "LDM	lr!, {r6}\n\t"
        "MOV	r8, #0x0\n\t"
        "UMLAL	r9, r8, r0, r6\n\t"
        "UMAAL	r10, r8, r1, r6\n\t"
        "STR	r9, [sp, #20]\n\t"
        "UMAAL	r11, r8, r2, r6\n\t"
        "UMAAL	r12, r8, r3, r6\n\t"
        "LDM	lr!, {r6}\n\t"
        "MOV	r9, #0x0\n\t"
        "UMLAL	r10, r9, r0, r6\n\t"
        "UMAAL	r11, r9, r1, r6\n\t"
        "STR	r10, [sp, #24]\n\t"
        "UMAAL	r12, r9, r2, r6\n\t"
        "UMAAL	r4, r9, r3, r6\n\t"
        "LDM	lr!, {r6}\n\t"
        "MOV	r10, #0x0\n\t"
        "UMLAL	r11, r10, r0, r6\n\t"
        "UMAAL	r12, r10, r1, r6\n\t"
        "STR	r11, [sp, #28]\n\t"
        "UMAAL	r4, r10, r2, r6\n\t"
        "UMAAL	r5, r10, r3, r6\n\t"
        "LDM	lr!, {r11}\n\t"
        "UMAAL	r12, r7, r0, r11\n\t"
        "UMAAL	r4, r7, r1, r11\n\t"
        "LDR	r6, [sp, #32]\n\t"
        "UMAAL	r5, r7, r2, r11\n\t"
        "UMAAL	r6, r7, r3, r11\n\t"
        "LDM	lr!, {r11}\n\t"
        "UMAAL	r4, r8, r0, r11\n\t"
        "UMAAL	r5, r8, r1, r11\n\t"
        "UMAAL	r6, r8, r2, r11\n\t"
        "UMAAL	r7, r8, r3, r11\n\t"
        "LDM	lr, {r11, lr}\n\t"
        "UMAAL	r5, r9, r0, r11\n\t"
        "UMAAL	r6, r10, r0, lr\n\t"
        "UMAAL	r6, r9, r1, r11\n\t"
        "UMAAL	r7, r10, r1, lr\n\t"
        "UMAAL	r7, r9, r2, r11\n\t"
        "UMAAL	r8, r10, r2, lr\n\t"
        "UMAAL	r8, r9, r3, r11\n\t"
        "UMAAL	r9, r10, r3, lr\n\t"
        "MOV	r3, r12\n\t"
        "LDR	lr, [sp, #36]\n\t"
        "ADD	lr, lr, #0x20\n\t"
        "STM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "SUB	lr, lr, #0x20\n\t"
        "LDM	sp, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "STM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "ADD	sp, sp, #0x2c\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc"
    );
}

#endif /* WOLFSSL_SP_NO_UMAAL */
#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x40\n\t"
        "LDR	lr, [%[a]]\n\t"
        "UMULL	r8, r6, lr, lr\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_256_sqr_8_outer:\n\t"
        "SUBS	r3, r5, #0x1c\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_256_sqr_8_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[a], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_256_sqr_8_inner_done\n\t"
#else
        "BGT.N	L_sp_256_sqr_8_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_256_sqr_8_inner\n\t"
#else
        "BLT.N	L_sp_256_sqr_8_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "UMULL	r9, r10, lr, lr\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_256_sqr_8_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x34\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_256_sqr_8_outer\n\t"
#else
        "BLE.N	L_sp_256_sqr_8_outer\n\t"
#endif
        "LDR	lr, [%[a], #28]\n\t"
        "UMLAL	r6, r7, lr, lr\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "\n"
    "L_sp_256_sqr_8_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_256_sqr_8_store\n\t"
#else
        "BGT.N	L_sp_256_sqr_8_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

#else
#ifdef WOLFSSL_SP_NO_UMAAL
/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
#else
SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x44\n\t"
        "STR	%[r], [sp, #64]\n\t"
        "MOV	%[r], #0x0\n\t"
        "LDR	r12, [%[a]]\n\t"
        /* A[0] * A[1] */
        "LDR	lr, [%[a], #4]\n\t"
        "UMULL	r4, r5, r12, lr\n\t"
        /* A[0] * A[3] */
        "LDR	lr, [%[a], #12]\n\t"
        "UMULL	r6, r7, r12, lr\n\t"
        /* A[0] * A[5] */
        "LDR	lr, [%[a], #20]\n\t"
        "UMULL	r8, r9, r12, lr\n\t"
        /* A[0] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "UMULL	r10, r3, r12, lr\n\t"
        /* A[0] * A[2] */
        "LDR	lr, [%[a], #8]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[0] * A[4] */
        "LDR	lr, [%[a], #16]\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[0] * A[6] */
        "LDR	lr, [%[a], #24]\n\t"
        "ADCS	r9, r9, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #4]\n\t"
        "STR	r5, [sp, #8]\n\t"
        /* A[1] * A[2] */
        "LDR	r12, [%[a], #4]\n\t"
        "LDR	lr, [%[a], #8]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "STR	r6, [sp, #12]\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[1] * A[3] */
        "LDR	lr, [%[a], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "STR	r7, [sp, #16]\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[1] * A[4] */
        "LDR	lr, [%[a], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[1] * A[5] */
        "LDR	lr, [%[a], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[1] * A[6] */
        "LDR	lr, [%[a], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[1] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "ADC	r4, %[r], #0x0\n\t"
        "UMLAL	r3, r4, r12, lr\n\t"
        /* A[2] * A[3] */
        "LDR	r12, [%[a], #8]\n\t"
        "LDR	lr, [%[a], #12]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "STR	r8, [sp, #20]\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[2] * A[4] */
        "LDR	lr, [%[a], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "STR	r9, [sp, #24]\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[2] * A[5] */
        "LDR	lr, [%[a], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[2] * A[6] */
        "LDR	lr, [%[a], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[2] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "ADC	r5, %[r], #0x0\n\t"
        "UMLAL	r4, r5, r12, lr\n\t"
        /* A[3] * A[4] */
        "LDR	r12, [%[a], #12]\n\t"
        "LDR	lr, [%[a], #16]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "STR	r10, [sp, #28]\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[3] * A[5] */
        "LDR	lr, [%[a], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[3] * A[6] */
        "LDR	lr, [%[a], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[3] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "ADC	r6, %[r], #0x0\n\t"
        "UMLAL	r5, r6, r12, lr\n\t"
        /* A[4] * A[5] */
        "LDR	r12, [%[a], #16]\n\t"
        "LDR	lr, [%[a], #20]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[4] * A[6] */
        "LDR	lr, [%[a], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[4] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "ADC	r7, %[r], #0x0\n\t"
        "UMLAL	r6, r7, r12, lr\n\t"
        /* A[5] * A[6] */
        "LDR	r12, [%[a], #20]\n\t"
        "LDR	lr, [%[a], #24]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[5] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "ADC	r8, %[r], #0x0\n\t"
        "UMLAL	r7, r8, r12, lr\n\t"
        /* A[6] * A[7] */
        "LDR	r12, [%[a], #24]\n\t"
        "LDR	lr, [%[a], #28]\n\t"
        "MOV	r9, #0x0\n\t"
        "UMLAL	r8, r9, r12, lr\n\t"
        "ADD	lr, sp, #0x20\n\t"
        "STM	lr, {r3, r4, r5, r6, r7, r8, r9}\n\t"
        "ADD	lr, sp, #0x4\n\t"
        "LDM	lr, {r4, r5, r6, r7, r8, r9, r10}\n\t"
        "ADDS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "STM	lr!, {r4, r5, r6, r7, r8, r9, r10}\n\t"
        "LDM	lr, {r3, r4, r5, r6, r7, r8, r9}\n\t"
        "ADCS	r3, r3, r3\n\t"
        "ADCS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADC	r10, %[r], #0x0\n\t"
        "STM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "ADD	lr, sp, #0x4\n\t"
        "LDM	lr, {r4, r5, r6, r7, r8, r9, r10}\n\t"
        "MOV	lr, sp\n\t"
        /* A[0] * A[0] */
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r3, r11, r12, r12\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[1] * A[1] */
        "LDR	r12, [%[a], #4]\n\t"
        "ADCS	r5, r5, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, r12\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[2] * A[2] */
        "LDR	r12, [%[a], #8]\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, r12\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[3] * A[3] */
        "LDR	r12, [%[a], #12]\n\t"
        "ADCS	r9, r9, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, r12\n\t"
        "ADDS	r10, r10, r11\n\t"
        "STM	lr!, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "LDM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        /* A[4] * A[4] */
        "LDR	r12, [%[a], #16]\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, r12\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[5] * A[5] */
        "LDR	r12, [%[a], #20]\n\t"
        "ADCS	r5, r5, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, r12\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[6] * A[6] */
        "LDR	r12, [%[a], #24]\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, r12\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[7] * A[7] */
        "LDR	r12, [%[a], #28]\n\t"
        "ADCS	r9, r9, #0x0\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "UMLAL	r9, r10, r12, r12\n\t"
        "LDR	%[r], [sp, #64]\n\t"
        "ADD	%[r], %[r], #0x20\n\t"
        "STM	%[r], {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "LDM	sp, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "SUB	%[r], %[r], #0x20\n\t"
        "STM	%[r], {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "ADD	sp, sp, #0x44\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
}

#else
/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
#else
SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x20\n\t"
        "STR	%[r], [sp, #28]\n\t"
        "LDM	%[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
        "UMULL	r9, r10, r0, r0\n\t"
        "UMULL	r11, r12, r0, r1\n\t"
        "ADDS	r11, r11, r11\n\t"
        "MOV	lr, #0x0\n\t"
        "UMAAL	r10, r11, lr, lr\n\t"
        "STM	sp, {r9, r10}\n\t"
        "MOV	r8, lr\n\t"
        "UMAAL	r8, r12, r0, r2\n\t"
        "ADCS	r8, r8, r8\n\t"
        "UMAAL	r8, r11, r1, r1\n\t"
        "UMULL	r9, r10, r0, r3\n\t"
        "UMAAL	r9, r12, r1, r2\n\t"
        "ADCS	r9, r9, r9\n\t"
        "UMAAL	r9, r11, lr, lr\n\t"
        "STRD	r8, r9, [sp, #8]\n\t"
        "MOV	r9, lr\n\t"
        "UMAAL	r9, r10, r0, r4\n\t"
        "UMAAL	r9, r12, r1, r3\n\t"
        "ADCS	r9, r9, r9\n\t"
        "UMAAL	r9, r11, r2, r2\n\t"
        "STR	r9, [sp, #16]\n\t"
        "UMULL	r9, r8, r0, r5\n\t"
        "UMAAL	r9, r12, r1, r4\n\t"
        "UMAAL	r9, r10, r2, r3\n\t"
        "ADCS	r9, r9, r9\n\t"
        "UMAAL	r9, r11, lr, lr\n\t"
        "STR	r9, [sp, #20]\n\t"
        "MOV	r9, lr\n\t"
        "UMAAL	r9, r8, r0, r6\n\t"
        "UMAAL	r9, r12, r1, r5\n\t"
        "UMAAL	r9, r10, r2, r4\n\t"
        "ADCS	r9, r9, r9\n\t"
        "UMAAL	r9, r11, r3, r3\n\t"
        "STR	r9, [sp, #24]\n\t"
        "UMULL	r0, r9, r0, r7\n\t"
        "UMAAL	r0, r8, r1, r6\n\t"
        "UMAAL	r0, r12, r2, r5\n\t"
        "UMAAL	r0, r10, r3, r4\n\t"
        "ADCS	r0, r0, r0\n\t"
        "UMAAL	r0, r11, lr, lr\n\t"
        /* R[7] = r0 */
        "UMAAL	r9, r8, r1, r7\n\t"
        "UMAAL	r9, r10, r2, r6\n\t"
        "UMAAL	r12, r9, r3, r5\n\t"
        "ADCS	r12, r12, r12\n\t"
        "UMAAL	r12, r11, r4, r4\n\t"
        /* R[8] = r12 */
        "UMAAL	r9, r8, r2, r7\n\t"
        "UMAAL	r10, r9, r3, r6\n\t"
        "MOV	r2, lr\n\t"
        "UMAAL	r10, r2, r4, r5\n\t"
        "ADCS	r10, r10, r10\n\t"
        "UMAAL	r11, r10, lr, lr\n\t"
        /* R[9] = r11 */
        "UMAAL	r2, r8, r3, r7\n\t"
        "UMAAL	r2, r9, r4, r6\n\t"
        "ADCS	r3, r2, r2\n\t"
        "UMAAL	r10, r3, r5, r5\n\t"
        /* R[10] = r10 */
        "MOV	r1, lr\n\t"
        "UMAAL	r1, r8, r4, r7\n\t"
        "UMAAL	r1, r9, r5, r6\n\t"
        "ADCS	r4, r1, r1\n\t"
        "UMAAL	r3, r4, lr, lr\n\t"
        /* R[11] = r3 */
        "UMAAL	r8, r9, r5, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "UMAAL	r4, r8, r6, r6\n\t"
        /* R[12] = r4 */
        "MOV	r5, lr\n\t"
        "UMAAL	r5, r9, r6, r7\n\t"
        "ADCS	r5, r5, r5\n\t"
        "UMAAL	r8, r5, lr, lr\n\t"
        /* R[13] = r8 */
        "ADCS	r9, r9, r9\n\t"
        "UMAAL	r9, r5, r7, r7\n\t"
        "ADCS	r7, r5, lr\n\t"
        /* R[14] = r9 */
        /* R[15] = r7 */
        "LDR	lr, [sp, #28]\n\t"
        "ADD	lr, lr, #0x1c\n\t"
        "STM	lr!, {r0, r12}\n\t"
        "STM	lr!, {r11}\n\t"
        "STM	lr!, {r10}\n\t"
        "STM	lr!, {r3, r4, r8, r9}\n\t"
        "STM	lr!, {r7}\n\t"
        "SUB	lr, lr, #0x40\n\t"
        "LDM	sp, {r0, r1, r2, r3, r4, r5, r6}\n\t"
        "STM	lr, {r0, r1, r2, r3, r4, r5, r6}\n\t"
        "ADD	sp, sp, #0x20\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
}

#endif /* WOLFSSL_SP_NO_UMAAL */
#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r3, #0x0\n\t"
        "ADD	r12, %[a], #0x20\n\t"
        "\n"
    "L_sp_256_add_8_word:\n\t"
        "ADDS	r3, r3, #0xffffffff\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r3, r4, #0x0\n\t"
        "CMP	%[a], r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_256_add_8_word\n\t"
#else
        "BNE.N	L_sp_256_add_8_word\n\t"
#endif
        "MOV	%[r], r3\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADDS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "MOV	%[r], #0x0\n\t"
        "ADC	%[r], %[r], #0x0\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
/* Multiply a number by Montgomery normalizer mod modulus (prime).
 *
 * r  The resulting Montgomery form number.
 * a  The number to convert.
 * m  The modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
#else
static int sp_256_mod_mul_norm_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x18\n\t"
        "LDM	%[a], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
        /* Clear overflow and underflow */
        "MOV	r11, #0x0\n\t"
        "MOV	r12, #0x0\n\t"
        /* t[0] =  1  1  0 -1 -1 -1 -1  0 */
        "ADDS	r10, r2, r3\n\t"
        "ADC	r11, r11, #0x0\n\t"
        "SUBS	r10, r10, r5\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "SUBS	r10, r10, r6\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "SUBS	r10, r10, r7\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "SUBS	r10, r10, r8\n\t"
        "SBC	r12, r12, #0x0\n\t"
        /* Store t[0] */
        "STR	r10, [sp]\n\t"
        "neg	r12, r12\n\t"
        "MOV	r10, #0x0\n\t"
        /* t[1] =  0  1  1  0 -1 -1 -1 -1 */
        "ADDS	r11, r11, r3\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "ADDS	r11, r11, r4\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "SUBS	r11, r11, r12\n\t"
        "SBC	r12, r12, r12\n\t"
        "SUBS	r11, r11, r6\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "SUBS	r11, r11, r7\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "SUBS	r11, r11, r8\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "SUBS	r11, r11, r9\n\t"
        "SBC	r12, r12, #0x0\n\t"
        /* Store t[1] */
        "STR	r11, [sp, #4]\n\t"
        "neg	r12, r12\n\t"
        "MOV	r11, #0x0\n\t"
        /* t[2] =  0  0  1  1  0 -1 -1 -1 */
        "ADDS	r10, r10, r4\n\t"
        "ADC	r11, r11, #0x0\n\t"
        "ADDS	r10, r10, r5\n\t"
        "ADC	r11, r11, #0x0\n\t"
        "SUBS	r10, r10, r12\n\t"
        "SBC	r12, r12, r12\n\t"
        "SUBS	r10, r10, r7\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "SUBS	r10, r10, r8\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "SUBS	r10, r10, r9\n\t"
        "SBC	r12, r12, #0x0\n\t"
        /* Store t[2] */
        "STR	r10, [sp, #8]\n\t"
        "neg	r12, r12\n\t"
        "MOV	r10, #0x0\n\t"
        /* t[3] = -1 -1  0  2  2  1  0 -1 */
        "ADDS	r11, r11, r5\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "ADDS	r11, r11, r5\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "ADDS	r11, r11, r6\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "ADDS	r11, r11, r6\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "ADDS	r11, r11, r7\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "SUBS	r11, r11, r12\n\t"
        "SBC	r12, r12, r12\n\t"
        "SUBS	r11, r11, r2\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "SUBS	r11, r11, r3\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "SUBS	r11, r11, r9\n\t"
        "SBC	r12, r12, #0x0\n\t"
        /* Store t[3] */
        "STR	r11, [sp, #12]\n\t"
        "neg	r12, r12\n\t"
        "MOV	r11, #0x0\n\t"
        /* t[4] =  0 -1 -1  0  2  2  1  0 */
        "ADDS	r10, r10, r6\n\t"
        "ADC	r11, r11, #0x0\n\t"
        "ADDS	r10, r10, r6\n\t"
        "ADC	r11, r11, #0x0\n\t"
        "ADDS	r10, r10, r7\n\t"
        "ADC	r11, r11, #0x0\n\t"
        "ADDS	r10, r10, r7\n\t"
        "ADC	r11, r11, #0x0\n\t"
        "ADDS	r10, r10, r8\n\t"
        "ADC	r11, r11, #0x0\n\t"
        "SUBS	r10, r10, r12\n\t"
        "SBC	r12, r12, r12\n\t"
        "SUBS	r10, r10, r3\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "SUBS	r10, r10, r4\n\t"
        "SBC	r12, r12, #0x0\n\t"
        /* Store t[4] */
        "STR	r10, [sp, #16]\n\t"
        "neg	r12, r12\n\t"
        "MOV	r10, #0x0\n\t"
        /* t[5] =  0  0 -1 -1  0  2  2  1 */
        "ADDS	r11, r11, r7\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "ADDS	r11, r11, r7\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "ADDS	r11, r11, r8\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "ADDS	r11, r11, r8\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "ADDS	r11, r11, r9\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "SUBS	r11, r11, r12\n\t"
        "SBC	r12, r12, r12\n\t"
        "SUBS	r11, r11, r4\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "SUBS	r11, r11, r5\n\t"
        "SBC	r12, r12, #0x0\n\t"
        /* Store t[5] */
        "STR	r11, [sp, #20]\n\t"
        "neg	r12, r12\n\t"
        "MOV	r11, #0x0\n\t"
        /* t[6] = -1 -1  0  0  0  1  3  2 */
        "ADDS	r10, r10, r7\n\t"
        "ADC	r11, r11, #0x0\n\t"
        "ADDS	r10, r10, r8\n\t"
        "ADC	r11, r11, #0x0\n\t"
        "ADDS	r10, r10, r8\n\t"
        "ADC	r11, r11, #0x0\n\t"
        "ADDS	r10, r10, r8\n\t"
        "ADC	r11, r11, #0x0\n\t"
        "ADDS	r10, r10, r9\n\t"
        "ADC	r11, r11, #0x0\n\t"
        "ADDS	r10, r10, r9\n\t"
        "ADC	r11, r11, #0x0\n\t"
        "SUBS	r10, r10, r12\n\t"
        "SBC	r12, r12, r12\n\t"
        "SUBS	r10, r10, r2\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "SUBS	r10, r10, r3\n\t"
        "SBC	r12, r12, #0x0\n\t"
        /* Store t[6] */
        "MOV	r8, r10\n\t"
        "neg	r12, r12\n\t"
        "MOV	r10, #0x0\n\t"
        /* t[7] =  1  0 -1 -1 -1 -1  0  3 */
        "ADDS	r11, r11, r2\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "ADDS	r11, r11, r9\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "ADDS	r11, r11, r9\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "ADDS	r11, r11, r9\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "SUBS	r11, r11, r12\n\t"
        "SBC	r12, r12, r12\n\t"
        "SUBS	r11, r11, r4\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "SUBS	r11, r11, r5\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "SUBS	r11, r11, r6\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "SUBS	r11, r11, r7\n\t"
        "SBC	r12, r12, #0x0\n\t"
        /* Store t[7] */
        /* Load intermediate */
        "LDM	sp, {r2, r3, r4, r5, r6, r7}\n\t"
        "neg	r12, r12\n\t"
        /* Add overflow */
        /* Subtract underflow - add neg underflow */
        "ADDS	r2, r2, r10\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "ADCS	r5, r5, r12\n\t"
        "ADCS	r6, r6, #0x0\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADCS	r8, r8, r12\n\t"
        "ADCS	r11, r11, r10\n\t"
        "MOV	r9, #0x0\n\t"
        "ADC	r9, r9, #0x0\n\t"
        /* Subtract overflow */
        /* Add underflow - subtract neg underflow */
        "SUBS	r2, r2, r12\n\t"
        "SBCS	r3, r3, #0x0\n\t"
        "SBCS	r4, r4, #0x0\n\t"
        "SBCS	r5, r5, r10\n\t"
        "SBCS	r6, r6, #0x0\n\t"
        "SBCS	r7, r7, #0x0\n\t"
        "SBCS	r8, r8, r10\n\t"
        "SBCS	r11, r11, r12\n\t"
        "MOV	r12, #0x0\n\t"
        "SBC	r12, r12, #0x0\n\t"
        "neg	r12, r12\n\t"
        /* Add overflow */
        /* Subtract underflow - add neg underflow */
        "ADDS	r2, r2, r9\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "ADCS	r5, r5, r12\n\t"
        "ADCS	r6, r6, #0x0\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADCS	r8, r8, r12\n\t"
        "ADC	r11, r11, r9\n\t"
        /* Subtract overflow */
        /* Add underflow - subtract neg underflow */
        "SUBS	r2, r2, r12\n\t"
        "SBCS	r3, r3, #0x0\n\t"
        "SBCS	r4, r4, #0x0\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, #0x0\n\t"
        "SBCS	r7, r7, #0x0\n\t"
        "SBCS	r8, r8, r9\n\t"
        "SBC	r11, r11, r12\n\t"
        /* Store result */
        "STM	%[r], {r2, r3, r4, r5, r6, r7, r8, r11}\n\t"
        "MOV	%[r], #0x0\n\t"
        "ADD	sp, sp, #0x18\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)m_p;
#else
    (void)m;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
    return (uint32_t)(size_t)r;
}

/* Convert an mp_int to an array of sp_digit.
 *
 * r  A single precision integer.
 * size  Maximum number of bytes to convert
 * a  A multi-precision integer.
 */
static void sp_256_from_mp(sp_digit* r, int size, const mp_int* a)
{
#if DIGIT_BIT == 32
    int i;
    sp_digit j = (sp_digit)0 - (sp_digit)a->used;
    int o = 0;

    for (i = 0; i < size; i++) {
        sp_digit mask = (sp_digit)0 - (j >> 31);
        r[i] = a->dp[o] & mask;
        j++;
        o += (int)(j >> 31);
    }
#elif DIGIT_BIT > 32
    unsigned int i;
    int j = 0;
    word32 s = 0;

    r[0] = 0;
    for (i = 0; i < (unsigned int)a->used && j < size; i++) {
        r[j] |= ((sp_digit)a->dp[i] << s);
        r[j] &= 0xffffffff;
        s = 32U - s;
        if (j + 1 >= size) {
            break;
        }
        /* lint allow cast of mismatch word32 and mp_digit */
        r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
        while ((s + 32U) <= (word32)DIGIT_BIT) {
            s += 32U;
            r[j] &= 0xffffffff;
            if (j + 1 >= size) {
                break;
            }
            if (s < (word32)DIGIT_BIT) {
                /* lint allow cast of mismatch word32 and mp_digit */
                r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
            }
            else {
                r[++j] = (sp_digit)0;
            }
        }
        s = (word32)DIGIT_BIT - s;
    }

    for (j++; j < size; j++) {
        r[j] = 0;
    }
#else
    unsigned int i;
    int j = 0;
    int s = 0;

    r[0] = 0;
    for (i = 0; i < (unsigned int)a->used && j < size; i++) {
        r[j] |= ((sp_digit)a->dp[i]) << s;
        if (s + DIGIT_BIT >= 32) {
            r[j] &= 0xffffffff;
            if (j + 1 >= size) {
                break;
            }
            s = 32 - s;
            if (s == DIGIT_BIT) {
                r[++j] = 0;
                s = 0;
            }
            else {
                r[++j] = a->dp[i] >> s;
                s = DIGIT_BIT - s;
            }
        }
        else {
            s += DIGIT_BIT;
        }
    }

    for (j++; j < size; j++) {
        r[j] = 0;
    }
#endif
}

/* Convert a point of type ecc_point to type sp_point_256.
 *
 * p   Point of type sp_point_256 (result).
 * pm  Point of type ecc_point.
 */
static void sp_256_point_from_ecc_point_8(sp_point_256* p,
        const ecc_point* pm)
{
    XMEMSET(p->x, 0, sizeof(p->x));
    XMEMSET(p->y, 0, sizeof(p->y));
    XMEMSET(p->z, 0, sizeof(p->z));
    sp_256_from_mp(p->x, 8, pm->x);
    sp_256_from_mp(p->y, 8, pm->y);
    sp_256_from_mp(p->z, 8, pm->z);
    p->infinity = 0;
}

/* Convert an array of sp_digit to an mp_int.
 *
 * a  A single precision integer.
 * r  A multi-precision integer.
 */
static int sp_256_to_mp(const sp_digit* a, mp_int* r)
{
    int err;

    err = mp_grow(r, (256 + DIGIT_BIT - 1) / DIGIT_BIT);
    if (err == MP_OKAY) { /*lint !e774 case where err is always MP_OKAY*/
#if DIGIT_BIT == 32
        XMEMCPY(r->dp, a, sizeof(sp_digit) * 8);
        r->used = 8;
        mp_clamp(r);
#elif DIGIT_BIT < 32
        int i;
        int j = 0;
        int s = 0;

        r->dp[0] = 0;
        for (i = 0; i < 8; i++) {
            r->dp[j] |= (mp_digit)(a[i] << s);
            r->dp[j] &= ((sp_digit)1 << DIGIT_BIT) - 1;
            s = DIGIT_BIT - s;
            r->dp[++j] = (mp_digit)(a[i] >> s);
            while (s + DIGIT_BIT <= 32) {
                s += DIGIT_BIT;
                r->dp[j++] &= ((sp_digit)1 << DIGIT_BIT) - 1;
                if (s == SP_WORD_SIZE) {
                    r->dp[j] = 0;
                }
                else {
                    r->dp[j] = (mp_digit)(a[i] >> s);
                }
            }
            s = 32 - s;
        }
        r->used = (256 + DIGIT_BIT - 1) / DIGIT_BIT;
        mp_clamp(r);
#else
        int i;
        int j = 0;
        int s = 0;

        r->dp[0] = 0;
        for (i = 0; i < 8; i++) {
            r->dp[j] |= ((mp_digit)a[i]) << s;
            if (s + 32 >= DIGIT_BIT) {
    #if DIGIT_BIT != 32 && DIGIT_BIT != 64
                r->dp[j] &= ((sp_digit)1 << DIGIT_BIT) - 1;
    #endif
                s = DIGIT_BIT - s;
                r->dp[++j] = a[i] >> s;
                s = 32 - s;
            }
            else {
                s += 32;
            }
        }
        r->used = (256 + DIGIT_BIT - 1) / DIGIT_BIT;
        mp_clamp(r);
#endif
    }

    return err;
}

/* Convert a point of type sp_point_256 to type ecc_point.
 *
 * p   Point of type sp_point_256.
 * pm  Point of type ecc_point (result).
 * returns MEMORY_E when allocation of memory in ecc_point fails otherwise
 * MP_OKAY.
 */
static int sp_256_point_to_ecc_point_8(const sp_point_256* p, ecc_point* pm)
{
    int err;

    err = sp_256_to_mp(p->x, pm->x);
    if (err == MP_OKAY) {
        err = sp_256_to_mp(p->y, pm->y);
    }
    if (err == MP_OKAY) {
        err = sp_256_to_mp(p->z, pm->z);
    }

    return err;
}

#ifdef WOLFSSL_SP_NO_UMAAL
/* Multiply two Montgomery form numbers mod the modulus (prime).
 * (r = a * b mod m)
 *
 * r   Result of multiplication.
 * a   First number to multiply in Montgomery form.
 * b   Second number to multiply in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x44\n\t"
        "STR	%[r], [sp, #64]\n\t"
        "MOV	%[r], #0x0\n\t"
        "LDR	r12, [%[a]]\n\t"
        /* A[0] * B[0] */
        "LDR	lr, [%[b]]\n\t"
        "UMULL	r3, r4, r12, lr\n\t"
        /* A[0] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "UMULL	r5, r6, r12, lr\n\t"
        /* A[0] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "UMULL	r7, r8, r12, lr\n\t"
        /* A[0] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "UMULL	r9, r10, r12, lr\n\t"
        "STR	r3, [sp]\n\t"
        /* A[0] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "MOV	r11, %[r]\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[0] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADCS	r6, r6, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[0] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADCS	r8, r8, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[0] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADCS	r10, r10, #0x0\n\t"
        "ADC	r3, %[r], #0x0\n\t"
        "UMLAL	r10, r3, r12, lr\n\t"
        /* A[1] * B[0] */
        "LDR	r12, [%[a], #4]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "STR	r4, [sp, #4]\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[1] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[1] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[1] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[1] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[1] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[1] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[1] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r4, %[r], #0x0\n\t"
        "UMLAL	r3, r4, r12, lr\n\t"
        /* A[2] * B[0] */
        "LDR	r12, [%[a], #8]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "STR	r5, [sp, #8]\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[2] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[2] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[2] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[2] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[2] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[2] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[2] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r5, %[r], #0x0\n\t"
        "UMLAL	r4, r5, r12, lr\n\t"
        /* A[3] * B[0] */
        "LDR	r12, [%[a], #12]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "STR	r6, [sp, #12]\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[3] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[3] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[3] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[3] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[3] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[3] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[3] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r6, %[r], #0x0\n\t"
        "UMLAL	r5, r6, r12, lr\n\t"
        /* A[4] * B[0] */
        "LDR	r12, [%[a], #16]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "STR	r7, [sp, #16]\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[4] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[4] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[4] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[4] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[4] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[4] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[4] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r7, %[r], #0x0\n\t"
        "UMLAL	r6, r7, r12, lr\n\t"
        /* A[5] * B[0] */
        "LDR	r12, [%[a], #20]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "STR	r8, [sp, #20]\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[5] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[5] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[5] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[5] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[5] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[5] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[5] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r8, %[r], #0x0\n\t"
        "UMLAL	r7, r8, r12, lr\n\t"
        /* A[6] * B[0] */
        "LDR	r12, [%[a], #24]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "STR	r9, [sp, #24]\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[6] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[6] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[6] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[6] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[6] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[6] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[6] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r9, %[r], #0x0\n\t"
        "UMLAL	r8, r9, r12, lr\n\t"
        /* A[7] * B[0] */
        "LDR	r12, [%[a], #28]\n\t"
        "LDR	lr, [%[b]]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "STR	r10, [sp, #28]\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[7] * B[1] */
        "LDR	lr, [%[b], #4]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[7] * B[2] */
        "LDR	lr, [%[b], #8]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[7] * B[3] */
        "LDR	lr, [%[b], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[7] * B[4] */
        "LDR	lr, [%[b], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[7] * B[5] */
        "LDR	lr, [%[b], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[7] * B[6] */
        "LDR	lr, [%[b], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[7] * B[7] */
        "LDR	lr, [%[b], #28]\n\t"
        "ADC	r10, %[r], #0x0\n\t"
        "UMLAL	r9, r10, r12, lr\n\t"
        "ADD	lr, sp, #0x20\n\t"
        "STM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        /* Start Reduction */
        "LDM	sp, {r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
        "MOV	r3, r11\n\t"
        "MOV	r4, r12\n\t"
        /* mu = a[0]-a[7] + a[0]-a[4] << 96 + (a[0]-a[1] * 2) << 192 */
        /*    - a[0] << 224 */
        /*   + (a[0]-a[1] * 2) << (6 * 32) */
        "ADDS	r11, r11, r5\n\t"
        "ADC	r12, r12, r6\n\t"
        "ADDS	r11, r11, r5\n\t"
        "ADC	r12, r12, r6\n\t"
        /*   - a[0] << (7 * 32) */
        "SUB	r12, r12, r5\n\t"
        /*   + a[0]-a[4] << (3 * 32) */
        "MOV	r0, r8\n\t"
        "MOV	r1, r9\n\t"
        "MOV	r2, r10\n\t"
        "ADDS	r8, r8, r5\n\t"
        "ADCS	r9, r9, r6\n\t"
        "ADCS	r10, r10, r7\n\t"
        "ADCS	r11, r11, r0\n\t"
        "ADC	r12, r12, r1\n\t"
        /* a += mu * m */
        /*   += mu * ((1 << 256) - (1 << 224) + (1 << 192) + (1 << 96) - 1) */
        /* a[0]   =                     = t[0] */
        /* a[1]   =                     = t[1] */
        /* a[2]   =                     = t[2] */
        /* a[3]  +=                t[0] = t[3] */
        /* a[4]  +=                t[1] = t[4] */
        /* a[5]  +=                t[2] = t[5] */
        /* a[6]  +=         t[0] + t[3] = t[6] */
        /* a[7]  +=         t[1] + t[4] = t[7] + t[0] */
        "ADDS	r0, r0, r5\n\t"
        "ADCS	r1, r1, r6\n\t"
        "ADCS	r2, r2, r7\n\t"
        "ADCS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	lr, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "STR	r4, [sp, #28]\n\t"
        /* a[8]  +=  t[0] + t[2] + t[5] */
        /* a[9]  +=  t[1] + t[3] + t[6] */
        /* a[10] +=  t[2] + t[4] + t[7] */
        "ADD	r0, sp, #0x20\n\t"
        "LDM	r0, {r2, r3, r4}\n\t"
        "ADDS	r2, r2, lr\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "MOV	lr, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r2, r2, r7\n\t"
        "ADCS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r2, r2, r10\n\t"
        "ADCS	r3, r3, r11\n\t"
        "ADCS	r4, r4, r12\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "STM	r0!, {r2, r3, r4}\n\t"
        /* a[11] +=  t[3] + t[5] + carry */
        /* a[12] +=  t[4] + t[6] */
        /* a[13] +=  t[5] + t[7] */
        /* a[14] +=  t[6] */
        /* a[15] +=  t[7] */
        "LDM	r0, {r0, r1, r2, r3, r4}\n\t"
        "ADDS	r0, r0, lr\n\t"
        "ADCS	r1, r1, #0x0\n\t"
        "ADCS	r2, r2, #0x0\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "MOV	lr, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r0, r0, r8\n\t"
        "ADCS	r1, r1, r9\n\t"
        "ADCS	r2, r2, r10\n\t"
        "ADCS	r3, r3, r11\n\t"
        "ADCS	r4, r4, r12\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r0, r0, r10\n\t"
        "ADCS	r1, r1, r11\n\t"
        "ADCS	r2, r2, r12\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "STR	r0, [sp, #44]\n\t"
        "STR	r1, [sp, #48]\n\t"
        "STR	r2, [sp, #52]\n\t"
        "STR	r3, [sp, #56]\n\t"
        /* a[7..15] - t[0..7] */
        "ADD	r0, sp, #0x1c\n\t"
        "LDM	r0, {r0, r1, r2, r3}\n\t"
        "SUBS	r0, r0, r5\n\t"
        "SBCS	r1, r1, r6\n\t"
        "SBCS	r2, r2, r7\n\t"
        "SBCS	r3, r3, r8\n\t"
        "ADD	r0, sp, #0x2c\n\t"
        "MOV	r8, r4\n\t"
        "LDM	r0, {r4, r5, r6, r7}\n\t"
        "SBCS	r4, r4, r9\n\t"
        "SBCS	r5, r5, r10\n\t"
        "SBCS	r6, r6, r11\n\t"
        "SBCS	r7, r7, r12\n\t"
        "SBCS	r8, r8, #0x0\n\t"
        "SBC	lr, lr, #0x0\n\t"
        /* mask m and sub from result if overflow */
        "RSB	lr, lr, #0x0\n\t"
        "SUBS	r1, r1, lr\n\t"
        "SBCS	r2, r2, lr\n\t"
        "SBCS	r3, r3, lr\n\t"
        "SBCS	r4, r4, #0x0\n\t"
        "SBCS	r5, r5, #0x0\n\t"
        "SBCS	r6, r6, #0x0\n\t"
        "SBCS	r7, r7, lr, LSR #31\n\t"
        "SBC	r8, r8, lr\n\t"
        "LDR	%[r], [sp, #64]\n\t"
        "STM	%[r], {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
        "ADD	sp, sp, #0x44\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)m_p;
#else
    (void)m;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)mp_p;
#else
    (void)mp;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
}

#else
/* Multiply two Montgomery form numbers mod the modulus (prime).
 * (r = a * b mod m)
 *
 * r   Result of multiplication.
 * a   First number to multiply in Montgomery form.
 * b   Second number to multiply in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x4c\n\t"
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
        "STRD	%[r], %[a], [sp, #68]\n\t"
#else
        "STR	%[r], [sp, #68]\n\t"
        "STR	%[a], [sp, #72]\n\t"
#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
        "MOV	lr, %[b]\n\t"
        "LDM	%[a], {r0, r1, r2, r3}\n\t"
        "LDM	lr!, {r4, r5, r6}\n\t"
        "UMULL	r10, r11, r0, r4\n\t"
        "UMULL	r12, r7, r1, r4\n\t"
        "UMAAL	r11, r12, r0, r5\n\t"
        "UMULL	r8, r9, r2, r4\n\t"
        "UMAAL	r12, r8, r1, r5\n\t"
        "UMAAL	r12, r7, r0, r6\n\t"
        "UMAAL	r8, r9, r3, r4\n\t"
        "STM	sp, {r10, r11, r12}\n\t"
        "UMAAL	r7, r8, r2, r5\n\t"
        "LDM	lr!, {r4}\n\t"
        "UMULL	r10, r11, r1, r6\n\t"
        "UMAAL	r8, r9, r2, r6\n\t"
        "UMAAL	r7, r10, r0, r4\n\t"
        "UMAAL	r8, r11, r3, r5\n\t"
        "STR	r7, [sp, #12]\n\t"
        "UMAAL	r8, r10, r1, r4\n\t"
        "UMAAL	r9, r11, r3, r6\n\t"
        "UMAAL	r9, r10, r2, r4\n\t"
        "UMAAL	r10, r11, r3, r4\n\t"
        "LDM	lr, {r4, r5, r6, r7}\n\t"
        "MOV	r12, #0x0\n\t"
        "UMLAL	r8, r12, r0, r4\n\t"
        "UMAAL	r9, r12, r1, r4\n\t"
        "UMAAL	r10, r12, r2, r4\n\t"
        "UMAAL	r11, r12, r3, r4\n\t"
        "MOV	r4, #0x0\n\t"
        "UMLAL	r9, r4, r0, r5\n\t"
        "UMAAL	r10, r4, r1, r5\n\t"
        "UMAAL	r11, r4, r2, r5\n\t"
        "UMAAL	r12, r4, r3, r5\n\t"
        "MOV	r5, #0x0\n\t"
        "UMLAL	r10, r5, r0, r6\n\t"
        "UMAAL	r11, r5, r1, r6\n\t"
        "UMAAL	r12, r5, r2, r6\n\t"
        "UMAAL	r4, r5, r3, r6\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r11, r6, r0, r7\n\t"
        "LDR	r0, [sp, #72]\n\t"
        "UMAAL	r12, r6, r1, r7\n\t"
        "ADD	r0, r0, #0x10\n\t"
        "UMAAL	r4, r6, r2, r7\n\t"
        "SUB	lr, lr, #0x10\n\t"
        "UMAAL	r5, r6, r3, r7\n\t"
        "LDM	r0, {r0, r1, r2, r3}\n\t"
        "STR	r6, [sp, #64]\n\t"
        "LDM	lr!, {r6}\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r8, r7, r0, r6\n\t"
        "UMAAL	r9, r7, r1, r6\n\t"
        "STR	r8, [sp, #16]\n\t"
        "UMAAL	r10, r7, r2, r6\n\t"
        "UMAAL	r11, r7, r3, r6\n\t"
        "LDM	lr!, {r6}\n\t"
        "MOV	r8, #0x0\n\t"
        "UMLAL	r9, r8, r0, r6\n\t"
        "UMAAL	r10, r8, r1, r6\n\t"
        "STR	r9, [sp, #20]\n\t"
        "UMAAL	r11, r8, r2, r6\n\t"
        "UMAAL	r12, r8, r3, r6\n\t"
        "LDM	lr!, {r6}\n\t"
        "MOV	r9, #0x0\n\t"
        "UMLAL	r10, r9, r0, r6\n\t"
        "UMAAL	r11, r9, r1, r6\n\t"
        "STR	r10, [sp, #24]\n\t"
        "UMAAL	r12, r9, r2, r6\n\t"
        "UMAAL	r4, r9, r3, r6\n\t"
        "LDM	lr!, {r6}\n\t"
        "MOV	r10, #0x0\n\t"
        "UMLAL	r11, r10, r0, r6\n\t"
        "UMAAL	r12, r10, r1, r6\n\t"
        "STR	r11, [sp, #28]\n\t"
        "UMAAL	r4, r10, r2, r6\n\t"
        "UMAAL	r5, r10, r3, r6\n\t"
        "LDM	lr!, {r11}\n\t"
        "UMAAL	r12, r7, r0, r11\n\t"
        "UMAAL	r4, r7, r1, r11\n\t"
        "LDR	r6, [sp, #64]\n\t"
        "UMAAL	r5, r7, r2, r11\n\t"
        "UMAAL	r6, r7, r3, r11\n\t"
        "LDM	lr!, {r11}\n\t"
        "UMAAL	r4, r8, r0, r11\n\t"
        "UMAAL	r5, r8, r1, r11\n\t"
        "UMAAL	r6, r8, r2, r11\n\t"
        "UMAAL	r7, r8, r3, r11\n\t"
        "LDM	lr, {r11, lr}\n\t"
        "UMAAL	r5, r9, r0, r11\n\t"
        "UMAAL	r6, r10, r0, lr\n\t"
        "UMAAL	r6, r9, r1, r11\n\t"
        "UMAAL	r7, r10, r1, lr\n\t"
        "UMAAL	r7, r9, r2, r11\n\t"
        "UMAAL	r8, r10, r2, lr\n\t"
        "UMAAL	r8, r9, r3, r11\n\t"
        "UMAAL	r9, r10, r3, lr\n\t"
        "MOV	r3, r12\n\t"
        "ADD	lr, sp, #0x20\n\t"
        "STM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        /* Start Reduction */
        "LDM	sp, {r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
        "MOV	r3, r11\n\t"
        "MOV	r4, r12\n\t"
        /* mu = a[0]-a[7] + a[0]-a[4] << 96 + (a[0]-a[1] * 2) << 192 */
        /*    - a[0] << 224 */
        /*   + (a[0]-a[1] * 2) << (6 * 32) */
        "ADDS	r11, r11, r5\n\t"
        "ADC	r12, r12, r6\n\t"
        "ADDS	r11, r11, r5\n\t"
        "ADC	r12, r12, r6\n\t"
        /*   - a[0] << (7 * 32) */
        "SUB	r12, r12, r5\n\t"
        /*   + a[0]-a[4] << (3 * 32) */
        "MOV	r0, r8\n\t"
        "MOV	r1, r9\n\t"
        "MOV	r2, r10\n\t"
        "ADDS	r8, r8, r5\n\t"
        "ADCS	r9, r9, r6\n\t"
        "ADCS	r10, r10, r7\n\t"
        "ADCS	r11, r11, r0\n\t"
        "ADC	r12, r12, r1\n\t"
        /* a += mu * m */
        /*   += mu * ((1 << 256) - (1 << 224) + (1 << 192) + (1 << 96) - 1) */
        /* a[0]   =                     = t[0] */
        /* a[1]   =                     = t[1] */
        /* a[2]   =                     = t[2] */
        /* a[3]  +=                t[0] = t[3] */
        /* a[4]  +=                t[1] = t[4] */
        /* a[5]  +=                t[2] = t[5] */
        /* a[6]  +=         t[0] + t[3] = t[6] */
        /* a[7]  +=         t[1] + t[4] = t[7] + t[0] */
        "ADDS	r0, r0, r5\n\t"
        "ADCS	r1, r1, r6\n\t"
        "ADCS	r2, r2, r7\n\t"
        "ADCS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	lr, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "STR	r4, [sp, #28]\n\t"
        /* a[8]  +=  t[0] + t[2] + t[5] */
        /* a[9]  +=  t[1] + t[3] + t[6] */
        /* a[10] +=  t[2] + t[4] + t[7] */
        "ADD	r0, sp, #0x20\n\t"
        "LDM	r0, {r2, r3, r4}\n\t"
        "ADDS	r2, r2, lr\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "MOV	lr, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r2, r2, r7\n\t"
        "ADCS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r2, r2, r10\n\t"
        "ADCS	r3, r3, r11\n\t"
        "ADCS	r4, r4, r12\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "STM	r0!, {r2, r3, r4}\n\t"
        /* a[11] +=  t[3] + t[5] + carry */
        /* a[12] +=  t[4] + t[6] */
        /* a[13] +=  t[5] + t[7] */
        /* a[14] +=  t[6] */
        /* a[15] +=  t[7] */
        "LDM	r0, {r0, r1, r2, r3, r4}\n\t"
        "ADDS	r0, r0, lr\n\t"
        "ADCS	r1, r1, #0x0\n\t"
        "ADCS	r2, r2, #0x0\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "MOV	lr, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r0, r0, r8\n\t"
        "ADCS	r1, r1, r9\n\t"
        "ADCS	r2, r2, r10\n\t"
        "ADCS	r3, r3, r11\n\t"
        "ADCS	r4, r4, r12\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r0, r0, r10\n\t"
        "ADCS	r1, r1, r11\n\t"
        "ADCS	r2, r2, r12\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "STR	r0, [sp, #44]\n\t"
        "STR	r1, [sp, #48]\n\t"
        "STR	r2, [sp, #52]\n\t"
        "STR	r3, [sp, #56]\n\t"
        /* a[7..15] - t[0..7] */
        "ADD	r0, sp, #0x1c\n\t"
        "LDM	r0, {r0, r1, r2, r3}\n\t"
        "SUBS	r0, r0, r5\n\t"
        "SBCS	r1, r1, r6\n\t"
        "SBCS	r2, r2, r7\n\t"
        "SBCS	r3, r3, r8\n\t"
        "ADD	r0, sp, #0x2c\n\t"
        "MOV	r8, r4\n\t"
        "LDM	r0, {r4, r5, r6, r7}\n\t"
        "SBCS	r4, r4, r9\n\t"
        "SBCS	r5, r5, r10\n\t"
        "SBCS	r6, r6, r11\n\t"
        "SBCS	r7, r7, r12\n\t"
        "SBCS	r8, r8, #0x0\n\t"
        "SBC	lr, lr, #0x0\n\t"
        /* mask m and sub from result if overflow */
        "RSB	lr, lr, #0x0\n\t"
        "SUBS	r1, r1, lr\n\t"
        "SBCS	r2, r2, lr\n\t"
        "SBCS	r3, r3, lr\n\t"
        "SBCS	r4, r4, #0x0\n\t"
        "SBCS	r5, r5, #0x0\n\t"
        "SBCS	r6, r6, #0x0\n\t"
        "SBCS	r7, r7, lr, LSR #31\n\t"
        "SBC	r8, r8, lr\n\t"
        "LDR	%[r], [sp, #68]\n\t"
        "STM	%[r], {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
        "ADD	sp, sp, #0x4c\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc"
    );
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)m_p;
#else
    (void)m;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)mp_p;
#else
    (void)mp;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
}

#endif
#ifdef WOLFSSL_SP_NO_UMAAL
/* Square the Montgomery form number mod the modulus (prime). (r = a * a mod m)
 *
 * r   Result of squaring.
 * a   Number to square in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x44\n\t"
        "STR	%[r], [sp, #64]\n\t"
        "MOV	%[r], #0x0\n\t"
        "LDR	r12, [%[a]]\n\t"
        /* A[0] * A[1] */
        "LDR	lr, [%[a], #4]\n\t"
        "UMULL	r4, r5, r12, lr\n\t"
        /* A[0] * A[3] */
        "LDR	lr, [%[a], #12]\n\t"
        "UMULL	r6, r7, r12, lr\n\t"
        /* A[0] * A[5] */
        "LDR	lr, [%[a], #20]\n\t"
        "UMULL	r8, r9, r12, lr\n\t"
        /* A[0] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "UMULL	r10, r3, r12, lr\n\t"
        /* A[0] * A[2] */
        "LDR	lr, [%[a], #8]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[0] * A[4] */
        "LDR	lr, [%[a], #16]\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[0] * A[6] */
        "LDR	lr, [%[a], #24]\n\t"
        "ADCS	r9, r9, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #4]\n\t"
        "STR	r5, [sp, #8]\n\t"
        /* A[1] * A[2] */
        "LDR	r12, [%[a], #4]\n\t"
        "LDR	lr, [%[a], #8]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "STR	r6, [sp, #12]\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[1] * A[3] */
        "LDR	lr, [%[a], #12]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, lr\n\t"
        "STR	r7, [sp, #16]\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[1] * A[4] */
        "LDR	lr, [%[a], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[1] * A[5] */
        "LDR	lr, [%[a], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[1] * A[6] */
        "LDR	lr, [%[a], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[1] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "ADC	r4, %[r], #0x0\n\t"
        "UMLAL	r3, r4, r12, lr\n\t"
        /* A[2] * A[3] */
        "LDR	r12, [%[a], #8]\n\t"
        "LDR	lr, [%[a], #12]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r8, r11, r12, lr\n\t"
        "STR	r8, [sp, #20]\n\t"
        "ADDS	r9, r9, r11\n\t"
        /* A[2] * A[4] */
        "LDR	lr, [%[a], #16]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, lr\n\t"
        "STR	r9, [sp, #24]\n\t"
        "ADDS	r10, r10, r11\n\t"
        /* A[2] * A[5] */
        "LDR	lr, [%[a], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[2] * A[6] */
        "LDR	lr, [%[a], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[2] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "ADC	r5, %[r], #0x0\n\t"
        "UMLAL	r4, r5, r12, lr\n\t"
        /* A[3] * A[4] */
        "LDR	r12, [%[a], #12]\n\t"
        "LDR	lr, [%[a], #16]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r10, r11, r12, lr\n\t"
        "STR	r10, [sp, #28]\n\t"
        "ADDS	r3, r3, r11\n\t"
        /* A[3] * A[5] */
        "LDR	lr, [%[a], #20]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, lr\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[3] * A[6] */
        "LDR	lr, [%[a], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[3] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "ADC	r6, %[r], #0x0\n\t"
        "UMLAL	r5, r6, r12, lr\n\t"
        /* A[4] * A[5] */
        "LDR	r12, [%[a], #16]\n\t"
        "LDR	lr, [%[a], #20]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r4, r11, r12, lr\n\t"
        "ADDS	r5, r5, r11\n\t"
        /* A[4] * A[6] */
        "LDR	lr, [%[a], #24]\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, lr\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[4] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "ADC	r7, %[r], #0x0\n\t"
        "UMLAL	r6, r7, r12, lr\n\t"
        /* A[5] * A[6] */
        "LDR	r12, [%[a], #20]\n\t"
        "LDR	lr, [%[a], #24]\n\t"
        "MOV	r11, #0x0\n\t"
        "UMLAL	r6, r11, r12, lr\n\t"
        "ADDS	r7, r7, r11\n\t"
        /* A[5] * A[7] */
        "LDR	lr, [%[a], #28]\n\t"
        "ADC	r8, %[r], #0x0\n\t"
        "UMLAL	r7, r8, r12, lr\n\t"
        /* A[6] * A[7] */
        "LDR	r12, [%[a], #24]\n\t"
        "LDR	lr, [%[a], #28]\n\t"
        "MOV	r9, #0x0\n\t"
        "UMLAL	r8, r9, r12, lr\n\t"
        "ADD	lr, sp, #0x20\n\t"
        "STM	lr, {r3, r4, r5, r6, r7, r8, r9}\n\t"
        "ADD	lr, sp, #0x4\n\t"
        "LDM	lr, {r4, r5, r6, r7, r8, r9, r10}\n\t"
        "ADDS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "STM	lr!, {r4, r5, r6, r7, r8, r9, r10}\n\t"
        "LDM	lr, {r3, r4, r5, r6, r7, r8, r9}\n\t"
        "ADCS	r3, r3, r3\n\t"
        "ADCS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADC	r10, %[r], #0x0\n\t"
        "STM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "ADD	lr, sp, #0x4\n\t"
        "LDM	lr, {r4, r5, r6, r7, r8, r9, r10}\n\t"
        "MOV	lr, sp\n\t"
        /* A[0] * A[0] */
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r3, r11, r12, r12\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[1] * A[1] */
        "LDR	r12, [%[a], #4]\n\t"
        "ADCS	r5, r5, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, r12\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[2] * A[2] */
        "LDR	r12, [%[a], #8]\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, r12\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[3] * A[3] */
        "LDR	r12, [%[a], #12]\n\t"
        "ADCS	r9, r9, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r9, r11, r12, r12\n\t"
        "ADDS	r10, r10, r11\n\t"
        "STM	lr!, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        "LDM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        /* A[4] * A[4] */
        "LDR	r12, [%[a], #16]\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r3, r11, r12, r12\n\t"
        "ADDS	r4, r4, r11\n\t"
        /* A[5] * A[5] */
        "LDR	r12, [%[a], #20]\n\t"
        "ADCS	r5, r5, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r5, r11, r12, r12\n\t"
        "ADDS	r6, r6, r11\n\t"
        /* A[6] * A[6] */
        "LDR	r12, [%[a], #24]\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADC	r11, %[r], #0x0\n\t"
        "UMLAL	r7, r11, r12, r12\n\t"
        "ADDS	r8, r8, r11\n\t"
        /* A[7] * A[7] */
        "LDR	r12, [%[a], #28]\n\t"
        "ADCS	r9, r9, #0x0\n\t"
        "ADC	r10, r10, #0x0\n\t"
        "UMLAL	r9, r10, r12, r12\n\t"
        "ADD	lr, sp, #0x20\n\t"
        "STM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
        /* Start Reduction */
        "LDM	sp, {r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
        "MOV	r3, r11\n\t"
        "MOV	r4, r12\n\t"
        /* mu = a[0]-a[7] + a[0]-a[4] << 96 + (a[0]-a[1] * 2) << 192 */
        /*    - a[0] << 224 */
        /*   + (a[0]-a[1] * 2) << (6 * 32) */
        "ADDS	r11, r11, r5\n\t"
        "ADC	r12, r12, r6\n\t"
        "ADDS	r11, r11, r5\n\t"
        "ADC	r12, r12, r6\n\t"
        /*   - a[0] << (7 * 32) */
        "SUB	r12, r12, r5\n\t"
        /*   + a[0]-a[4] << (3 * 32) */
        "MOV	r0, r8\n\t"
        "MOV	r1, r9\n\t"
        "MOV	r2, r10\n\t"
        "ADDS	r8, r8, r5\n\t"
        "ADCS	r9, r9, r6\n\t"
        "ADCS	r10, r10, r7\n\t"
        "ADCS	r11, r11, r0\n\t"
        "ADC	r12, r12, r1\n\t"
        /* a += mu * m */
        /*   += mu * ((1 << 256) - (1 << 224) + (1 << 192) + (1 << 96) - 1) */
        /* a[0]   =                     = t[0] */
        /* a[1]   =                     = t[1] */
        /* a[2]   =                     = t[2] */
        /* a[3]  +=                t[0] = t[3] */
        /* a[4]  +=                t[1] = t[4] */
        /* a[5]  +=                t[2] = t[5] */
        /* a[6]  +=         t[0] + t[3] = t[6] */
        /* a[7]  +=         t[1] + t[4] = t[7] + t[0] */
        "ADDS	r0, r0, r5\n\t"
        "ADCS	r1, r1, r6\n\t"
        "ADCS	r2, r2, r7\n\t"
        "ADCS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	lr, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "STR	r4, [sp, #28]\n\t"
        /* a[8]  +=  t[0] + t[2] + t[5] */
        /* a[9]  +=  t[1] + t[3] + t[6] */
        /* a[10] +=  t[2] + t[4] + t[7] */
        "ADD	r0, sp, #0x20\n\t"
        "LDM	r0, {r2, r3, r4}\n\t"
        "ADDS	r2, r2, lr\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "MOV	lr, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r2, r2, r7\n\t"
        "ADCS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r2, r2, r10\n\t"
        "ADCS	r3, r3, r11\n\t"
        "ADCS	r4, r4, r12\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "STM	r0!, {r2, r3, r4}\n\t"
        /* a[11] +=  t[3] + t[5] + carry */
        /* a[12] +=  t[4] + t[6] */
        /* a[13] +=  t[5] + t[7] */
        /* a[14] +=  t[6] */
        /* a[15] +=  t[7] */
        "LDM	r0, {r0, r1, r2, r3, r4}\n\t"
        "ADDS	r0, r0, lr\n\t"
        "ADCS	r1, r1, #0x0\n\t"
        "ADCS	r2, r2, #0x0\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "MOV	lr, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r0, r0, r8\n\t"
        "ADCS	r1, r1, r9\n\t"
        "ADCS	r2, r2, r10\n\t"
        "ADCS	r3, r3, r11\n\t"
        "ADCS	r4, r4, r12\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r0, r0, r10\n\t"
        "ADCS	r1, r1, r11\n\t"
        "ADCS	r2, r2, r12\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "STR	r0, [sp, #44]\n\t"
        "STR	r1, [sp, #48]\n\t"
        "STR	r2, [sp, #52]\n\t"
        "STR	r3, [sp, #56]\n\t"
        /* a[7..15] - t[0..7] */
        "ADD	r0, sp, #0x1c\n\t"
        "LDM	r0, {r0, r1, r2, r3}\n\t"
        "SUBS	r0, r0, r5\n\t"
        "SBCS	r1, r1, r6\n\t"
        "SBCS	r2, r2, r7\n\t"
        "SBCS	r3, r3, r8\n\t"
        "ADD	r0, sp, #0x2c\n\t"
        "MOV	r8, r4\n\t"
        "LDM	r0, {r4, r5, r6, r7}\n\t"
        "SBCS	r4, r4, r9\n\t"
        "SBCS	r5, r5, r10\n\t"
        "SBCS	r6, r6, r11\n\t"
        "SBCS	r7, r7, r12\n\t"
        "SBCS	r8, r8, #0x0\n\t"
        "SBC	lr, lr, #0x0\n\t"
        /* mask m and sub from result if overflow */
        "RSB	lr, lr, #0x0\n\t"
        "SUBS	r1, r1, lr\n\t"
        "SBCS	r2, r2, lr\n\t"
        "SBCS	r3, r3, lr\n\t"
        "SBCS	r4, r4, #0x0\n\t"
        "SBCS	r5, r5, #0x0\n\t"
        "SBCS	r6, r6, #0x0\n\t"
        "SBCS	r7, r7, lr, LSR #31\n\t"
        "SBC	r8, r8, lr\n\t"
        "LDR	%[r], [sp, #64]\n\t"
        "STM	%[r], {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
        "ADD	sp, sp, #0x44\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)m_p;
#else
    (void)m;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)mp_p;
#else
    (void)mp;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
}

#else
/* Square the Montgomery form number mod the modulus (prime). (r = a * a mod m)
 *
 * r   Result of squaring.
 * a   Number to square in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x44\n\t"
        "STR	%[r], [sp, #64]\n\t"
        "LDM	%[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
        "UMULL	r9, r10, r0, r0\n\t"
        "UMULL	r11, r12, r0, r1\n\t"
        "ADDS	r11, r11, r11\n\t"
        "MOV	lr, #0x0\n\t"
        "UMAAL	r10, r11, lr, lr\n\t"
        "STM	sp, {r9, r10}\n\t"
        "MOV	r8, lr\n\t"
        "UMAAL	r8, r12, r0, r2\n\t"
        "ADCS	r8, r8, r8\n\t"
        "UMAAL	r8, r11, r1, r1\n\t"
        "UMULL	r9, r10, r0, r3\n\t"
        "UMAAL	r9, r12, r1, r2\n\t"
        "ADCS	r9, r9, r9\n\t"
        "UMAAL	r9, r11, lr, lr\n\t"
        "STRD	r8, r9, [sp, #8]\n\t"
        "MOV	r9, lr\n\t"
        "UMAAL	r9, r10, r0, r4\n\t"
        "UMAAL	r9, r12, r1, r3\n\t"
        "ADCS	r9, r9, r9\n\t"
        "UMAAL	r9, r11, r2, r2\n\t"
        "STR	r9, [sp, #16]\n\t"
        "UMULL	r9, r8, r0, r5\n\t"
        "UMAAL	r9, r12, r1, r4\n\t"
        "UMAAL	r9, r10, r2, r3\n\t"
        "ADCS	r9, r9, r9\n\t"
        "UMAAL	r9, r11, lr, lr\n\t"
        "STR	r9, [sp, #20]\n\t"
        "MOV	r9, lr\n\t"
        "UMAAL	r9, r8, r0, r6\n\t"
        "UMAAL	r9, r12, r1, r5\n\t"
        "UMAAL	r9, r10, r2, r4\n\t"
        "ADCS	r9, r9, r9\n\t"
        "UMAAL	r9, r11, r3, r3\n\t"
        "STR	r9, [sp, #24]\n\t"
        "UMULL	r0, r9, r0, r7\n\t"
        "UMAAL	r0, r8, r1, r6\n\t"
        "UMAAL	r0, r12, r2, r5\n\t"
        "UMAAL	r0, r10, r3, r4\n\t"
        "ADCS	r0, r0, r0\n\t"
        "UMAAL	r0, r11, lr, lr\n\t"
        /* R[7] = r0 */
        "UMAAL	r9, r8, r1, r7\n\t"
        "UMAAL	r9, r10, r2, r6\n\t"
        "UMAAL	r12, r9, r3, r5\n\t"
        "ADCS	r12, r12, r12\n\t"
        "UMAAL	r12, r11, r4, r4\n\t"
        /* R[8] = r12 */
        "UMAAL	r9, r8, r2, r7\n\t"
        "UMAAL	r10, r9, r3, r6\n\t"
        "MOV	r2, lr\n\t"
        "UMAAL	r10, r2, r4, r5\n\t"
        "ADCS	r10, r10, r10\n\t"
        "UMAAL	r11, r10, lr, lr\n\t"
        /* R[9] = r11 */
        "UMAAL	r2, r8, r3, r7\n\t"
        "UMAAL	r2, r9, r4, r6\n\t"
        "ADCS	r3, r2, r2\n\t"
        "UMAAL	r10, r3, r5, r5\n\t"
        /* R[10] = r10 */
        "MOV	r1, lr\n\t"
        "UMAAL	r1, r8, r4, r7\n\t"
        "UMAAL	r1, r9, r5, r6\n\t"
        "ADCS	r4, r1, r1\n\t"
        "UMAAL	r3, r4, lr, lr\n\t"
        /* R[11] = r3 */
        "UMAAL	r8, r9, r5, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "UMAAL	r4, r8, r6, r6\n\t"
        /* R[12] = r4 */
        "MOV	r5, lr\n\t"
        "UMAAL	r5, r9, r6, r7\n\t"
        "ADCS	r5, r5, r5\n\t"
        "UMAAL	r8, r5, lr, lr\n\t"
        /* R[13] = r8 */
        "ADCS	r9, r9, r9\n\t"
        "UMAAL	r9, r5, r7, r7\n\t"
        "ADCS	r7, r5, lr\n\t"
        /* R[14] = r9 */
        /* R[15] = r7 */
        "MOV	lr, sp\n\t"
        "ADD	lr, lr, #0x1c\n\t"
        "STM	lr!, {r0, r12}\n\t"
        "STM	lr!, {r11}\n\t"
        "STM	lr!, {r10}\n\t"
        "STM	lr!, {r3, r4, r8, r9}\n\t"
        "STM	lr!, {r7}\n\t"
        /* Start Reduction */
        "LDM	sp, {r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
        "MOV	r3, r11\n\t"
        "MOV	r4, r12\n\t"
        /* mu = a[0]-a[7] + a[0]-a[4] << 96 + (a[0]-a[1] * 2) << 192 */
        /*    - a[0] << 224 */
        /*   + (a[0]-a[1] * 2) << (6 * 32) */
        "ADDS	r11, r11, r5\n\t"
        "ADC	r12, r12, r6\n\t"
        "ADDS	r11, r11, r5\n\t"
        "ADC	r12, r12, r6\n\t"
        /*   - a[0] << (7 * 32) */
        "SUB	r12, r12, r5\n\t"
        /*   + a[0]-a[4] << (3 * 32) */
        "MOV	r0, r8\n\t"
        "MOV	r1, r9\n\t"
        "MOV	r2, r10\n\t"
        "ADDS	r8, r8, r5\n\t"
        "ADCS	r9, r9, r6\n\t"
        "ADCS	r10, r10, r7\n\t"
        "ADCS	r11, r11, r0\n\t"
        "ADC	r12, r12, r1\n\t"
        /* a += mu * m */
        /*   += mu * ((1 << 256) - (1 << 224) + (1 << 192) + (1 << 96) - 1) */
        /* a[0]   =                     = t[0] */
        /* a[1]   =                     = t[1] */
        /* a[2]   =                     = t[2] */
        /* a[3]  +=                t[0] = t[3] */
        /* a[4]  +=                t[1] = t[4] */
        /* a[5]  +=                t[2] = t[5] */
        /* a[6]  +=         t[0] + t[3] = t[6] */
        /* a[7]  +=         t[1] + t[4] = t[7] + t[0] */
        "ADDS	r0, r0, r5\n\t"
        "ADCS	r1, r1, r6\n\t"
        "ADCS	r2, r2, r7\n\t"
        "ADCS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	lr, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "STR	r4, [sp, #28]\n\t"
        /* a[8]  +=  t[0] + t[2] + t[5] */
        /* a[9]  +=  t[1] + t[3] + t[6] */
        /* a[10] +=  t[2] + t[4] + t[7] */
        "ADD	r0, sp, #0x20\n\t"
        "LDM	r0, {r2, r3, r4}\n\t"
        "ADDS	r2, r2, lr\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "MOV	lr, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r2, r2, r7\n\t"
        "ADCS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r2, r2, r10\n\t"
        "ADCS	r3, r3, r11\n\t"
        "ADCS	r4, r4, r12\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "STM	r0!, {r2, r3, r4}\n\t"
        /* a[11] +=  t[3] + t[5] + carry */
        /* a[12] +=  t[4] + t[6] */
        /* a[13] +=  t[5] + t[7] */
        /* a[14] +=  t[6] */
        /* a[15] +=  t[7] */
        "LDM	r0, {r0, r1, r2, r3, r4}\n\t"
        "ADDS	r0, r0, lr\n\t"
        "ADCS	r1, r1, #0x0\n\t"
        "ADCS	r2, r2, #0x0\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "MOV	lr, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r0, r0, r8\n\t"
        "ADCS	r1, r1, r9\n\t"
        "ADCS	r2, r2, r10\n\t"
        "ADCS	r3, r3, r11\n\t"
        "ADCS	r4, r4, r12\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r0, r0, r10\n\t"
        "ADCS	r1, r1, r11\n\t"
        "ADCS	r2, r2, r12\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "STR	r0, [sp, #44]\n\t"
        "STR	r1, [sp, #48]\n\t"
        "STR	r2, [sp, #52]\n\t"
        "STR	r3, [sp, #56]\n\t"
        /* a[7..15] - t[0..7] */
        "ADD	r0, sp, #0x1c\n\t"
        "LDM	r0, {r0, r1, r2, r3}\n\t"
        "SUBS	r0, r0, r5\n\t"
        "SBCS	r1, r1, r6\n\t"
        "SBCS	r2, r2, r7\n\t"
        "SBCS	r3, r3, r8\n\t"
        "ADD	r0, sp, #0x2c\n\t"
        "MOV	r8, r4\n\t"
        "LDM	r0, {r4, r5, r6, r7}\n\t"
        "SBCS	r4, r4, r9\n\t"
        "SBCS	r5, r5, r10\n\t"
        "SBCS	r6, r6, r11\n\t"
        "SBCS	r7, r7, r12\n\t"
        "SBCS	r8, r8, #0x0\n\t"
        "SBC	lr, lr, #0x0\n\t"
        /* mask m and sub from result if overflow */
        "RSB	lr, lr, #0x0\n\t"
        "SUBS	r1, r1, lr\n\t"
        "SBCS	r2, r2, lr\n\t"
        "SBCS	r3, r3, lr\n\t"
        "SBCS	r4, r4, #0x0\n\t"
        "SBCS	r5, r5, #0x0\n\t"
        "SBCS	r6, r6, #0x0\n\t"
        "SBCS	r7, r7, lr, LSR #31\n\t"
        "SBC	r8, r8, lr\n\t"
        "LDR	%[r], [sp, #64]\n\t"
        "STM	%[r], {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
        "ADD	sp, sp, #0x44\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)m_p;
#else
    (void)m;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)mp_p;
#else
    (void)mp;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
}

#endif
#if !defined(WOLFSSL_SP_SMALL) || defined(HAVE_COMP_KEY)
/* Square the Montgomery form number a number of times. (r = a ^ n mod m)
 *
 * r   Result of squaring.
 * a   Number to square in Montgomery form.
 * n   Number of times to square.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r,
    const sp_digit* a, int n, const sp_digit* m, sp_digit mp)
{
    sp_256_mont_sqr_8(r, a, m, mp);
    for (; n > 1; n--) {
        sp_256_mont_sqr_8(r, r, m, mp);
    }
}

#endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
#ifdef WOLFSSL_SP_SMALL
/* Mod-2 for the P256 curve. */
static const uint32_t p256_mod_minus_2[8] = {
    0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
    0x00000001U,0xffffffffU
};
#endif /* !WOLFSSL_SP_SMALL */

/* Invert the number, in Montgomery form, modulo the modulus (prime) of the
 * P256 curve. (r = 1 / a mod m)
 *
 * r   Inverse result.
 * a   Number to invert.
 * td  Temporary data.
 */
static void sp_256_mont_inv_8(sp_digit* r, const sp_digit* a, sp_digit* td)
{
#ifdef WOLFSSL_SP_SMALL
    sp_digit* t = td;
    int i;

    XMEMCPY(t, a, sizeof(sp_digit) * 8);
    for (i=254; i>=0; i--) {
        sp_256_mont_sqr_8(t, t, p256_mod, p256_mp_mod);
        if (p256_mod_minus_2[i / 32] & ((sp_digit)1 << (i % 32)))
            sp_256_mont_mul_8(t, t, a, p256_mod, p256_mp_mod);
    }
    XMEMCPY(r, t, sizeof(sp_digit) * 8);
#else
    sp_digit* t1 = td;
    sp_digit* t2 = td + 2 * 8;
    sp_digit* t3 = td + 4 * 8;
    /* 0x2 */
    sp_256_mont_sqr_8(t1, a, p256_mod, p256_mp_mod);
    /* 0x3 */
    sp_256_mont_mul_8(t2, t1, a, p256_mod, p256_mp_mod);
    /* 0xc */
    sp_256_mont_sqr_n_8(t1, t2, 2, p256_mod, p256_mp_mod);
    /* 0xd */
    sp_256_mont_mul_8(t3, t1, a, p256_mod, p256_mp_mod);
    /* 0xf */
    sp_256_mont_mul_8(t2, t2, t1, p256_mod, p256_mp_mod);
    /* 0xf0 */
    sp_256_mont_sqr_n_8(t1, t2, 4, p256_mod, p256_mp_mod);
    /* 0xfd */
    sp_256_mont_mul_8(t3, t3, t1, p256_mod, p256_mp_mod);
    /* 0xff */
    sp_256_mont_mul_8(t2, t2, t1, p256_mod, p256_mp_mod);
    /* 0xff00 */
    sp_256_mont_sqr_n_8(t1, t2, 8, p256_mod, p256_mp_mod);
    /* 0xfffd */
    sp_256_mont_mul_8(t3, t3, t1, p256_mod, p256_mp_mod);
    /* 0xffff */
    sp_256_mont_mul_8(t2, t2, t1, p256_mod, p256_mp_mod);
    /* 0xffff0000 */
    sp_256_mont_sqr_n_8(t1, t2, 16, p256_mod, p256_mp_mod);
    /* 0xfffffffd */
    sp_256_mont_mul_8(t3, t3, t1, p256_mod, p256_mp_mod);
    /* 0xffffffff */
    sp_256_mont_mul_8(t2, t2, t1, p256_mod, p256_mp_mod);
    /* 0xffffffff00000000 */
    sp_256_mont_sqr_n_8(t1, t2, 32, p256_mod, p256_mp_mod);
    /* 0xffffffffffffffff */
    sp_256_mont_mul_8(t2, t2, t1, p256_mod, p256_mp_mod);
    /* 0xffffffff00000001 */
    sp_256_mont_mul_8(r, t1, a, p256_mod, p256_mp_mod);
    /* 0xffffffff000000010000000000000000000000000000000000000000 */
    sp_256_mont_sqr_n_8(r, r, 160, p256_mod, p256_mp_mod);
    /* 0xffffffff00000001000000000000000000000000ffffffffffffffff */
    sp_256_mont_mul_8(r, r, t2, p256_mod, p256_mp_mod);
    /* 0xffffffff00000001000000000000000000000000ffffffffffffffff00000000 */
    sp_256_mont_sqr_n_8(r, r, 32, p256_mod, p256_mp_mod);
    /* 0xffffffff00000001000000000000000000000000fffffffffffffffffffffffd */
    sp_256_mont_mul_8(r, r, t3, p256_mod, p256_mp_mod);
#endif /* WOLFSSL_SP_SMALL */
}

/* Compare a with b in constant time.
 *
 * a  A single precision integer.
 * b  A single precision integer.
 * return -ve, 0 or +ve if a is less than, equal to or greater than b
 * respectively.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register const sp_digit* a __asm__ ("r0") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r2, #0xffffffff\n\t"
        "MOV	r8, #0x1\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r3, #0xffffffff\n\t"
#ifdef WOLFSSL_SP_SMALL
        "MOV	r6, #0x1c\n\t"
        "\n"
    "L_sp_256_cmp_8_words:\n\t"
        "LDR	r4, [%[a], r6]\n\t"
        "LDR	r5, [%[b], r6]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "SUBS	r6, r6, #0x4\n\t"
        "bcs	L_sp_256_cmp_8_words\n\t"
        "EOR	r2, r2, r3\n\t"
#else
        "LDR	r4, [%[a], #28]\n\t"
        "LDR	r5, [%[b], #28]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #24]\n\t"
        "LDR	r5, [%[b], #24]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #20]\n\t"
        "LDR	r5, [%[b], #20]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #16]\n\t"
        "LDR	r5, [%[b], #16]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #12]\n\t"
        "LDR	r5, [%[b], #12]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #8]\n\t"
        "LDR	r5, [%[b], #8]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #4]\n\t"
        "LDR	r5, [%[b], #4]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[b]]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "EOR	r2, r2, r3\n\t"
#endif /*WOLFSSL_SP_SMALL */
        "MOV	%[a], r2\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Normalize the values in each word to 32.
 *
 * a  Array of sp_digit to normalize.
 */
#define sp_256_norm_8(a)

#ifdef WOLFSSL_SP_SMALL
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r8, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "\n"
    "L_sp_256_cond_sub_8_words:\n\t"
        "SUBS	r4, r8, r4\n\t"
        "LDR	r6, [%[a], r5]\n\t"
        "LDR	r7, [%[b], r5]\n\t"
        "AND	r7, r7, %[m]\n\t"
        "SBCS	r6, r6, r7\n\t"
        "SBC	r4, r8, r8\n\t"
        "STR	r6, [%[r], r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_256_cond_sub_8_words\n\t"
#else
        "BLT.N	L_sp_256_cond_sub_8_words\n\t"
#endif
        "MOV	%[r], r4\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r5, #0x0\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SUBS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "SBC	%[r], r5, r5\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifndef WOLFSSL_SP_SMALL
#define sp_256_mont_reduce_order_8    sp_256_mont_reduce_8

#ifdef WOLFSSL_SP_NO_UMAAL
/* Reduce the number back to 256 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	lr, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r11, #0x0\n\t"
        "MOV	r3, #0x0\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[a], #4]\n\t"
        "\n"
    "L_sp_256_mont_reduce_8_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	r10, %[mp], r4\n\t"
        /* a[i+0] += m[0] * mu */
        "MOV	r7, #0x0\n\t"
        "UMLAL	r4, r7, r10, lr\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r9, [%[m], #4]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r5, r6, r10, r9\n\t"
        "MOV	r4, r5\n\t"
        "ADDS	r4, r4, r7\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r9, [%[m], #8]\n\t"
        "LDR	r5, [%[a], #8]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r5, r7, r10, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r9, [%[m], #12]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #12]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r9, [%[m], #16]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #16]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r9, [%[m], #20]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #20]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r9, [%[m], #24]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #24]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r9, [%[m], #28]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r9\n\t"
        "ADDS	r7, r7, r8\n\t"
        "ADCS	r6, r9, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, r3\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "ADCS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #32]\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* i += 1 */
        "ADD	r11, r11, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r11, #0x20\n\t"
#ifdef __GNUC__
        "BLT	L_sp_256_mont_reduce_8_word\n\t"
#else
        "BLT.W	L_sp_256_mont_reduce_8_word\n\t"
#endif
        /* Loop Done */
        "STR	r4, [%[a]]\n\t"
        "STR	r5, [%[a], #4]\n\t"
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
}

#else
/* Reduce the number back to 256 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* i = 0 */
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "LDR	r6, [%[a]]\n\t"
        "LDR	r7, [%[a], #4]\n\t"
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[a], #12]\n\t"
        "LDR	r10, [%[a], #16]\n\t"
        "\n"
    "L_sp_256_mont_reduce_8_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	lr, %[mp], r6\n\t"
        /* a[i+0] += m[0] * mu */
        "LDR	r12, [%[m]]\n\t"
        "MOV	r3, #0x0\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r12, [%[m], #4]\n\t"
        "MOV	r6, r7\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r12, [%[m], #8]\n\t"
        "MOV	r7, r8\n\t"
        "UMAAL	r7, r3, lr, r12\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r12, [%[m], #12]\n\t"
        "MOV	r8, r9\n\t"
        "UMAAL	r8, r3, lr, r12\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r12, [%[m], #16]\n\t"
        "MOV	r9, r10\n\t"
        "UMAAL	r9, r3, lr, r12\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r12, [%[m], #20]\n\t"
        "LDR	r10, [%[a], #20]\n\t"
        "UMAAL	r10, r3, lr, r12\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r12, [%[m], #24]\n\t"
        "LDR	r11, [%[a], #24]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #24]\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r12, [%[m], #28]\n\t"
        "LDR	r11, [%[a], #28]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "LDR	lr, [%[a], #32]\n\t"
        "MOV	r12, #0x0\n\t"
        "UMAAL	r3, lr, r12, r12\n\t"
        "STR	r11, [%[a], #28]\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADC	r5, lr, #0x0\n\t"
        "STR	r3, [%[a], #32]\n\t"
        /* i += 1 */
        "ADD	r4, r4, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r4, #0x20\n\t"
#ifdef __GNUC__
        "BLT	L_sp_256_mont_reduce_8_word\n\t"
#else
        "BLT.W	L_sp_256_mont_reduce_8_word\n\t"
#endif
        /* Loop Done */
        "STR	r6, [%[a]]\n\t"
        "STR	r7, [%[a], #4]\n\t"
        "STR	r8, [%[a], #8]\n\t"
        "STR	r9, [%[a], #12]\n\t"
        "STR	r10, [%[a], #16]\n\t"
        "MOV	%[mp], r5\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
}

#endif
#else
/* Reduce the number back to 256 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x44\n\t"
        "STR	%[a], [sp, #64]\n\t"
        "MOV	lr, sp\n\t"
        "LDM	%[a]!, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
        "STM	lr!, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
        "LDM	%[a], {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
        "STM	lr, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
        /* Start Reduction */
        "LDM	sp, {r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
        "MOV	r3, r11\n\t"
        "MOV	r4, r12\n\t"
        /* mu = a[0]-a[7] + a[0]-a[4] << 96 + (a[0]-a[1] * 2) << 192 */
        /*    - a[0] << 224 */
        /*   + (a[0]-a[1] * 2) << (6 * 32) */
        "ADDS	r11, r11, r5\n\t"
        "ADC	r12, r12, r6\n\t"
        "ADDS	r11, r11, r5\n\t"
        "ADC	r12, r12, r6\n\t"
        /*   - a[0] << (7 * 32) */
        "SUB	r12, r12, r5\n\t"
        /*   + a[0]-a[4] << (3 * 32) */
        "MOV	r0, r8\n\t"
        "MOV	r1, r9\n\t"
        "MOV	r2, r10\n\t"
        "ADDS	r8, r8, r5\n\t"
        "ADCS	r9, r9, r6\n\t"
        "ADCS	r10, r10, r7\n\t"
        "ADCS	r11, r11, r0\n\t"
        "ADC	r12, r12, r1\n\t"
        /* a += mu * m */
        /*   += mu * ((1 << 256) - (1 << 224) + (1 << 192) + (1 << 96) - 1) */
        /* a[0]   =                     = t[0] */
        /* a[1]   =                     = t[1] */
        /* a[2]   =                     = t[2] */
        /* a[3]  +=                t[0] = t[3] */
        /* a[4]  +=                t[1] = t[4] */
        /* a[5]  +=                t[2] = t[5] */
        /* a[6]  +=         t[0] + t[3] = t[6] */
        /* a[7]  +=         t[1] + t[4] = t[7] + t[0] */
        "ADDS	r0, r0, r5\n\t"
        "ADCS	r1, r1, r6\n\t"
        "ADCS	r2, r2, r7\n\t"
        "ADCS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	lr, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "STR	r4, [sp, #28]\n\t"
        /* a[8]  +=  t[0] + t[2] + t[5] */
        /* a[9]  +=  t[1] + t[3] + t[6] */
        /* a[10] +=  t[2] + t[4] + t[7] */
        "ADD	r0, sp, #0x20\n\t"
        "LDM	r0, {r2, r3, r4}\n\t"
        "ADDS	r2, r2, lr\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "MOV	lr, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r2, r2, r7\n\t"
        "ADCS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r2, r2, r10\n\t"
        "ADCS	r3, r3, r11\n\t"
        "ADCS	r4, r4, r12\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "STM	r0!, {r2, r3, r4}\n\t"
        /* a[11] +=  t[3] + t[5] + carry */
        /* a[12] +=  t[4] + t[6] */
        /* a[13] +=  t[5] + t[7] */
        /* a[14] +=  t[6] */
        /* a[15] +=  t[7] */
        "LDM	r0, {r0, r1, r2, r3, r4}\n\t"
        "ADDS	r0, r0, lr\n\t"
        "ADCS	r1, r1, #0x0\n\t"
        "ADCS	r2, r2, #0x0\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "MOV	lr, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r0, r0, r8\n\t"
        "ADCS	r1, r1, r9\n\t"
        "ADCS	r2, r2, r10\n\t"
        "ADCS	r3, r3, r11\n\t"
        "ADCS	r4, r4, r12\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r0, r0, r10\n\t"
        "ADCS	r1, r1, r11\n\t"
        "ADCS	r2, r2, r12\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "STR	r0, [sp, #44]\n\t"
        "STR	r1, [sp, #48]\n\t"
        "STR	r2, [sp, #52]\n\t"
        "STR	r3, [sp, #56]\n\t"
        /* a[7..15] - t[0..7] */
        "ADD	r0, sp, #0x1c\n\t"
        "LDM	r0, {r0, r1, r2, r3}\n\t"
        "SUBS	r0, r0, r5\n\t"
        "SBCS	r1, r1, r6\n\t"
        "SBCS	r2, r2, r7\n\t"
        "SBCS	r3, r3, r8\n\t"
        "ADD	r0, sp, #0x2c\n\t"
        "MOV	r8, r4\n\t"
        "LDM	r0, {r4, r5, r6, r7}\n\t"
        "SBCS	r4, r4, r9\n\t"
        "SBCS	r5, r5, r10\n\t"
        "SBCS	r6, r6, r11\n\t"
        "SBCS	r7, r7, r12\n\t"
        "SBCS	r8, r8, #0x0\n\t"
        "SBC	lr, lr, #0x0\n\t"
        /* mask m and sub from result if overflow */
        "RSB	lr, lr, #0x0\n\t"
        "SUBS	r1, r1, lr\n\t"
        "SBCS	r2, r2, lr\n\t"
        "SBCS	r3, r3, lr\n\t"
        "SBCS	r4, r4, #0x0\n\t"
        "SBCS	r5, r5, #0x0\n\t"
        "SBCS	r6, r6, #0x0\n\t"
        "SBCS	r7, r7, lr, LSR #31\n\t"
        "SBC	r8, r8, lr\n\t"
        "LDR	%[a], [sp, #64]\n\t"
        "STM	%[a], {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
        "ADD	sp, sp, #0x44\n\t"
        : [a] "+r" (a)
        :
        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)m_p;
#else
    (void)m;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)mp_p;
#else
    (void)mp;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
}

#ifdef WOLFSSL_SP_NO_UMAAL
/* Reduce the number back to 256 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	lr, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r11, #0x0\n\t"
        "MOV	r3, #0x0\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[a], #4]\n\t"
        "\n"
    "L_sp_256_mont_reduce_order_8_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	r10, %[mp], r4\n\t"
        /* a[i+0] += m[0] * mu */
        "MOV	r7, #0x0\n\t"
        "UMLAL	r4, r7, r10, lr\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r9, [%[m], #4]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r5, r6, r10, r9\n\t"
        "MOV	r4, r5\n\t"
        "ADDS	r4, r4, r7\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r9, [%[m], #8]\n\t"
        "LDR	r5, [%[a], #8]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r5, r7, r10, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r9, [%[m], #12]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #12]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r9, [%[m], #16]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #16]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r9, [%[m], #20]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #20]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r9, [%[m], #24]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #24]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r9, [%[m], #28]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r9\n\t"
        "ADDS	r7, r7, r8\n\t"
        "ADCS	r6, r9, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, r3\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "ADCS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #32]\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* i += 1 */
        "ADD	r11, r11, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r11, #0x20\n\t"
#ifdef __GNUC__
        "BLT	L_sp_256_mont_reduce_order_8_word\n\t"
#else
        "BLT.W	L_sp_256_mont_reduce_order_8_word\n\t"
#endif
        /* Loop Done */
        "STR	r4, [%[a]]\n\t"
        "STR	r5, [%[a], #4]\n\t"
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
}

#else
/* Reduce the number back to 256 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* i = 0 */
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "LDR	r6, [%[a]]\n\t"
        "LDR	r7, [%[a], #4]\n\t"
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[a], #12]\n\t"
        "LDR	r10, [%[a], #16]\n\t"
        "\n"
    "L_sp_256_mont_reduce_order_8_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	lr, %[mp], r6\n\t"
        /* a[i+0] += m[0] * mu */
        "LDR	r12, [%[m]]\n\t"
        "MOV	r3, #0x0\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r12, [%[m], #4]\n\t"
        "MOV	r6, r7\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r12, [%[m], #8]\n\t"
        "MOV	r7, r8\n\t"
        "UMAAL	r7, r3, lr, r12\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r12, [%[m], #12]\n\t"
        "MOV	r8, r9\n\t"
        "UMAAL	r8, r3, lr, r12\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r12, [%[m], #16]\n\t"
        "MOV	r9, r10\n\t"
        "UMAAL	r9, r3, lr, r12\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r12, [%[m], #20]\n\t"
        "LDR	r10, [%[a], #20]\n\t"
        "UMAAL	r10, r3, lr, r12\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r12, [%[m], #24]\n\t"
        "LDR	r11, [%[a], #24]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #24]\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r12, [%[m], #28]\n\t"
        "LDR	r11, [%[a], #28]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "LDR	lr, [%[a], #32]\n\t"
        "MOV	r12, #0x0\n\t"
        "UMAAL	r3, lr, r12, r12\n\t"
        "STR	r11, [%[a], #28]\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADC	r5, lr, #0x0\n\t"
        "STR	r3, [%[a], #32]\n\t"
        /* i += 1 */
        "ADD	r4, r4, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r4, #0x20\n\t"
#ifdef __GNUC__
        "BLT	L_sp_256_mont_reduce_order_8_word\n\t"
#else
        "BLT.W	L_sp_256_mont_reduce_order_8_word\n\t"
#endif
        /* Loop Done */
        "STR	r6, [%[a]]\n\t"
        "STR	r7, [%[a], #4]\n\t"
        "STR	r8, [%[a], #8]\n\t"
        "STR	r9, [%[a], #12]\n\t"
        "STR	r10, [%[a], #16]\n\t"
        "MOV	%[mp], r5\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
}

#endif
#endif /* WOLFSSL_SP_SMALL */
/* Map the Montgomery form projective coordinate point to an affine point.
 *
 * r  Resulting affine coordinate point.
 * p  Montgomery form projective coordinate point.
 * t  Temporary ordinate data.
 */
static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
    sp_digit* t)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t + 2*8;
    sp_int32 n;

    sp_256_mont_inv_8(t1, p->z, t + 2*8);

    sp_256_mont_sqr_8(t2, t1, p256_mod, p256_mp_mod);
    sp_256_mont_mul_8(t1, t2, t1, p256_mod, p256_mp_mod);

    /* x /= z^2 */
    sp_256_mont_mul_8(r->x, p->x, t2, p256_mod, p256_mp_mod);
    XMEMSET(r->x + 8, 0, sizeof(sp_digit) * 8U);
    sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod);
    /* Reduce x to less than modulus */
    n = sp_256_cmp_8(r->x, p256_mod);
    sp_256_cond_sub_8(r->x, r->x, p256_mod, ~(n >> 31));
    sp_256_norm_8(r->x);

    /* y /= z^3 */
    sp_256_mont_mul_8(r->y, p->y, t1, p256_mod, p256_mp_mod);
    XMEMSET(r->y + 8, 0, sizeof(sp_digit) * 8U);
    sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod);
    /* Reduce y to less than modulus */
    n = sp_256_cmp_8(r->y, p256_mod);
    sp_256_cond_sub_8(r->y, r->y, p256_mod, ~(n >> 31));
    sp_256_norm_8(r->y);

    XMEMSET(r->z, 0, sizeof(r->z) / 2);
    r->z[0] = 1;
}

/* Add two Montgomery form numbers (r = a + b % m).
 *
 * r   Result of addition.
 * a   First number to add in Montgomery form.
 * b   Second number to add in Montgomery form.
 * m   Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	lr, #0x0\n\t"
        "LDM	%[a], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
        "LDM	%[b]!, {r3, r4}\n\t"
        "ADDS	r5, r5, r3\n\t"
        "ADCS	r6, r6, r4\n\t"
        "LDM	%[b]!, {r3, r4}\n\t"
        "ADCS	r7, r7, r3\n\t"
        "ADCS	r8, r8, r4\n\t"
        "LDM	%[b]!, {r3, r4}\n\t"
        "ADCS	r9, r9, r3\n\t"
        "ADCS	r10, r10, r4\n\t"
        "LDM	%[b]!, {r3, r4}\n\t"
        "ADCS	r11, r11, r3\n\t"
        "ADCS	r12, r12, r4\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "RSB	lr, lr, #0x0\n\t"
        "SUBS	r5, r5, lr\n\t"
        "SBCS	r6, r6, lr\n\t"
        "SBCS	r7, r7, lr\n\t"
        "SBCS	r8, r8, #0x0\n\t"
        "SBCS	r9, r9, #0x0\n\t"
        "SBCS	r10, r10, #0x0\n\t"
        "SBCS	r11, r11, lr, LSR #31\n\t"
        "SBCS	r12, r12, lr\n\t"
        "SBC	%[b], %[b], %[b]\n\t"
        "SUB	lr, lr, %[b]\n\t"
        "SUBS	r5, r5, lr\n\t"
        "SBCS	r6, r6, lr\n\t"
        "SBCS	r7, r7, lr\n\t"
        "SBCS	r8, r8, #0x0\n\t"
        "SBCS	r9, r9, #0x0\n\t"
        "SBCS	r10, r10, #0x0\n\t"
        "SBCS	r11, r11, lr, LSR #31\n\t"
        "SBC	r12, r12, lr\n\t"
        "STM	%[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)m_p;
#else
    (void)m;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
}

/* Double a Montgomery form number (r = a + a % m).
 *
 * r   Result of doubling.
 * a   Number to double in Montgomery form.
 * m   Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r2, #0x0\n\t"
        "LDM	%[a], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADDS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "ADCS	r11, r11, r11\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "RSB	r2, r2, #0x0\n\t"
        "SUBS	r4, r4, r2\n\t"
        "SBCS	r5, r5, r2\n\t"
        "SBCS	r6, r6, r2\n\t"
        "SBCS	r7, r7, #0x0\n\t"
        "SBCS	r8, r8, #0x0\n\t"
        "SBCS	r9, r9, #0x0\n\t"
        "SBCS	r10, r10, r2, LSR #31\n\t"
        "SBCS	r11, r11, r2\n\t"
        "SBC	%[a], %[a], %[a]\n\t"
        "SUB	r2, r2, %[a]\n\t"
        "SUBS	r4, r4, r2\n\t"
        "SBCS	r5, r5, r2\n\t"
        "SBCS	r6, r6, r2\n\t"
        "SBCS	r7, r7, #0x0\n\t"
        "SBCS	r8, r8, #0x0\n\t"
        "SBCS	r9, r9, #0x0\n\t"
        "SBCS	r10, r10, r2, LSR #31\n\t"
        "SBC	r11, r11, r2\n\t"
        "STM	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "cc"
    );
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)m_p;
#else
    (void)m;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
}

/* Triple a Montgomery form number (r = a + a + a % m).
 *
 * r   Result of Tripling.
 * a   Number to triple in Montgomery form.
 * m   Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r12, #0x0\n\t"
        "LDM	%[a], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADDS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "ADCS	r11, r11, r11\n\t"
        "ADC	r12, r12, #0x0\n\t"
        "RSB	r12, r12, #0x0\n\t"
        "SUBS	r4, r4, r12\n\t"
        "SBCS	r5, r5, r12\n\t"
        "SBCS	r6, r6, r12\n\t"
        "SBCS	r7, r7, #0x0\n\t"
        "SBCS	r8, r8, #0x0\n\t"
        "SBCS	r9, r9, #0x0\n\t"
        "SBCS	r10, r10, r12, LSR #31\n\t"
        "SBCS	r11, r11, r12\n\t"
        "SBC	r2, r2, r2\n\t"
        "SUB	r12, r12, r2\n\t"
        "SUBS	r4, r4, r12\n\t"
        "SBCS	r5, r5, r12\n\t"
        "SBCS	r6, r6, r12\n\t"
        "SBCS	r7, r7, #0x0\n\t"
        "SBCS	r8, r8, #0x0\n\t"
        "SBCS	r9, r9, #0x0\n\t"
        "SBCS	r10, r10, r12, LSR #31\n\t"
        "SBC	r11, r11, r12\n\t"
        "LDM	%[a]!, {r2, r3}\n\t"
        "ADDS	r4, r4, r2\n\t"
        "ADCS	r5, r5, r3\n\t"
        "LDM	%[a]!, {r2, r3}\n\t"
        "ADCS	r6, r6, r2\n\t"
        "ADCS	r7, r7, r3\n\t"
        "LDM	%[a]!, {r2, r3}\n\t"
        "ADCS	r8, r8, r2\n\t"
        "ADCS	r9, r9, r3\n\t"
        "LDM	%[a]!, {r2, r3}\n\t"
        "ADCS	r10, r10, r2\n\t"
        "ADCS	r11, r11, r3\n\t"
        "ADC	r12, r12, #0x0\n\t"
        "RSB	r12, r12, #0x0\n\t"
        "SUBS	r4, r4, r12\n\t"
        "SBCS	r5, r5, r12\n\t"
        "SBCS	r6, r6, r12\n\t"
        "SBCS	r7, r7, #0x0\n\t"
        "SBCS	r8, r8, #0x0\n\t"
        "SBCS	r9, r9, #0x0\n\t"
        "SBCS	r10, r10, r12, LSR #31\n\t"
        "SBCS	r11, r11, r12\n\t"
        "SBC	r2, r2, r2\n\t"
        "SUB	r12, r12, r2\n\t"
        "SUBS	r4, r4, r12\n\t"
        "SBCS	r5, r5, r12\n\t"
        "SBCS	r6, r6, r12\n\t"
        "SBCS	r7, r7, #0x0\n\t"
        "SBCS	r8, r8, #0x0\n\t"
        "SBCS	r9, r9, #0x0\n\t"
        "SBCS	r10, r10, r12, LSR #31\n\t"
        "SBC	r11, r11, r12\n\t"
        "STM	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "r12", "cc"
    );
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)m_p;
#else
    (void)m;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
}

/* Subtract two Montgomery form numbers (r = a - b % m).
 *
 * r   Result of subtration.
 * a   Number to subtract from in Montgomery form.
 * b   Number to subtract with in Montgomery form.
 * m   Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	lr, #0x0\n\t"
        "LDM	%[a], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
        "LDM	%[b]!, {r3, r4}\n\t"
        "SUBS	r5, r5, r3\n\t"
        "SBCS	r6, r6, r4\n\t"
        "LDM	%[b]!, {r3, r4}\n\t"
        "SBCS	r7, r7, r3\n\t"
        "SBCS	r8, r8, r4\n\t"
        "LDM	%[b]!, {r3, r4}\n\t"
        "SBCS	r9, r9, r3\n\t"
        "SBCS	r10, r10, r4\n\t"
        "LDM	%[b]!, {r3, r4}\n\t"
        "SBCS	r11, r11, r3\n\t"
        "SBCS	r12, r12, r4\n\t"
        "SBC	lr, lr, #0x0\n\t"
        "ADDS	r5, r5, lr\n\t"
        "ADCS	r6, r6, lr\n\t"
        "ADCS	r7, r7, lr\n\t"
        "ADCS	r8, r8, #0x0\n\t"
        "ADCS	r9, r9, #0x0\n\t"
        "ADCS	r10, r10, #0x0\n\t"
        "ADCS	r11, r11, lr, LSR #31\n\t"
        "ADCS	r12, r12, lr\n\t"
        "ADC	lr, lr, #0x0\n\t"
        "ADDS	r5, r5, lr\n\t"
        "ADCS	r6, r6, lr\n\t"
        "ADCS	r7, r7, lr\n\t"
        "ADCS	r8, r8, #0x0\n\t"
        "ADCS	r9, r9, #0x0\n\t"
        "ADCS	r10, r10, #0x0\n\t"
        "ADCS	r11, r11, lr, LSR #31\n\t"
        "ADC	r12, r12, lr\n\t"
        "STM	%[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)m_p;
#else
    (void)m;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
}

/* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m)
 *
 * r  Result of division by 2.
 * a  Number to divide.
 * m  Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_256_mont_div2_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_256_mont_div2_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r2") = (const sp_digit*)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r4, r5, r6, r7}\n\t"
        "AND	r3, r4, #0x1\n\t"
        "RSB	r8, r3, #0x0\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "STM	%[r], {r4, r5, r6, r7}\n\t"
        "LDRD	r4, r5, [%[a], #16]\n\t"
        "LDRD	r6, r7, [%[a], #24]\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "ADCS	r5, r5, #0x0\n\t"
        "ADCS	r6, r6, r8, LSR #31\n\t"
        "ADCS	r7, r7, r8\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "LSR	r8, r4, #1\n\t"
        "LSR	r9, r5, #1\n\t"
        "LSR	r10, r6, #1\n\t"
        "LSR	r11, r7, #1\n\t"
        "ORR	r8, r8, r5, LSL #31\n\t"
        "ORR	r9, r9, r6, LSL #31\n\t"
        "ORR	r10, r10, r7, LSL #31\n\t"
        "ORR	r11, r11, r3, LSL #31\n\t"
        "MOV	r3, r4\n\t"
        "STRD	r8, r9, [%[r], #16]\n\t"
        "STRD	r10, r11, [%[r], #24]\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LSR	r8, r4, #1\n\t"
        "LSR	r9, r5, #1\n\t"
        "LSR	r10, r6, #1\n\t"
        "LSR	r11, r7, #1\n\t"
        "ORR	r8, r8, r5, LSL #31\n\t"
        "ORR	r9, r9, r6, LSL #31\n\t"
        "ORR	r10, r10, r7, LSL #31\n\t"
        "ORR	r11, r11, r3, LSL #31\n\t"
        "STM	%[r], {r8, r9, r10, r11}\n\t"
        : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "cc"
    );
}

/* Double the Montgomery form projective point p.
 *
 * r  Result of doubling point.
 * p  Point to double.
 * t  Temporary ordinate data.
 */
static void sp_256_proj_point_dbl_8(sp_point_256* r, const sp_point_256* p,
    sp_digit* t)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t + 2*8;
    sp_digit* x;
    sp_digit* y;
    sp_digit* z;

    x = r->x;
    y = r->y;
    z = r->z;
    /* Put infinity into result. */
    if (r != p) {
        r->infinity = p->infinity;
    }

    /* T1 = Z * Z */
    sp_256_mont_sqr_8(t1, p->z, p256_mod, p256_mp_mod);
    /* Z = Y * Z */
    sp_256_mont_mul_8(z, p->y, p->z, p256_mod, p256_mp_mod);
    /* Z = 2Z */
    sp_256_mont_dbl_8(z, z, p256_mod);
    /* T2 = X - T1 */
    sp_256_mont_sub_8(t2, p->x, t1, p256_mod);
    /* T1 = X + T1 */
    sp_256_mont_add_8(t1, p->x, t1, p256_mod);
    /* T2 = T1 * T2 */
    sp_256_mont_mul_8(t2, t1, t2, p256_mod, p256_mp_mod);
    /* T1 = 3T2 */
    sp_256_mont_tpl_8(t1, t2, p256_mod);
    /* Y = 2Y */
    sp_256_mont_dbl_8(y, p->y, p256_mod);
    /* Y = Y * Y */
    sp_256_mont_sqr_8(y, y, p256_mod, p256_mp_mod);
    /* T2 = Y * Y */
    sp_256_mont_sqr_8(t2, y, p256_mod, p256_mp_mod);
    /* T2 = T2/2 */
    sp_256_mont_div2_8(t2, t2, p256_mod);
    /* Y = Y * X */
    sp_256_mont_mul_8(y, y, p->x, p256_mod, p256_mp_mod);
    /* X = T1 * T1 */
    sp_256_mont_sqr_8(x, t1, p256_mod, p256_mp_mod);
    /* X = X - Y */
    sp_256_mont_sub_8(x, x, y, p256_mod);
    /* X = X - Y */
    sp_256_mont_sub_8(x, x, y, p256_mod);
    /* Y = Y - X */
    sp_256_mont_sub_8(y, y, x, p256_mod);
    /* Y = Y * T1 */
    sp_256_mont_mul_8(y, y, t1, p256_mod, p256_mp_mod);
    /* Y = Y - T2 */
    sp_256_mont_sub_8(y, y, t2, p256_mod);
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_256_proj_point_dbl_8_ctx {
    int state;
    sp_digit* t1;
    sp_digit* t2;
    sp_digit* x;
    sp_digit* y;
    sp_digit* z;
} sp_256_proj_point_dbl_8_ctx;

/* Double the Montgomery form projective point p.
 *
 * r  Result of doubling point.
 * p  Point to double.
 * t  Temporary ordinate data.
 */
static int sp_256_proj_point_dbl_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
        const sp_point_256* p, sp_digit* t)
{
    int err = FP_WOULDBLOCK;
    sp_256_proj_point_dbl_8_ctx* ctx = (sp_256_proj_point_dbl_8_ctx*)sp_ctx->data;

    typedef char ctx_size_test[sizeof(sp_256_proj_point_dbl_8_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0:
        ctx->t1 = t;
        ctx->t2 = t + 2*8;
        ctx->x = r->x;
        ctx->y = r->y;
        ctx->z = r->z;

        /* Put infinity into result. */
        if (r != p) {
            r->infinity = p->infinity;
        }
        ctx->state = 1;
        break;
    case 1:
        /* T1 = Z * Z */
        sp_256_mont_sqr_8(ctx->t1, p->z, p256_mod, p256_mp_mod);
        ctx->state = 2;
        break;
    case 2:
        /* Z = Y * Z */
        sp_256_mont_mul_8(ctx->z, p->y, p->z, p256_mod, p256_mp_mod);
        ctx->state = 3;
        break;
    case 3:
        /* Z = 2Z */
        sp_256_mont_dbl_8(ctx->z, ctx->z, p256_mod);
        ctx->state = 4;
        break;
    case 4:
        /* T2 = X - T1 */
        sp_256_mont_sub_8(ctx->t2, p->x, ctx->t1, p256_mod);
        ctx->state = 5;
        break;
    case 5:
        /* T1 = X + T1 */
        sp_256_mont_add_8(ctx->t1, p->x, ctx->t1, p256_mod);
        ctx->state = 6;
        break;
    case 6:
        /* T2 = T1 * T2 */
        sp_256_mont_mul_8(ctx->t2, ctx->t1, ctx->t2, p256_mod, p256_mp_mod);
        ctx->state = 7;
        break;
    case 7:
        /* T1 = 3T2 */
        sp_256_mont_tpl_8(ctx->t1, ctx->t2, p256_mod);
        ctx->state = 8;
        break;
    case 8:
        /* Y = 2Y */
        sp_256_mont_dbl_8(ctx->y, p->y, p256_mod);
        ctx->state = 9;
        break;
    case 9:
        /* Y = Y * Y */
        sp_256_mont_sqr_8(ctx->y, ctx->y, p256_mod, p256_mp_mod);
        ctx->state = 10;
        break;
    case 10:
        /* T2 = Y * Y */
        sp_256_mont_sqr_8(ctx->t2, ctx->y, p256_mod, p256_mp_mod);
        ctx->state = 11;
        break;
    case 11:
        /* T2 = T2/2 */
        sp_256_mont_div2_8(ctx->t2, ctx->t2, p256_mod);
        ctx->state = 12;
        break;
    case 12:
        /* Y = Y * X */
        sp_256_mont_mul_8(ctx->y, ctx->y, p->x, p256_mod, p256_mp_mod);
        ctx->state = 13;
        break;
    case 13:
        /* X = T1 * T1 */
        sp_256_mont_sqr_8(ctx->x, ctx->t1, p256_mod, p256_mp_mod);
        ctx->state = 14;
        break;
    case 14:
        /* X = X - Y */
        sp_256_mont_sub_8(ctx->x, ctx->x, ctx->y, p256_mod);
        ctx->state = 15;
        break;
    case 15:
        /* X = X - Y */
        sp_256_mont_sub_8(ctx->x, ctx->x, ctx->y, p256_mod);
        ctx->state = 16;
        break;
    case 16:
        /* Y = Y - X */
        sp_256_mont_sub_8(ctx->y, ctx->y, ctx->x, p256_mod);
        ctx->state = 17;
        break;
    case 17:
        /* Y = Y * T1 */
        sp_256_mont_mul_8(ctx->y, ctx->y, ctx->t1, p256_mod, p256_mp_mod);
        ctx->state = 18;
        break;
    case 18:
        /* Y = Y - T2 */
        sp_256_mont_sub_8(ctx->y, ctx->y, ctx->t2, p256_mod);
        ctx->state = 19;
        /* fall-through */
    case 19:
        err = MP_OKAY;
        break;
    }

    if (err == MP_OKAY && ctx->state != 19) {
        err = FP_WOULDBLOCK;
    }

    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */
/* Compare two numbers to determine if they are equal.
 * Constant time implementation.
 *
 * a  First number to compare.
 * b  Second number to compare.
 * returns 1 when equal and 0 otherwise.
 */
static int sp_256_cmp_equal_8(const sp_digit* a, const sp_digit* b)
{
    return ((a[0] ^ b[0]) | (a[1] ^ b[1]) | (a[2] ^ b[2]) |
            (a[3] ^ b[3]) | (a[4] ^ b[4]) | (a[5] ^ b[5]) |
            (a[6] ^ b[6]) | (a[7] ^ b[7])) == 0;
}

/* Returns 1 if the number of zero.
 * Implementation is constant time.
 *
 * a  Number to check.
 * returns 1 if the number is zero and 0 otherwise.
 */
static int sp_256_iszero_8(const sp_digit* a)
{
    return (a[0] | a[1] | a[2] | a[3] | a[4] | a[5] | a[6] | a[7]) == 0;
}


/* Add two Montgomery form projective points.
 *
 * r  Result of addition.
 * p  First point to add.
 * q  Second point to add.
 * t  Temporary ordinate data.
 */
static void sp_256_proj_point_add_8(sp_point_256* r,
        const sp_point_256* p, const sp_point_256* q, sp_digit* t)
{
    sp_digit* t6 = t;
    sp_digit* t1 = t + 2*8;
    sp_digit* t2 = t + 4*8;
    sp_digit* t3 = t + 6*8;
    sp_digit* t4 = t + 8*8;
    sp_digit* t5 = t + 10*8;

    /* U1 = X1*Z2^2 */
    sp_256_mont_sqr_8(t1, q->z, p256_mod, p256_mp_mod);
    sp_256_mont_mul_8(t3, t1, q->z, p256_mod, p256_mp_mod);
    sp_256_mont_mul_8(t1, t1, p->x, p256_mod, p256_mp_mod);
    /* U2 = X2*Z1^2 */
    sp_256_mont_sqr_8(t2, p->z, p256_mod, p256_mp_mod);
    sp_256_mont_mul_8(t4, t2, p->z, p256_mod, p256_mp_mod);
    sp_256_mont_mul_8(t2, t2, q->x, p256_mod, p256_mp_mod);
    /* S1 = Y1*Z2^3 */
    sp_256_mont_mul_8(t3, t3, p->y, p256_mod, p256_mp_mod);
    /* S2 = Y2*Z1^3 */
    sp_256_mont_mul_8(t4, t4, q->y, p256_mod, p256_mp_mod);

    /* Check double */
    if ((~p->infinity) & (~q->infinity) &
            sp_256_cmp_equal_8(t2, t1) &
            sp_256_cmp_equal_8(t4, t3)) {
        sp_256_proj_point_dbl_8(r, p, t);
    }
    else {
        sp_digit* x = t6;
        sp_digit* y = t1;
        sp_digit* z = t2;

        /* H = U2 - U1 */
        sp_256_mont_sub_8(t2, t2, t1, p256_mod);
        /* R = S2 - S1 */
        sp_256_mont_sub_8(t4, t4, t3, p256_mod);
        /* X3 = R^2 - H^3 - 2*U1*H^2 */
        sp_256_mont_sqr_8(t5, t2, p256_mod, p256_mp_mod);
        sp_256_mont_mul_8(y, t1, t5, p256_mod, p256_mp_mod);
        sp_256_mont_mul_8(t5, t5, t2, p256_mod, p256_mp_mod);
        /* Z3 = H*Z1*Z2 */
        sp_256_mont_mul_8(z, p->z, t2, p256_mod, p256_mp_mod);
        sp_256_mont_mul_8(z, z, q->z, p256_mod, p256_mp_mod);
        sp_256_mont_sqr_8(x, t4, p256_mod, p256_mp_mod);
        sp_256_mont_sub_8(x, x, t5, p256_mod);
        sp_256_mont_mul_8(t5, t5, t3, p256_mod, p256_mp_mod);
        sp_256_mont_dbl_8(t3, y, p256_mod);
        sp_256_mont_sub_8(x, x, t3, p256_mod);
        /* Y3 = R*(U1*H^2 - X3) - S1*H^3 */
        sp_256_mont_sub_8(y, y, x, p256_mod);
        sp_256_mont_mul_8(y, y, t4, p256_mod, p256_mp_mod);
        sp_256_mont_sub_8(y, y, t5, p256_mod);
        {
            int i;
            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
            sp_digit maskt = ~(maskp | maskq);
            sp_digit inf = (sp_digit)(p->infinity & q->infinity);

            for (i = 0; i < 8; i++) {
                r->x[i] = (p->x[i] & maskp) | (q->x[i] & maskq) |
                          (x[i] & maskt);
            }
            for (i = 0; i < 8; i++) {
                r->y[i] = (p->y[i] & maskp) | (q->y[i] & maskq) |
                          (y[i] & maskt);
            }
            for (i = 0; i < 8; i++) {
                r->z[i] = (p->z[i] & maskp) | (q->z[i] & maskq) |
                          (z[i] & maskt);
            }
            r->z[0] |= inf;
            r->infinity = (word32)inf;
        }
    }
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_256_proj_point_add_8_ctx {
    int state;
    sp_256_proj_point_dbl_8_ctx dbl_ctx;
    const sp_point_256* ap[2];
    sp_point_256* rp[2];
    sp_digit* t1;
    sp_digit* t2;
    sp_digit* t3;
    sp_digit* t4;
    sp_digit* t5;
    sp_digit* t6;
    sp_digit* x;
    sp_digit* y;
    sp_digit* z;
} sp_256_proj_point_add_8_ctx;

/* Add two Montgomery form projective points.
 *
 * r  Result of addition.
 * p  First point to add.
 * q  Second point to add.
 * t  Temporary ordinate data.
 */
static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
    const sp_point_256* p, const sp_point_256* q, sp_digit* t)
{
    int err = FP_WOULDBLOCK;
    sp_256_proj_point_add_8_ctx* ctx = (sp_256_proj_point_add_8_ctx*)sp_ctx->data;

    /* Ensure only the first point is the same as the result. */
    if (q == r) {
        const sp_point_256* a = p;
        p = q;
        q = a;
    }

    typedef char ctx_size_test[sizeof(sp_256_proj_point_add_8_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0: /* INIT */
        ctx->t6 = t;
        ctx->t1 = t + 2*8;
        ctx->t2 = t + 4*8;
        ctx->t3 = t + 6*8;
        ctx->t4 = t + 8*8;
        ctx->t5 = t + 10*8;
        ctx->x = ctx->t6;
        ctx->y = ctx->t1;
        ctx->z = ctx->t2;

        ctx->state = 1;
        break;
    case 1:
        /* U1 = X1*Z2^2 */
        sp_256_mont_sqr_8(ctx->t1, q->z, p256_mod, p256_mp_mod);
        ctx->state = 2;
        break;
    case 2:
        sp_256_mont_mul_8(ctx->t3, ctx->t1, q->z, p256_mod, p256_mp_mod);
        ctx->state = 3;
        break;
    case 3:
        sp_256_mont_mul_8(ctx->t1, ctx->t1, p->x, p256_mod, p256_mp_mod);
        ctx->state = 4;
        break;
    case 4:
        /* U2 = X2*Z1^2 */
        sp_256_mont_sqr_8(ctx->t2, p->z, p256_mod, p256_mp_mod);
        ctx->state = 5;
        break;
    case 5:
        sp_256_mont_mul_8(ctx->t4, ctx->t2, p->z, p256_mod, p256_mp_mod);
        ctx->state = 6;
        break;
    case 6:
        sp_256_mont_mul_8(ctx->t2, ctx->t2, q->x, p256_mod, p256_mp_mod);
        ctx->state = 7;
        break;
    case 7:
        /* S1 = Y1*Z2^3 */
        sp_256_mont_mul_8(ctx->t3, ctx->t3, p->y, p256_mod, p256_mp_mod);
        ctx->state = 8;
        break;
    case 8:
        /* S2 = Y2*Z1^3 */
        sp_256_mont_mul_8(ctx->t4, ctx->t4, q->y, p256_mod, p256_mp_mod);
        ctx->state = 9;
        break;
    case 9:
        /* Check double */
        if ((~p->infinity) & (~q->infinity) &
                sp_256_cmp_equal_8(ctx->t2, ctx->t1) &
                sp_256_cmp_equal_8(ctx->t4, ctx->t3)) {
            XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
            sp_256_proj_point_dbl_8(r, p, t);
            ctx->state = 25;
        }
        else {
            ctx->state = 10;
        }
        break;
    case 10:
        /* H = U2 - U1 */
        sp_256_mont_sub_8(ctx->t2, ctx->t2, ctx->t1, p256_mod);
        ctx->state = 11;
        break;
    case 11:
        /* R = S2 - S1 */
        sp_256_mont_sub_8(ctx->t4, ctx->t4, ctx->t3, p256_mod);
        ctx->state = 12;
        break;
    case 12:
        /* X3 = R^2 - H^3 - 2*U1*H^2 */
        sp_256_mont_sqr_8(ctx->t5, ctx->t2, p256_mod, p256_mp_mod);
        ctx->state = 13;
        break;
    case 13:
        sp_256_mont_mul_8(ctx->y, ctx->t1, ctx->t5, p256_mod, p256_mp_mod);
        ctx->state = 14;
        break;
    case 14:
        sp_256_mont_mul_8(ctx->t5, ctx->t5, ctx->t2, p256_mod, p256_mp_mod);
        ctx->state = 15;
        break;
    case 15:
        /* Z3 = H*Z1*Z2 */
        sp_256_mont_mul_8(ctx->z, p->z, ctx->t2, p256_mod, p256_mp_mod);
        ctx->state = 16;
        break;
    case 16:
        sp_256_mont_mul_8(ctx->z, ctx->z, q->z, p256_mod, p256_mp_mod);
        ctx->state = 17;
        break;
    case 17:
        sp_256_mont_sqr_8(ctx->x, ctx->t4, p256_mod, p256_mp_mod);
        ctx->state = 18;
        break;
    case 18:
        sp_256_mont_sub_8(ctx->x, ctx->x, ctx->t5, p256_mod);
        ctx->state = 19;
        break;
    case 19:
        sp_256_mont_mul_8(ctx->t5, ctx->t5, ctx->t3, p256_mod, p256_mp_mod);
        ctx->state = 20;
        break;
    case 20:
        sp_256_mont_dbl_8(ctx->t3, ctx->y, p256_mod);
        sp_256_mont_sub_8(ctx->x, ctx->x, ctx->t3, p256_mod);
        ctx->state = 21;
        break;
    case 21:
        /* Y3 = R*(U1*H^2 - X3) - S1*H^3 */
        sp_256_mont_sub_8(ctx->y, ctx->y, ctx->x, p256_mod);
        ctx->state = 22;
        break;
    case 22:
        sp_256_mont_mul_8(ctx->y, ctx->y, ctx->t4, p256_mod, p256_mp_mod);
        ctx->state = 23;
        break;
    case 23:
        sp_256_mont_sub_8(ctx->y, ctx->y, ctx->t5, p256_mod);
        ctx->state = 24;
        break;
    case 24:
    {
        {
            int i;
            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
            sp_digit maskt = ~(maskp | maskq);
            sp_digit inf = (sp_digit)(p->infinity & q->infinity);

            for (i = 0; i < 8; i++) {
                r->x[i] = (p->x[i] & maskp) | (q->x[i] & maskq) |
                          (ctx->x[i] & maskt);
            }
            for (i = 0; i < 8; i++) {
                r->y[i] = (p->y[i] & maskp) | (q->y[i] & maskq) |
                          (ctx->y[i] & maskt);
            }
            for (i = 0; i < 8; i++) {
                r->z[i] = (p->z[i] & maskp) | (q->z[i] & maskq) |
                          (ctx->z[i] & maskt);
            }
            r->z[0] |= inf;
            r->infinity = (word32)inf;
        }
        ctx->state = 25;
        break;
    }
    case 25:
        err = MP_OKAY;
        break;
    }

    if (err == MP_OKAY && ctx->state != 25) {
        err = FP_WOULDBLOCK;
    }
    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */

#ifndef WC_NO_CACHE_RESISTANT
/* Touch each possible point that could be being copied.
 *
 * r      Point to copy into.
 * table  Table - start of the entries to access
 * idx    Index of entry to retrieve.
 */
static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table,
    int idx)
{
    int i;
    sp_digit mask;

    r->x[0] = 0;
    r->x[1] = 0;
    r->x[2] = 0;
    r->x[3] = 0;
    r->x[4] = 0;
    r->x[5] = 0;
    r->x[6] = 0;
    r->x[7] = 0;
    r->y[0] = 0;
    r->y[1] = 0;
    r->y[2] = 0;
    r->y[3] = 0;
    r->y[4] = 0;
    r->y[5] = 0;
    r->y[6] = 0;
    r->y[7] = 0;
    r->z[0] = 0;
    r->z[1] = 0;
    r->z[2] = 0;
    r->z[3] = 0;
    r->z[4] = 0;
    r->z[5] = 0;
    r->z[6] = 0;
    r->z[7] = 0;
    for (i = 1; i < 16; i++) {
        mask = 0 - (i == idx);
        r->x[0] |= mask & table[i].x[0];
        r->x[1] |= mask & table[i].x[1];
        r->x[2] |= mask & table[i].x[2];
        r->x[3] |= mask & table[i].x[3];
        r->x[4] |= mask & table[i].x[4];
        r->x[5] |= mask & table[i].x[5];
        r->x[6] |= mask & table[i].x[6];
        r->x[7] |= mask & table[i].x[7];
        r->y[0] |= mask & table[i].y[0];
        r->y[1] |= mask & table[i].y[1];
        r->y[2] |= mask & table[i].y[2];
        r->y[3] |= mask & table[i].y[3];
        r->y[4] |= mask & table[i].y[4];
        r->y[5] |= mask & table[i].y[5];
        r->y[6] |= mask & table[i].y[6];
        r->y[7] |= mask & table[i].y[7];
        r->z[0] |= mask & table[i].z[0];
        r->z[1] |= mask & table[i].z[1];
        r->z[2] |= mask & table[i].z[2];
        r->z[3] |= mask & table[i].z[3];
        r->z[4] |= mask & table[i].z[4];
        r->z[5] |= mask & table[i].z[5];
        r->z[6] |= mask & table[i].z[6];
        r->z[7] |= mask & table[i].z[7];
    }
}
#endif /* !WC_NO_CACHE_RESISTANT */
/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Fast implementation that generates a pre-computation table.
 * 4 bits of window (no sliding!).
 * Uses add and double for calculating table.
 * 256 doubles.
 * 76 adds.
 *
 * r     Resulting point.
 * g     Point to multiply.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, const sp_digit* k,
        int map, int ct, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_256* t = NULL;
    sp_digit* tmp = NULL;
#else
    sp_point_256 t[16 + 1];
    sp_digit tmp[2 * 8 * 6];
#endif
    sp_point_256* rt = NULL;
#ifndef WC_NO_CACHE_RESISTANT
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_256* p = NULL;
#else
    sp_point_256 p[1];
#endif
#endif /* !WC_NO_CACHE_RESISTANT */
    sp_digit n;
    int i;
    int c;
    int y;
    int err = MP_OKAY;

    /* Constant time used for cache attack resistance implementation. */
    (void)ct;
    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * (16 + 1),
        heap, DYNAMIC_TYPE_ECC);
    if (t == NULL)
        err = MEMORY_E;
    #ifndef WC_NO_CACHE_RESISTANT
    if (err == MP_OKAY) {
        p = (sp_point_256*)XMALLOC(sizeof(sp_point_256),
            heap, DYNAMIC_TYPE_ECC);
        if (p == NULL)
            err = MEMORY_E;
    }
    #endif
    if (err == MP_OKAY) {
        tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 6, heap,
                                DYNAMIC_TYPE_ECC);
        if (tmp == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        rt = t + 16;

        /* t[0] = {0, 0, 1} * norm */
        XMEMSET(&t[0], 0, sizeof(t[0]));
        t[0].infinity = 1;
        /* t[1] = {g->x, g->y, g->z} * norm */
        (void)sp_256_mod_mul_norm_8(t[1].x, g->x, p256_mod);
        (void)sp_256_mod_mul_norm_8(t[1].y, g->y, p256_mod);
        (void)sp_256_mod_mul_norm_8(t[1].z, g->z, p256_mod);
        t[1].infinity = 0;
        sp_256_proj_point_dbl_8(&t[ 2], &t[ 1], tmp);
        t[ 2].infinity = 0;
        sp_256_proj_point_add_8(&t[ 3], &t[ 2], &t[ 1], tmp);
        t[ 3].infinity = 0;
        sp_256_proj_point_dbl_8(&t[ 4], &t[ 2], tmp);
        t[ 4].infinity = 0;
        sp_256_proj_point_add_8(&t[ 5], &t[ 3], &t[ 2], tmp);
        t[ 5].infinity = 0;
        sp_256_proj_point_dbl_8(&t[ 6], &t[ 3], tmp);
        t[ 6].infinity = 0;
        sp_256_proj_point_add_8(&t[ 7], &t[ 4], &t[ 3], tmp);
        t[ 7].infinity = 0;
        sp_256_proj_point_dbl_8(&t[ 8], &t[ 4], tmp);
        t[ 8].infinity = 0;
        sp_256_proj_point_add_8(&t[ 9], &t[ 5], &t[ 4], tmp);
        t[ 9].infinity = 0;
        sp_256_proj_point_dbl_8(&t[10], &t[ 5], tmp);
        t[10].infinity = 0;
        sp_256_proj_point_add_8(&t[11], &t[ 6], &t[ 5], tmp);
        t[11].infinity = 0;
        sp_256_proj_point_dbl_8(&t[12], &t[ 6], tmp);
        t[12].infinity = 0;
        sp_256_proj_point_add_8(&t[13], &t[ 7], &t[ 6], tmp);
        t[13].infinity = 0;
        sp_256_proj_point_dbl_8(&t[14], &t[ 7], tmp);
        t[14].infinity = 0;
        sp_256_proj_point_add_8(&t[15], &t[ 8], &t[ 7], tmp);
        t[15].infinity = 0;

        i = 6;
        n = k[i+1] << 0;
        c = 28;
        y = (int)(n >> 28);
    #ifndef WC_NO_CACHE_RESISTANT
        if (ct) {
            sp_256_get_point_16_8(rt, t, y);
            rt->infinity = !y;
        }
        else
    #endif
        {
            XMEMCPY(rt, &t[y], sizeof(sp_point_256));
        }
        n <<= 4;
        for (; i>=0 || c>=4; ) {
            if (c < 4) {
                n |= k[i--];
                c += 32;
            }
            y = (n >> 28) & 0xf;
            n <<= 4;
            c -= 4;

            sp_256_proj_point_dbl_8(rt, rt, tmp);
            sp_256_proj_point_dbl_8(rt, rt, tmp);
            sp_256_proj_point_dbl_8(rt, rt, tmp);
            sp_256_proj_point_dbl_8(rt, rt, tmp);

    #ifndef WC_NO_CACHE_RESISTANT
            if (ct) {
                sp_256_get_point_16_8(p, t, y);
                p->infinity = !y;
                sp_256_proj_point_add_8(rt, rt, p, tmp);
            }
            else
    #endif
            {
                sp_256_proj_point_add_8(rt, rt, &t[y], tmp);
            }
        }

        if (map != 0) {
            sp_256_map_8(r, rt, tmp);
        }
        else {
            XMEMCPY(r, rt, sizeof(sp_point_256));
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (tmp != NULL)
#endif
    {
        ForceZero(tmp, sizeof(sp_digit) * 2 * 8 * 6);
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
    #endif
    }
#ifndef WC_NO_CACHE_RESISTANT
    #ifdef WOLFSSL_SP_SMALL_STACK
    if (p != NULL)
    #endif
        {
            ForceZero(p, sizeof(sp_point_256));
        #ifdef WOLFSSL_SP_SMALL_STACK
            XFREE(p, heap, DYNAMIC_TYPE_ECC);
        #endif
        }
#endif /* !WC_NO_CACHE_RESISTANT */
#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
#endif
    {
        ForceZero(t, sizeof(sp_point_256) * 17);
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
    #endif
    }

    return err;
}

#ifdef FP_ECC
/* Double the Montgomery form projective point p a number of times.
 *
 * r  Result of repeated doubling of point.
 * p  Point to double.
 * n  Number of times to double
 * t  Temporary ordinate data.
 */
static void sp_256_proj_point_dbl_n_8(sp_point_256* p, int i,
    sp_digit* t)
{
    sp_digit* w = t;
    sp_digit* a = t + 2*8;
    sp_digit* b = t + 4*8;
    sp_digit* t1 = t + 6*8;
    sp_digit* t2 = t + 8*8;
    sp_digit* x;
    sp_digit* y;
    sp_digit* z;
    volatile int n = i;

    x = p->x;
    y = p->y;
    z = p->z;

    /* Y = 2*Y */
    sp_256_mont_dbl_8(y, y, p256_mod);
    /* W = Z^4 */
    sp_256_mont_sqr_8(w, z, p256_mod, p256_mp_mod);
    sp_256_mont_sqr_8(w, w, p256_mod, p256_mp_mod);
#ifndef WOLFSSL_SP_SMALL
    while (--n > 0)
#else
    while (--n >= 0)
#endif
    {
        /* A = 3*(X^2 - W) */
        sp_256_mont_sqr_8(t1, x, p256_mod, p256_mp_mod);
        sp_256_mont_sub_8(t1, t1, w, p256_mod);
        sp_256_mont_tpl_8(a, t1, p256_mod);
        /* B = X*Y^2 */
        sp_256_mont_sqr_8(t1, y, p256_mod, p256_mp_mod);
        sp_256_mont_mul_8(b, t1, x, p256_mod, p256_mp_mod);
        /* X = A^2 - 2B */
        sp_256_mont_sqr_8(x, a, p256_mod, p256_mp_mod);
        sp_256_mont_dbl_8(t2, b, p256_mod);
        sp_256_mont_sub_8(x, x, t2, p256_mod);
        /* B = 2.(B - X) */
        sp_256_mont_sub_8(t2, b, x, p256_mod);
        sp_256_mont_dbl_8(b, t2, p256_mod);
        /* Z = Z*Y */
        sp_256_mont_mul_8(z, z, y, p256_mod, p256_mp_mod);
        /* t1 = Y^4 */
        sp_256_mont_sqr_8(t1, t1, p256_mod, p256_mp_mod);
#ifdef WOLFSSL_SP_SMALL
        if (n != 0)
#endif
        {
            /* W = W*Y^4 */
            sp_256_mont_mul_8(w, w, t1, p256_mod, p256_mp_mod);
        }
        /* y = 2*A*(B - X) - Y^4 */
        sp_256_mont_mul_8(y, b, a, p256_mod, p256_mp_mod);
        sp_256_mont_sub_8(y, y, t1, p256_mod);
    }
#ifndef WOLFSSL_SP_SMALL
    /* A = 3*(X^2 - W) */
    sp_256_mont_sqr_8(t1, x, p256_mod, p256_mp_mod);
    sp_256_mont_sub_8(t1, t1, w, p256_mod);
    sp_256_mont_tpl_8(a, t1, p256_mod);
    /* B = X*Y^2 */
    sp_256_mont_sqr_8(t1, y, p256_mod, p256_mp_mod);
    sp_256_mont_mul_8(b, t1, x, p256_mod, p256_mp_mod);
    /* X = A^2 - 2B */
    sp_256_mont_sqr_8(x, a, p256_mod, p256_mp_mod);
    sp_256_mont_dbl_8(t2, b, p256_mod);
    sp_256_mont_sub_8(x, x, t2, p256_mod);
    /* B = 2.(B - X) */
    sp_256_mont_sub_8(t2, b, x, p256_mod);
    sp_256_mont_dbl_8(b, t2, p256_mod);
    /* Z = Z*Y */
    sp_256_mont_mul_8(z, z, y, p256_mod, p256_mp_mod);
    /* t1 = Y^4 */
    sp_256_mont_sqr_8(t1, t1, p256_mod, p256_mp_mod);
    /* y = 2*A*(B - X) - Y^4 */
    sp_256_mont_mul_8(y, b, a, p256_mod, p256_mp_mod);
    sp_256_mont_sub_8(y, y, t1, p256_mod);
#endif /* WOLFSSL_SP_SMALL */
    /* Y = Y/2 */
    sp_256_mont_div2_8(y, y, p256_mod);
}

/* Convert the projective point to affine.
 * Ordinates are in Montgomery form.
 *
 * a  Point to convert.
 * t  Temporary data.
 */
static void sp_256_proj_to_affine_8(sp_point_256* a, sp_digit* t)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t + 2 * 8;
    sp_digit* tmp = t + 4 * 8;

    sp_256_mont_inv_8(t1, a->z, tmp);

    sp_256_mont_sqr_8(t2, t1, p256_mod, p256_mp_mod);
    sp_256_mont_mul_8(t1, t2, t1, p256_mod, p256_mp_mod);

    sp_256_mont_mul_8(a->x, a->x, t2, p256_mod, p256_mp_mod);
    sp_256_mont_mul_8(a->y, a->y, t1, p256_mod, p256_mp_mod);
    XMEMCPY(a->z, p256_norm_mod, sizeof(p256_norm_mod));
}

#endif /* FP_ECC */
/* A table entry for pre-computed points. */
typedef struct sp_table_entry_256 {
    sp_digit x[8];
    sp_digit y[8];
} sp_table_entry_256;

#ifdef FP_ECC
#endif /* FP_ECC */
/* Add two Montgomery form projective points. The second point has a q value of
 * one.
 * Only the first point can be the same pointer as the result point.
 *
 * r  Result of addition.
 * p  First point to add.
 * q  Second point to add.
 * t  Temporary ordinate data.
 */
static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
    const sp_point_256* p, const sp_point_256* q, sp_digit* t)
{
    sp_digit* t2 = t;
    sp_digit* t3 = t + 2*8;
    sp_digit* t6 = t + 4*8;
    sp_digit* t1 = t + 6*8;
    sp_digit* t4 = t + 8*8;
    sp_digit* t5 = t + 10*8;

    /* Calculate values to subtract from P->x and P->y. */
    /* U2 = X2*Z1^2 */
    sp_256_mont_sqr_8(t2, p->z, p256_mod, p256_mp_mod);
    sp_256_mont_mul_8(t4, t2, p->z, p256_mod, p256_mp_mod);
    sp_256_mont_mul_8(t2, t2, q->x, p256_mod, p256_mp_mod);
    /* S2 = Y2*Z1^3 */
    sp_256_mont_mul_8(t4, t4, q->y, p256_mod, p256_mp_mod);

    if ((~p->infinity) & (~q->infinity) &
            sp_256_cmp_equal_8(p->x, t2) &
            sp_256_cmp_equal_8(p->y, t4)) {
        sp_256_proj_point_dbl_8(r, p, t);
    }
    else {
        sp_digit* x = t2;
        sp_digit* y = t3;
        sp_digit* z = t6;

        /* H = U2 - X1 */
        sp_256_mont_sub_8(t2, t2, p->x, p256_mod);
        /* R = S2 - Y1 */
        sp_256_mont_sub_8(t4, t4, p->y, p256_mod);
        /* Z3 = H*Z1 */
        sp_256_mont_mul_8(z, p->z, t2, p256_mod, p256_mp_mod);
        /* X3 = R^2 - H^3 - 2*X1*H^2 */
        sp_256_mont_sqr_8(t1, t2, p256_mod, p256_mp_mod);
        sp_256_mont_mul_8(t3, p->x, t1, p256_mod, p256_mp_mod);
        sp_256_mont_mul_8(t1, t1, t2, p256_mod, p256_mp_mod);
        sp_256_mont_sqr_8(t2, t4, p256_mod, p256_mp_mod);
        sp_256_mont_sub_8(t2, t2, t1, p256_mod);
        sp_256_mont_dbl_8(t5, t3, p256_mod);
        sp_256_mont_sub_8(x, t2, t5, p256_mod);
        /* Y3 = R*(X1*H^2 - X3) - Y1*H^3 */
        sp_256_mont_sub_8(t3, t3, x, p256_mod);
        sp_256_mont_mul_8(t3, t3, t4, p256_mod, p256_mp_mod);
        sp_256_mont_mul_8(t1, t1, p->y, p256_mod, p256_mp_mod);
        sp_256_mont_sub_8(y, t3, t1, p256_mod);
        {
            int i;
            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
            sp_digit maskt = ~(maskp | maskq);
            sp_digit inf = (sp_digit)(p->infinity & q->infinity);

            for (i = 0; i < 8; i++) {
                r->x[i] = (p->x[i] & maskp) | (q->x[i] & maskq) |
                          (x[i] & maskt);
            }
            for (i = 0; i < 8; i++) {
                r->y[i] = (p->y[i] & maskp) | (q->y[i] & maskq) |
                          (y[i] & maskt);
            }
            for (i = 0; i < 8; i++) {
                r->z[i] = (p->z[i] & maskp) | (q->z[i] & maskq) |
                          (z[i] & maskt);
            }
            r->z[0] |= inf;
            r->infinity = (word32)inf;
        }
    }
}

#ifdef WOLFSSL_SP_SMALL
#ifdef FP_ECC
/* Generate the pre-computed table of points for the base point.
 *
 * width = 4
 * 16 entries
 * 64 bits between
 *
 * a      The base point.
 * table  Place to store generated point data.
 * tmp    Temporary data.
 * heap  Heap to use for allocation.
 */
static int sp_256_gen_stripe_table_8(const sp_point_256* a,
        sp_table_entry_256* table, sp_digit* tmp, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_256* t = NULL;
#else
    sp_point_256 t[3];
#endif
    sp_point_256* s1 = NULL;
    sp_point_256* s2 = NULL;
    int i;
    int j;
    int err = MP_OKAY;

    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap,
                                     DYNAMIC_TYPE_ECC);
    if (t == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {
        s1 = t + 1;
        s2 = t + 2;

        err = sp_256_mod_mul_norm_8(t->x, a->x, p256_mod);
    }
    if (err == MP_OKAY) {
        err = sp_256_mod_mul_norm_8(t->y, a->y, p256_mod);
    }
    if (err == MP_OKAY) {
        err = sp_256_mod_mul_norm_8(t->z, a->z, p256_mod);
    }
    if (err == MP_OKAY) {
        t->infinity = 0;
        sp_256_proj_to_affine_8(t, tmp);

        XMEMCPY(s1->z, p256_norm_mod, sizeof(p256_norm_mod));
        s1->infinity = 0;
        XMEMCPY(s2->z, p256_norm_mod, sizeof(p256_norm_mod));
        s2->infinity = 0;

        /* table[0] = {0, 0, infinity} */
        XMEMSET(&table[0], 0, sizeof(sp_table_entry_256));
        /* table[1] = Affine version of 'a' in Montgomery form */
        XMEMCPY(table[1].x, t->x, sizeof(table->x));
        XMEMCPY(table[1].y, t->y, sizeof(table->y));

        for (i=1; i<4; i++) {
            sp_256_proj_point_dbl_n_8(t, 64, tmp);
            sp_256_proj_to_affine_8(t, tmp);
            XMEMCPY(table[1<<i].x, t->x, sizeof(table->x));
            XMEMCPY(table[1<<i].y, t->y, sizeof(table->y));
        }

        for (i=1; i<4; i++) {
            XMEMCPY(s1->x, table[1<<i].x, sizeof(table->x));
            XMEMCPY(s1->y, table[1<<i].y, sizeof(table->y));
            for (j=(1<<i)+1; j<(1<<(i+1)); j++) {
                XMEMCPY(s2->x, table[j-(1<<i)].x, sizeof(table->x));
                XMEMCPY(s2->y, table[j-(1<<i)].y, sizeof(table->y));
                sp_256_proj_point_add_qz1_8(t, s1, s2, tmp);
                sp_256_proj_to_affine_8(t, tmp);
                XMEMCPY(table[j].x, t->x, sizeof(table->x));
                XMEMCPY(table[j].y, t->y, sizeof(table->y));
            }
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#endif /* FP_ECC */
#ifndef WC_NO_CACHE_RESISTANT
/* Touch each possible entry that could be being copied.
 *
 * r      Point to copy into.
 * table  Table - start of the entries to access
 * idx    Index of entry to retrieve.
 */
static void sp_256_get_entry_16_8(sp_point_256* r,
    const sp_table_entry_256* table, int idx)
{
    int i;
    sp_digit mask;

    r->x[0] = 0;
    r->x[1] = 0;
    r->x[2] = 0;
    r->x[3] = 0;
    r->x[4] = 0;
    r->x[5] = 0;
    r->x[6] = 0;
    r->x[7] = 0;
    r->y[0] = 0;
    r->y[1] = 0;
    r->y[2] = 0;
    r->y[3] = 0;
    r->y[4] = 0;
    r->y[5] = 0;
    r->y[6] = 0;
    r->y[7] = 0;
    for (i = 1; i < 16; i++) {
        mask = 0 - (i == idx);
        r->x[0] |= mask & table[i].x[0];
        r->x[1] |= mask & table[i].x[1];
        r->x[2] |= mask & table[i].x[2];
        r->x[3] |= mask & table[i].x[3];
        r->x[4] |= mask & table[i].x[4];
        r->x[5] |= mask & table[i].x[5];
        r->x[6] |= mask & table[i].x[6];
        r->x[7] |= mask & table[i].x[7];
        r->y[0] |= mask & table[i].y[0];
        r->y[1] |= mask & table[i].y[1];
        r->y[2] |= mask & table[i].y[2];
        r->y[3] |= mask & table[i].y[3];
        r->y[4] |= mask & table[i].y[4];
        r->y[5] |= mask & table[i].y[5];
        r->y[6] |= mask & table[i].y[6];
        r->y[7] |= mask & table[i].y[7];
    }
}
#endif /* !WC_NO_CACHE_RESISTANT */
/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Stripe implementation.
 * Pre-generated: 2^0, 2^64, ...
 * Pre-generated: products of all combinations of above.
 * 4 doubles and adds (with qz=1)
 *
 * r      Resulting point.
 * k      Scalar to multiply by.
 * table  Pre-computed table.
 * map    Indicates whether to convert result to affine.
 * ct     Constant time required.
 * heap   Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
        const sp_table_entry_256* table, const sp_digit* k, int map,
        int ct, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_256* rt = NULL;
    sp_digit* t = NULL;
#else
    sp_point_256 rt[2];
    sp_digit t[2 * 8 * 6];
#endif
    sp_point_256* p = NULL;
    int i;
    int j;
    int y;
    int x;
    int err = MP_OKAY;

    (void)g;
    /* Constant time used for cache attack resistance implementation. */
    (void)ct;
    (void)heap;


#ifdef WOLFSSL_SP_SMALL_STACK
    rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
                                      DYNAMIC_TYPE_ECC);
    if (rt == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 6, heap,
                               DYNAMIC_TYPE_ECC);
        if (t == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        p = rt + 1;

        XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
        XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));

        y = 0;
        x = 63;
        for (j=0; j<4; j++) {
            y |= (int)(((k[x / 32] >> (x % 32)) & 1) << j);
            x += 64;
        }
    #ifndef WC_NO_CACHE_RESISTANT
        if (ct) {
            sp_256_get_entry_16_8(rt, table, y);
        } else
    #endif
        {
            XMEMCPY(rt->x, table[y].x, sizeof(table[y].x));
            XMEMCPY(rt->y, table[y].y, sizeof(table[y].y));
        }
        rt->infinity = !y;
        for (i=62; i>=0; i--) {
            y = 0;
            x = i;
            for (j=0; j<4; j++) {
                y |= (int)(((k[x / 32] >> (x % 32)) & 1) << j);
                x += 64;
            }

            sp_256_proj_point_dbl_8(rt, rt, t);
        #ifndef WC_NO_CACHE_RESISTANT
            if (ct) {
                sp_256_get_entry_16_8(p, table, y);
            }
            else
        #endif
            {
                XMEMCPY(p->x, table[y].x, sizeof(table[y].x));
                XMEMCPY(p->y, table[y].y, sizeof(table[y].y));
            }
            p->infinity = !y;
            sp_256_proj_point_add_qz1_8(rt, rt, p, t);
        }

        if (map != 0) {
            sp_256_map_8(r, rt, t);
        }
        else {
            XMEMCPY(r, rt, sizeof(sp_point_256));
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
    if (rt != NULL)
        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef FP_ECC
#ifndef FP_ENTRIES
    #define FP_ENTRIES 16
#endif

/* Cache entry - holds precomputation tables for a point. */
typedef struct sp_cache_256_t {
    /* X ordinate of point that table was generated from. */
    sp_digit x[8];
    /* Y ordinate of point that table was generated from. */
    sp_digit y[8];
    /* Precomputation table for point. */
    sp_table_entry_256 table[16];
    /* Count of entries in table. */
    uint32_t cnt;
    /* Point and table set in entry. */
    int set;
} sp_cache_256_t;

/* Cache of tables. */
static THREAD_LS_T sp_cache_256_t sp_cache_256[FP_ENTRIES];
/* Index of last entry in cache. */
static THREAD_LS_T int sp_cache_256_last = -1;
/* Cache has been initialized. */
static THREAD_LS_T int sp_cache_256_inited = 0;

#ifndef HAVE_THREAD_LS
    static volatile int initCacheMutex_256 = 0;
    static wolfSSL_Mutex sp_cache_256_lock;
#endif

/* Get the cache entry for the point.
 *
 * g      [in]   Point scalar multiplying.
 * cache  [out]  Cache table to use.
 */
static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
{
    int i;
    int j;
    uint32_t least;

    if (sp_cache_256_inited == 0) {
        for (i=0; i<FP_ENTRIES; i++) {
            sp_cache_256[i].set = 0;
        }
        sp_cache_256_inited = 1;
    }

    /* Compare point with those in cache. */
    for (i=0; i<FP_ENTRIES; i++) {
        if (!sp_cache_256[i].set)
            continue;

        if (sp_256_cmp_equal_8(g->x, sp_cache_256[i].x) &
                           sp_256_cmp_equal_8(g->y, sp_cache_256[i].y)) {
            sp_cache_256[i].cnt++;
            break;
        }
    }

    /* No match. */
    if (i == FP_ENTRIES) {
        /* Find empty entry. */
        i = (sp_cache_256_last + 1) % FP_ENTRIES;
        for (; i != sp_cache_256_last; i=(i+1)%FP_ENTRIES) {
            if (!sp_cache_256[i].set) {
                break;
            }
        }

        /* Evict least used. */
        if (i == sp_cache_256_last) {
            least = sp_cache_256[0].cnt;
            for (j=1; j<FP_ENTRIES; j++) {
                if (sp_cache_256[j].cnt < least) {
                    i = j;
                    least = sp_cache_256[i].cnt;
                }
            }
        }

        XMEMCPY(sp_cache_256[i].x, g->x, sizeof(sp_cache_256[i].x));
        XMEMCPY(sp_cache_256[i].y, g->y, sizeof(sp_cache_256[i].y));
        sp_cache_256[i].set = 1;
        sp_cache_256[i].cnt = 1;
    }

    *cache = &sp_cache_256[i];
    sp_cache_256_last = i;
}
#endif /* FP_ECC */

/* Multiply the base point of P256 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * r     Resulting point.
 * g     Point to multiply.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
        const sp_digit* k, int map, int ct, void* heap)
{
#ifndef FP_ECC
    return sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap);
#else
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp;
#else
    sp_digit tmp[2 * 8 * 6];
#endif
    sp_cache_256_t* cache;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 6, heap, DYNAMIC_TYPE_ECC);
    if (tmp == NULL) {
        err = MEMORY_E;
    }
#endif
#ifndef HAVE_THREAD_LS
    if (err == MP_OKAY) {
        if (initCacheMutex_256 == 0) {
            wc_InitMutex(&sp_cache_256_lock);
            initCacheMutex_256 = 1;
        }
        if (wc_LockMutex(&sp_cache_256_lock) != 0) {
            err = BAD_MUTEX_E;
        }
    }
#endif /* HAVE_THREAD_LS */

    if (err == MP_OKAY) {
        sp_ecc_get_cache_256(g, &cache);
        if (cache->cnt == 2)
            sp_256_gen_stripe_table_8(g, cache->table, tmp, heap);

#ifndef HAVE_THREAD_LS
        wc_UnLockMutex(&sp_cache_256_lock);
#endif /* HAVE_THREAD_LS */

        if (cache->cnt < 2) {
            err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap);
        }
        else {
            err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k,
                    map, ct, heap);
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
    return err;
#endif
}

#else
#ifdef FP_ECC
/* Generate the pre-computed table of points for the base point.
 *
 * width = 8
 * 256 entries
 * 32 bits between
 *
 * a      The base point.
 * table  Place to store generated point data.
 * tmp    Temporary data.
 * heap  Heap to use for allocation.
 */
static int sp_256_gen_stripe_table_8(const sp_point_256* a,
        sp_table_entry_256* table, sp_digit* tmp, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_256* t = NULL;
#else
    sp_point_256 t[3];
#endif
    sp_point_256* s1 = NULL;
    sp_point_256* s2 = NULL;
    int i;
    int j;
    int err = MP_OKAY;

    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap,
                                     DYNAMIC_TYPE_ECC);
    if (t == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {
        s1 = t + 1;
        s2 = t + 2;

        err = sp_256_mod_mul_norm_8(t->x, a->x, p256_mod);
    }
    if (err == MP_OKAY) {
        err = sp_256_mod_mul_norm_8(t->y, a->y, p256_mod);
    }
    if (err == MP_OKAY) {
        err = sp_256_mod_mul_norm_8(t->z, a->z, p256_mod);
    }
    if (err == MP_OKAY) {
        t->infinity = 0;
        sp_256_proj_to_affine_8(t, tmp);

        XMEMCPY(s1->z, p256_norm_mod, sizeof(p256_norm_mod));
        s1->infinity = 0;
        XMEMCPY(s2->z, p256_norm_mod, sizeof(p256_norm_mod));
        s2->infinity = 0;

        /* table[0] = {0, 0, infinity} */
        XMEMSET(&table[0], 0, sizeof(sp_table_entry_256));
        /* table[1] = Affine version of 'a' in Montgomery form */
        XMEMCPY(table[1].x, t->x, sizeof(table->x));
        XMEMCPY(table[1].y, t->y, sizeof(table->y));

        for (i=1; i<8; i++) {
            sp_256_proj_point_dbl_n_8(t, 32, tmp);
            sp_256_proj_to_affine_8(t, tmp);
            XMEMCPY(table[1<<i].x, t->x, sizeof(table->x));
            XMEMCPY(table[1<<i].y, t->y, sizeof(table->y));
        }

        for (i=1; i<8; i++) {
            XMEMCPY(s1->x, table[1<<i].x, sizeof(table->x));
            XMEMCPY(s1->y, table[1<<i].y, sizeof(table->y));
            for (j=(1<<i)+1; j<(1<<(i+1)); j++) {
                XMEMCPY(s2->x, table[j-(1<<i)].x, sizeof(table->x));
                XMEMCPY(s2->y, table[j-(1<<i)].y, sizeof(table->y));
                sp_256_proj_point_add_qz1_8(t, s1, s2, tmp);
                sp_256_proj_to_affine_8(t, tmp);
                XMEMCPY(table[j].x, t->x, sizeof(table->x));
                XMEMCPY(table[j].y, t->y, sizeof(table->y));
            }
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#endif /* FP_ECC */
#ifndef WC_NO_CACHE_RESISTANT
/* Touch each possible entry that could be being copied.
 *
 * r      Point to copy into.
 * table  Table - start of the entries to access
 * idx    Index of entry to retrieve.
 */
static void sp_256_get_entry_256_8(sp_point_256* r,
    const sp_table_entry_256* table, int idx)
{
    int i;
    sp_digit mask;

    r->x[0] = 0;
    r->x[1] = 0;
    r->x[2] = 0;
    r->x[3] = 0;
    r->x[4] = 0;
    r->x[5] = 0;
    r->x[6] = 0;
    r->x[7] = 0;
    r->y[0] = 0;
    r->y[1] = 0;
    r->y[2] = 0;
    r->y[3] = 0;
    r->y[4] = 0;
    r->y[5] = 0;
    r->y[6] = 0;
    r->y[7] = 0;
    for (i = 1; i < 256; i++) {
        mask = 0 - (i == idx);
        r->x[0] |= mask & table[i].x[0];
        r->x[1] |= mask & table[i].x[1];
        r->x[2] |= mask & table[i].x[2];
        r->x[3] |= mask & table[i].x[3];
        r->x[4] |= mask & table[i].x[4];
        r->x[5] |= mask & table[i].x[5];
        r->x[6] |= mask & table[i].x[6];
        r->x[7] |= mask & table[i].x[7];
        r->y[0] |= mask & table[i].y[0];
        r->y[1] |= mask & table[i].y[1];
        r->y[2] |= mask & table[i].y[2];
        r->y[3] |= mask & table[i].y[3];
        r->y[4] |= mask & table[i].y[4];
        r->y[5] |= mask & table[i].y[5];
        r->y[6] |= mask & table[i].y[6];
        r->y[7] |= mask & table[i].y[7];
    }
}
#endif /* !WC_NO_CACHE_RESISTANT */
/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Stripe implementation.
 * Pre-generated: 2^0, 2^32, ...
 * Pre-generated: products of all combinations of above.
 * 8 doubles and adds (with qz=1)
 *
 * r      Resulting point.
 * k      Scalar to multiply by.
 * table  Pre-computed table.
 * map    Indicates whether to convert result to affine.
 * ct     Constant time required.
 * heap   Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
        const sp_table_entry_256* table, const sp_digit* k, int map,
        int ct, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_256* rt = NULL;
    sp_digit* t = NULL;
#else
    sp_point_256 rt[2];
    sp_digit t[2 * 8 * 6];
#endif
    sp_point_256* p = NULL;
    int i;
    int j;
    int y;
    int x;
    int err = MP_OKAY;

    (void)g;
    /* Constant time used for cache attack resistance implementation. */
    (void)ct;
    (void)heap;


#ifdef WOLFSSL_SP_SMALL_STACK
    rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
                                      DYNAMIC_TYPE_ECC);
    if (rt == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 6, heap,
                               DYNAMIC_TYPE_ECC);
        if (t == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        p = rt + 1;

        XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
        XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));

        y = 0;
        x = 31;
        for (j=0; j<8; j++) {
            y |= (int)(((k[x / 32] >> (x % 32)) & 1) << j);
            x += 32;
        }
    #ifndef WC_NO_CACHE_RESISTANT
        if (ct) {
            sp_256_get_entry_256_8(rt, table, y);
        } else
    #endif
        {
            XMEMCPY(rt->x, table[y].x, sizeof(table[y].x));
            XMEMCPY(rt->y, table[y].y, sizeof(table[y].y));
        }
        rt->infinity = !y;
        for (i=30; i>=0; i--) {
            y = 0;
            x = i;
            for (j=0; j<8; j++) {
                y |= (int)(((k[x / 32] >> (x % 32)) & 1) << j);
                x += 32;
            }

            sp_256_proj_point_dbl_8(rt, rt, t);
        #ifndef WC_NO_CACHE_RESISTANT
            if (ct) {
                sp_256_get_entry_256_8(p, table, y);
            }
            else
        #endif
            {
                XMEMCPY(p->x, table[y].x, sizeof(table[y].x));
                XMEMCPY(p->y, table[y].y, sizeof(table[y].y));
            }
            p->infinity = !y;
            sp_256_proj_point_add_qz1_8(rt, rt, p, t);
        }

        if (map != 0) {
            sp_256_map_8(r, rt, t);
        }
        else {
            XMEMCPY(r, rt, sizeof(sp_point_256));
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
    if (rt != NULL)
        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef FP_ECC
#ifndef FP_ENTRIES
    #define FP_ENTRIES 16
#endif

/* Cache entry - holds precomputation tables for a point. */
typedef struct sp_cache_256_t {
    /* X ordinate of point that table was generated from. */
    sp_digit x[8];
    /* Y ordinate of point that table was generated from. */
    sp_digit y[8];
    /* Precomputation table for point. */
    sp_table_entry_256 table[256];
    /* Count of entries in table. */
    uint32_t cnt;
    /* Point and table set in entry. */
    int set;
} sp_cache_256_t;

/* Cache of tables. */
static THREAD_LS_T sp_cache_256_t sp_cache_256[FP_ENTRIES];
/* Index of last entry in cache. */
static THREAD_LS_T int sp_cache_256_last = -1;
/* Cache has been initialized. */
static THREAD_LS_T int sp_cache_256_inited = 0;

#ifndef HAVE_THREAD_LS
    static volatile int initCacheMutex_256 = 0;
    static wolfSSL_Mutex sp_cache_256_lock;
#endif

/* Get the cache entry for the point.
 *
 * g      [in]   Point scalar multiplying.
 * cache  [out]  Cache table to use.
 */
static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
{
    int i;
    int j;
    uint32_t least;

    if (sp_cache_256_inited == 0) {
        for (i=0; i<FP_ENTRIES; i++) {
            sp_cache_256[i].set = 0;
        }
        sp_cache_256_inited = 1;
    }

    /* Compare point with those in cache. */
    for (i=0; i<FP_ENTRIES; i++) {
        if (!sp_cache_256[i].set)
            continue;

        if (sp_256_cmp_equal_8(g->x, sp_cache_256[i].x) &
                           sp_256_cmp_equal_8(g->y, sp_cache_256[i].y)) {
            sp_cache_256[i].cnt++;
            break;
        }
    }

    /* No match. */
    if (i == FP_ENTRIES) {
        /* Find empty entry. */
        i = (sp_cache_256_last + 1) % FP_ENTRIES;
        for (; i != sp_cache_256_last; i=(i+1)%FP_ENTRIES) {
            if (!sp_cache_256[i].set) {
                break;
            }
        }

        /* Evict least used. */
        if (i == sp_cache_256_last) {
            least = sp_cache_256[0].cnt;
            for (j=1; j<FP_ENTRIES; j++) {
                if (sp_cache_256[j].cnt < least) {
                    i = j;
                    least = sp_cache_256[i].cnt;
                }
            }
        }

        XMEMCPY(sp_cache_256[i].x, g->x, sizeof(sp_cache_256[i].x));
        XMEMCPY(sp_cache_256[i].y, g->y, sizeof(sp_cache_256[i].y));
        sp_cache_256[i].set = 1;
        sp_cache_256[i].cnt = 1;
    }

    *cache = &sp_cache_256[i];
    sp_cache_256_last = i;
}
#endif /* FP_ECC */

/* Multiply the base point of P256 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * r     Resulting point.
 * g     Point to multiply.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
        const sp_digit* k, int map, int ct, void* heap)
{
#ifndef FP_ECC
    return sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap);
#else
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp;
#else
    sp_digit tmp[2 * 8 * 6];
#endif
    sp_cache_256_t* cache;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 6, heap, DYNAMIC_TYPE_ECC);
    if (tmp == NULL) {
        err = MEMORY_E;
    }
#endif
#ifndef HAVE_THREAD_LS
    if (err == MP_OKAY) {
        if (initCacheMutex_256 == 0) {
            wc_InitMutex(&sp_cache_256_lock);
            initCacheMutex_256 = 1;
        }
        if (wc_LockMutex(&sp_cache_256_lock) != 0) {
            err = BAD_MUTEX_E;
        }
    }
#endif /* HAVE_THREAD_LS */

    if (err == MP_OKAY) {
        sp_ecc_get_cache_256(g, &cache);
        if (cache->cnt == 2)
            sp_256_gen_stripe_table_8(g, cache->table, tmp, heap);

#ifndef HAVE_THREAD_LS
        wc_UnLockMutex(&sp_cache_256_lock);
#endif /* HAVE_THREAD_LS */

        if (cache->cnt < 2) {
            err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap);
        }
        else {
            err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k,
                    map, ct, heap);
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
    return err;
#endif
}

#endif /* WOLFSSL_SP_SMALL */
/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * km    Scalar to multiply by.
 * p     Point to multiply.
 * r     Resulting point.
 * map   Indicates whether to convert result to affine.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
        int map, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_256* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_256 point[1];
    sp_digit k[8];
#endif
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
                                         DYNAMIC_TYPE_ECC);
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
                               DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        sp_256_from_mp(k, 8, km);
        sp_256_point_from_ecc_point_8(point, gm);

            err = sp_256_ecc_mulmod_8(point, point, k, map, 1, heap);
    }
    if (err == MP_OKAY) {
        err = sp_256_point_to_ecc_point_8(point, r);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Multiply the point by the scalar, add point a and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * km      Scalar to multiply by.
 * p       Point to multiply.
 * am      Point to add to scalar multiply result.
 * inMont  Point to add is in montgomery form.
 * r       Resulting point.
 * map     Indicates whether to convert result to affine.
 * heap    Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
    const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_256* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_256 point[2];
    sp_digit k[8 + 8 * 2 * 6];
#endif
    sp_point_256* addP = NULL;
    sp_digit* tmp = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
                                         DYNAMIC_TYPE_ECC);
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(
            sizeof(sp_digit) * (8 + 8 * 2 * 6), heap,
            DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        addP = point + 1;
        tmp = k + 8;

        sp_256_from_mp(k, 8, km);
        sp_256_point_from_ecc_point_8(point, gm);
        sp_256_point_from_ecc_point_8(addP, am);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_256_mod_mul_norm_8(addP->x, addP->x, p256_mod);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_256_mod_mul_norm_8(addP->y, addP->y, p256_mod);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_256_mod_mul_norm_8(addP->z, addP->z, p256_mod);
    }
    if (err == MP_OKAY) {
            err = sp_256_ecc_mulmod_8(point, point, k, 0, 0, heap);
    }
    if (err == MP_OKAY) {
            sp_256_proj_point_add_8(point, point, addP, tmp);

        if (map) {
                sp_256_map_8(point, point, tmp);
        }

        err = sp_256_point_to_ecc_point_8(point, r);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef WOLFSSL_SP_SMALL
/* Striping precomputation table.
 * 4 points combined into a table of 16 points.
 * Distance of 64 between points.
 */
static const sp_table_entry_256 p256_table[16] = {
    /* 0 */
    { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
      { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
    /* 1 */
    { { 0x18a9143c,0x79e730d4,0x5fedb601,0x75ba95fc,0x77622510,0x79fb732b,
        0xa53755c6,0x18905f76 },
      { 0xce95560a,0xddf25357,0xba19e45c,0x8b4ab8e4,0xdd21f325,0xd2e88688,
        0x25885d85,0x8571ff18 } },
    /* 2 */
    { { 0x16a0d2bb,0x4f922fc5,0x1a623499,0x0d5cc16c,0x57c62c8b,0x9241cf3a,
        0xfd1b667f,0x2f5e6961 },
      { 0xf5a01797,0x5c15c70b,0x60956192,0x3d20b44d,0x071fdb52,0x04911b37,
        0x8d6f0f7b,0xf648f916 } },
    /* 3 */
    { { 0xe137bbbc,0x9e566847,0x8a6a0bec,0xe434469e,0x79d73463,0xb1c42761,
        0x133d0015,0x5abe0285 },
      { 0xc04c7dab,0x92aa837c,0x43260c07,0x573d9f4c,0x78e6cc37,0x0c931562,
        0x6b6f7383,0x94bb725b } },
    /* 4 */
    { { 0xbfe20925,0x62a8c244,0x8fdce867,0x91c19ac3,0xdd387063,0x5a96a5d5,
        0x21d324f6,0x61d587d4 },
      { 0xa37173ea,0xe87673a2,0x53778b65,0x23848008,0x05bab43e,0x10f8441e,
        0x4621efbe,0xfa11fe12 } },
    /* 5 */
    { { 0x2cb19ffd,0x1c891f2b,0xb1923c23,0x01ba8d5b,0x8ac5ca8e,0xb6d03d67,
        0x1f13bedc,0x586eb04c },
      { 0x27e8ed09,0x0c35c6e5,0x1819ede2,0x1e81a33c,0x56c652fa,0x278fd6c0,
        0x70864f11,0x19d5ac08 } },
    /* 6 */
    { { 0xd2b533d5,0x62577734,0xa1bdddc0,0x673b8af6,0xa79ec293,0x577e7c9a,
        0xc3b266b1,0xbb6de651 },
      { 0xb65259b3,0xe7e9303a,0xd03a7480,0xd6a0afd3,0x9b3cfc27,0xc5ac83d1,
        0x5d18b99b,0x60b4619a } },
    /* 7 */
    { { 0x1ae5aa1c,0xbd6a38e1,0x49e73658,0xb8b7652b,0xee5f87ed,0x0b130014,
        0xaeebffcd,0x9d0f27b2 },
      { 0x7a730a55,0xca924631,0xddbbc83a,0x9c955b2f,0xac019a71,0x07c1dfe0,
        0x356ec48d,0x244a566d } },
    /* 8 */
    { { 0xf4f8b16a,0x56f8410e,0xc47b266a,0x97241afe,0x6d9c87c1,0x0a406b8e,
        0xcd42ab1b,0x803f3e02 },
      { 0x04dbec69,0x7f0309a8,0x3bbad05f,0xa83b85f7,0xad8e197f,0xc6097273,
        0x5067adc1,0xc097440e } },
    /* 9 */
    { { 0xc379ab34,0x846a56f2,0x841df8d1,0xa8ee068b,0x176c68ef,0x20314459,
        0x915f1f30,0xf1af32d5 },
      { 0x5d75bd50,0x99c37531,0xf72f67bc,0x837cffba,0x48d7723f,0x0613a418,
        0xe2d41c8b,0x23d0f130 } },
    /* 10 */
    { { 0xd5be5a2b,0xed93e225,0x5934f3c6,0x6fe79983,0x22626ffc,0x43140926,
        0x7990216a,0x50bbb4d9 },
      { 0xe57ec63e,0x378191c6,0x181dcdb2,0x65422c40,0x0236e0f6,0x41a8099b,
        0x01fe49c3,0x2b100118 } },
    /* 11 */
    { { 0x9b391593,0xfc68b5c5,0x598270fc,0xc385f5a2,0xd19adcbb,0x7144f3aa,
        0x83fbae0c,0xdd558999 },
      { 0x74b82ff4,0x93b88b8e,0x71e734c9,0xd2e03c40,0x43c0322a,0x9a7a9eaf,
        0x149d6041,0xe6e4c551 } },
    /* 12 */
    { { 0x80ec21fe,0x5fe14bfe,0xc255be82,0xf6ce116a,0x2f4a5d67,0x98bc5a07,
        0xdb7e63af,0xfad27148 },
      { 0x29ab05b3,0x90c0b6ac,0x4e251ae6,0x37a9a83c,0xc2aade7d,0x0a7dc875,
        0x9f0e1a84,0x77387de3 } },
    /* 13 */
    { { 0xa56c0dd7,0x1e9ecc49,0x46086c74,0xa5cffcd8,0xf505aece,0x8f7a1408,
        0xbef0c47e,0xb37b85c0 },
      { 0xcc0e6a8f,0x3596b6e4,0x6b388f23,0xfd6d4bbf,0xc39cef4e,0xaba453fa,
        0xf9f628d5,0x9c135ac8 } },
    /* 14 */
    { { 0x95c8f8be,0x0a1c7294,0x3bf362bf,0x2961c480,0xdf63d4ac,0x9e418403,
        0x91ece900,0xc109f9cb },
      { 0x58945705,0xc2d095d0,0xddeb85c0,0xb9083d96,0x7a40449b,0x84692b8d,
        0x2eee1ee1,0x9bc3344f } },
    /* 15 */
    { { 0x42913074,0x0d5ae356,0x48a542b1,0x55491b27,0xb310732a,0x469ca665,
        0x5f1a4cc1,0x29591d52 },
      { 0xb84f983f,0xe76f5b6b,0x9f5f84e1,0xbe7eef41,0x80baa189,0x1200d496,
        0x18ef332c,0x6376551f } },
};

/* Multiply the base point of P256 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Stripe implementation.
 * Pre-generated: 2^0, 2^64, ...
 * Pre-generated: products of all combinations of above.
 * 4 doubles and adds (with qz=1)
 *
 * r     Resulting point.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_256_ecc_mulmod_base_8(sp_point_256* r, const sp_digit* k,
        int map, int ct, void* heap)
{
    return sp_256_ecc_mulmod_stripe_8(r, &p256_base, p256_table,
                                      k, map, ct, heap);
}

#else
/* Striping precomputation table.
 * 8 points combined into a table of 256 points.
 * Distance of 32 between points.
 */
static const sp_table_entry_256 p256_table[256] = {
    /* 0 */
    { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
      { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
    /* 1 */
    { { 0x18a9143c,0x79e730d4,0x5fedb601,0x75ba95fc,0x77622510,0x79fb732b,
        0xa53755c6,0x18905f76 },
      { 0xce95560a,0xddf25357,0xba19e45c,0x8b4ab8e4,0xdd21f325,0xd2e88688,
        0x25885d85,0x8571ff18 } },
    /* 2 */
    { { 0x4147519a,0x20288602,0x26b372f0,0xd0981eac,0xa785ebc8,0xa9d4a7ca,
        0xdbdf58e9,0xd953c50d },
      { 0xfd590f8f,0x9d6361cc,0x44e6c917,0x72e9626b,0x22eb64cf,0x7fd96110,
        0x9eb288f3,0x863ebb7e } },
    /* 3 */
    { { 0x5cdb6485,0x7856b623,0x2f0a2f97,0x808f0ea2,0x4f7e300b,0x3e68d954,
        0xb5ff80a0,0x00076055 },
      { 0x838d2010,0x7634eb9b,0x3243708a,0x54014fbb,0x842a6606,0xe0e47d39,
        0x34373ee0,0x83087761 } },
    /* 4 */
    { { 0x16a0d2bb,0x4f922fc5,0x1a623499,0x0d5cc16c,0x57c62c8b,0x9241cf3a,
        0xfd1b667f,0x2f5e6961 },
      { 0xf5a01797,0x5c15c70b,0x60956192,0x3d20b44d,0x071fdb52,0x04911b37,
        0x8d6f0f7b,0xf648f916 } },
    /* 5 */
    { { 0xe137bbbc,0x9e566847,0x8a6a0bec,0xe434469e,0x79d73463,0xb1c42761,
        0x133d0015,0x5abe0285 },
      { 0xc04c7dab,0x92aa837c,0x43260c07,0x573d9f4c,0x78e6cc37,0x0c931562,
        0x6b6f7383,0x94bb725b } },
    /* 6 */
    { { 0x720f141c,0xbbf9b48f,0x2df5bc74,0x6199b3cd,0x411045c4,0xdc3f6129,
        0x2f7dc4ef,0xcdd6bbcb },
      { 0xeaf436fd,0xcca6700b,0xb99326be,0x6f647f6d,0x014f2522,0x0c0fa792,
        0x4bdae5f6,0xa361bebd } },
    /* 7 */
    { { 0x597c13c7,0x28aa2558,0x50b7c3e1,0xc38d635f,0xf3c09d1d,0x07039aec,
        0xc4b5292c,0xba12ca09 },
      { 0x59f91dfd,0x9e408fa4,0xceea07fb,0x3af43b66,0x9d780b29,0x1eceb089,
        0x701fef4b,0x53ebb99d } },
    /* 8 */
    { { 0xb0e63d34,0x4fe7ee31,0xa9e54fab,0xf4600572,0xd5e7b5a4,0xc0493334,
        0x06d54831,0x8589fb92 },
      { 0x6583553a,0xaa70f5cc,0xe25649e5,0x0879094a,0x10044652,0xcc904507,
        0x02541c4f,0xebb0696d } },
    /* 9 */
    { { 0xac1647c5,0x4616ca15,0xc4cf5799,0xb8127d47,0x764dfbac,0xdc666aa3,
        0xd1b27da3,0xeb2820cb },
      { 0x6a87e008,0x9406f8d8,0x922378f3,0xd87dfa9d,0x80ccecb2,0x56ed2e42,
        0x55a7da1d,0x1f28289b } },
    /* 10 */
    { { 0x3b89da99,0xabbaa0c0,0xb8284022,0xa6f2d79e,0xb81c05e8,0x27847862,
        0x05e54d63,0x337a4b59 },
      { 0x21f7794a,0x3c67500d,0x7d6d7f61,0x207005b7,0x04cfd6e8,0x0a5a3781,
        0xf4c2fbd6,0x0d65e0d5 } },
    /* 11 */
    { { 0xb5275d38,0xd9d09bbe,0x0be0a358,0x4268a745,0x973eb265,0xf0762ff4,
        0x52f4a232,0xc23da242 },
      { 0x0b94520c,0x5da1b84f,0xb05bd78e,0x09666763,0x94d29ea1,0x3a4dcb86,
        0xc790cff1,0x19de3b8c } },
    /* 12 */
    { { 0x26c5fe04,0x183a716c,0x3bba1bdb,0x3b28de0b,0xa4cb712c,0x7432c586,
        0x91fccbfd,0xe34dcbd4 },
      { 0xaaa58403,0xb408d46b,0x82e97a53,0x9a697486,0x36aaa8af,0x9e390127,
        0x7b4e0f7f,0xe7641f44 } },
    /* 13 */
    { { 0xdf64ba59,0x7d753941,0x0b0242fc,0xd33f10ec,0xa1581859,0x4f06dfc6,
        0x052a57bf,0x4a12df57 },
      { 0x9439dbd0,0xbfa6338f,0xbde53e1f,0xd3c24bd4,0x21f1b314,0xfd5e4ffa,
        0xbb5bea46,0x6af5aa93 } },
    /* 14 */
    { { 0x10c91999,0xda10b699,0x2a580491,0x0a24b440,0xb8cc2090,0x3e0094b4,
        0x66a44013,0x5fe3475a },
      { 0xf93e7b4b,0xb0f8cabd,0x7c23f91a,0x292b501a,0xcd1e6263,0x42e889ae,
        0xecfea916,0xb544e308 } },
    /* 15 */
    { { 0x16ddfdce,0x6478c6e9,0xf89179e6,0x2c329166,0x4d4e67e1,0x4e8d6e76,
        0xa6b0c20b,0xe0b6b2bd },
      { 0xbb7efb57,0x0d312df2,0x790c4007,0x1aac0dde,0x679bc944,0xf90336ad,
        0x25a63774,0x71c023de } },
    /* 16 */
    { { 0xbfe20925,0x62a8c244,0x8fdce867,0x91c19ac3,0xdd387063,0x5a96a5d5,
        0x21d324f6,0x61d587d4 },
      { 0xa37173ea,0xe87673a2,0x53778b65,0x23848008,0x05bab43e,0x10f8441e,
        0x4621efbe,0xfa11fe12 } },
    /* 17 */
    { { 0x2cb19ffd,0x1c891f2b,0xb1923c23,0x01ba8d5b,0x8ac5ca8e,0xb6d03d67,
        0x1f13bedc,0x586eb04c },
      { 0x27e8ed09,0x0c35c6e5,0x1819ede2,0x1e81a33c,0x56c652fa,0x278fd6c0,
        0x70864f11,0x19d5ac08 } },
    /* 18 */
    { { 0x309a4e1f,0x1e99f581,0xe9270074,0xab7de71b,0xefd28d20,0x26a5ef0b,
        0x7f9c563f,0xe7c0073f },
      { 0x0ef59f76,0x1f6d663a,0x20fcb050,0x669b3b54,0x7a6602d4,0xc08c1f7a,
        0xc65b3c0a,0xe08504fe } },
    /* 19 */
    { { 0xa031b3ca,0xf098f68d,0xe6da6d66,0x6d1cab9e,0x94f246e8,0x5bfd81fa,
        0x5b0996b4,0x78f01882 },
      { 0x3a25787f,0xb7eefde4,0x1dccac9b,0x8016f80d,0xb35bfc36,0x0cea4877,
        0x7e94747a,0x43a773b8 } },
    /* 20 */
    { { 0xd2b533d5,0x62577734,0xa1bdddc0,0x673b8af6,0xa79ec293,0x577e7c9a,
        0xc3b266b1,0xbb6de651 },
      { 0xb65259b3,0xe7e9303a,0xd03a7480,0xd6a0afd3,0x9b3cfc27,0xc5ac83d1,
        0x5d18b99b,0x60b4619a } },
    /* 21 */
    { { 0x1ae5aa1c,0xbd6a38e1,0x49e73658,0xb8b7652b,0xee5f87ed,0x0b130014,
        0xaeebffcd,0x9d0f27b2 },
      { 0x7a730a55,0xca924631,0xddbbc83a,0x9c955b2f,0xac019a71,0x07c1dfe0,
        0x356ec48d,0x244a566d } },
    /* 22 */
    { { 0xeacf1f96,0x6db0394a,0x024c271c,0x9f2122a9,0x82cbd3b9,0x2626ac1b,
        0x3581ef69,0x45e58c87 },
      { 0xa38f9dbc,0xd3ff479d,0xe888a040,0xa8aaf146,0x46e0bed7,0x945adfb2,
        0xc1e4b7a4,0xc040e21c } },
    /* 23 */
    { { 0x6f8117b6,0x847af000,0x73a35433,0x651969ff,0x1d9475eb,0x482b3576,
        0x682c6ec7,0x1cdf5c97 },
      { 0x11f04839,0x7db775b4,0x48de1698,0x7dbeacf4,0xb70b3219,0xb2921dd1,
        0xa92dff3d,0x046755f8 } },
    /* 24 */
    { { 0xbce8ffcd,0xcc8ac5d2,0x2fe61a82,0x0d53c48b,0x7202d6c7,0xf6f16172,
        0x3b83a5f3,0x046e5e11 },
      { 0xd8007f01,0xe7b8ff64,0x5af43183,0x7fb1ef12,0x35e1a03c,0x045c5ea6,
        0x303d005b,0x6e0106c3 } },
    /* 25 */
    { { 0x88dd73b1,0x48c73584,0x995ed0d9,0x7670708f,0xc56a2ab7,0x38385ea8,
        0xe901cf1f,0x442594ed },
      { 0x12d4b65b,0xf8faa2c9,0x96c90c37,0x94c2343b,0x5e978d1f,0xd326e4a1,
        0x4c2ee68e,0xa796fa51 } },
    /* 26 */
    { { 0x823addd7,0x359fb604,0xe56693b3,0x9e2a6183,0x3cbf3c80,0xf885b78e,
        0xc69766e9,0xe4ad2da9 },
      { 0x8e048a61,0x357f7f42,0xc092d9a0,0x082d198c,0xc03ed8ef,0xfc3a1af4,
        0xc37b5143,0xc5e94046 } },
    /* 27 */
    { { 0x2be75f9e,0x476a538c,0xcb123a78,0x6fd1a9e8,0xb109c04b,0xd85e4df0,
        0xdb464747,0x63283daf },
      { 0xbaf2df15,0xce728cf7,0x0ad9a7f4,0xe592c455,0xe834bcc3,0xfab226ad,
        0x1981a938,0x68bd19ab } },
    /* 28 */
    { { 0x1887d659,0xc08ead51,0xb359305a,0x3374d5f4,0xcfe74fe3,0x96986981,
        0x3c6fdfd6,0x495292f5 },
      { 0x1acec896,0x4a878c9e,0xec5b4484,0xd964b210,0x664d60a7,0x6696f7e2,
        0x26036837,0x0ec7530d } },
    /* 29 */
    { { 0xad2687bb,0x2da13a05,0xf32e21fa,0xa1f83b6a,0x1dd4607b,0x390f5ef5,
        0x64863f0b,0x0f6207a6 },
      { 0x0f138233,0xbd67e3bb,0x272aa718,0xdd66b96c,0x26ec88ae,0x8ed00407,
        0x08ed6dcf,0xff0db072 } },
    /* 30 */
    { { 0x4c95d553,0x749fa101,0x5d680a8a,0xa44052fd,0xff3b566f,0x183b4317,
        0x88740ea3,0x313b513c },
      { 0x08d11549,0xb402e2ac,0xb4dee21c,0x071ee10b,0x47f2320e,0x26b987dd,
        0x86f19f81,0x2d3abcf9 } },
    /* 31 */
    { { 0x815581a2,0x4c288501,0x632211af,0x9a0a6d56,0x0cab2e99,0x19ba7a0f,
        0xded98cdf,0xc036fa10 },
      { 0xc1fbd009,0x29ae08ba,0x06d15816,0x0b68b190,0x9b9e0d8f,0xc2eb3277,
        0xb6d40194,0xa6b2a2c4 } },
    /* 32 */
    { { 0x6d3549cf,0xd433e50f,0xfacd665e,0x6f33696f,0xce11fcb4,0x695bfdac,
        0xaf7c9860,0x810ee252 },
      { 0x7159bb2c,0x65450fe1,0x758b357b,0xf7dfbebe,0xd69fea72,0x2b057e74,
        0x92731745,0xd485717a } },
    /* 33 */
    { { 0xf0cb5a98,0x11741a8a,0x1f3110bf,0xd3da8f93,0xab382adf,0x1994e2cb,
        0x2f9a604e,0x6a6045a7 },
      { 0xa2b2411d,0x170c0d3f,0x510e96e0,0xbe0eb83e,0x8865b3cc,0x3bcc9f73,
        0xf9e15790,0xd3e45cfa } },
    /* 34 */
    { { 0xe83f7669,0xce1f69bb,0x72877d6b,0x09f8ae82,0x3244278d,0x9548ae54,
        0xe3c2c19c,0x207755de },
      { 0x6fef1945,0x87bd61d9,0xb12d28c3,0x18813cef,0x72df64aa,0x9fbcd1d6,
        0x7154b00d,0x48dc5ee5 } },
    /* 35 */
    { { 0xf7e5a199,0x123790bf,0x989ccbb7,0xe0efb8cf,0x0a519c79,0xc27a2bfe,
        0xdff6f445,0xf2fb0aed },
      { 0xf0b5025f,0x41c09575,0x40fa9f22,0x550543d7,0x380bfbd0,0x8fa3c8ad,
        0xdb28d525,0xa13e9015 } },
    /* 36 */
    { { 0xa2b65cbc,0xf9f7a350,0x2a464226,0x0b04b972,0xe23f07a1,0x265ce241,
        0x1497526f,0x2bf0d6b0 },
      { 0x4b216fb7,0xd3d4dd3f,0xfbdda26a,0xf7d7b867,0x6708505c,0xaeb7b83f,
        0x162fe89f,0x42a94a5a } },
    /* 37 */
    { { 0xeaadf191,0x5846ad0b,0x25a268d7,0x0f8a4890,0x494dc1f6,0xe8603050,
        0xc65ede3d,0x2c2dd969 },
      { 0x93849c17,0x6d02171d,0x1da250dd,0x460488ba,0x3c3a5485,0x4810c706,
        0x42c56dbc,0xf437fa1f } },
    /* 38 */
    { { 0x4a0f7dab,0x6aa0d714,0x1776e9ac,0x0f049793,0xf5f39786,0x52c0a050,
        0x54707aa8,0xaaf45b33 },
      { 0xc18d364a,0x85e37c33,0x3e497165,0xd40b9b06,0x15ec5444,0xf4171681,
        0xf4f272bc,0xcdf6310d } },
    /* 39 */
    { { 0x8ea8b7ef,0x7473c623,0x85bc2287,0x08e93518,0x2bda8e34,0x41956772,
        0xda9e2ff2,0xf0d008ba },
      { 0x2414d3b1,0x2912671d,0xb019ea76,0xb3754985,0x453bcbdb,0x5c61b96d,
        0xca887b8b,0x5bd5c2f5 } },
    /* 40 */
    { { 0xf49a3154,0xef0f469e,0x6e2b2e9a,0x3e85a595,0xaa924a9c,0x45aaec1e,
        0xa09e4719,0xaa12dfc8 },
      { 0x4df69f1d,0x26f27227,0xa2ff5e73,0xe0e4c82c,0xb7a9dd44,0xb9d8ce73,
        0xe48ca901,0x6c036e73 } },
    /* 41 */
    { { 0x0f6e3138,0x5cfae12a,0x25ad345a,0x6966ef00,0x45672bc5,0x8993c64b,
        0x96afbe24,0x292ff658 },
      { 0x5e213402,0xd5250d44,0x4392c9fe,0xf6580e27,0xda1c72e8,0x097b397f,
        0x311b7276,0x644e0c90 } },
    /* 42 */
    { { 0xa47153f0,0xe1e421e1,0x920418c9,0xb86c3b79,0x705d7672,0x93bdce87,
        0xcab79a77,0xf25ae793 },
      { 0x6d869d0c,0x1f3194a3,0x4986c264,0x9d55c882,0x096e945e,0x49fb5ea3,
        0x13db0a3e,0x39b8e653 } },
    /* 43 */
    { { 0xb6fd2e59,0x37754200,0x9255c98f,0x35e2c066,0x0e2a5739,0xd9dab21a,
        0x0f19db06,0x39122f2f },
      { 0x03cad53c,0xcfbce1e0,0xe65c17e3,0x225b2c0f,0x9aa13877,0x72baf1d2,
        0xce80ff8d,0x8de80af8 } },
    /* 44 */
    { { 0x207bbb76,0xafbea8d9,0x21782758,0x921c7e7c,0x1c0436b1,0xdfa2b74b,
        0x2e368c04,0x87194906 },
      { 0xa3993df5,0xb5f928bb,0xf3b3d26a,0x639d75b5,0x85b55050,0x011aa78a,
        0x5b74fde1,0xfc315e6a } },
    /* 45 */
    { { 0xe8d6ecfa,0x561fd41a,0x1aec7f86,0x5f8c44f6,0x4924741d,0x98452a7b,
        0xee389088,0xe6d4a7ad },
      { 0x4593c75d,0x60552ed1,0xdd271162,0x70a70da4,0x7ba2c7db,0xd2aede93,
        0x9be2ae57,0x35dfaf9a } },
    /* 46 */
    { { 0xaa736636,0x6b956fcd,0xae2cab7e,0x09f51d97,0x0f349966,0xfb10bf41,
        0x1c830d2b,0x1da5c7d7 },
      { 0x3cce6825,0x5c41e483,0xf9573c3b,0x15ad118f,0xf23036b8,0xa28552c7,
        0xdbf4b9d6,0x7077c0fd } },
    /* 47 */
    { { 0x46b9661c,0xbf63ff8d,0x0d2cfd71,0xa1dfd36b,0xa847f8f7,0x0373e140,
        0xe50efe44,0x53a8632e },
      { 0x696d8051,0x0976ff68,0xc74f468a,0xdaec0c95,0x5e4e26bd,0x62994dc3,
        0x34e1fcc1,0x028ca76d } },
    /* 48 */
    { { 0xfc9877ee,0xd11d47dc,0x801d0002,0xc8b36210,0x54c260b6,0xd002c117,
        0x6962f046,0x04c17cd8 },
      { 0xb0daddf5,0x6d9bd094,0x24ce55c0,0xbea23575,0x72da03b5,0x663356e6,
        0xfed97474,0xf7ba4de9 } },
    /* 49 */
    { { 0xebe1263f,0xd0dbfa34,0x71ae7ce6,0x55763735,0x82a6f523,0xd2440553,
        0x52131c41,0xe31f9600 },
      { 0xea6b6ec6,0xd1bb9216,0x73c2fc44,0x37a1d12e,0x89d0a294,0xc10e7eac,
        0xce34d47b,0xaa3a6259 } },
    /* 50 */
    { { 0x36f3dcd3,0xfbcf9df5,0xd2bf7360,0x6ceded50,0xdf504f5b,0x491710fa,
        0x7e79daee,0x2398dd62 },
      { 0x6d09569e,0xcf4705a3,0x5149f769,0xea0619bb,0x35f6034c,0xff9c0377,
        0x1c046210,0x5717f5b2 } },
    /* 51 */
    { { 0x21dd895e,0x9fe229c9,0x40c28451,0x8e518500,0x1d637ecd,0xfa13d239,
        0x0e3c28de,0x660a2c56 },
      { 0xd67fcbd0,0x9cca88ae,0x0ea9f096,0xc8472478,0x72e92b4d,0x32b2f481,
        0x4f522453,0x624ee54c } },
    /* 52 */
    { { 0xd897eccc,0x09549ce4,0x3f9880aa,0x4d49d1d9,0x043a7c20,0x723c2423,
        0x92bdfbc0,0x4f392afb },
      { 0x7de44fd9,0x6969f8fa,0x57b32156,0xb66cfbe4,0x368ebc3c,0xdb2fa803,
        0xccdb399c,0x8a3e7977 } },
    /* 53 */
    { { 0x06c4b125,0xdde1881f,0xf6e3ca8c,0xae34e300,0x5c7a13e9,0xef6999de,
        0x70c24404,0x3888d023 },
      { 0x44f91081,0x76280356,0x5f015504,0x3d9fcf61,0x632cd36e,0x1827edc8,
        0x18102336,0xa5e62e47 } },
    /* 54 */
    { { 0x2facd6c8,0x1a825ee3,0x54bcbc66,0x699c6354,0x98df9931,0x0ce3edf7,
        0x466a5adc,0x2c4768e6 },
      { 0x90a64bc9,0xb346ff8c,0xe4779f5c,0x630a6020,0xbc05e884,0xd949d064,
        0xf9e652a0,0x7b5e6441 } },
    /* 55 */
    { { 0x1d28444a,0x2169422c,0xbe136a39,0xe996c5d8,0xfb0c7fce,0x2387afe5,
        0x0c8d744a,0xb8af73cb },
      { 0x338b86fd,0x5fde83aa,0xa58a5cff,0xfee3f158,0x20ac9433,0xc9ee8f6f,
        0x7f3f0895,0xa036395f } },
    /* 56 */
    { { 0xa10f7770,0x8c73c6bb,0xa12a0e24,0xa6f16d81,0x51bc2b9f,0x100df682,
        0x875fb533,0x4be36b01 },
      { 0x9fb56dbb,0x9226086e,0x07e7a4f8,0x306fef8b,0x66d52f20,0xeeaccc05,
        0x1bdc00c0,0x8cbc9a87 } },
    /* 57 */
    { { 0xc0dac4ab,0xe131895c,0x712ff112,0xa874a440,0x6a1cee57,0x6332ae7c,
        0x0c0835f8,0x44e7553e },
      { 0x7734002d,0x6d503fff,0x0b34425c,0x9d35cb8b,0x0e8738b5,0x95f70276,
        0x5eb8fc18,0x470a683a } },
    /* 58 */
    { { 0x90513482,0x81b761dc,0x01e9276a,0x0287202a,0x0ce73083,0xcda441ee,
        0xc63dc6ef,0x16410690 },
      { 0x6d06a2ed,0xf5034a06,0x189b100b,0xdd4d7745,0xab8218c9,0xd914ae72,
        0x7abcbb4f,0xd73479fd } },
    /* 59 */
    { { 0x5ad4c6e5,0x7edefb16,0x5b06d04d,0x262cf08f,0x8575cb14,0x12ed5bb1,
        0x0771666b,0x816469e3 },
      { 0x561e291e,0xd7ab9d79,0xc1de1661,0xeb9daf22,0x135e0513,0xf49827eb,
        0xf0dd3f9c,0x0a36dd23 } },
    /* 60 */
    { { 0x41d5533c,0x098d32c7,0x8684628f,0x7c5f5a9e,0xe349bd11,0x39a228ad,
        0xfdbab118,0xe331dfd6 },
      { 0x6bcc6ed8,0x5100ab68,0xef7a260e,0x7160c3bd,0xbce850d7,0x9063d9a7,
        0x492e3389,0xd3b4782a } },
    /* 61 */
    { { 0xf3821f90,0xa149b6e8,0x66eb7aad,0x92edd9ed,0x1a013116,0x0bb66953,
        0x4c86a5bd,0x7281275a },
      { 0xd3ff47e5,0x503858f7,0x61016441,0x5e1616bc,0x7dfd9bb1,0x62b0f11a,
        0xce145059,0x2c062e7e } },
    /* 62 */
    { { 0x0159ac2e,0xa76f996f,0xcbdb2713,0x281e7736,0x08e46047,0x2ad6d288,
        0x2c4e7ef1,0x282a35f9 },
      { 0xc0ce5cd2,0x9c354b1e,0x1379c229,0xcf99efc9,0x3e82c11e,0x992caf38,
        0x554d2abd,0xc71cd513 } },
    /* 63 */
    { { 0x09b578f4,0x4885de9c,0xe3affa7a,0x1884e258,0x59182f1f,0x8f76b1b7,
        0xcf47f3a3,0xc50f6740 },
      { 0x374b68ea,0xa9c4adf3,0x69965fe2,0xa406f323,0x85a53050,0x2f86a222,
        0x212958dc,0xb9ecb3a7 } },
    /* 64 */
    { { 0xf4f8b16a,0x56f8410e,0xc47b266a,0x97241afe,0x6d9c87c1,0x0a406b8e,
        0xcd42ab1b,0x803f3e02 },
      { 0x04dbec69,0x7f0309a8,0x3bbad05f,0xa83b85f7,0xad8e197f,0xc6097273,
        0x5067adc1,0xc097440e } },
    /* 65 */
    { { 0xc379ab34,0x846a56f2,0x841df8d1,0xa8ee068b,0x176c68ef,0x20314459,
        0x915f1f30,0xf1af32d5 },
      { 0x5d75bd50,0x99c37531,0xf72f67bc,0x837cffba,0x48d7723f,0x0613a418,
        0xe2d41c8b,0x23d0f130 } },
    /* 66 */
    { { 0xf41500d9,0x857ab6ed,0xfcbeada8,0x0d890ae5,0x89725951,0x52fe8648,
        0xc0a3fadd,0xb0288dd6 },
      { 0x650bcb08,0x85320f30,0x695d6e16,0x71af6313,0xb989aa76,0x31f520a7,
        0xf408c8d2,0xffd3724f } },
    /* 67 */
    { { 0xb458e6cb,0x53968e64,0x317a5d28,0x992dad20,0x7aa75f56,0x3814ae0b,
        0xd78c26df,0xf5590f4a },
      { 0xcf0ba55a,0x0fc24bd3,0x0c778bae,0x0fc4724a,0x683b674a,0x1ce9864f,
        0xf6f74a20,0x18d6da54 } },
    /* 68 */
    { { 0xd5be5a2b,0xed93e225,0x5934f3c6,0x6fe79983,0x22626ffc,0x43140926,
        0x7990216a,0x50bbb4d9 },
      { 0xe57ec63e,0x378191c6,0x181dcdb2,0x65422c40,0x0236e0f6,0x41a8099b,
        0x01fe49c3,0x2b100118 } },
    /* 69 */
    { { 0x9b391593,0xfc68b5c5,0x598270fc,0xc385f5a2,0xd19adcbb,0x7144f3aa,
        0x83fbae0c,0xdd558999 },
      { 0x74b82ff4,0x93b88b8e,0x71e734c9,0xd2e03c40,0x43c0322a,0x9a7a9eaf,
        0x149d6041,0xe6e4c551 } },
    /* 70 */
    { { 0x1e9af288,0x55f655bb,0xf7ada931,0x647e1a64,0xcb2820e5,0x43697e4b,
        0x07ed56ff,0x51e00db1 },
      { 0x771c327e,0x43d169b8,0x4a96c2ad,0x29cdb20b,0x3deb4779,0xc07d51f5,
        0x49829177,0xe22f4241 } },
    /* 71 */
    { { 0x635f1abb,0xcd45e8f4,0x68538874,0x7edc0cb5,0xb5a8034d,0xc9472c1f,
        0x52dc48c9,0xf709373d },
      { 0xa8af30d6,0x401966bb,0xf137b69c,0x95bf5f4a,0x9361c47e,0x3966162a,
        0xe7275b11,0xbd52d288 } },
    /* 72 */
    { { 0x9c5fa877,0xab155c7a,0x7d3a3d48,0x17dad672,0x73d189d8,0x43f43f9e,
        0xc8aa77a6,0xa0d0f8e4 },
      { 0xcc94f92d,0x0bbeafd8,0x0c4ddb3a,0xd818c8be,0xb82eba14,0x22cc65f8,
        0x946d6a00,0xa56c78c7 } },
    /* 73 */
    { { 0x0dd09529,0x2962391b,0x3daddfcf,0x803e0ea6,0x5b5bf481,0x2c77351f,
        0x731a367a,0xd8befdf8 },
      { 0xfc0157f4,0xab919d42,0xfec8e650,0xf51caed7,0x02d48b0a,0xcdf9cb40,
        0xce9f6478,0x854a68a5 } },
    /* 74 */
    { { 0x63506ea5,0xdc35f67b,0xa4fe0d66,0x9286c489,0xfe95cd4d,0x3f101d3b,
        0x98846a95,0x5cacea0b },
      { 0x9ceac44d,0xa90df60c,0x354d1c3a,0x3db29af4,0xad5dbabe,0x08dd3de8,
        0x35e4efa9,0xe4982d12 } },
    /* 75 */
    { { 0xc34cd55e,0x23104a22,0x2680d132,0x58695bb3,0x1fa1d943,0xfb345afa,
        0x16b20499,0x8046b7f6 },
      { 0x38e7d098,0xb533581e,0xf46f0b70,0xd7f61e8d,0x44cb78c4,0x30dea9ea,
        0x9082af55,0xeb17ca7b } },
    /* 76 */
    { { 0x76a145b9,0x1751b598,0xc1bc71ec,0xa5cf6b0f,0x392715bb,0xd3e03565,
        0xfab5e131,0x097b00ba },
      { 0x565f69e1,0xaa66c8e9,0xb5be5199,0x77e8f75a,0xda4fd984,0x6033ba11,
        0xafdbcc9e,0xf95c747b } },
    /* 77 */
    { { 0xbebae45e,0x558f01d3,0xc4bc6955,0xa8ebe9f0,0xdbc64fc6,0xaeb705b1,
        0x566ed837,0x3512601e },
      { 0xfa1161cd,0x9336f1e1,0x4c65ef87,0x328ab8d5,0x724f21e5,0x4757eee2,
        0x6068ab6b,0x0ef97123 } },
    /* 78 */
    { { 0x54ca4226,0x02598cf7,0xf8642c8e,0x5eede138,0x468e1790,0x48963f74,
        0x3b4fbc95,0xfc16d933 },
      { 0xe7c800ca,0xbe96fb31,0x2678adaa,0x13806331,0x6ff3e8b5,0x3d624497,
        0xb95d7a17,0x14ca4af1 } },
    /* 79 */
    { { 0xbd2f81d5,0x7a4771ba,0x01f7d196,0x1a5f9d69,0xcad9c907,0xd898bef7,
        0xf59c231d,0x4057b063 },
      { 0x89c05c0a,0xbffd82fe,0x1dc0df85,0xe4911c6f,0xa35a16db,0x3befccae,
        0xf1330b13,0x1c3b5d64 } },
    /* 80 */
    { { 0x80ec21fe,0x5fe14bfe,0xc255be82,0xf6ce116a,0x2f4a5d67,0x98bc5a07,
        0xdb7e63af,0xfad27148 },
      { 0x29ab05b3,0x90c0b6ac,0x4e251ae6,0x37a9a83c,0xc2aade7d,0x0a7dc875,
        0x9f0e1a84,0x77387de3 } },
    /* 81 */
    { { 0xa56c0dd7,0x1e9ecc49,0x46086c74,0xa5cffcd8,0xf505aece,0x8f7a1408,
        0xbef0c47e,0xb37b85c0 },
      { 0xcc0e6a8f,0x3596b6e4,0x6b388f23,0xfd6d4bbf,0xc39cef4e,0xaba453fa,
        0xf9f628d5,0x9c135ac8 } },
    /* 82 */
    { { 0x84e35743,0x32aa3202,0x85a3cdef,0x320d6ab1,0x1df19819,0xb821b176,
        0xc433851f,0x5721361f },
      { 0x71fc9168,0x1f0db36a,0x5e5c403c,0x5f98ba73,0x37bcd8f5,0xf64ca87e,
        0xe6bb11bd,0xdcbac3c9 } },
    /* 83 */
    { { 0x4518cbe2,0xf01d9968,0x9c9eb04e,0xd242fc18,0xe47feebf,0x727663c7,
        0x2d626862,0xb8c1c89e },
      { 0xc8e1d569,0x51a58bdd,0xb7d88cd0,0x563809c8,0xf11f31eb,0x26c27fd9,
        0x2f9422d4,0x5d23bbda } },
    /* 84 */
    { { 0x95c8f8be,0x0a1c7294,0x3bf362bf,0x2961c480,0xdf63d4ac,0x9e418403,
        0x91ece900,0xc109f9cb },
      { 0x58945705,0xc2d095d0,0xddeb85c0,0xb9083d96,0x7a40449b,0x84692b8d,
        0x2eee1ee1,0x9bc3344f } },
    /* 85 */
    { { 0x42913074,0x0d5ae356,0x48a542b1,0x55491b27,0xb310732a,0x469ca665,
        0x5f1a4cc1,0x29591d52 },
      { 0xb84f983f,0xe76f5b6b,0x9f5f84e1,0xbe7eef41,0x80baa189,0x1200d496,
        0x18ef332c,0x6376551f } },
    /* 86 */
    { { 0x562976cc,0xbda5f14e,0x0ef12c38,0x22bca3e6,0x6cca9852,0xbbfa3064,
        0x08e2987a,0xbdb79dc8 },
      { 0xcb06a772,0xfd2cb5c9,0xfe536dce,0x38f475aa,0x7c2b5db8,0xc2a3e022,
        0xadd3c14a,0x8ee86001 } },
    /* 87 */
    { { 0xa4ade873,0xcbe96981,0xc4fba48c,0x7ee9aa4d,0x5a054ba5,0x2cee2899,
        0x6f77aa4b,0x92e51d7a },
      { 0x7190a34d,0x948bafa8,0xf6bd1ed1,0xd698f75b,0x0caf1144,0xd00ee6e3,
        0x0a56aaaa,0x5182f86f } },
    /* 88 */
    { { 0x7a4cc99c,0xfba6212c,0x3e6d9ca1,0xff609b68,0x5ac98c5a,0x5dbb27cb,
        0x4073a6f2,0x91dcab5d },
      { 0x5f575a70,0x01b6cc3d,0x6f8d87fa,0x0cb36139,0x89981736,0x165d4e8c,
        0x97974f2b,0x17a0cedb } },
    /* 89 */
    { { 0x076c8d3a,0x38861e2a,0x210f924b,0x701aad39,0x13a835d9,0x94d0eae4,
        0x7f4cdf41,0x2e8ce36c },
      { 0x037a862b,0x91273dab,0x60e4c8fa,0x01ba9bb7,0x33baf2dd,0xf9645388,
        0x34f668f3,0xf4ccc6cb } },
    /* 90 */
    { { 0xf1f79687,0x44ef525c,0x92efa815,0x7c595495,0xa5c78d29,0xe1231741,
        0x9a0df3c9,0xac0db488 },
      { 0xdf01747f,0x86bfc711,0xef17df13,0x592b9358,0x5ccb6bb5,0xe5880e4f,
        0x94c974a2,0x95a64a61 } },
    /* 91 */
    { { 0xc15a4c93,0x72c1efda,0x82585141,0x40269b73,0x16cb0bad,0x6a8dfb1c,
        0x29210677,0x231e54ba },
      { 0x8ae6d2dc,0xa70df917,0x39112918,0x4d6aa63f,0x5e5b7223,0xf627726b,
        0xd8a731e1,0xab0be032 } },
    /* 92 */
    { { 0x8d131f2d,0x097ad0e9,0x3b04f101,0x637f09e3,0xd5e9a748,0x1ac86196,
        0x2cf6a679,0xf1bcc880 },
      { 0xe8daacb4,0x25c69140,0x60f65009,0x3c4e4055,0x477937a6,0x591cc8fc,
        0x5aebb271,0x85169469 } },
    /* 93 */
    { { 0xf1dcf593,0xde35c143,0xb018be3b,0x78202b29,0x9bdd9d3d,0xe9cdadc2,
        0xdaad55d8,0x8f67d9d2 },
      { 0x7481ea5f,0x84111656,0xe34c590c,0xe7d2dde9,0x05053fa8,0xffdd43f4,
        0xc0728b5d,0xf84572b9 } },
    /* 94 */
    { { 0x97af71c9,0x5e1a7a71,0x7a736565,0xa1449444,0x0e1d5063,0xa1b4ae07,
        0x616b2c19,0xedee2710 },
      { 0x11734121,0xb2f034f5,0x4a25e9f0,0x1cac6e55,0xa40c2ecf,0x8dc148f3,
        0x44ebd7f4,0x9fd27e9b } },
    /* 95 */
    { { 0xf6e2cb16,0x3cc7658a,0xfe5919b6,0xe3eb7d2c,0x168d5583,0x5a8c5816,
        0x958ff387,0xa40c2fb6 },
      { 0xfedcc158,0x8c9ec560,0x55f23056,0x7ad804c6,0x9a307e12,0xd9396704,
        0x7dc6decf,0x99bc9bb8 } },
    /* 96 */
    { { 0x927dafc6,0x84a9521d,0x5c09cd19,0x52c1fb69,0xf9366dde,0x9d9581a0,
        0xa16d7e64,0x9abe210b },
      { 0x48915220,0x480af84a,0x4dd816c6,0xfa73176a,0x1681ca5a,0xc7d53987,
        0x87f344b0,0x7881c257 } },
    /* 97 */
    { { 0xe0bcf3ff,0x93399b51,0x127f74f6,0x0d02cbc5,0xdd01d968,0x8fb465a2,
        0xa30e8940,0x15e6e319 },
      { 0x3e0e05f4,0x646d6e0d,0x43588404,0xfad7bddc,0xc4f850d3,0xbe61c7d1,
        0x191172ce,0x0e55facf } },
    /* 98 */
    { { 0xf8787564,0x7e9d9806,0x31e85ce6,0x1a331721,0xb819e8d6,0x6b0158ca,
        0x6fe96577,0xd73d0976 },
      { 0x1eb7206e,0x42483425,0xc618bb42,0xa519290f,0x5e30a520,0x5dcbb859,
        0x8f15a50b,0x9250a374 } },
    /* 99 */
    { { 0xbe577410,0xcaff08f8,0x5077a8c6,0xfd408a03,0xec0a63a4,0xf1f63289,
        0xc1cc8c0b,0x77414082 },
      { 0xeb0991cd,0x05a40fa6,0x49fdc296,0xc1ca0866,0xb324fd40,0x3a68a3c7,
        0x12eb20b9,0x8cb04f4d } },
    /* 100 */
    { { 0x6906171c,0xb1c2d055,0xb0240c3f,0x9073e9cd,0xd8906841,0xdb8e6b4f,
        0x47123b51,0xe4e429ef },
      { 0x38ec36f4,0x0b8dd53c,0xff4b6a27,0xf9d2dc01,0x879a9a48,0x5d066e07,
        0x3c6e6552,0x37bca2ff } },
    /* 101 */
    { { 0xdf562470,0x4cd2e3c7,0xc0964ac9,0x44f272a2,0x80c793be,0x7c6d5df9,
        0x3002b22a,0x59913edc },
      { 0x5750592a,0x7a139a83,0xe783de02,0x99e01d80,0xea05d64f,0xcf8c0375,
        0xb013e226,0x43786e4a } },
    /* 102 */
    { { 0x9e56b5a6,0xff32b0ed,0xd9fc68f9,0x0750d9a6,0x597846a7,0xec15e845,
        0xb7e79e7a,0x8638ca98 },
      { 0x0afc24b2,0x2f5ae096,0x4dace8f2,0x05398eaf,0xaecba78f,0x3b765dd0,
        0x7b3aa6f0,0x1ecdd36a } },
    /* 103 */
    { { 0x6c5ff2f3,0x5d3acd62,0x2873a978,0xa2d516c0,0xd2110d54,0xad94c9fa,
        0xd459f32d,0xd85d0f85 },
      { 0x10b11da3,0x9f700b8d,0xa78318c4,0xd2c22c30,0x9208decd,0x556988f4,
        0xb4ed3c62,0xa04f19c3 } },
    /* 104 */
    { { 0xed7f93bd,0x087924c8,0x392f51f6,0xcb64ac5d,0x821b71af,0x7cae330a,
        0x5c0950b0,0x92b2eeea },
      { 0x85b6e235,0x85ac4c94,0x2936c0f0,0xab2ca4a9,0xe0508891,0x80faa6b3,
        0x5834276c,0x1ee78221 } },
    /* 105 */
    { { 0xe63e79f7,0xa60a2e00,0xf399d906,0xf590e7b2,0x6607c09d,0x9021054a,
        0x57a6e150,0xf3f2ced8 },
      { 0xf10d9b55,0x200510f3,0xd8642648,0x9d2fcfac,0xe8bd0e7c,0xe5631aa7,
        0x3da3e210,0x0f56a454 } },
    /* 106 */
    { { 0x1043e0df,0x5b21bffa,0x9c007e6d,0x6c74b6cc,0xd4a8517a,0x1a656ec0,
        0x1969e263,0xbd8f1741 },
      { 0xbeb7494a,0x8a9bbb86,0x45f3b838,0x1567d46f,0xa4e5a79a,0xdf7a12a7,
        0x30ccfa09,0x2d1a1c35 } },
    /* 107 */
    { { 0x506508da,0x192e3813,0xa1d795a7,0x336180c4,0x7a9944b3,0xcddb5949,
        0xb91fba46,0xa107a65e },
      { 0x0f94d639,0xe6d1d1c5,0x8a58b7d7,0x8b4af375,0xbd37ca1c,0x1a7c5584,
        0xf87a9af2,0x183d760a } },
    /* 108 */
    { { 0x0dde59a4,0x29d69711,0x0e8bef87,0xf1ad8d07,0x4f2ebe78,0x229b4963,
        0xc269d754,0x1d44179d },
      { 0x8390d30e,0xb32dc0cf,0x0de8110c,0x0a3b2753,0x2bc0339a,0x31af1dc5,
        0x9606d262,0x771f9cc2 } },
    /* 109 */
    { { 0x85040739,0x99993e77,0x8026a939,0x44539db9,0xf5f8fc26,0xcf40f6f2,
        0x0362718e,0x64427a31 },
      { 0x85428aa8,0x4f4f2d87,0xebfb49a8,0x7b7adc3f,0xf23d01ac,0x201b2c6d,
        0x6ae90d6d,0x49d9b749 } },
    /* 110 */
    { { 0x435d1099,0xcc78d8bc,0x8e8d1a08,0x2adbcd4e,0x2cb68a41,0x02c2e2a0,
        0x3f605445,0x9037d81b },
      { 0x074c7b61,0x7cdbac27,0x57bfd72e,0xfe2031ab,0x596d5352,0x61ccec96,
        0x7cc0639c,0x08c3de6a } },
    /* 111 */
    { { 0xf6d552ab,0x20fdd020,0x05cd81f1,0x56baff98,0x91351291,0x06fb7c3e,
        0x45796b2f,0xc6909442 },
      { 0x41231bd1,0x17b3ae9c,0x5cc58205,0x1eac6e87,0xf9d6a122,0x208837ab,
        0xcafe3ac0,0x3fa3db02 } },
    /* 112 */
    { { 0x05058880,0xd75a3e65,0x643943f2,0x7da365ef,0xfab24925,0x4147861c,
        0xfdb808ff,0xc5c4bdb0 },
      { 0xb272b56b,0x73513e34,0x11b9043a,0xc8327e95,0xf8844969,0xfd8ce37d,
        0x46c2b6b5,0x2d56db94 } },
    /* 113 */
    { { 0xff46ac6b,0x2461782f,0x07a2e425,0xd19f7926,0x09a48de1,0xfafea3c4,
        0xe503ba42,0x0f56bd9d },
      { 0x345cda49,0x137d4ed1,0x816f299d,0x821158fc,0xaeb43402,0xe7c6a54a,
        0x1173b5f1,0x4003bb9d } },
    /* 114 */
    { { 0xa0803387,0x3b8e8189,0x39cbd404,0xece115f5,0xd2877f21,0x4297208d,
        0xa07f2f9e,0x53765522 },
      { 0xa8a4182d,0xa4980a21,0x3219df79,0xa2bbd07a,0x1a19a2d4,0x674d0a2e,
        0x6c5d4549,0x7a056f58 } },
    /* 115 */
    { { 0x9d8a2a47,0x646b2558,0xc3df2773,0x5b582948,0xabf0d539,0x51ec000e,
        0x7a1a2675,0x77d482f1 },
      { 0x87853948,0xb8a1bd95,0x6cfbffee,0xa6f817bd,0x80681e47,0xab6ec057,
        0x2b38b0e4,0x4115012b } },
    /* 116 */
    { { 0x6de28ced,0x3c73f0f4,0x9b13ec47,0x1d5da760,0x6e5c6392,0x61b8ce9e,
        0xfbea0946,0xcdf04572 },
      { 0x6c53c3b0,0x1cb3c58b,0x447b843c,0x97fe3c10,0x2cb9780e,0xfb2b8ae1,
        0x97383109,0xee703dda } },
    /* 117 */
    { { 0xff57e43a,0x34515140,0xb1b811b8,0xd44660d3,0x8f42b986,0x2b3b5dff,
        0xa162ce21,0x2a0ad89d },
      { 0x6bc277ba,0x64e4a694,0xc141c276,0xc788c954,0xcabf6274,0x141aa64c,
        0xac2b4659,0xd62d0b67 } },
    /* 118 */
    { { 0x2c054ac4,0x39c5d87b,0xf27df788,0x57005859,0xb18128d6,0xedf7cbf3,
        0x991c2426,0xb39a23f2 },
      { 0xf0b16ae5,0x95284a15,0xa136f51b,0x0c6a05b1,0xf2700783,0x1d63c137,
        0xc0674cc5,0x04ed0092 } },
    /* 119 */
    { { 0x9ae90393,0x1f4185d1,0x4a3d64e6,0x3047b429,0x9854fc14,0xae0001a6,
        0x0177c387,0xa0a91fc1 },
      { 0xae2c831e,0xff0a3f01,0x2b727e16,0xbb76ae82,0x5a3075b4,0x8f12c8a1,
        0x9ed20c41,0x084cf988 } },
    /* 120 */
    { { 0xfca6becf,0xd98509de,0x7dffb328,0x2fceae80,0x4778e8b9,0x5d8a15c4,
        0x73abf77e,0xd57955b2 },
      { 0x31b5d4f1,0x210da79e,0x3cfa7a1c,0xaa52f04b,0xdc27c20b,0xd4d12089,
        0x02d141f1,0x8e14ea42 } },
    /* 121 */
    { { 0xf2897042,0xeed50345,0x43402c4a,0x8d05331f,0xc8bdfb21,0xc8d9c194,
        0x2aa4d158,0x597e1a37 },
      { 0xcf0bd68c,0x0327ec1a,0xab024945,0x6d4be0dc,0xc9fe3e84,0x5b9c8d7a,
        0x199b4dea,0xca3f0236 } },
    /* 122 */
    { { 0x6170bd20,0x592a10b5,0x6d3f5de7,0x0ea897f1,0x44b2ade2,0xa3363ff1,
        0x309c07e4,0xbde7fd7e },
      { 0xb8f5432c,0x516bb6d2,0xe043444b,0x210dc1cb,0xf8f95b5a,0x3db01e6f,
        0x0a7dd198,0xb623ad0e } },
    /* 123 */
    { { 0x60c7b65b,0xa75bd675,0x23a4a289,0xab8c5590,0xd7b26795,0xf8220fd0,
        0x58ec137b,0xd6aa2e46 },
      { 0x5138bb85,0x10abc00b,0xd833a95c,0x8c31d121,0x1702a32e,0xb24ff00b,
        0x2dcc513a,0x111662e0 } },
    /* 124 */
    { { 0xefb42b87,0x78114015,0x1b6c4dff,0xbd9f5d70,0xa7d7c129,0x66ecccd7,
        0x94b750f8,0xdb3ee1cb },
      { 0xf34837cf,0xb26f3db0,0xb9578d4f,0xe7eed18b,0x7c56657d,0x5d2cdf93,
        0x52206a59,0x886a6442 } },
    /* 125 */
    { { 0x65b569ea,0x3c234cfb,0xf72119c1,0x20011141,0xa15a619e,0x8badc85d,
        0x018a17bc,0xa70cf4eb },
      { 0x8c4a6a65,0x224f97ae,0x0134378f,0x36e5cf27,0x4f7e0960,0xbe3a609e,
        0xd1747b77,0xaa4772ab } },
    /* 126 */
    { { 0x7aa60cc0,0x67676131,0x0368115f,0xc7916361,0xbbc1bb5a,0xded98bb4,
        0x30faf974,0x611a6ddc },
      { 0xc15ee47a,0x30e78cbc,0x4e0d96a5,0x2e896282,0x3dd9ed88,0x36f35adf,
        0x16429c88,0x5cfffaf8 } },
    /* 127 */
    { { 0x9b7a99cd,0xc0d54cff,0x843c45a1,0x7bf3b99d,0x62c739e1,0x038a908f,
        0x7dc1994c,0x6e5a6b23 },
      { 0x0ba5db77,0xef8b454e,0xacf60d63,0xb7b8807f,0x76608378,0xe591c0c6,
        0x242dabcc,0x481a238d } },
    /* 128 */
    { { 0x35d0b34a,0xe3417bc0,0x8327c0a7,0x440b386b,0xac0362d1,0x8fb7262d,
        0xe0cdf943,0x2c41114c },
      { 0xad95a0b1,0x2ba5cef1,0x67d54362,0xc09b37a8,0x01e486c9,0x26d6cdd2,
        0x42ff9297,0x20477abf } },
    /* 129 */
    { { 0x18d65dbf,0x2f75173c,0x339edad8,0x77bf940e,0xdcf1001c,0x7022d26b,
        0xc77396b6,0xac66409a },
      { 0xc6261cc3,0x8b0bb36f,0x190e7e90,0x213f7bc9,0xa45e6c10,0x6541ceba,
        0xcc122f85,0xce8e6975 } },
    /* 130 */
    { { 0xbc0a67d2,0x0f121b41,0x444d248a,0x62d4760a,0x659b4737,0x0e044f1d,
        0x250bb4a8,0x08fde365 },
      { 0x848bf287,0xaceec3da,0xd3369d6e,0xc2a62182,0x92449482,0x3582dfdc,
        0x565d6cd7,0x2f7e2fd2 } },
    /* 131 */
    { { 0xc3770fa7,0xae4b92db,0x379043f9,0x095e8d5c,0x17761171,0x54f34e9d,
        0x907702ae,0xc65be92e },
      { 0xf6fd0a40,0x2758a303,0xbcce784b,0xe7d822e3,0x4f9767bf,0x7ae4f585,
        0xd1193b3a,0x4bff8e47 } },
    /* 132 */
    { { 0x00ff1480,0xcd41d21f,0x0754db16,0x2ab8fb7d,0xbbe0f3ea,0xac81d2ef,
        0x5772967d,0x3e4e4ae6 },
      { 0x3c5303e6,0x7e18f36d,0x92262397,0x3bd9994b,0x1324c3c0,0x9ed70e26,
        0x58ec6028,0x5388aefd } },
    /* 133 */
    { { 0x5e5d7713,0xad1317eb,0x75de49da,0x09b985ee,0xc74fb261,0x32f5bc4f,
        0x4f75be0e,0x5cf908d1 },
      { 0x8e657b12,0x76043510,0xb96ed9e6,0xbfd421a5,0x8970ccc2,0x0e29f51f,
        0x60f00ce2,0xa698ba40 } },
    /* 134 */
    { { 0xef748fec,0x73db1686,0x7e9d2cf9,0xe6e755a2,0xce265eff,0x630b6544,
        0x7aebad8d,0xb142ef8a },
      { 0x17d5770a,0xad31af9f,0x2cb3412f,0x66af3b67,0xdf3359de,0x6bd60d1b,
        0x58515075,0xd1896a96 } },
    /* 135 */
    { { 0x33c41c08,0xec5957ab,0x5468e2e1,0x87de94ac,0xac472f6c,0x18816b73,
        0x7981da39,0x267b0e0b },
      { 0x8e62b988,0x6e554e5d,0x116d21e7,0xd8ddc755,0x3d2a6f99,0x4610faf0,
        0xa1119393,0xb54e287a } },
    /* 136 */
    { { 0x178a876b,0x0a0122b5,0x085104b4,0x51ff96ff,0x14f29f76,0x050b31ab,
        0x5f87d4e6,0x84abb28b },
      { 0x8270790a,0xd5ed439f,0x85e3f46b,0x2d6cb59d,0x6c1e2212,0x75f55c1b,
        0x17655640,0xe5436f67 } },
    /* 137 */
    { { 0x2286e8d5,0x53f9025e,0x864453be,0x353c95b4,0xe408e3a0,0xd832f5bd,
        0x5b9ce99e,0x0404f68b },
      { 0xa781e8e5,0xcad33bde,0x163c2f5b,0x3cdf5018,0x0119caa3,0x57576960,
        0x0ac1c701,0x3a4263df } },
    /* 138 */
    { { 0x9aeb596d,0xc2965ecc,0x023c92b4,0x01ea03e7,0x2e013961,0x4704b4b6,
        0x905ea367,0x0ca8fd3f },
      { 0x551b2b61,0x92523a42,0x390fcd06,0x1eb7a89c,0x0392a63e,0xe7f1d2be,
        0x4ddb0c33,0x96dca264 } },
    /* 139 */
    { { 0x387510af,0x203bb43a,0xa9a36a01,0x846feaa8,0x2f950378,0xd23a5770,
        0x3aad59dc,0x4363e212 },
      { 0x40246a47,0xca43a1c7,0xe55dd24d,0xb362b8d2,0x5d8faf96,0xf9b08604,
        0xd8bb98c4,0x840e115c } },
    /* 140 */
    { { 0x1023e8a7,0xf12205e2,0xd8dc7a0b,0xc808a8cd,0x163a5ddf,0xe292a272,
        0x30ded6d4,0x5e0d6abd },
      { 0x7cfc0f64,0x07a721c2,0x0e55ed88,0x42eec01d,0x1d1f9db2,0x26a7bef9,
        0x2945a25a,0x7dea48f4 } },
    /* 141 */
    { { 0xe5060a81,0xabdf6f1c,0xf8f95615,0xe79f9c72,0x06ac268b,0xcfd36c54,
        0xebfd16d1,0xabc2a2be },
      { 0xd3e2eac7,0x8ac66f91,0xd2dd0466,0x6f10ba63,0x0282d31b,0x6790e377,
        0x6c7eefc1,0x4ea35394 } },
    /* 142 */
    { { 0x5266309d,0xed8a2f8d,0x81945a3e,0x0a51c6c0,0x578c5dc1,0xcecaf45a,
        0x1c94ffc3,0x3a76e689 },
      { 0x7d7b0d0f,0x9aace8a4,0x8f584a5f,0x963ace96,0x4e697fbe,0x51a30c72,
        0x465e6464,0x8212a10a } },
    /* 143 */
    { { 0xcfab8caa,0xef7c61c3,0x0e142390,0x18eb8e84,0x7e9733ca,0xcd1dff67,
        0x599cb164,0xaa7cab71 },
      { 0xbc837bd1,0x02fc9273,0xc36af5d7,0xc06407d0,0xf423da49,0x17621292,
        0xfe0617c3,0x40e38073 } },
    /* 144 */
    { { 0xa7bf9b7c,0xf4f80824,0x3fbe30d0,0x365d2320,0x97cf9ce3,0xbfbe5320,
        0xb3055526,0xe3604700 },
      { 0x6cc6c2c7,0x4dcb9911,0xba4cbee6,0x72683708,0x637ad9ec,0xdcded434,
        0xa3dee15f,0x6542d677 } },
    /* 145 */
    { { 0x7b6c377a,0x3f32b6d0,0x903448be,0x6cb03847,0x20da8af7,0xd6fdd3a8,
        0x09bb6f21,0xa6534aee },
      { 0x1035facf,0x30a1780d,0x9dcb47e6,0x35e55a33,0xc447f393,0x6ea50fe1,
        0xdc9aef22,0xf3cb672f } },
    /* 146 */
    { { 0x3b55fd83,0xeb3719fe,0x875ddd10,0xe0d7a46c,0x05cea784,0x33ac9fa9,
        0xaae870e7,0x7cafaa2e },
      { 0x1d53b338,0x9b814d04,0xef87e6c6,0xe0acc0a0,0x11672b0f,0xfb93d108,
        0xb9bd522e,0x0aab13c1 } },
    /* 147 */
    { { 0xd2681297,0xddcce278,0xb509546a,0xcb350eb1,0x7661aaf2,0x2dc43173,
        0x847012e9,0x4b91a602 },
      { 0x72f8ddcf,0xdcff1095,0x9a911af4,0x08ebf61e,0xc372430e,0x48f4360a,
        0x72321cab,0x49534c53 } },
    /* 148 */
    { { 0xf07b7e9d,0x83df7d71,0x13cd516f,0xa478efa3,0x6c047ee3,0x78ef264b,
        0xd65ac5ee,0xcaf46c4f },
      { 0x92aa8266,0xa04d0c77,0x913684bb,0xedf45466,0xae4b16b0,0x56e65168,
        0x04c6770f,0x14ce9e57 } },
    /* 149 */
    { { 0x965e8f91,0x99445e3e,0xcb0f2492,0xd3aca1ba,0x90c8a0a0,0xd31cc70f,
        0x3e4c9a71,0x1bb708a5 },
      { 0x558bdd7a,0xd5ca9e69,0x018a26b1,0x734a0508,0x4c9cf1ec,0xb093aa71,
        0xda300102,0xf9d126f2 } },
    /* 150 */
    { { 0xaff9563e,0x749bca7a,0xb49914a0,0xdd077afe,0xbf5f1671,0xe27a0311,
        0x729ecc69,0x807afcb9 },
      { 0xc9b08b77,0x7f8a9337,0x443c7e38,0x86c3a785,0x476fd8ba,0x85fafa59,
        0x6568cd8c,0x751adcd1 } },
    /* 151 */
    { { 0x10715c0d,0x8aea38b4,0x8f7697f7,0xd113ea71,0x93fbf06d,0x665eab14,
        0x2537743f,0x29ec4468 },
      { 0xb50bebbc,0x3d94719c,0xe4505422,0x399ee5bf,0x8d2dedb1,0x90cd5b3a,
        0x92a4077d,0xff9370e3 } },
    /* 152 */
    { { 0xc6b75b65,0x59a2d69b,0x266651c5,0x4188f8d5,0x3de9d7d2,0x28a9f33e,
        0xa2a9d01a,0x9776478b },
      { 0x929af2c7,0x8852622d,0x4e690923,0x334f5d6d,0xa89a51e9,0xce6cc7e5,
        0xac2f82fa,0x74a6313f } },
    /* 153 */
    { { 0xb75f079c,0xb2f4dfdd,0x18e36fbb,0x85b07c95,0xe7cd36dd,0x1b6cfcf0,
        0x0ff4863d,0xab75be15 },
      { 0x173fc9b7,0x81b367c0,0xd2594fd0,0xb90a7420,0xc4091236,0x15fdbf03,
        0x0b4459f6,0x4ebeac2e } },
    /* 154 */
    { { 0x5c9f2c53,0xeb6c5fe7,0x8eae9411,0xd2522011,0xf95ac5d8,0xc8887633,
        0x2c1baffc,0xdf99887b },
      { 0x850aaecb,0xbb78eed2,0x01d6a272,0x9d49181b,0xb1cdbcac,0x978dd511,
        0x779f4058,0x27b040a7 } },
    /* 155 */
    { { 0xf73b2eb2,0x90405db7,0x8e1b2118,0xe0df8508,0x5962327e,0x501b7152,
        0xe4cfa3f5,0xb393dd37 },
      { 0x3fd75165,0xa1230e7b,0xbcd33554,0xd66344c2,0x0f7b5022,0x6c36f1be,
        0xd0463419,0x09588c12 } },
    /* 156 */
    { { 0x02601c3b,0xe086093f,0xcf5c335f,0xfb0252f8,0x894aff28,0x955cf280,
        0xdb9f648b,0x81c879a9 },
      { 0xc6f56c51,0x040e687c,0x3f17618c,0xfed47169,0x9059353b,0x44f88a41,
        0x5fc11bc4,0xfa0d48f5 } },
    /* 157 */
    { { 0xe1608e4d,0xbc6e1c9d,0x3582822c,0x010dda11,0x157ec2d7,0xf6b7ddc1,
        0xb6a367d6,0x8ea0e156 },
      { 0x2383b3b4,0xa354e02f,0x3f01f53c,0x69966b94,0x2de03ca5,0x4ff6632b,
        0xfa00b5ac,0x3f5ab924 } },
    /* 158 */
    { { 0x59739efb,0x337bb0d9,0xe7ebec0d,0xc751b0f4,0x411a67d1,0x2da52dd6,
        0x2b74256e,0x8bc76887 },
      { 0x82d3d253,0xa5be3b72,0xf58d779f,0xa9f679a1,0xe16767bb,0xa1cac168,
        0x60fcf34f,0xb386f190 } },
    /* 159 */
    { { 0x2fedcfc2,0x31f3c135,0x62f8af0d,0x5396bf62,0xe57288c2,0x9a02b4ea,
        0x1b069c4d,0x4cb460f7 },
      { 0x5b8095ea,0xae67b4d3,0x6fc07603,0x92bbf859,0xb614a165,0xe1475f66,
        0x95ef5223,0x52c0d508 } },
    /* 160 */
    { { 0x15339848,0x231c210e,0x70778c8d,0xe87a28e8,0x6956e170,0x9d1de661,
        0x2bb09c0b,0x4ac3c938 },
      { 0x6998987d,0x19be0551,0xae09f4d6,0x8b2376c4,0x1a3f933d,0x1de0b765,
        0xe39705f4,0x380d94c7 } },
    /* 161 */
    { { 0x81542e75,0x01a355aa,0xee01b9b7,0x96c724a1,0x624d7087,0x6b3a2977,
        0xde2637af,0x2ce3e171 },
      { 0xf5d5bc1a,0xcfefeb49,0x2777e2b5,0xa655607e,0x9513756c,0x4feaac2f,
        0x0b624e4d,0x2e6cd852 } },
    /* 162 */
    { { 0x8c31c31d,0x3685954b,0x5bf21a0c,0x68533d00,0x75c79ec9,0x0bd7626e,
        0x42c69d54,0xca177547 },
      { 0xf6d2dbb2,0xcc6edaff,0x174a9d18,0xfd0d8cbd,0xaa4578e8,0x875e8793,
        0x9cab2ce6,0xa976a713 } },
    /* 163 */
    { { 0x93fb353d,0x0a651f1b,0x57fcfa72,0xd75cab8b,0x31b15281,0xaa88cfa7,
        0x0a1f4999,0x8720a717 },
      { 0x693e1b90,0x8c3e8d37,0x16f6dfc3,0xd345dc0b,0xb52a8742,0x8ea8d00a,
        0xc769893c,0x9719ef29 } },
    /* 164 */
    { { 0x58e35909,0x820eed8d,0x33ddc116,0x9366d8dc,0x6e205026,0xd7f999d0,
        0xe15704c1,0xa5072976 },
      { 0xc4e70b2e,0x002a37ea,0x6890aa8a,0x84dcf657,0x645b2a5c,0xcd71bf18,
        0xf7b77725,0x99389c9d } },
    /* 165 */
    { { 0x7ada7a4b,0x238c08f2,0xfd389366,0x3abe9d03,0x766f512c,0x6b672e89,
        0x202c82e4,0xa88806aa },
      { 0xd380184e,0x6602044a,0x126a8b85,0xa8cb78c4,0xad844f17,0x79d670c0,
        0x4738dcfe,0x0043bffb } },
    /* 166 */
    { { 0x36d5192e,0x8d59b5dc,0x4590b2af,0xacf885d3,0x11601781,0x83566d0a,
        0xba6c4866,0x52f3ef01 },
      { 0x0edcb64d,0x3986732a,0x8068379f,0x0a482c23,0x7040f309,0x16cbe5fa,
        0x9ef27e75,0x3296bd89 } },
    /* 167 */
    { { 0x454d81d7,0x476aba89,0x51eb9b3c,0x9eade7ef,0x81c57986,0x619a21cd,
        0xaee571e9,0x3b90febf },
      { 0x5496f7cb,0x9393023e,0x7fb51bc4,0x55be41d8,0x99beb5ce,0x03f1dd48,
        0x9f810b18,0x6e88069d } },
    /* 168 */
    { { 0xb43ea1db,0xce37ab11,0x5259d292,0x0a7ff1a9,0x8f84f186,0x851b0221,
        0xdefaad13,0xa7222bea },
      { 0x2b0a9144,0xa2ac78ec,0xf2fa59c5,0x5a024051,0x6147ce38,0x91d1eca5,
        0xbc2ac690,0xbe94d523 } },
    /* 169 */
    { { 0x0b226ce7,0x72f4945e,0x967e8b70,0xb8afd747,0x85a6c63e,0xedea46f1,
        0x9be8c766,0x7782defe },
      { 0x3db38626,0x760d2aa4,0x76f67ad1,0x460ae787,0x54499cdb,0x341b86fc,
        0xa2892e4b,0x03838567 } },
    /* 170 */
    { { 0x79ec1a0f,0x2d8daefd,0xceb39c97,0x3bbcd6fd,0x58f61a95,0xf5575ffc,
        0xadf7b420,0xdbd986c4 },
      { 0x15f39eb7,0x81aa8814,0xb98d976c,0x6ee2fcf5,0xcf2f717d,0x5465475d,
        0x6860bbd0,0x8e24d3c4 } },
    /* 171 */
    { { 0x9a587390,0x749d8e54,0x0cbec588,0x12bb194f,0xb25983c6,0x46e07da4,
        0x407bafc8,0x541a99c4 },
      { 0x624c8842,0xdb241692,0xd86c05ff,0x6044c12a,0x4f7fcf62,0xc59d14b4,
        0xf57d35d1,0xc0092c49 } },
    /* 172 */
    { { 0xdf2e61ef,0xd3cc75c3,0x2e1b35ca,0x7e8841c8,0x909f29f4,0xc62d30d1,
        0x7286944d,0x75e40634 },
      { 0xbbc237d0,0xe7d41fc5,0xec4f01c9,0xc9537bf0,0x282bd534,0x91c51a16,
        0xc7848586,0x5b7cb658 } },
    /* 173 */
    { { 0x8a28ead1,0x964a7084,0xfd3b47f6,0x802dc508,0x767e5b39,0x9ae4bfd1,
        0x8df097a1,0x7ae13eba },
      { 0xeadd384e,0xfd216ef8,0xb6b2ff06,0x0361a2d9,0x4bcdb5f3,0x204b9878,
        0xe2a8e3fd,0x787d8074 } },
    /* 174 */
    { { 0x757fbb1c,0xc5e25d6b,0xca201deb,0xe47bddb2,0x6d2233ff,0x4a55e9a3,
        0x9ef28484,0x5c222819 },
      { 0x88315250,0x773d4a85,0x827097c1,0x21b21a2b,0xdef5d33f,0xab7c4ea1,
        0xbaf0f2b0,0xe45d37ab } },
    /* 175 */
    { { 0x28511c8a,0xd2df1e34,0xbdca6cd3,0xebb229c8,0x627c39a7,0x578a71a7,
        0x84dfb9d3,0xed7bc122 },
      { 0x93dea561,0xcf22a6df,0xd48f0ed1,0x5443f18d,0x5bad23e8,0xd8b86140,
        0x45ca6d27,0xaac97cc9 } },
    /* 176 */
    { { 0xa16bd00a,0xeb54ea74,0xf5c0bcc1,0xd839e9ad,0x1f9bfc06,0x092bb7f1,
        0x1163dc4e,0x318f97b3 },
      { 0xc30d7138,0xecc0c5be,0xabc30220,0x44e8df23,0xb0223606,0x2bb7972f,
        0x9a84ff4d,0xfa41faa1 } },
    /* 177 */
    { { 0xa6642269,0x4402d974,0x9bb783bd,0xc81814ce,0x7941e60b,0x398d38e4,
        0x1d26e9e2,0x38bb6b2c },
      { 0x6a577f87,0xc64e4a25,0xdc11fe1c,0x8b52d253,0x62280728,0xff336abf,
        0xce7601a5,0x94dd0905 } },
    /* 178 */
    { { 0xde93f92a,0x156cf7dc,0x89b5f315,0xa01333cb,0xc995e750,0x02404df9,
        0xd25c2ae9,0x92077867 },
      { 0x0bf39d44,0xe2471e01,0x96bb53d7,0x5f2c9020,0x5c9c3d8f,0x4c44b7b3,
        0xd29beb51,0x81e8428b } },
    /* 179 */
    { { 0xc477199f,0x6dd9c2ba,0x6b5ecdd9,0x8cb8eeee,0xee40fd0e,0x8af7db3f,
        0xdbbfa4b1,0x1b94ab62 },
      { 0xce47f143,0x44f0d8b3,0x63f46163,0x51e623fc,0xcc599383,0xf18f270f,
        0x055590ee,0x06a38e28 } },
    /* 180 */
    { { 0xb3355b49,0x2e5b0139,0xb4ebf99b,0x20e26560,0xd269f3dc,0xc08ffa6b,
        0x83d9d4f8,0xa7b36c20 },
      { 0x1b3e8830,0x64d15c3a,0xa89f9c0b,0xd5fceae1,0xe2d16930,0xcfeee4a2,
        0xa2822a20,0xbe54c6b4 } },
    /* 181 */
    { { 0x8d91167c,0xd6cdb3df,0xe7a6625e,0x517c3f79,0x346ac7f4,0x7105648f,
        0xeae022bb,0xbf30a5ab },
      { 0x93828a68,0x8e7785be,0x7f3ef036,0x5161c332,0x592146b2,0xe11b5feb,
        0x2732d13a,0xd1c820de } },
    /* 182 */
    { { 0x9038b363,0x043e1347,0x6b05e519,0x58c11f54,0x6026cad1,0x4fe57abe,
        0x68a18da3,0xb7d17bed },
      { 0xe29c2559,0x44ca5891,0x5bfffd84,0x4f7a0376,0x74e46948,0x498de4af,
        0x6412cc64,0x3997fd5e } },
    /* 183 */
    { { 0x8bd61507,0xf2074682,0x34a64d2a,0x29e132d5,0x8a8a15e3,0xffeddfb0,
        0x3c6c13e8,0x0eeb8929 },
      { 0xa7e259f8,0xe9b69a3e,0xd13e7e67,0xce1db7e6,0xad1fa685,0x277318f6,
        0xc922b6ef,0x228916f8 } },
    /* 184 */
    { { 0x0a12ab5b,0x959ae25b,0x957bc136,0xcc11171f,0xd16e2b0c,0x8058429e,
        0x6e93097e,0xec05ad1d },
      { 0xac3f3708,0x157ba5be,0x30b59d77,0x31baf935,0x118234e5,0x47b55237,
        0x7ff11b37,0x7d314156 } },
    /* 185 */
    { { 0xf6dfefab,0x7bd9c05c,0xdcb37707,0xbe2f2268,0x3a38bb95,0xe53ead97,
        0x9bc1d7a3,0xe9ce66fc },
      { 0x6f6a02a1,0x75aa1576,0x60e600ed,0x38c087df,0x68cdc1b9,0xf8947f34,
        0x72280651,0xd9650b01 } },
    /* 186 */
    { { 0x5a057e60,0x504b4c4a,0x8def25e4,0xcbccc3be,0x17c1ccbd,0xa6353208,
        0x804eb7a2,0x14d6699a },
      { 0xdb1f411a,0x2c8a8415,0xf80d769c,0x09fbaf0b,0x1c2f77ad,0xb4deef90,
        0x0d43598a,0x6f4c6841 } },
    /* 187 */
    { { 0x96c24a96,0x8726df4e,0xfcbd99a3,0x534dbc85,0x8b2ae30a,0x3c466ef2,
        0x61189abb,0x4c4350fd },
      { 0xf855b8da,0x2967f716,0x463c38a1,0x41a42394,0xeae93343,0xc37e1413,
        0x5a3118b5,0xa726d242 } },
    /* 188 */
    { { 0x948c1086,0xdae6b3ee,0xcbd3a2e1,0xf1de503d,0x03d022f3,0x3f35ed3f,
        0xcc6cf392,0x13639e82 },
      { 0xcdafaa86,0x9ac938fb,0x2654a258,0xf45bc5fb,0x45051329,0x1963b26e,
        0xc1a335a3,0xca9365e1 } },
    /* 189 */
    { { 0x4c3b2d20,0x3615ac75,0x904e241b,0x742a5417,0xcc9d071d,0xb08521c4,
        0x970b72a5,0x9ce29c34 },
      { 0x6d3e0ad6,0x8cc81f73,0xf2f8434c,0x8060da9e,0x6ce862d9,0x35ed1d1a,
        0xab42af98,0x48c4abd7 } },
    /* 190 */
    { { 0x40c7485a,0xd221b0cc,0xe5274dbf,0xead455bb,0x9263d2e8,0x493c7698,
        0xf67b33cb,0x78017c32 },
      { 0x930cb5ee,0xb9d35769,0x0c408ed2,0xc0d14e94,0x272f1a4d,0xf8b7bf55,
        0xde5c1c04,0x53cd0454 } },
    /* 191 */
    { { 0x5d28ccac,0xbcd585fa,0x005b746e,0x5f823e56,0xcd0123aa,0x7c79f0a1,
        0xd3d7fa8f,0xeea465c1 },
      { 0x0551803b,0x7810659f,0x7ce6af70,0x6c0b599f,0x29288e70,0x4195a770,
        0x7ae69193,0x1b6e42a4 } },
    /* 192 */
    { { 0xf67d04c3,0x2e80937c,0x89eeb811,0x1e312be2,0x92594d60,0x56b5d887,
        0x187fbd3d,0x0224da14 },
      { 0x0c5fe36f,0x87abb863,0x4ef51f5f,0x580f3c60,0xb3b429ec,0x964fb1bf,
        0x42bfff33,0x60838ef0 } },
    /* 193 */
    { { 0x7e0bbe99,0x432cb2f2,0x04aa39ee,0x7bda44f3,0x9fa93903,0x5f497c7a,
        0x2d331643,0x636eb202 },
      { 0x93ae00aa,0xfcfd0e61,0x31ae6d2f,0x875a00fe,0x9f93901c,0xf43658a2,
        0x39218bac,0x8844eeb6 } },
    /* 194 */
    { { 0x6b3bae58,0x114171d2,0x17e39f3e,0x7db3df71,0x81a8eada,0xcd37bc7f,
        0x51fb789e,0x27ba83dc },
      { 0xfbf54de5,0xa7df439f,0xb5fe1a71,0x7277030b,0xdb297a48,0x42ee8e35,
        0x87f3a4ab,0xadb62d34 } },
    /* 195 */
    { { 0xa175df2a,0x9b1168a2,0x618c32e9,0x082aa04f,0x146b0916,0xc9e4f2e7,
        0x75e7c8b2,0xb990fd76 },
      { 0x4df37313,0x0829d96b,0xd0b40789,0x1c205579,0x78087711,0x66c9ae4a,
        0x4d10d18d,0x81707ef9 } },
    /* 196 */
    { { 0x03d6ff96,0x97d7cab2,0x0d843360,0x5b851bfc,0xd042db4b,0x268823c4,
        0xd5a8aa5c,0x3792daea },
      { 0x941afa0b,0x52818865,0x42d83671,0xf3e9e741,0x5be4e0a7,0x17c82527,
        0x94b001ba,0x5abd635e } },
    /* 197 */
    { { 0x0ac4927c,0x727fa84e,0xa7c8cf23,0xe3886035,0x4adca0df,0xa4bcd5ea,
        0x846ab610,0x5995bf21 },
      { 0x829dfa33,0xe90f860b,0x958fc18b,0xcaafe2ae,0x78630366,0x9b3baf44,
        0xd483411e,0x44c32ca2 } },
    /* 198 */
    { { 0xe40ed80c,0xa74a97f1,0x31d2ca82,0x5f938cb1,0x7c2d6ad9,0x53f2124b,
        0x8082a54c,0x1f2162fb },
      { 0x720b173e,0x7e467cc5,0x085f12f9,0x40e8a666,0x4c9d65dc,0x8cebc20e,
        0xc3e907c9,0x8f1d402b } },
    /* 199 */
    { { 0xfbc4058a,0x4f592f9c,0x292f5670,0xb15e14b6,0xbc1d8c57,0xc55cfe37,
        0x926edbf9,0xb1980f43 },
      { 0x32c76b09,0x98c33e09,0x33b07f78,0x1df5279d,0x863bb461,0x6f08ead4,
        0x37448e45,0x2828ad9b } },
    /* 200 */
    { { 0xc4cf4ac5,0x696722c4,0xdde64afb,0xf5ac1a3f,0xe0890832,0x0551baa2,
        0x5a14b390,0x4973f127 },
      { 0x322eac5d,0xe59d8335,0x0bd9b568,0x5e07eef5,0xa2588393,0xab36720f,
        0xdb168ac7,0x6dac8ed0 } },
    /* 201 */
    { { 0xeda835ef,0xf7b545ae,0x1d10ed51,0x4aa113d2,0x13741b09,0x035a65e0,
        0x20b9de4c,0x4b23ef59 },
      { 0x3c4c7341,0xe82bb680,0x3f58bc37,0xd457706d,0xa51e3ee8,0x73527863,
        0xddf49a4e,0x4dd71534 } },
    /* 202 */
    { { 0x95476cd9,0xbf944672,0xe31a725b,0x648d072f,0xfc4b67e0,0x1441c8b8,
        0x2f4a4dbb,0xfd317000 },
      { 0x8995d0e1,0x1cb43ff4,0x0ef729aa,0x76e695d1,0x41798982,0xe0d5f976,
        0x9569f365,0x14fac58c } },
    /* 203 */
    { { 0xf312ae18,0xad9a0065,0xfcc93fc9,0x51958dc0,0x8a7d2846,0xd9a14240,
        0x36abda50,0xed7c7651 },
      { 0x25d4abbc,0x46270f1a,0xf1a113ea,0x9b5dd8f3,0x5b51952f,0xc609b075,
        0x4d2e9f53,0xfefcb7f7 } },
    /* 204 */
    { { 0xba119185,0xbd09497a,0xaac45ba4,0xd54e8c30,0xaa521179,0x492479de,
        0x87e0d80b,0x1801a57e },
      { 0xfcafffb0,0x073d3f8d,0xae255240,0x6cf33c0b,0x5b5fdfbc,0x781d763b,
        0x1ead1064,0x9f8fc11e } },
    /* 205 */
    { { 0x5e69544c,0x1583a171,0xf04b7813,0x0eaf8567,0x278a4c32,0x1e22a8fd,
        0x3d3a69a9,0xa9d3809d },
      { 0x59a2da3b,0x936c2c2c,0x1895c847,0x38ccbcf6,0x63d50869,0x5e65244e,
        0xe1178ef7,0x3006b9ae } },
    /* 206 */
    { { 0xc9eead28,0x0bb1f2b0,0x89f4dfbc,0x7eef635d,0xb2ce8939,0x074757fd,
        0x45f8f761,0x0ab85fd7 },
      { 0x3e5b4549,0xecda7c93,0x97922f21,0x4be2bb5c,0xb43b8040,0x261a1274,
        0x11e942c2,0xb122d675 } },
    /* 207 */
    { { 0x66a5ae7a,0x3be607be,0x76adcbe3,0x01e703fa,0x4eb6e5c5,0xaf904301,
        0x097dbaec,0x9f599dc1 },
      { 0x0ff250ed,0x6d75b718,0x349a20dc,0x8eb91574,0x10b227a3,0x425605a4,
        0x8a294b78,0x7d5528e0 } },
    /* 208 */
    { { 0x20c26def,0xf0f58f66,0x582b2d1e,0x025585ea,0x01ce3881,0xfbe7d79b,
        0x303f1730,0x28ccea01 },
      { 0x79644ba5,0xd1dabcd1,0x06fff0b8,0x1fc643e8,0x66b3e17b,0xa60a76fc,
        0xa1d013bf,0xc18baf48 } },
    /* 209 */
    { { 0x5dc4216d,0x34e638c8,0x206142ac,0x00c01067,0x95f5064a,0xd453a171,
        0xb7a9596b,0x9def809d },
      { 0x67ab8d2c,0x41e8642e,0x6237a2b6,0xb4240433,0x64c4218b,0x7d506a6d,
        0x68808ce5,0x0357f8b0 } },
    /* 210 */
    { { 0x4cd2cc88,0x8e9dbe64,0xf0b8f39d,0xcc61c28d,0xcd30a0c8,0x4a309874,
        0x1b489887,0xe4a01add },
      { 0xf57cd8f9,0x2ed1eeac,0xbd594c48,0x1b767d3e,0x7bd2f787,0xa7295c71,
        0xce10cc30,0x466d7d79 } },
    /* 211 */
    { { 0x9dada2c7,0x47d31892,0x8f9aa27d,0x4fa0a6c3,0x820a59e1,0x90e4fd28,
        0x451ead1a,0xc672a522 },
      { 0x5d86b655,0x30607cc8,0xf9ad4af1,0xf0235d3b,0x571172a6,0x99a08680,
        0xf2a67513,0x5e3d64fa } },
    /* 212 */
    { { 0x9b3b4416,0xaa6410c7,0xeab26d99,0xcd8fcf85,0xdb656a74,0x5ebff74a,
        0xeb8e42fc,0x6c8a7a95 },
      { 0xb02a63bd,0x10c60ba7,0x8b8f0047,0x6b2f2303,0x312d90b0,0x8c6c3738,
        0xad82ca91,0x348ae422 } },
    /* 213 */
    { { 0x5ccda2fb,0x7f474663,0x8e0726d2,0x22accaa1,0x492b1f20,0x85adf782,
        0xd9ef2d2e,0xc1074de0 },
      { 0xae9a65b3,0xfcf3ce44,0x05d7151b,0xfd71e4ac,0xce6a9788,0xd4711f50,
        0xc9e54ffc,0xfbadfbdb } },
    /* 214 */
    { { 0x20a99363,0x1713f1cd,0x6cf22775,0xb915658f,0x24d359b2,0x968175cd,
        0x83716fcd,0xb7f976b4 },
      { 0x5d6dbf74,0x5758e24d,0x71c3af36,0x8d23bafd,0x0243dfe3,0x48f47760,
        0xcafcc805,0xf4d41b2e } },
    /* 215 */
    { { 0xfdabd48d,0x51f1cf28,0x32c078a4,0xce81be36,0x117146e9,0x6ace2974,
        0xe0160f10,0x180824ea },
      { 0x66e58358,0x0387698b,0xce6ca358,0x63568752,0x5e41e6c5,0x82380e34,
        0x83cf6d25,0x67e5f639 } },
    /* 216 */
    { { 0xcf4899ef,0xf89ccb8d,0x9ebb44c0,0x949015f0,0xb2598ec9,0x546f9276,
        0x04c11fc6,0x9fef789a },
      { 0x53d2a071,0x6d367ecf,0xa4519b09,0xb10e1a7f,0x611e2eef,0xca6b3fb0,
        0xa99c4e20,0xbc80c181 } },
    /* 217 */
    { { 0xe5eb82e6,0x972536f8,0xf56cb920,0x1a484fc7,0x50b5da5e,0xc78e2171,
        0x9f8cdf10,0x49270e62 },
      { 0xea6b50ad,0x1a39b7bb,0xa2388ffc,0x9a0284c1,0x8107197b,0x5403eb17,
        0x61372f7f,0xd2ee52f9 } },
    /* 218 */
    { { 0x88e0362a,0xd37cd285,0x8fa5d94d,0x442fa8a7,0xa434a526,0xaff836e5,
        0xe5abb733,0xdfb478be },
      { 0x673eede6,0xa91f1ce7,0x2b5b2f04,0xa5390ad4,0x5530da2f,0x5e66f7bf,
        0x08df473a,0xd9a140b4 } },
    /* 219 */
    { { 0x6e8ea498,0x0e0221b5,0x3563ee09,0x62347829,0x335d2ade,0xe06b8391,
        0x623f4b1a,0x760c058d },
      { 0xc198aa79,0x0b89b58c,0xf07aba7f,0xf74890d2,0xfde2556a,0x4e204110,
        0x8f190409,0x7141982d } },
    /* 220 */
    { { 0x4d4b0f45,0x6f0a0e33,0x392a94e1,0xd9280b38,0xb3c61d5e,0x3af324c6,
        0x89d54e47,0x3af9d1ce },
      { 0x20930371,0xfd8f7981,0x21c17097,0xeda2664c,0xdc42309b,0x0e9545dc,
        0x73957dd6,0xb1f815c3 } },
    /* 221 */
    { { 0x89fec44a,0x84faa78e,0x3caa4caf,0xc8c2ae47,0xc1b6a624,0x691c807d,
        0x1543f052,0xa41aed14 },
      { 0x7d5ffe04,0x42435399,0x625b6e20,0x8bacb2df,0x87817775,0x85d660be,
        0x86fb60ef,0xd6e9c1dd } },
    /* 222 */
    { { 0xc6853264,0x3aa2e97e,0xe2304a0b,0x771533b7,0xb8eae9be,0x1b912bb7,
        0xae9bf8c2,0x9c9c6e10 },
      { 0xe030b74c,0xa2309a59,0x6a631e90,0x4ed7494d,0xa49b79f2,0x89f44b23,
        0x40fa61b6,0x566bd596 } },
    /* 223 */
    { { 0xc18061f3,0x066c0118,0x7c83fc70,0x190b25d3,0x27273245,0xf05fc8e0,
        0xf525345e,0xcf2c7390 },
      { 0x10eb30cf,0xa09bceb4,0x0d77703a,0xcfd2ebba,0x150ff255,0xe842c43a,
        0x8aa20979,0x02f51755 } },
    /* 224 */
    { { 0xaddb7d07,0x396ef794,0x24455500,0x0b4fc742,0xc78aa3ce,0xfaff8eac,
        0xe8d4d97d,0x14e9ada5 },
      { 0x2f7079e2,0xdaa480a1,0xe4b0800e,0x45baa3cd,0x7838157d,0x01765e2d,
        0x8e9d9ae8,0xa0ad4fab } },
    /* 225 */
    { { 0x4a653618,0x0bfb7621,0x31eaaa5f,0x1872813c,0x44949d5e,0x1553e737,
        0x6e56ed1e,0xbcd530b8 },
      { 0x32e9c47b,0x169be853,0xb50059ab,0xdc2776fe,0x192bfbb4,0xcdba9761,
        0x6979341d,0x909283cf } },
    /* 226 */
    { { 0x76e81a13,0x67b00324,0x62171239,0x9bee1a99,0xd32e19d6,0x08ed361b,
        0xace1549a,0x35eeb7c9 },
      { 0x7e4e5bdc,0x1280ae5a,0xb6ceec6e,0x2dcd2cd3,0x6e266bc1,0x52e4224c,
        0x448ae864,0x9a8b2cf4 } },
    /* 227 */
    { { 0x09d03b59,0xf6471bf2,0xb65af2ab,0xc90e62a3,0xebd5eec9,0xff7ff168,
        0xd4491379,0x6bdb60f4 },
      { 0x8a55bc30,0xdadafebc,0x10097fe0,0xc79ead16,0x4c1e3bdd,0x42e19741,
        0x94ba08a9,0x01ec3cfd } },
    /* 228 */
    { { 0xdc9485c2,0xba6277eb,0x22fb10c7,0x48cc9a79,0x70a28d8a,0x4f61d60f,
        0x475464f6,0xd1acb1c0 },
      { 0x26f36612,0xd26902b1,0xe0618d8b,0x59c3a44e,0x308357ee,0x4df8a813,
        0x405626c2,0x7dcd079d } },
    /* 229 */
    { { 0xf05a4b48,0x5ce7d4d3,0x37230772,0xadcd2952,0x812a915a,0xd18f7971,
        0x377d19b8,0x0bf53589 },
      { 0x6c68ea73,0x35ecd95a,0x823a584d,0xc7f3bbca,0xf473a723,0x9fb674c6,
        0xe16686fc,0xd28be4d9 } },
    /* 230 */
    { { 0x38fa8e4b,0x5d2b9906,0x893fd8fc,0x559f186e,0x436fb6fc,0x3a6de2aa,
        0x510f88ce,0xd76007aa },
      { 0x523a4988,0x2d10aab6,0x74dd0273,0xb455cf44,0xa3407278,0x7f467082,
        0xb303bb01,0xf2b52f68 } },
    /* 231 */
    { { 0x9835b4ca,0x0d57eafa,0xbb669cbc,0x2d2232fc,0xc6643198,0x8eeeb680,
        0xcc5aed3a,0xd8dbe98e },
      { 0xc5a02709,0xcba9be3f,0xf5ba1fa8,0x30be68e5,0xf10ea852,0xfebd43cd,
        0xee559705,0xe01593a3 } },
    /* 232 */
    { { 0xea75a0a6,0xd3e5af50,0x57858033,0x512226ac,0xd0176406,0x6fe6d50f,
        0xaeb8ef06,0xafec07b1 },
      { 0x80bb0a31,0x7fb99567,0x37309aae,0x6f1af3cc,0x01abf389,0x9153a15a,
        0x6e2dbfdd,0xa71b9354 } },
    /* 233 */
    { { 0x18f593d2,0xbf8e12e0,0xa078122b,0xd1a90428,0x0ba4f2ad,0x150505db,
        0x628523d9,0x53a2005c },
      { 0xe7f2b935,0x07c8b639,0xc182961a,0x2bff975a,0x7518ca2c,0x86bceea7,
        0x3d588e3d,0xbf47d19b } },
    /* 234 */
    { { 0xdd7665d5,0x672967a7,0x2f2f4de5,0x4e303057,0x80d4903f,0x144005ae,
        0x39c9a1b6,0x001c2c7f },
      { 0x69efc6d6,0x143a8014,0x7bc7a724,0xc810bdaa,0xa78150a4,0x5f65670b,
        0x86ffb99b,0xfdadf8e7 } },
    /* 235 */
    { { 0xffc00785,0xfd38cb88,0x3b48eb67,0x77fa7591,0xbf368fbc,0x0454d055,
        0x5aa43c94,0x3a838e4d },
      { 0x3e97bb9a,0x56166329,0x441d94d9,0x9eb93363,0x0adb2a83,0x515591a6,
        0x873e1da3,0x3cdb8257 } },
    /* 236 */
    { { 0x7de77eab,0x137140a9,0x41648109,0xf7e1c50d,0xceb1d0df,0x762dcad2,
        0xf1f57fba,0x5a60cc89 },
      { 0x40d45673,0x80b36382,0x5913c655,0x1b82be19,0xdd64b741,0x057284b8,
        0xdbfd8fc0,0x922ff56f } },
    /* 237 */
    { { 0xc9a129a1,0x1b265dee,0xcc284e04,0xa5b1ce57,0xcebfbe3c,0x04380c46,
        0xf6c5cd62,0x72919a7d },
      { 0x8fb90f9a,0x298f453a,0x88e4031b,0xd719c00b,0x796f1856,0xe32c0e77,
        0x3624089a,0x5e791780 } },
    /* 238 */
    { { 0x7f63cdfb,0x5c16ec55,0xf1cae4fd,0x8e6a3571,0x560597ca,0xfce26bea,
        0xe24c2fab,0x4e0a5371 },
      { 0xa5765357,0x276a40d3,0x0d73a2b4,0x3c89af44,0x41d11a32,0xb8f370ae,
        0xd56604ee,0xf5ff7818 } },
    /* 239 */
    { { 0x1a09df21,0xfbf3e3fe,0xe66e8e47,0x26d5d28e,0x29c89015,0x2096bd0a,
        0x533f5e64,0xe41df0e9 },
      { 0xb3ba9e3f,0x305fda40,0x2604d895,0xf2340ceb,0x7f0367c7,0x0866e192,
        0xac4f155f,0x8edd7d6e } },
    /* 240 */
    { { 0x0bfc8ff3,0xc9a1dc0e,0xe936f42f,0x14efd82b,0xcca381ef,0x67016f7c,
        0xed8aee96,0x1432c1ca },
      { 0x70b23c26,0xec684829,0x0735b273,0xa64fe873,0xeaef0f5a,0xe389f6e5,
        0x5ac8d2c6,0xcaef480b } },
    /* 241 */
    { { 0x75315922,0x5245c978,0x3063cca5,0xd8295171,0xb64ef2cb,0xf3ce60d0,
        0x8efae236,0xd0ba177e },
      { 0xb1b3af60,0x53a9ae8f,0x3d2da20e,0x1a796ae5,0xdf9eef28,0x01d63605,
        0x1c54ae16,0xf31c957c } },
    /* 242 */
    { { 0x49cc4597,0xc0f58d52,0xbae0a028,0xdc5015b0,0x734a814a,0xefc5fc55,
        0x96e17c3a,0x013404cb },
      { 0xc9a824bf,0xb29e2585,0x001eaed7,0xd593185e,0x61ef68ac,0x8d6ee682,
        0x91933e6c,0x6f377c4b } },
    /* 243 */
    { { 0xa8333fd2,0x9f93bad1,0x5a2a95b8,0xa8930202,0xeaf75ace,0x211e5037,
        0xd2d09506,0x6dba3e4e },
      { 0xd04399cd,0xa48ef98c,0xe6b73ade,0x1811c66e,0xc17ecaf3,0x72f60752,
        0x3becf4a7,0xf13cf342 } },
    /* 244 */
    { { 0xa919e2eb,0xceeb9ec0,0xf62c0f68,0x83a9a195,0x7aba2299,0xcfba3bb6,
        0x274bbad3,0xc83fa9a9 },
      { 0x62fa1ce0,0x0d7d1b0b,0x3418efbf,0xe58b60f5,0x52706f04,0xbfa8ef9e,
        0x5d702683,0xb49d70f4 } },
    /* 245 */
    { { 0xfad5513b,0x914c7510,0xb1751e2d,0x05f32eec,0xd9fb9d59,0x6d850418,
        0x0c30f1cf,0x59cfadbb },
      { 0x55cb7fd6,0xe167ac23,0x820426a3,0x249367b8,0x90a78864,0xeaeec58c,
        0x354a4b67,0x5babf362 } },
    /* 246 */
    { { 0xee424865,0x37c981d1,0xf2e5577f,0x8b002878,0xb9e0c058,0x702970f1,
        0x9026c8f0,0x6188c6a7 },
      { 0xd0f244da,0x06f9a19b,0xfb080873,0x1ecced5c,0x9f213637,0x35470f9b,
        0xdf50b9d9,0x993fe475 } },
    /* 247 */
    { { 0x9b2c3609,0x68e31cdf,0x2c46d4ea,0x84eb19c0,0x9a775101,0x7ac9ec1a,
        0x4c80616b,0x81f76466 },
      { 0x75fbe978,0x1d7c2a5a,0xf183b356,0x6743fed3,0x501dd2bf,0x838d1f04,
        0x5fe9060d,0x564a812a } },
    /* 248 */
    { { 0xfa817d1d,0x7a5a64f4,0xbea82e0f,0x55f96844,0xcd57f9aa,0xb5ff5a0f,
        0x00e51d6c,0x226bf3cf },
      { 0x2f2833cf,0xd6d1a9f9,0x4f4f89a8,0x20a0a35a,0x8f3f7f77,0x11536c49,
        0xff257836,0x68779f47 } },
    /* 249 */
    { { 0x73043d08,0x79b0c1c1,0x1fc020fa,0xa5446774,0x9a6d26d0,0xd3767e28,
        0xeb092e0b,0x97bcb0d1 },
      { 0xf32ed3c3,0x2ab6eaa8,0xb281bc48,0xc8a4f151,0xbfa178f3,0x4d1bf4f3,
        0x0a784655,0xa872ffe8 } },
    /* 250 */
    { { 0xa32b2086,0xb1ab7935,0x8160f486,0xe1eb710e,0x3b6ae6be,0x9bd0cd91,
        0xb732a36a,0x02812bfc },
      { 0xcf605318,0xa63fd7ca,0xfdfd6d1d,0x646e5d50,0x2102d619,0xa1d68398,
        0xfe5396af,0x07391cc9 } },
    /* 251 */
    { { 0x8b80d02b,0xc50157f0,0x62877f7f,0x6b8333d1,0x78d542ae,0x7aca1af8,
        0x7e6d2a08,0x355d2adc },
      { 0x287386e1,0xb41f335a,0xf8e43275,0xfd272a94,0xe79989ea,0x286ca2cd,
        0x7c2a3a79,0x3dc2b1e3 } },
    /* 252 */
    { { 0x04581352,0xd689d21c,0x376782be,0x0a00c825,0x9fed701f,0x203bd590,
        0x3ccd846b,0xc4786910 },
      { 0x24c768ed,0x5dba7708,0x6841f657,0x72feea02,0x6accce0e,0x73313ed5,
        0xd5bb4d32,0xccc42968 } },
    /* 253 */
    { { 0x3d7620b9,0x94e50de1,0x5992a56a,0xd89a5c8a,0x675487c9,0xdc007640,
        0xaa4871cf,0xe147eb42 },
      { 0xacf3ae46,0x274ab4ee,0x50350fbe,0xfd4936fb,0x48c840ea,0xdf2afe47,
        0x080e96e3,0x239ac047 } },
    /* 254 */
    { { 0x2bfee8d4,0x481d1f35,0xfa7b0fec,0xce80b5cf,0x2ce9af3c,0x105c4c9e,
        0xf5f7e59d,0xc55fa1a3 },
      { 0x8257c227,0x3186f14e,0x342be00b,0xc5b1653f,0xaa904fb2,0x09afc998,
        0xd4f4b699,0x094cd99c } },
    /* 255 */
    { { 0xd703beba,0x8a981c84,0x32ceb291,0x8631d150,0xe3bd49ec,0xa445f2c9,
        0x42abad33,0xb90a30b6 },
      { 0xb4a5abf9,0xb465404f,0x75db7603,0x004750c3,0xca35d89f,0x6f9a42cc,
        0x1b7924f7,0x019f8b9a } },
};

/* Multiply the base point of P256 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Stripe implementation.
 * Pre-generated: 2^0, 2^32, ...
 * Pre-generated: products of all combinations of above.
 * 8 doubles and adds (with qz=1)
 *
 * r     Resulting point.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_256_ecc_mulmod_base_8(sp_point_256* r, const sp_digit* k,
        int map, int ct, void* heap)
{
    return sp_256_ecc_mulmod_stripe_8(r, &p256_base, p256_table,
                                      k, map, ct, heap);
}

#endif

/* Multiply the base point of P256 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * km    Scalar to multiply by.
 * r     Resulting point.
 * map   Indicates whether to convert result to affine.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_256* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_256  point[1];
    sp_digit k[8];
#endif
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
                                         DYNAMIC_TYPE_ECC);
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
                               DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        sp_256_from_mp(k, 8, km);

            err = sp_256_ecc_mulmod_base_8(point, k, map, 1, heap);
    }
    if (err == MP_OKAY) {
        err = sp_256_point_to_ecc_point_8(point, r);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Multiply the base point of P256 by the scalar, add point a and return
 * the result. If map is true then convert result to affine coordinates.
 *
 * km      Scalar to multiply by.
 * am      Point to add to scalar multiply result.
 * inMont  Point to add is in montgomery form.
 * r       Resulting point.
 * map     Indicates whether to convert result to affine.
 * heap    Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
        int inMont, ecc_point* r, int map, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_256* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_256 point[2];
    sp_digit k[8 + 8 * 2 * 6];
#endif
    sp_point_256* addP = NULL;
    sp_digit* tmp = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
                                         DYNAMIC_TYPE_ECC);
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(
            sizeof(sp_digit) * (8 + 8 * 2 * 6),
            heap, DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        addP = point + 1;
        tmp = k + 8;

        sp_256_from_mp(k, 8, km);
        sp_256_point_from_ecc_point_8(addP, am);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_256_mod_mul_norm_8(addP->x, addP->x, p256_mod);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_256_mod_mul_norm_8(addP->y, addP->y, p256_mod);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_256_mod_mul_norm_8(addP->z, addP->z, p256_mod);
    }
    if (err == MP_OKAY) {
            err = sp_256_ecc_mulmod_base_8(point, k, 0, 0, heap);
    }
    if (err == MP_OKAY) {
            sp_256_proj_point_add_8(point, point, addP, tmp);

        if (map) {
                sp_256_map_8(point, point, tmp);
        }

        err = sp_256_point_to_ecc_point_8(point, r);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \
                                                        defined(HAVE_ECC_VERIFY)
#endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */
/* Add 1 to a. (a = a + 1)
 *
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_256_add_one_8(sp_digit* a_p)
#else
static void sp_256_add_one_8(sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r1, r2, r3, r4}\n\t"
        "ADDS	r1, r1, #0x1\n\t"
        "ADCS	r2, r2, #0x0\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "STM	%[a]!, {r1, r2, r3, r4}\n\t"
        "LDM	%[a], {r1, r2, r3, r4}\n\t"
        "ADCS	r1, r1, #0x0\n\t"
        "ADCS	r2, r2, #0x0\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "STM	%[a]!, {r1, r2, r3, r4}\n\t"
        : [a] "+r" (a)
        :
        : "memory", "r1", "r2", "r3", "r4", "cc"
    );
}

/* Read big endian unsigned byte array into r.
 *
 * r  A single precision integer.
 * size  Maximum number of bytes to convert
 * a  Byte array.
 * n  Number of bytes in array to read.
 */
static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
{
    int i;
    int j;
    byte* d;

    for (i = n - 1,j = 0; i >= 3; i -= 4) {
        r[j]  = ((sp_digit)a[i - 0] <<  0) |
                ((sp_digit)a[i - 1] <<  8) |
                ((sp_digit)a[i - 2] << 16) |
                ((sp_digit)a[i - 3] << 24);
        j++;
    }

    if (i >= 0) {
        r[j] = 0;

        d = (byte*)r;
        switch (i) {
            case 2: d[n - 1 - 2] = a[2]; //fallthrough
            case 1: d[n - 1 - 1] = a[1]; //fallthrough
            case 0: d[n - 1 - 0] = a[0]; //fallthrough
        }
        j++;
    }

    for (; j < size; j++) {
        r[j] = 0;
    }
}

/* Generates a scalar that is in the range 1..order-1.
 *
 * rng  Random number generator.
 * k    Scalar value.
 * returns RNG failures, MEMORY_E when memory allocation fails and
 * MP_OKAY on success.
 */
static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
{
    int err;
    byte buf[32];

    do {
        err = wc_RNG_GenerateBlock(rng, buf, sizeof(buf));
        if (err == 0) {
            sp_256_from_bin(k, 8, buf, (int)sizeof(buf));
            if (sp_256_cmp_8(k, p256_order2) <= 0) {
                sp_256_add_one_8(k);
                break;
            }
        }
    }
    while (err == 0);

    return err;
}

/* Makes a random EC key pair.
 *
 * rng   Random number generator.
 * priv  Generated private value.
 * pub   Generated public point.
 * heap  Heap to use for allocation.
 * returns ECC_INF_E when the point does not have the correct order, RNG
 * failures, MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_256* point = NULL;
    sp_digit* k = NULL;
#else
    #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    sp_point_256 point[2];
    #else
    sp_point_256 point[1];
    #endif
    sp_digit k[8];
#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    sp_point_256* infinity = NULL;
#endif
    int err = MP_OKAY;


    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, DYNAMIC_TYPE_ECC);
    #else
    point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC);
    #endif
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
                               DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
    #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
        infinity = point + 1;
    #endif

        err = sp_256_ecc_gen_k_8(rng, k);
    }
    if (err == MP_OKAY) {
            err = sp_256_ecc_mulmod_base_8(point, k, 1, 1, NULL);
    }

#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    if (err == MP_OKAY) {
            err = sp_256_ecc_mulmod_8(infinity, point, p256_order, 1, 1, NULL);
    }
    if (err == MP_OKAY) {
        if (sp_256_iszero_8(point->x) || sp_256_iszero_8(point->y)) {
            err = ECC_INF_E;
        }
    }
#endif

    if (err == MP_OKAY) {
        err = sp_256_to_mp(k, priv);
    }
    if (err == MP_OKAY) {
        err = sp_256_point_to_ecc_point_8(point, pub);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL) {
        /* point is not sensitive, so no need to zeroize */
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
    }
#endif

    return err;
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_ecc_key_gen_256_ctx {
    int state;
    sp_256_ecc_mulmod_8_ctx mulmod_ctx;
    sp_digit k[8];
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    sp_point_256  point[2];
#else
    sp_point_256 point[1];
#endif /* WOLFSSL_VALIDATE_ECC_KEYGEN */
} sp_ecc_key_gen_256_ctx;

int sp_ecc_make_key_256_nb(sp_ecc_ctx_t* sp_ctx, WC_RNG* rng, mp_int* priv,
    ecc_point* pub, void* heap)
{
    int err = FP_WOULDBLOCK;
    sp_ecc_key_gen_256_ctx* ctx = (sp_ecc_key_gen_256_ctx*)sp_ctx->data;
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    sp_point_256* infinity = ctx->point + 1;
#endif /* WOLFSSL_VALIDATE_ECC_KEYGEN */

    typedef char ctx_size_test[sizeof(sp_ecc_key_gen_256_ctx)
                               >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
        case 0:
            err = sp_256_ecc_gen_k_8(rng, ctx->k);
            if (err == MP_OKAY) {
                err = FP_WOULDBLOCK;
                ctx->state = 1;
            }
            break;
        case 1:
            err = sp_256_ecc_mulmod_base_8_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx,
                      ctx->point, ctx->k, 1, 1, heap);
            if (err == MP_OKAY) {
                err = FP_WOULDBLOCK;
            #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
                XMEMSET(&ctx->mulmod_ctx, 0, sizeof(ctx->mulmod_ctx));
                ctx->state = 2;
            #else
                ctx->state = 3;
            #endif
            }
            break;
    #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
        case 2:
            err = sp_256_ecc_mulmod_8_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx,
                      infinity, ctx->point, p256_order, 1, 1);
            if (err == MP_OKAY) {
                if (sp_256_iszero_8(ctx->point->x) ||
                    sp_256_iszero_8(ctx->point->y)) {
                    err = ECC_INF_E;
                }
                else {
                    err = FP_WOULDBLOCK;
                    ctx->state = 3;
                }
            }
            break;
    #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN */
        case 3:
            err = sp_256_to_mp(ctx->k, priv);
            if (err == MP_OKAY) {
                err = sp_256_point_to_ecc_point_8(ctx->point, pub);
            }
            break;
    }

    if (err != FP_WOULDBLOCK) {
        XMEMSET(ctx, 0, sizeof(sp_ecc_key_gen_256_ctx));
    }

    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */

#ifdef HAVE_ECC_DHE
/* Write r as big endian to byte array.
 * Fixed length number of bytes written: 32
 *
 * r  A single precision integer.
 * a  Byte array.
 */
static void sp_256_to_bin_8(sp_digit* r, byte* a)
{
    int i;
    int j = 0;

    for (i = 7; i >= 0; i--) {
        a[j++] = r[i] >> 24;
        a[j++] = r[i] >> 16;
        a[j++] = r[i] >> 8;
        a[j++] = r[i] >> 0;
    }
}

/* Multiply the point by the scalar and serialize the X ordinate.
 * The number is 0 padded to maximum size on output.
 *
 * priv    Scalar to multiply the point by.
 * pub     Point to multiply.
 * out     Buffer to hold X ordinate.
 * outLen  On entry, size of the buffer in bytes.
 *         On exit, length of data in buffer in bytes.
 * heap    Heap to use for allocation.
 * returns BUFFER_E if the buffer is to small for output size,
 * MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
                          word32* outLen, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_256* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_256 point[1];
    sp_digit k[8];
#endif
    int err = MP_OKAY;

    if (*outLen < 32U) {
        err = BUFFER_E;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
                                         DYNAMIC_TYPE_ECC);
        if (point == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
                               DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        sp_256_from_mp(k, 8, priv);
        sp_256_point_from_ecc_point_8(point, pub);
            err = sp_256_ecc_mulmod_8(point, point, k, 1, 1, heap);
    }
    if (err == MP_OKAY) {
        sp_256_to_bin_8(point->x, out);
        *outLen = 32;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_ecc_sec_gen_256_ctx {
    int state;
    union {
        sp_256_ecc_mulmod_8_ctx mulmod_ctx;
    };
    sp_digit k[8];
    sp_point_256 point;
} sp_ecc_sec_gen_256_ctx;

int sp_ecc_secret_gen_256_nb(sp_ecc_ctx_t* sp_ctx, const mp_int* priv,
    const ecc_point* pub, byte* out, word32* outLen, void* heap)
{
    int err = FP_WOULDBLOCK;
    sp_ecc_sec_gen_256_ctx* ctx = (sp_ecc_sec_gen_256_ctx*)sp_ctx->data;

    typedef char ctx_size_test[sizeof(sp_ecc_sec_gen_256_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    if (*outLen < 32U) {
        err = BUFFER_E;
    }

    switch (ctx->state) {
        case 0:
            sp_256_from_mp(ctx->k, 8, priv);
            sp_256_point_from_ecc_point_8(&ctx->point, pub);
            ctx->state = 1;
            break;
        case 1:
            err = sp_256_ecc_mulmod_8_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx,
                      &ctx->point, &ctx->point, ctx->k, 1, 1, heap);
            if (err == MP_OKAY) {
                sp_256_to_bin_8(ctx->point.x, out);
                *outLen = 32;
            }
            break;
    }

    if (err == MP_OKAY && ctx->state != 1) {
        err = FP_WOULDBLOCK;
    }
    if (err != FP_WOULDBLOCK) {
        XMEMSET(ctx, 0, sizeof(sp_ecc_sec_gen_256_ctx));
    }

    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */
#endif /* HAVE_ECC_DHE */

#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r10, #0x0\n\t"
        "ADD	r11, %[a], #0x20\n\t"
        "\n"
    "L_sp_256_sub_in_pkace_8_word:\n\t"
        "RSBS	r10, r10, #0x0\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	r10, r10, r10\n\t"
        "CMP	%[a], r11\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_256_sub_in_pkace_8_word\n\t"
#else
        "BNE.N	L_sp_256_sub_in_pkace_8_word\n\t"
#endif
        "MOV	%[a], r10\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
    );
    return (uint32_t)(size_t)a;
}

#else
/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer and result.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SUBS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	%[a], r9, r9\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)a;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDR	r8, [%[a]]\n\t"
        "UMULL	r5, r3, %[b], r8\n\t"
        "MOV	r4, #0x0\n\t"
        "STR	r5, [%[r]]\n\t"
        "MOV	r5, #0x0\n\t"
        "MOV	r9, #0x4\n\t"
        "\n"
    "L_sp_256_mul_d_8_word:\n\t"
        /* A[i] * B */
        "LDR	r8, [%[a], r9]\n\t"
        "UMULL	r6, r7, %[b], r8\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], r9]\n\t"
        "MOV	r3, r4\n\t"
        "MOV	r4, r5\n\t"
        "MOV	r5, #0x0\n\t"
        "ADD	r9, r9, #0x4\n\t"
        "CMP	r9, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_256_mul_d_8_word\n\t"
#else
        "BLT.N	L_sp_256_mul_d_8_word\n\t"
#endif
        "STR	r3, [%[r], #32]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
}

#else
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMULL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[1] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[2] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[3] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[4] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[5] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[6] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[7] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "STR	r5, [%[r]]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_USE_UDIV
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r8, %[div], #16\n\t"
        "ADD	r5, r8, #0x1\n\t"
        "UDIV	r6, %[d1], r5\n\t"
        "LSL	r7, %[div], #16\n\t"
        "LSL	r6, r6, #16\n\t"
        "UMULL	r3, r4, %[div], r6\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "SUBS	r3, %[d1], r5\n\t"
        "SBC	r9, r9, r9\n\t"
        "ADD	r9, r9, #0x1\n\t"
        "RSB	r10, r9, #0x0\n\t"
        "LSL	r9, r9, #16\n\t"
        "AND	r7, r7, r10\n\t"
        "AND	r8, r8, r10\n\t"
        "SUBS	%[d0], %[d0], r7\n\t"
        "ADD	r6, r6, r9\n\t"
        "SBC	%[d1], %[d1], r8\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "UMULL	r3, r4, %[div], r3\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "MUL	r3, %[div], r3\n\t"
        "SUB	%[d0], %[d0], r3\n\t"
        "UDIV	r3, %[d0], %[div]\n\t"
        "ADD	%[d1], r6, r3\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#else
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r5, %[div], #1\n\t"
        "ADD	r5, r5, #0x1\n\t"
        "MOV	r6, %[d0]\n\t"
        "MOV	r7, %[d1]\n\t"
        /* Do top 32 */
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "MOV	r3, #0x0\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        /* Next 30 bits */
        "MOV	r4, #0x1d\n\t"
        "\n"
    "L_div_256_word_8_bit:\n\t"
        "LSLS	r6, r6, #1\n\t"
        "ADC	r7, r7, r7\n\t"
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "ADD	r3, r3, r3\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        "SUBS	r4, r4, #0x1\n\t"
        "bpl	L_div_256_word_8_bit\n\t"
        "ADD	r3, r3, r3\n\t"
        "ADD	r3, r3, #0x1\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "SUBS	r8, %[div], r9\n\t"
        "SBC	r8, r8, r8\n\t"
        "SUB	%[d1], r3, r8\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#endif
/* AND m into each word of a and store in r.
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * m  Mask to AND against each digit.
 */
static void sp_256_mask_8(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
    int i;

    for (i=0; i<8; i++) {
        r[i] = a[i] & m;
    }
#else
    r[0] = a[0] & m;
    r[1] = a[1] & m;
    r[2] = a[2] & m;
    r[3] = a[3] & m;
    r[4] = a[4] & m;
    r[5] = a[5] & m;
    r[6] = a[6] & m;
    r[7] = a[7] & m;
#endif
}

/* Divide d in a and put remainder into r (m*d + r = a)
 * m is not calculated as it is not needed at this time.
 *
 * a  Number to be divided.
 * d  Number to divide with.
 * m  Multiplier result.
 * r  Remainder from the division.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_256_div_8(const sp_digit* a, const sp_digit* d,
        sp_digit* m, sp_digit* r)
{
    sp_digit t1[16], t2[9];
    sp_digit div, r1;
    int i;

    (void)m;

    div = d[7];
    XMEMCPY(t1, a, sizeof(*t1) * 2 * 8);
    r1 = sp_256_cmp_8(&t1[8], d) >= 0;
    sp_256_cond_sub_8(&t1[8], &t1[8], d, (sp_digit)0 - r1);
    for (i = 7; i >= 0; i--) {
        volatile sp_digit mask = (sp_digit)0 - (t1[8 + i] == div);
        sp_digit hi = t1[8 + i] + mask;
        r1 = div_256_word_8(hi, t1[8 + i - 1], div);
        r1 |= mask;

        sp_256_mul_d_8(t2, d, r1);
        t1[8 + i] += sp_256_sub_in_place_8(&t1[i], t2);
        t1[8 + i] -= t2[8];
        sp_256_mask_8(t2, d, t1[8 + i]);
        t1[8 + i] += sp_256_add_8(&t1[i], &t1[i], t2);
        sp_256_mask_8(t2, d, t1[8 + i]);
        t1[8 + i] += sp_256_add_8(&t1[i], &t1[i], t2);
    }

    r1 = sp_256_cmp_8(t1, d) >= 0;
    sp_256_cond_sub_8(r, t1, d, (sp_digit)0 - r1);

    return MP_OKAY;
}

/* Reduce a modulo m into r. (r = a mod m)
 *
 * r  A single precision number that is the reduced result.
 * a  A single precision number that is to be reduced.
 * m  A single precision number that is the modulus to reduce with.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_256_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    return sp_256_div_8(a, m, NULL, r);
}

#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
/* Multiply two number mod the order of P256 curve. (r = a * b mod order)
 *
 * r  Result of the multiplication.
 * a  First operand of the multiplication.
 * b  Second operand of the multiplication.
 */
static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
{
    sp_256_mul_8(r, a, b);
    sp_256_mont_reduce_order_8(r, p256_order, p256_mp_order);
}

#if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
#ifdef WOLFSSL_SP_SMALL
/* Order-2 for the P256 curve. */
static const uint32_t p256_order_minus_2[8] = {
    0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
    0x00000000U,0xffffffffU
};
#else
/* The low half of the order-2 of the P256 curve. */
static const sp_int_digit p256_order_low[4] = {
    0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU
};
#endif /* WOLFSSL_SP_SMALL */

/* Square number mod the order of P256 curve. (r = a * a mod order)
 *
 * r  Result of the squaring.
 * a  Number to square.
 */
static void sp_256_mont_sqr_order_8(sp_digit* r, const sp_digit* a)
{
    sp_256_sqr_8(r, a);
    sp_256_mont_reduce_order_8(r, p256_order, p256_mp_order);
}

#ifndef WOLFSSL_SP_SMALL
/* Square number mod the order of P256 curve a number of times.
 * (r = a ^ n mod order)
 *
 * r  Result of the squaring.
 * a  Number to square.
 */
static void sp_256_mont_sqr_n_order_8(sp_digit* r, const sp_digit* a, int n)
{
    int i;

    sp_256_mont_sqr_order_8(r, a);
    for (i=1; i<n; i++) {
        sp_256_mont_sqr_order_8(r, r);
    }
}
#endif /* !WOLFSSL_SP_SMALL */

/* Invert the number, in Montgomery form, modulo the order of the P256 curve.
 * (r = 1 / a mod order)
 *
 * r   Inverse result.
 * a   Number to invert.
 * td  Temporary data.
 */

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_256_mont_inv_order_8_ctx {
    int state;
    int i;
} sp_256_mont_inv_order_8_ctx;
static int sp_256_mont_inv_order_8_nb(sp_ecc_ctx_t* sp_ctx, sp_digit* r, const sp_digit* a,
        sp_digit* t)
{
    int err = FP_WOULDBLOCK;
    sp_256_mont_inv_order_8_ctx* ctx = (sp_256_mont_inv_order_8_ctx*)sp_ctx;

    typedef char ctx_size_test[sizeof(sp_256_mont_inv_order_8_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0:
        XMEMCPY(t, a, sizeof(sp_digit) * 8);
        ctx->i = 254;
        ctx->state = 1;
        break;
    case 1:
        sp_256_mont_sqr_order_8(t, t);
        ctx->state = 2;
        break;
    case 2:
        if ((p256_order_minus_2[ctx->i / 32] & ((sp_int_digit)1 << (ctx->i % 32))) != 0) {
            sp_256_mont_mul_order_8(t, t, a);
        }
        ctx->i--;
        ctx->state = (ctx->i == 0) ? 3 : 1;
        break;
    case 3:
        XMEMCPY(r, t, sizeof(sp_digit) * 8U);
        err = MP_OKAY;
        break;
    }
    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */

static void sp_256_mont_inv_order_8(sp_digit* r, const sp_digit* a,
        sp_digit* td)
{
#ifdef WOLFSSL_SP_SMALL
    sp_digit* t = td;
    int i;

    XMEMCPY(t, a, sizeof(sp_digit) * 8);
    for (i=254; i>=0; i--) {
        sp_256_mont_sqr_order_8(t, t);
        if ((p256_order_minus_2[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
            sp_256_mont_mul_order_8(t, t, a);
        }
    }
    XMEMCPY(r, t, sizeof(sp_digit) * 8U);
#else
    sp_digit* t = td;
    sp_digit* t2 = td + 2 * 8;
    sp_digit* t3 = td + 4 * 8;
    int i;

    /* t = a^2 */
    sp_256_mont_sqr_order_8(t, a);
    /* t = a^3 = t * a */
    sp_256_mont_mul_order_8(t, t, a);
    /* t2= a^c = t ^ 2 ^ 2 */
    sp_256_mont_sqr_n_order_8(t2, t, 2);
    /* t3= a^f = t2 * t */
    sp_256_mont_mul_order_8(t3, t2, t);
    /* t2= a^f0 = t3 ^ 2 ^ 4 */
    sp_256_mont_sqr_n_order_8(t2, t3, 4);
    /* t = a^ff = t2 * t3 */
    sp_256_mont_mul_order_8(t, t2, t3);
    /* t2= a^ff00 = t ^ 2 ^ 8 */
    sp_256_mont_sqr_n_order_8(t2, t, 8);
    /* t = a^ffff = t2 * t */
    sp_256_mont_mul_order_8(t, t2, t);
    /* t2= a^ffff0000 = t ^ 2 ^ 16 */
    sp_256_mont_sqr_n_order_8(t2, t, 16);
    /* t = a^ffffffff = t2 * t */
    sp_256_mont_mul_order_8(t, t2, t);
    /* t2= a^ffffffff0000000000000000 = t ^ 2 ^ 64  */
    sp_256_mont_sqr_n_order_8(t2, t, 64);
    /* t2= a^ffffffff00000000ffffffff = t2 * t */
    sp_256_mont_mul_order_8(t2, t2, t);
    /* t2= a^ffffffff00000000ffffffff00000000 = t2 ^ 2 ^ 32  */
    sp_256_mont_sqr_n_order_8(t2, t2, 32);
    /* t2= a^ffffffff00000000ffffffffffffffff = t2 * t */
    sp_256_mont_mul_order_8(t2, t2, t);
    /* t2= a^ffffffff00000000ffffffffffffffffbce6 */
    sp_256_mont_sqr_order_8(t2, t2);
    sp_256_mont_mul_order_8(t2, t2, a);
    sp_256_mont_sqr_n_order_8(t2, t2, 5);
    sp_256_mont_mul_order_8(t2, t2, t3);
    for (i=121; i>=112; i--) {
        sp_256_mont_sqr_order_8(t2, t2);
        if ((p256_order_low[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
            sp_256_mont_mul_order_8(t2, t2, a);
        }
    }
    /* t2= a^ffffffff00000000ffffffffffffffffbce6f */
    sp_256_mont_sqr_n_order_8(t2, t2, 4);
    sp_256_mont_mul_order_8(t2, t2, t3);
    /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84 */
    for (i=107; i>=64; i--) {
        sp_256_mont_sqr_order_8(t2, t2);
        if ((p256_order_low[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
            sp_256_mont_mul_order_8(t2, t2, a);
        }
    }
    /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84f */
    sp_256_mont_sqr_n_order_8(t2, t2, 4);
    sp_256_mont_mul_order_8(t2, t2, t3);
    /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2 */
    for (i=59; i>=32; i--) {
        sp_256_mont_sqr_order_8(t2, t2);
        if ((p256_order_low[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
            sp_256_mont_mul_order_8(t2, t2, a);
        }
    }
    /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2f */
    sp_256_mont_sqr_n_order_8(t2, t2, 4);
    sp_256_mont_mul_order_8(t2, t2, t3);
    /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254 */
    for (i=27; i>=0; i--) {
        sp_256_mont_sqr_order_8(t2, t2);
        if ((p256_order_low[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
            sp_256_mont_mul_order_8(t2, t2, a);
        }
    }
    /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632540 */
    sp_256_mont_sqr_n_order_8(t2, t2, 4);
    /* r = a^ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254f */
    sp_256_mont_mul_order_8(r, t2, t3);
#endif /* WOLFSSL_SP_SMALL */
}

#endif /* HAVE_ECC_SIGN || (HAVE_ECC_VERIFY && WOLFSSL_SP_SMALL) */
#endif /* HAVE_ECC_SIGN | HAVE_ECC_VERIFY */
#ifdef HAVE_ECC_SIGN
#ifndef SP_ECC_MAX_SIG_GEN
#define SP_ECC_MAX_SIG_GEN  64
#endif

/* Calculate second signature value S from R, k and private value.
 *
 * s = (r * x + e) / k
 *
 * s    Signature value.
 * r    First signature value.
 * k    Ephemeral private key.
 * x    Private key as a number.
 * e    Hash of message as a number.
 * tmp  Temporary storage for intermediate numbers.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_256_calc_s_8(sp_digit* s, const sp_digit* r, sp_digit* k,
    sp_digit* x, const sp_digit* e, sp_digit* tmp)
{
    int err;
    sp_digit carry;
    sp_int32 c;
    sp_digit* kInv = k;

    /* Conv k to Montgomery form (mod order) */
        sp_256_mul_8(k, k, p256_norm_order);
    err = sp_256_mod_8(k, k, p256_order);
    if (err == MP_OKAY) {
        sp_256_norm_8(k);

        /* kInv = 1/k mod order */
            sp_256_mont_inv_order_8(kInv, k, tmp);
        sp_256_norm_8(kInv);

        /* s = r * x + e */
            sp_256_mul_8(x, x, r);
        err = sp_256_mod_8(x, x, p256_order);
    }
    if (err == MP_OKAY) {
        sp_256_norm_8(x);
        carry = sp_256_add_8(s, e, x);
        sp_256_cond_sub_8(s, s, p256_order, 0 - carry);
        sp_256_norm_8(s);
        c = sp_256_cmp_8(s, p256_order);
        sp_256_cond_sub_8(s, s, p256_order,
            (sp_digit)0 - (sp_digit)(c >= 0));
        sp_256_norm_8(s);

        /* s = s * k^-1 mod order */
            sp_256_mont_mul_order_8(s, s, kInv);
        sp_256_norm_8(s);
    }

    return err;
}

/* Sign the hash using the private key.
 *   e = [hash, 256 bits] from binary
 *   r = (k.G)->x mod order
 *   s = (r * x + e) / k mod order
 * The hash is truncated to the first 256 bits.
 *
 * hash     Hash to sign.
 * hashLen  Length of the hash data.
 * rng      Random number generator.
 * priv     Private part of key - scalar.
 * rm       First part of result as an mp_int.
 * sm       Sirst part of result as an mp_int.
 * heap     Heap to use for allocation.
 * returns RNG failures, MEMORY_E when memory allocation fails and
 * MP_OKAY on success.
 */
int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
    const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* e = NULL;
    sp_point_256* point = NULL;
#else
    sp_digit e[7 * 2 * 8];
    sp_point_256 point[1];
#endif
    sp_digit* x = NULL;
    sp_digit* k = NULL;
    sp_digit* r = NULL;
    sp_digit* tmp = NULL;
    sp_digit* s = NULL;
    sp_int32 c;
    int err = MP_OKAY;
    int i;

    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
                                             DYNAMIC_TYPE_ECC);
        if (point == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 8, heap,
                               DYNAMIC_TYPE_ECC);
        if (e == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        x = e + 2 * 8;
        k = e + 4 * 8;
        r = e + 6 * 8;
        tmp = e + 8 * 8;
        s = e;

        if (hashLen > 32U) {
            hashLen = 32U;
        }
    }

    for (i = SP_ECC_MAX_SIG_GEN; err == MP_OKAY && i > 0; i--) {
        /* New random point. */
        if (km == NULL || mp_iszero(km)) {
            err = sp_256_ecc_gen_k_8(rng, k);
        }
        else {
            sp_256_from_mp(k, 8, km);
            mp_zero(km);
        }
        if (err == MP_OKAY) {
                err = sp_256_ecc_mulmod_base_8(point, k, 1, 1, heap);
        }

        if (err == MP_OKAY) {
            /* r = point->x mod order */
            XMEMCPY(r, point->x, sizeof(sp_digit) * 8U);
            sp_256_norm_8(r);
            c = sp_256_cmp_8(r, p256_order);
            sp_256_cond_sub_8(r, r, p256_order,
                (sp_digit)0 - (sp_digit)(c >= 0));
            sp_256_norm_8(r);

            if (!sp_256_iszero_8(r)) {
                /* x is modified in calculation of s. */
                sp_256_from_mp(x, 8, priv);
                /* s ptr == e ptr, e is modified in calculation of s. */
                sp_256_from_bin(e, 8, hash, (int)hashLen);

                err = sp_256_calc_s_8(s, r, k, x, e, tmp);

                /* Check that signature is usable. */
                if ((err == MP_OKAY) && (!sp_256_iszero_8(s))) {
                    break;
                }
            }
        }
#ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
        i = 1;
#endif
    }

    if (i == 0) {
        err = RNG_FAILURE_E;
    }

    if (err == MP_OKAY) {
        err = sp_256_to_mp(r, rm);
    }
    if (err == MP_OKAY) {
        err = sp_256_to_mp(s, sm);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (e != NULL)
#endif
    {
        ForceZero(e, sizeof(sp_digit) * 7 * 2 * 8);
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(e, heap, DYNAMIC_TYPE_ECC);
    #endif
    }
#ifdef WOLFSSL_SP_SMALL_STACK
    if (point != NULL)
#endif
    {
        ForceZero(point, sizeof(sp_point_256));
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
    #endif
    }

    return err;
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_ecc_sign_256_ctx {
    int state;
    union {
        sp_256_ecc_mulmod_8_ctx mulmod_ctx;
        sp_256_mont_inv_order_8_ctx mont_inv_order_ctx;
    };
    sp_digit e[2*8];
    sp_digit x[2*8];
    sp_digit k[2*8];
    sp_digit r[2*8];
    sp_digit tmp[3 * 2*8];
    sp_point_256 point;
    sp_digit* s;
    sp_digit* kInv;
    int i;
} sp_ecc_sign_256_ctx;

int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, WC_RNG* rng,
    mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
    int err = FP_WOULDBLOCK;
    sp_ecc_sign_256_ctx* ctx = (sp_ecc_sign_256_ctx*)sp_ctx->data;

    typedef char ctx_size_test[sizeof(sp_ecc_sign_256_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0: /* INIT */
        ctx->s = ctx->e;
        ctx->kInv = ctx->k;

        ctx->i = SP_ECC_MAX_SIG_GEN;
        ctx->state = 1;
        break;
    case 1: /* GEN */
        /* New random point. */
        if (km == NULL || mp_iszero(km)) {
            err = sp_256_ecc_gen_k_8(rng, ctx->k);
        }
        else {
            sp_256_from_mp(ctx->k, 8, km);
            mp_zero(km);
        }
        XMEMSET(&ctx->mulmod_ctx, 0, sizeof(ctx->mulmod_ctx));
        ctx->state = 2;
        break;
    case 2: /* MULMOD */
        err = sp_256_ecc_mulmod_8_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx,
            &ctx->point, &p256_base, ctx->k, 1, 1, heap);
        if (err == MP_OKAY) {
            ctx->state = 3;
        }
        break;
    case 3: /* MODORDER */
    {
        sp_int32 c;
        /* r = point->x mod order */
        XMEMCPY(ctx->r, ctx->point.x, sizeof(sp_digit) * 8U);
        sp_256_norm_8(ctx->r);
        c = sp_256_cmp_8(ctx->r, p256_order);
        sp_256_cond_sub_8(ctx->r, ctx->r, p256_order,
            (sp_digit)0 - (sp_digit)(c >= 0));
        sp_256_norm_8(ctx->r);

        if (hashLen > 32U) {
            hashLen = 32U;
        }
        sp_256_from_mp(ctx->x, 8, priv);
        sp_256_from_bin(ctx->e, 8, hash, (int)hashLen);
        ctx->state = 4;
        break;
    }
    case 4: /* KMODORDER */
        /* Conv k to Montgomery form (mod order) */
        sp_256_mul_8(ctx->k, ctx->k, p256_norm_order);
        err = sp_256_mod_8(ctx->k, ctx->k, p256_order);
        if (err == MP_OKAY) {
            sp_256_norm_8(ctx->k);
            XMEMSET(&ctx->mont_inv_order_ctx, 0, sizeof(ctx->mont_inv_order_ctx));
            ctx->state = 5;
        }
        break;
    case 5: /* KINV */
        /* kInv = 1/k mod order */
        err = sp_256_mont_inv_order_8_nb((sp_ecc_ctx_t*)&ctx->mont_inv_order_ctx, ctx->kInv, ctx->k, ctx->tmp);
        if (err == MP_OKAY) {
            XMEMSET(&ctx->mont_inv_order_ctx, 0, sizeof(ctx->mont_inv_order_ctx));
            ctx->state = 6;
        }
        break;
    case 6: /* KINVNORM */
        sp_256_norm_8(ctx->kInv);
        ctx->state = 7;
        break;
    case 7: /* R */
        /* s = r * x + e */
        sp_256_mul_8(ctx->x, ctx->x, ctx->r);
        ctx->state = 8;
        break;
    case 8: /* S1 */
        err = sp_256_mod_8(ctx->x, ctx->x, p256_order);
        if (err == MP_OKAY)
            ctx->state = 9;
        break;
    case 9: /* S2 */
    {
        sp_digit carry;
        sp_int32 c;
        sp_256_norm_8(ctx->x);
        carry = sp_256_add_8(ctx->s, ctx->e, ctx->x);
        sp_256_cond_sub_8(ctx->s, ctx->s,
            p256_order, 0 - carry);
        sp_256_norm_8(ctx->s);
        c = sp_256_cmp_8(ctx->s, p256_order);
        sp_256_cond_sub_8(ctx->s, ctx->s, p256_order,
            (sp_digit)0 - (sp_digit)(c >= 0));
        sp_256_norm_8(ctx->s);

        /* s = s * k^-1 mod order */
        sp_256_mont_mul_order_8(ctx->s, ctx->s, ctx->kInv);
        sp_256_norm_8(ctx->s);

        /* Check that signature is usable. */
        if (sp_256_iszero_8(ctx->s) == 0) {
            ctx->state = 10;
            break;
        }
    #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
        ctx->i = 1;
    #endif

        /* not usable gen, try again */
        ctx->i--;
        if (ctx->i == 0) {
            err = RNG_FAILURE_E;
        }
        ctx->state = 1;
        break;
    }
    case 10: /* RES */
        err = sp_256_to_mp(ctx->r, rm);
        if (err == MP_OKAY) {
            err = sp_256_to_mp(ctx->s, sm);
        }
        break;
    }

    if (err == MP_OKAY && ctx->state != 10) {
        err = FP_WOULDBLOCK;
    }
    if (err != FP_WOULDBLOCK) {
        XMEMSET(ctx->e, 0, sizeof(sp_digit) * 2U * 8U);
        XMEMSET(ctx->x, 0, sizeof(sp_digit) * 2U * 8U);
        XMEMSET(ctx->k, 0, sizeof(sp_digit) * 2U * 8U);
        XMEMSET(ctx->r, 0, sizeof(sp_digit) * 2U * 8U);
        XMEMSET(ctx->tmp, 0, sizeof(sp_digit) * 3U * 2U * 8U);
    }

    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */
#endif /* HAVE_ECC_SIGN */

#ifndef WOLFSSL_SP_SMALL
#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r11, #0x0\n\t"
        "ADD	r12, %[a], #0x20\n\t"
        "\n"
    "L_sp_256_sub_8_word:\n\t"
        "RSBS	r11, r11, #0x0\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	r11, r3, r3\n\t"
        "CMP	%[a], r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_256_sub_8_word\n\t"
#else
        "BNE.N	L_sp_256_sub_8_word\n\t"
#endif
        "MOV	%[r], r11\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SUBS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	%[r], r6, r6\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_256_rshift1_8(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r10, #0x0\n\t"
        "LDRD	r2, r3, [%[a], #16]\n\t"
        "LDRD	r4, r5, [%[a], #24]\n\t"
        "LSR	r6, r2, #1\n\t"
        "LSR	r7, r3, #1\n\t"
        "LSR	r8, r4, #1\n\t"
        "LSR	r9, r5, #1\n\t"
        "ORR	r6, r6, r3, lsl #31\n\t"
        "ORR	r7, r7, r4, lsl #31\n\t"
        "ORR	r8, r8, r5, lsl #31\n\t"
        "ORR	r9, r9, r10, lsl #31\n\t"
        "MOV	r10, r2\n\t"
        "STRD	r6, r7, [%[r], #16]\n\t"
        "STRD	r8, r9, [%[r], #24]\n\t"
        "LDRD	r2, r3, [%[a]]\n\t"
        "LDRD	r4, r5, [%[a], #8]\n\t"
        "LSR	r6, r2, #1\n\t"
        "LSR	r7, r3, #1\n\t"
        "LSR	r8, r4, #1\n\t"
        "LSR	r9, r5, #1\n\t"
        "ORR	r6, r6, r3, lsl #31\n\t"
        "ORR	r7, r7, r4, lsl #31\n\t"
        "ORR	r8, r8, r5, lsl #31\n\t"
        "ORR	r9, r9, r10, lsl #31\n\t"
        "STRD	r6, r7, [%[r]]\n\t"
        "STRD	r8, r9, [%[r], #8]\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
}

/* Divide the number by 2 mod the modulus. (r = a / 2 % m)
 *
 * r  Result of division by 2.
 * a  Number to divide.
 * m  Modulus.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_256_div2_mod_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
#else
static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r2") = (const sp_digit*)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r12, #0x0\n\t"
        "LDM	%[a]!, {r4}\n\t"
        "ANDS	r3, r4, #0x1\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_256_div2_mod_8_even\n\t"
#else
        "BEQ.N	L_sp_256_div2_mod_8_even\n\t"
#endif
        "LDM	%[a]!, {r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "ADC	r3, r12, r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_256_div2_mod_8_div2\n\t"
#else
        "B.N	L_sp_256_div2_mod_8_div2\n\t"
#endif
        "\n"
    "L_sp_256_div2_mod_8_even:\n\t"
        "LDRD	r4, r5, [%[a], #12]\n\t"
        "LDRD	r6, r7, [%[a], #20]\n\t"
        "\n"
    "L_sp_256_div2_mod_8_div2:\n\t"
        "LSR	r8, r4, #1\n\t"
        "AND	r4, r4, #0x1\n\t"
        "LSR	r9, r5, #1\n\t"
        "LSR	r10, r6, #1\n\t"
        "LSR	r11, r7, #1\n\t"
        "ORR	r8, r8, r5, lsl #31\n\t"
        "ORR	r9, r9, r6, lsl #31\n\t"
        "ORR	r10, r10, r7, lsl #31\n\t"
        "ORR	r11, r11, r3, lsl #31\n\t"
        "MOV	r3, r4\n\t"
        "STRD	r8, r9, [%[r], #16]\n\t"
        "STRD	r10, r11, [%[r], #24]\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LSR	r8, r4, #1\n\t"
        "LSR	r9, r5, #1\n\t"
        "LSR	r10, r6, #1\n\t"
        "LSR	r11, r7, #1\n\t"
        "ORR	r8, r8, r5, lsl #31\n\t"
        "ORR	r9, r9, r6, lsl #31\n\t"
        "ORR	r10, r10, r7, lsl #31\n\t"
        "ORR	r11, r11, r3, lsl #31\n\t"
        "STM	%[r], {r8, r9, r10, r11}\n\t"
        : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
    );
}

#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static int sp_256_num_bits_8(const sp_digit* a_p)
#else
static int sp_256_num_bits_8(const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register const sp_digit* a __asm__ ("r0") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	r1, [%[a], #28]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_256_num_bits_8_7\n\t"
#else
        "BEQ.N	L_sp_256_num_bits_8_7\n\t"
#endif
        "MOV	r2, #0x100\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_256_num_bits_8_9\n\t"
#else
        "B.N	L_sp_256_num_bits_8_9\n\t"
#endif
        "\n"
    "L_sp_256_num_bits_8_7:\n\t"
        "LDR	r1, [%[a], #24]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_256_num_bits_8_6\n\t"
#else
        "BEQ.N	L_sp_256_num_bits_8_6\n\t"
#endif
        "MOV	r2, #0xe0\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_256_num_bits_8_9\n\t"
#else
        "B.N	L_sp_256_num_bits_8_9\n\t"
#endif
        "\n"
    "L_sp_256_num_bits_8_6:\n\t"
        "LDR	r1, [%[a], #20]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_256_num_bits_8_5\n\t"
#else
        "BEQ.N	L_sp_256_num_bits_8_5\n\t"
#endif
        "MOV	r2, #0xc0\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_256_num_bits_8_9\n\t"
#else
        "B.N	L_sp_256_num_bits_8_9\n\t"
#endif
        "\n"
    "L_sp_256_num_bits_8_5:\n\t"
        "LDR	r1, [%[a], #16]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_256_num_bits_8_4\n\t"
#else
        "BEQ.N	L_sp_256_num_bits_8_4\n\t"
#endif
        "MOV	r2, #0xa0\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_256_num_bits_8_9\n\t"
#else
        "B.N	L_sp_256_num_bits_8_9\n\t"
#endif
        "\n"
    "L_sp_256_num_bits_8_4:\n\t"
        "LDR	r1, [%[a], #12]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_256_num_bits_8_3\n\t"
#else
        "BEQ.N	L_sp_256_num_bits_8_3\n\t"
#endif
        "MOV	r2, #0x80\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_256_num_bits_8_9\n\t"
#else
        "B.N	L_sp_256_num_bits_8_9\n\t"
#endif
        "\n"
    "L_sp_256_num_bits_8_3:\n\t"
        "LDR	r1, [%[a], #8]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_256_num_bits_8_2\n\t"
#else
        "BEQ.N	L_sp_256_num_bits_8_2\n\t"
#endif
        "MOV	r2, #0x60\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_256_num_bits_8_9\n\t"
#else
        "B.N	L_sp_256_num_bits_8_9\n\t"
#endif
        "\n"
    "L_sp_256_num_bits_8_2:\n\t"
        "LDR	r1, [%[a], #4]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_256_num_bits_8_1\n\t"
#else
        "BEQ.N	L_sp_256_num_bits_8_1\n\t"
#endif
        "MOV	r2, #0x40\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_256_num_bits_8_9\n\t"
#else
        "B.N	L_sp_256_num_bits_8_9\n\t"
#endif
        "\n"
    "L_sp_256_num_bits_8_1:\n\t"
        "LDR	r1, [%[a]]\n\t"
        "MOV	r2, #0x20\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
        "\n"
    "L_sp_256_num_bits_8_9:\n\t"
        "MOV	%[a], r4\n\t"
        : [a] "+r" (a)
        :
        : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Non-constant time modular inversion.
 *
 * @param  [out]  r   Resulting number.
 * @param  [in]   a   Number to invert.
 * @param  [in]   m   Modulus.
 * @return  MP_OKAY on success.
 */
static int sp_256_mod_inv_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    sp_digit u[8];
    sp_digit v[8];
    sp_digit b[8];
    sp_digit d[8];
    int ut, vt;
    sp_digit o;


    XMEMCPY(u, m, sizeof(u));
    XMEMCPY(v, a, sizeof(v));

    ut = sp_256_num_bits_8(u);
    vt = sp_256_num_bits_8(v);

    XMEMSET(b, 0, sizeof(b));
    if ((v[0] & 1) == 0) {
        sp_256_rshift1_8(v, v);
        XMEMCPY(d, m, sizeof(u));
        d[0] += 1;
        sp_256_rshift1_8(d, d);
        vt--;

        while ((v[0] & 1) == 0) {
            sp_256_rshift1_8(v, v);
            sp_256_div2_mod_8(d, d, m);
            vt--;
        }
    }
    else {
        XMEMSET(d+1, 0, sizeof(d)-sizeof(sp_digit));
        d[0] = 1;
    }

    while (ut > 1 && vt > 1) {
        if ((ut > vt) || ((ut == vt) && (sp_256_cmp_8(u, v) >= 0))) {
            sp_256_sub_8(u, u, v);
            o = sp_256_sub_8(b, b, d);
            if (o != 0)
                sp_256_add_8(b, b, m);
            ut = sp_256_num_bits_8(u);

            do {
                sp_256_rshift1_8(u, u);
                sp_256_div2_mod_8(b, b, m);
                ut--;
            }
            while (ut > 0 && (u[0] & 1) == 0);
        }
        else {
            sp_256_sub_8(v, v, u);
            o = sp_256_sub_8(d, d, b);
            if (o != 0)
                sp_256_add_8(d, d, m);
            vt = sp_256_num_bits_8(v);

            do {
                sp_256_rshift1_8(v, v);
                sp_256_div2_mod_8(d, d, m);
                vt--;
            }
            while (vt > 0 && (v[0] & 1) == 0);
        }
    }

    if (ut == 1)
        XMEMCPY(r, b, sizeof(b));
    else
        XMEMCPY(r, d, sizeof(d));


    return MP_OKAY;
}

#endif /* WOLFSSL_SP_SMALL */

/* Add point p1 into point p2. Handles p1 == p2 and result at infinity.
 *
 * p1   First point to add and holds result.
 * p2   Second point to add.
 * tmp  Temporary storage for intermediate numbers.
 */
static void sp_256_add_points_8(sp_point_256* p1, const sp_point_256* p2,
    sp_digit* tmp)
{

        sp_256_proj_point_add_8(p1, p1, p2, tmp);
    if (sp_256_iszero_8(p1->z)) {
        if (sp_256_iszero_8(p1->x) && sp_256_iszero_8(p1->y)) {
                sp_256_proj_point_dbl_8(p1, p2, tmp);
        }
        else {
            /* Y ordinate is not used from here - don't set. */
            p1->x[0] = 0;
            p1->x[1] = 0;
            p1->x[2] = 0;
            p1->x[3] = 0;
            p1->x[4] = 0;
            p1->x[5] = 0;
            p1->x[6] = 0;
            p1->x[7] = 0;
            XMEMCPY(p1->z, p256_norm_mod, sizeof(p256_norm_mod));
        }
    }
}

/* Calculate the verification point: [e/s]G + [r/s]Q
 *
 * p1    Calculated point.
 * p2    Public point and temporary.
 * s     Second part of signature as a number.
 * u1    Temporary number.
 * u2    Temporary number.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_256_calc_vfy_point_8(sp_point_256* p1, sp_point_256* p2,
    sp_digit* s, sp_digit* u1, sp_digit* u2, sp_digit* tmp, void* heap)
{
    int err;

#ifndef WOLFSSL_SP_SMALL
    err = sp_256_mod_inv_8(s, s, p256_order);
    if (err == MP_OKAY)
#endif /* !WOLFSSL_SP_SMALL */
    {
        sp_256_mul_8(s, s, p256_norm_order);
        err = sp_256_mod_8(s, s, p256_order);
    }
    if (err == MP_OKAY) {
        sp_256_norm_8(s);
#ifdef WOLFSSL_SP_SMALL
        {
            sp_256_mont_inv_order_8(s, s, tmp);
            sp_256_mont_mul_order_8(u1, u1, s);
            sp_256_mont_mul_order_8(u2, u2, s);
        }
#else
        {
            sp_256_mont_mul_order_8(u1, u1, s);
            sp_256_mont_mul_order_8(u2, u2, s);
        }
#endif /* WOLFSSL_SP_SMALL */
        {
            err = sp_256_ecc_mulmod_base_8(p1, u1, 0, 0, heap);
        }
    }
    if ((err == MP_OKAY) && sp_256_iszero_8(p1->z)) {
        p1->infinity = 1;
    }
    if (err == MP_OKAY) {
            err = sp_256_ecc_mulmod_8(p2, p2, u2, 0, 0, heap);
    }
    if ((err == MP_OKAY) && sp_256_iszero_8(p2->z)) {
        p2->infinity = 1;
    }

    if (err == MP_OKAY) {
        sp_256_add_points_8(p1, p2, tmp);
    }

    return err;
}

#ifdef HAVE_ECC_VERIFY
/* Verify the signature values with the hash and public key.
 *   e = Truncate(hash, 256)
 *   u1 = e/s mod order
 *   u2 = r/s mod order
 *   r == (u1.G + u2.Q)->x mod order
 * Optimization: Leave point in projective form.
 *   (x, y, 1) == (x' / z'*z', y' / z'*z'*z', z' / z')
 *   (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x'
 * The hash is truncated to the first 256 bits.
 *
 * hash     Hash to sign.
 * hashLen  Length of the hash data.
 * rng      Random number generator.
 * priv     Private part of key - scalar.
 * rm       First part of result as an mp_int.
 * sm       Sirst part of result as an mp_int.
 * heap     Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
    const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
    int* res, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* u1 = NULL;
    sp_point_256* p1 = NULL;
#else
    sp_digit  u1[18 * 8];
    sp_point_256 p1[2];
#endif
    sp_digit* u2 = NULL;
    sp_digit* s = NULL;
    sp_digit* tmp = NULL;
    sp_point_256* p2 = NULL;
    sp_digit carry;
    sp_int32 c = 0;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        p1 = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
                                             DYNAMIC_TYPE_ECC);
        if (p1 == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 8, heap,
                                                              DYNAMIC_TYPE_ECC);
        if (u1 == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        u2  = u1 + 2 * 8;
        s   = u1 + 4 * 8;
        tmp = u1 + 6 * 8;
        p2 = p1 + 1;

        if (hashLen > 32U) {
            hashLen = 32U;
        }

        sp_256_from_bin(u1, 8, hash, (int)hashLen);
        sp_256_from_mp(u2, 8, rm);
        sp_256_from_mp(s, 8, sm);
        sp_256_from_mp(p2->x, 8, pX);
        sp_256_from_mp(p2->y, 8, pY);
        sp_256_from_mp(p2->z, 8, pZ);

        err = sp_256_calc_vfy_point_8(p1, p2, s, u1, u2, tmp, heap);
    }
    if (err == MP_OKAY) {
        /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
        /* Reload r and convert to Montgomery form. */
        sp_256_from_mp(u2, 8, rm);
        err = sp_256_mod_mul_norm_8(u2, u2, p256_mod);
    }

    if (err == MP_OKAY) {
        /* u1 = r.z'.z' mod prime */
            sp_256_mont_sqr_8(p1->z, p1->z, p256_mod, p256_mp_mod);
            sp_256_mont_mul_8(u1, u2, p1->z, p256_mod, p256_mp_mod);
        *res = (int)(sp_256_cmp_8(p1->x, u1) == 0);
        if (*res == 0) {
            /* Reload r and add order. */
            sp_256_from_mp(u2, 8, rm);
            carry = sp_256_add_8(u2, u2, p256_order);
            /* Carry means result is greater than mod and is not valid. */
            if (carry == 0) {
                sp_256_norm_8(u2);

                /* Compare with mod and if greater or equal then not valid. */
                c = sp_256_cmp_8(u2, p256_mod);
            }
        }
        if ((*res == 0) && (c < 0)) {
            /* Convert to Montogomery form */
            err = sp_256_mod_mul_norm_8(u2, u2, p256_mod);
            if (err == MP_OKAY) {
                /* u1 = (r + 1*order).z'.z' mod prime */
                {
                    sp_256_mont_mul_8(u1, u2, p1->z, p256_mod, p256_mp_mod);
                }
                *res = (sp_256_cmp_8(p1->x, u1) == 0);
            }
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (u1 != NULL)
        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
    if (p1 != NULL)
        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_ecc_verify_256_ctx {
    int state;
    union {
        sp_256_ecc_mulmod_8_ctx mulmod_ctx;
        sp_256_mont_inv_order_8_ctx mont_inv_order_ctx;
        sp_256_proj_point_dbl_8_ctx dbl_ctx;
        sp_256_proj_point_add_8_ctx add_ctx;
    };
    sp_digit u1[2*8];
    sp_digit u2[2*8];
    sp_digit s[2*8];
    sp_digit tmp[2*8 * 6];
    sp_point_256 p1;
    sp_point_256 p2;
} sp_ecc_verify_256_ctx;

int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
    word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
    const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
    int err = FP_WOULDBLOCK;
    sp_ecc_verify_256_ctx* ctx = (sp_ecc_verify_256_ctx*)sp_ctx->data;

    typedef char ctx_size_test[sizeof(sp_ecc_verify_256_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0: /* INIT */
        if (hashLen > 32U) {
            hashLen = 32U;
        }

        sp_256_from_bin(ctx->u1, 8, hash, (int)hashLen);
        sp_256_from_mp(ctx->u2, 8, rm);
        sp_256_from_mp(ctx->s, 8, sm);
        sp_256_from_mp(ctx->p2.x, 8, pX);
        sp_256_from_mp(ctx->p2.y, 8, pY);
        sp_256_from_mp(ctx->p2.z, 8, pZ);
        ctx->state = 1;
        break;
    case 1: /* NORMS0 */
        sp_256_mul_8(ctx->s, ctx->s, p256_norm_order);
        err = sp_256_mod_8(ctx->s, ctx->s, p256_order);
        if (err == MP_OKAY)
            ctx->state = 2;
        break;
    case 2: /* NORMS1 */
        sp_256_norm_8(ctx->s);
        XMEMSET(&ctx->mont_inv_order_ctx, 0, sizeof(ctx->mont_inv_order_ctx));
        ctx->state = 3;
        break;
    case 3: /* NORMS2 */
        err = sp_256_mont_inv_order_8_nb((sp_ecc_ctx_t*)&ctx->mont_inv_order_ctx, ctx->s, ctx->s, ctx->tmp);
        if (err == MP_OKAY) {
            ctx->state = 4;
        }
        break;
    case 4: /* NORMS3 */
        sp_256_mont_mul_order_8(ctx->u1, ctx->u1, ctx->s);
        ctx->state = 5;
        break;
    case 5: /* NORMS4 */
        sp_256_mont_mul_order_8(ctx->u2, ctx->u2, ctx->s);
        XMEMSET(&ctx->mulmod_ctx, 0, sizeof(ctx->mulmod_ctx));
        ctx->state = 6;
        break;
    case 6: /* MULBASE */
        err = sp_256_ecc_mulmod_8_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx, &ctx->p1, &p256_base, ctx->u1, 0, 0, heap);
        if (err == MP_OKAY) {
            if (sp_256_iszero_8(ctx->p1.z)) {
                ctx->p1.infinity = 1;
            }
            XMEMSET(&ctx->mulmod_ctx, 0, sizeof(ctx->mulmod_ctx));
            ctx->state = 7;
        }
        break;
    case 7: /* MULMOD */
        err = sp_256_ecc_mulmod_8_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx, &ctx->p2, &ctx->p2, ctx->u2, 0, 0, heap);
        if (err == MP_OKAY) {
            if (sp_256_iszero_8(ctx->p2.z)) {
                ctx->p2.infinity = 1;
            }
            XMEMSET(&ctx->add_ctx, 0, sizeof(ctx->add_ctx));
            ctx->state = 8;
        }
        break;
    case 8: /* ADD */
        err = sp_256_proj_point_add_8_nb((sp_ecc_ctx_t*)&ctx->add_ctx, &ctx->p1, &ctx->p1, &ctx->p2, ctx->tmp);
        if (err == MP_OKAY)
            ctx->state = 9;
        break;
    case 9: /* MONT */
        /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
        /* Reload r and convert to Montgomery form. */
        sp_256_from_mp(ctx->u2, 8, rm);
        err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod);
        if (err == MP_OKAY)
            ctx->state = 10;
        break;
    case 10: /* SQR */
        /* u1 = r.z'.z' mod prime */
        sp_256_mont_sqr_8(ctx->p1.z, ctx->p1.z, p256_mod, p256_mp_mod);
        ctx->state = 11;
        break;
    case 11: /* MUL */
        sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, p256_mp_mod);
        ctx->state = 12;
        break;
    case 12: /* RES */
    {
        sp_int32 c = 0;
        err = MP_OKAY; /* math okay, now check result */
        *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0);
        if (*res == 0) {
            sp_digit carry;

            /* Reload r and add order. */
            sp_256_from_mp(ctx->u2, 8, rm);
            carry = sp_256_add_8(ctx->u2, ctx->u2, p256_order);
            /* Carry means result is greater than mod and is not valid. */
            if (carry == 0) {
                sp_256_norm_8(ctx->u2);

                /* Compare with mod and if greater or equal then not valid. */
                c = sp_256_cmp_8(ctx->u2, p256_mod);
            }
        }
        if ((*res == 0) && (c < 0)) {
            /* Convert to Montogomery form */
            err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod);
            if (err == MP_OKAY) {
                /* u1 = (r + 1*order).z'.z' mod prime */
                sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod,
                                                            p256_mp_mod);
                *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0);
            }
        }
        break;
    }
    } /* switch */

    if (err == MP_OKAY && ctx->state != 12) {
        err = FP_WOULDBLOCK;
    }

    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */
#endif /* HAVE_ECC_VERIFY */

#ifdef HAVE_ECC_CHECK_KEY
/* Check that the x and y ordinates are a valid point on the curve.
 *
 * point  EC point.
 * heap   Heap to use if dynamically allocating.
 * returns MEMORY_E if dynamic memory allocation fails, MP_VAL if the point is
 * not on the curve and MP_OKAY otherwise.
 */
static int sp_256_ecc_is_point_8(const sp_point_256* point,
    void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* t1 = NULL;
#else
    sp_digit t1[8 * 4];
#endif
    sp_digit* t2 = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8 * 4, heap, DYNAMIC_TYPE_ECC);
    if (t1 == NULL)
        err = MEMORY_E;
#endif
    (void)heap;

    if (err == MP_OKAY) {
        t2 = t1 + 2 * 8;

        /* y^2 - x^3 - a.x = b */
        sp_256_sqr_8(t1, point->y);
        (void)sp_256_mod_8(t1, t1, p256_mod);
        sp_256_sqr_8(t2, point->x);
        (void)sp_256_mod_8(t2, t2, p256_mod);
        sp_256_mul_8(t2, t2, point->x);
        (void)sp_256_mod_8(t2, t2, p256_mod);
        sp_256_mont_sub_8(t1, t1, t2, p256_mod);

        /* y^2 - x^3 + 3.x = b, when a = -3  */
        sp_256_mont_add_8(t1, t1, point->x, p256_mod);
        sp_256_mont_add_8(t1, t1, point->x, p256_mod);
        sp_256_mont_add_8(t1, t1, point->x, p256_mod);


        if (sp_256_cmp_8(t1, p256_b) != 0) {
            err = MP_VAL;
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t1 != NULL)
        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Check that the x and y ordinates are a valid point on the curve.
 *
 * pX  X ordinate of EC point.
 * pY  Y ordinate of EC point.
 * returns MEMORY_E if dynamic memory allocation fails, MP_VAL if the point is
 * not on the curve and MP_OKAY otherwise.
 */
int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_256* pub = NULL;
#else
    sp_point_256 pub[1];
#endif
    const byte one[1] = { 1 };
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
                                       DYNAMIC_TYPE_ECC);
    if (pub == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {
        sp_256_from_mp(pub->x, 8, pX);
        sp_256_from_mp(pub->y, 8, pY);
        sp_256_from_bin(pub->z, 8, one, (int)sizeof(one));

        err = sp_256_ecc_is_point_8(pub, NULL);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (pub != NULL)
        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Check that the private scalar generates the EC point (px, py), the point is
 * on the curve and the point has the correct order.
 *
 * pX     X ordinate of EC point.
 * pY     Y ordinate of EC point.
 * privm  Private scalar that generates EC point.
 * returns MEMORY_E if dynamic memory allocation fails, MP_VAL if the point is
 * not on the curve, ECC_INF_E if the point does not have the correct order,
 * ECC_PRIV_KEY_E when the private scalar doesn't generate the EC point and
 * MP_OKAY otherwise.
 */
int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
    const mp_int* privm, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* priv = NULL;
    sp_point_256* pub = NULL;
#else
    sp_digit priv[8];
    sp_point_256 pub[2];
#endif
    sp_point_256* p = NULL;
    const byte one[1] = { 1 };
    int err = MP_OKAY;


    /* Quick check the lengs of public key ordinates and private key are in
     * range. Proper check later.
     */
    if (((mp_count_bits(pX) > 256) ||
        (mp_count_bits(pY) > 256) ||
        ((privm != NULL) && (mp_count_bits(privm) > 256)))) {
        err = ECC_OUT_OF_RANGE_E;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
                                           DYNAMIC_TYPE_ECC);
        if (pub == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY && privm) {
        priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
                                  DYNAMIC_TYPE_ECC);
        if (priv == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        p = pub + 1;

        sp_256_from_mp(pub->x, 8, pX);
        sp_256_from_mp(pub->y, 8, pY);
        sp_256_from_bin(pub->z, 8, one, (int)sizeof(one));
        if (privm)
            sp_256_from_mp(priv, 8, privm);

        /* Check point at infinitiy. */
        if ((sp_256_iszero_8(pub->x) != 0) &&
            (sp_256_iszero_8(pub->y) != 0)) {
            err = ECC_INF_E;
        }
    }

    /* Check range of X and Y */
    if ((err == MP_OKAY) &&
            ((sp_256_cmp_8(pub->x, p256_mod) >= 0) ||
             (sp_256_cmp_8(pub->y, p256_mod) >= 0))) {
        err = ECC_OUT_OF_RANGE_E;
    }

    if (err == MP_OKAY) {
        /* Check point is on curve */
        err = sp_256_ecc_is_point_8(pub, heap);
    }

    if (err == MP_OKAY) {
        /* Point * order = infinity */
            err = sp_256_ecc_mulmod_8(p, pub, p256_order, 1, 1, heap);
    }
    /* Check result is infinity */
    if ((err == MP_OKAY) && ((sp_256_iszero_8(p->x) == 0) ||
                             (sp_256_iszero_8(p->y) == 0))) {
        err = ECC_INF_E;
    }

    if (privm) {
        if (err == MP_OKAY) {
            /* Base * private = point */
                err = sp_256_ecc_mulmod_base_8(p, priv, 1, 1, heap);
        }
        /* Check result is public key */
        if ((err == MP_OKAY) &&
                ((sp_256_cmp_8(p->x, pub->x) != 0) ||
                 (sp_256_cmp_8(p->y, pub->y) != 0))) {
            err = ECC_PRIV_KEY_E;
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (pub != NULL)
        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
    if (priv != NULL)
        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}
#endif
#ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL
/* Add two projective EC points together.
 * (pX, pY, pZ) + (qX, qY, qZ) = (rX, rY, rZ)
 *
 * pX   First EC point's X ordinate.
 * pY   First EC point's Y ordinate.
 * pZ   First EC point's Z ordinate.
 * qX   Second EC point's X ordinate.
 * qY   Second EC point's Y ordinate.
 * qZ   Second EC point's Z ordinate.
 * rX   Resultant EC point's X ordinate.
 * rY   Resultant EC point's Y ordinate.
 * rZ   Resultant EC point's Z ordinate.
 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
 */
int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
                              mp_int* qX, mp_int* qY, mp_int* qZ,
                              mp_int* rX, mp_int* rY, mp_int* rZ)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp = NULL;
    sp_point_256* p = NULL;
#else
    sp_digit tmp[2 * 8 * 6];
    sp_point_256 p[2];
#endif
    sp_point_256* q = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        p = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, NULL,
                                         DYNAMIC_TYPE_ECC);
        if (p == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 6, NULL,
                                 DYNAMIC_TYPE_ECC);
        if (tmp == NULL) {
            err = MEMORY_E;
        }
    }
#endif

    if (err == MP_OKAY) {
        q = p + 1;

        sp_256_from_mp(p->x, 8, pX);
        sp_256_from_mp(p->y, 8, pY);
        sp_256_from_mp(p->z, 8, pZ);
        sp_256_from_mp(q->x, 8, qX);
        sp_256_from_mp(q->y, 8, qY);
        sp_256_from_mp(q->z, 8, qZ);
        p->infinity = sp_256_iszero_8(p->x) &
                      sp_256_iszero_8(p->y);
        q->infinity = sp_256_iszero_8(q->x) &
                      sp_256_iszero_8(q->y);

            sp_256_proj_point_add_8(p, p, q, tmp);
    }

    if (err == MP_OKAY) {
        err = sp_256_to_mp(p->x, rX);
    }
    if (err == MP_OKAY) {
        err = sp_256_to_mp(p->y, rY);
    }
    if (err == MP_OKAY) {
        err = sp_256_to_mp(p->z, rZ);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (tmp != NULL)
        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
    if (p != NULL)
        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Double a projective EC point.
 * (pX, pY, pZ) + (pX, pY, pZ) = (rX, rY, rZ)
 *
 * pX   EC point's X ordinate.
 * pY   EC point's Y ordinate.
 * pZ   EC point's Z ordinate.
 * rX   Resultant EC point's X ordinate.
 * rY   Resultant EC point's Y ordinate.
 * rZ   Resultant EC point's Z ordinate.
 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
 */
int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
                              mp_int* rX, mp_int* rY, mp_int* rZ)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp = NULL;
    sp_point_256* p = NULL;
#else
    sp_digit tmp[2 * 8 * 2];
    sp_point_256 p[1];
#endif
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
                                         DYNAMIC_TYPE_ECC);
        if (p == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 2, NULL,
                                 DYNAMIC_TYPE_ECC);
        if (tmp == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        sp_256_from_mp(p->x, 8, pX);
        sp_256_from_mp(p->y, 8, pY);
        sp_256_from_mp(p->z, 8, pZ);
        p->infinity = sp_256_iszero_8(p->x) &
                      sp_256_iszero_8(p->y);

            sp_256_proj_point_dbl_8(p, p, tmp);
    }

    if (err == MP_OKAY) {
        err = sp_256_to_mp(p->x, rX);
    }
    if (err == MP_OKAY) {
        err = sp_256_to_mp(p->y, rY);
    }
    if (err == MP_OKAY) {
        err = sp_256_to_mp(p->z, rZ);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (tmp != NULL)
        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
    if (p != NULL)
        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Map a projective EC point to affine in place.
 * pZ will be one.
 *
 * pX   EC point's X ordinate.
 * pY   EC point's Y ordinate.
 * pZ   EC point's Z ordinate.
 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
 */
int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp = NULL;
    sp_point_256* p = NULL;
#else
    sp_digit tmp[2 * 8 * 4];
    sp_point_256 p[1];
#endif
    int err = MP_OKAY;


#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
                                         DYNAMIC_TYPE_ECC);
        if (p == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 4, NULL,
                                 DYNAMIC_TYPE_ECC);
        if (tmp == NULL)
            err = MEMORY_E;
    }
#endif
    if (err == MP_OKAY) {
        sp_256_from_mp(p->x, 8, pX);
        sp_256_from_mp(p->y, 8, pY);
        sp_256_from_mp(p->z, 8, pZ);
        p->infinity = sp_256_iszero_8(p->x) &
                      sp_256_iszero_8(p->y);

            sp_256_map_8(p, p, tmp);
    }

    if (err == MP_OKAY) {
        err = sp_256_to_mp(p->x, pX);
    }
    if (err == MP_OKAY) {
        err = sp_256_to_mp(p->y, pY);
    }
    if (err == MP_OKAY) {
        err = sp_256_to_mp(p->z, pZ);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (tmp != NULL)
        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
    if (p != NULL)
        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}
#endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
#ifdef HAVE_COMP_KEY
/* Find the square root of a number mod the prime of the curve.
 *
 * y  The number to operate on and the result.
 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
 */
static int sp_256_mont_sqrt_8(sp_digit* y)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* t1 = NULL;
#else
    sp_digit t1[4 * 8];
#endif
    sp_digit* t2 = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC);
    if (t1 == NULL) {
        err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        t2 = t1 + 2 * 8;

        {
            /* t2 = y ^ 0x2 */
            sp_256_mont_sqr_8(t2, y, p256_mod, p256_mp_mod);
            /* t1 = y ^ 0x3 */
            sp_256_mont_mul_8(t1, t2, y, p256_mod, p256_mp_mod);
            /* t2 = y ^ 0xc */
            sp_256_mont_sqr_n_8(t2, t1, 2, p256_mod, p256_mp_mod);
            /* t1 = y ^ 0xf */
            sp_256_mont_mul_8(t1, t1, t2, p256_mod, p256_mp_mod);
            /* t2 = y ^ 0xf0 */
            sp_256_mont_sqr_n_8(t2, t1, 4, p256_mod, p256_mp_mod);
            /* t1 = y ^ 0xff */
            sp_256_mont_mul_8(t1, t1, t2, p256_mod, p256_mp_mod);
            /* t2 = y ^ 0xff00 */
            sp_256_mont_sqr_n_8(t2, t1, 8, p256_mod, p256_mp_mod);
            /* t1 = y ^ 0xffff */
            sp_256_mont_mul_8(t1, t1, t2, p256_mod, p256_mp_mod);
            /* t2 = y ^ 0xffff0000 */
            sp_256_mont_sqr_n_8(t2, t1, 16, p256_mod, p256_mp_mod);
            /* t1 = y ^ 0xffffffff */
            sp_256_mont_mul_8(t1, t1, t2, p256_mod, p256_mp_mod);
            /* t1 = y ^ 0xffffffff00000000 */
            sp_256_mont_sqr_n_8(t1, t1, 32, p256_mod, p256_mp_mod);
            /* t1 = y ^ 0xffffffff00000001 */
            sp_256_mont_mul_8(t1, t1, y, p256_mod, p256_mp_mod);
            /* t1 = y ^ 0xffffffff00000001000000000000000000000000 */
            sp_256_mont_sqr_n_8(t1, t1, 96, p256_mod, p256_mp_mod);
            /* t1 = y ^ 0xffffffff00000001000000000000000000000001 */
            sp_256_mont_mul_8(t1, t1, y, p256_mod, p256_mp_mod);
            sp_256_mont_sqr_n_8(y, t1, 94, p256_mod, p256_mp_mod);
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t1 != NULL)
        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}


/* Uncompress the point given the X ordinate.
 *
 * xm    X ordinate.
 * odd   Whether the Y ordinate is odd.
 * ym    Calculated Y ordinate.
 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
 */
int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* x = NULL;
#else
    sp_digit x[4 * 8];
#endif
    sp_digit* y = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC);
    if (x == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {
        y = x + 2 * 8;

        sp_256_from_mp(x, 8, xm);
        err = sp_256_mod_mul_norm_8(x, x, p256_mod);
    }
    if (err == MP_OKAY) {
        /* y = x^3 */
        {
            sp_256_mont_sqr_8(y, x, p256_mod, p256_mp_mod);
            sp_256_mont_mul_8(y, y, x, p256_mod, p256_mp_mod);
        }
        /* y = x^3 - 3x */
        sp_256_mont_sub_8(y, y, x, p256_mod);
        sp_256_mont_sub_8(y, y, x, p256_mod);
        sp_256_mont_sub_8(y, y, x, p256_mod);
        /* y = x^3 - 3x + b */
        err = sp_256_mod_mul_norm_8(x, p256_b, p256_mod);
    }
    if (err == MP_OKAY) {
        sp_256_mont_add_8(y, y, x, p256_mod);
        /* y = sqrt(x^3 - 3x + b) */
        err = sp_256_mont_sqrt_8(y);
    }
    if (err == MP_OKAY) {
        XMEMSET(y + 8, 0, 8U * sizeof(sp_digit));
        sp_256_mont_reduce_8(y, p256_mod, p256_mp_mod);
        if ((((word32)y[0] ^ (word32)odd) & 1U) != 0U) {
            sp_256_mont_sub_8(y, p256_mod, y, p256_mod);
        }

        err = sp_256_to_mp(y, ym);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (x != NULL)
        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}
#endif
#endif /* !WOLFSSL_SP_NO_256 */
#ifdef WOLFSSL_SP_384

/* Point structure to use. */
typedef struct sp_point_384 {
    /* X ordinate of point. */
    sp_digit x[2 * 12];
    /* Y ordinate of point. */
    sp_digit y[2 * 12];
    /* Z ordinate of point. */
    sp_digit z[2 * 12];
    /* Indicates point is at infinity. */
    int infinity;
} sp_point_384;

/* The modulus (prime) of the curve P384. */
static const sp_digit p384_mod[12] = {
    0xffffffff,0x00000000,0x00000000,0xffffffff,0xfffffffe,0xffffffff,
    0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff
};
/* The Montgomery normalizer for modulus of the curve P384. */
static const sp_digit p384_norm_mod[12] = {
    0x00000001,0xffffffff,0xffffffff,0x00000000,0x00000001,0x00000000,
    0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000
};
/* The Montgomery multiplier for modulus of the curve P384. */
static sp_digit p384_mp_mod = 0x00000001;
#if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \
                                            defined(HAVE_ECC_VERIFY)
/* The order of the curve P384. */
static const sp_digit p384_order[12] = {
    0xccc52973,0xecec196a,0x48b0a77a,0x581a0db2,0xf4372ddf,0xc7634d81,
    0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff
};
#endif
/* The order of the curve P384 minus 2. */
static const sp_digit p384_order2[12] = {
    0xccc52971,0xecec196a,0x48b0a77a,0x581a0db2,0xf4372ddf,0xc7634d81,
    0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff
};
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
/* The Montgomery normalizer for order of the curve P384. */
static const sp_digit p384_norm_order[12] = {
    0x333ad68d,0x1313e695,0xb74f5885,0xa7e5f24d,0x0bc8d220,0x389cb27e,
    0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000
};
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
/* The Montgomery multiplier for order of the curve P384. */
static sp_digit p384_mp_order = 0xe88fdc45;
#endif
/* The base point of curve P384. */
static const sp_point_384 p384_base = {
    /* X ordinate */
    {
        0x72760ab7,0x3a545e38,0xbf55296c,0x5502f25d,0x82542a38,0x59f741e0,
        0x8ba79b98,0x6e1d3b62,0xf320ad74,0x8eb1c71e,0xbe8b0537,0xaa87ca22,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0
    },
    /* Y ordinate */
    {
        0x90ea0e5f,0x7a431d7c,0x1d7e819d,0x0a60b1ce,0xb5f0b8c0,0xe9da3113,
        0x289a147c,0xf8f41dbd,0x9292dc29,0x5d9e98bf,0x96262c6f,0x3617de4a,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0
    },
    /* Z ordinate */
    {
        0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
        0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0
    },
    /* infinity */
    0
};
#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY)
static const sp_digit p384_b[12] = {
    0xd3ec2aef,0x2a85c8ed,0x8a2ed19d,0xc656398d,0x5013875a,0x0314088f,
    0xfe814112,0x181d9c6e,0xe3f82d19,0x988e056b,0xe23ee7e4,0xb3312fa7
};
#endif

#ifdef WOLFSSL_SP_SMALL
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x60\n\t"
        "LDR	lr, [%[a]]\n\t"
        "LDR	r11, [%[b]]\n\t"
        "UMULL	r8, r6, lr, r11\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_384_mul_12_outer:\n\t"
        "SUBS	r3, r5, #0x2c\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_384_mul_12_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "LDR	lr, [%[a], r4]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_384_mul_12_inner_done\n\t"
#else
        "BGT.N	L_sp_384_mul_12_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_384_mul_12_inner\n\t"
#else
        "BLT.N	L_sp_384_mul_12_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_384_mul_12_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x54\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_384_mul_12_outer\n\t"
#else
        "BLE.N	L_sp_384_mul_12_outer\n\t"
#endif
        "LDR	lr, [%[a], #44]\n\t"
        "LDR	r11, [%[b], #44]\n\t"
        "UMLAL	r6, r7, lr, r11\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "\n"
    "L_sp_384_mul_12_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_384_mul_12_store\n\t"
#else
        "BGT.N	L_sp_384_mul_12_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

#else
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x30\n\t"
        /* A[0] * B[0] */
        "LDR	r11, [%[a]]\n\t"
        "LDR	r12, [%[b]]\n\t"
        "UMULL	r3, r4, r11, r12\n\t"
        "MOV	r5, #0x0\n\t"
        "STR	r3, [sp]\n\t"
        /* A[0] * B[1] */
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[0] */
        "LDR	r8, [%[a], #4]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #4]\n\t"
        /* A[2] * B[0] */
        "LDR	r8, [%[a], #8]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[1] */
        "LDR	r11, [%[a], #4]\n\t"
        "LDR	r12, [%[b], #4]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[0] * B[2] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #8]\n\t"
        /* A[0] * B[3] */
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[2] */
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[1] */
        "LDR	r8, [%[a], #8]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[0] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [sp, #12]\n\t"
        /* A[4] * B[0] */
        "LDR	r8, [%[a], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[1] */
        "LDR	r8, [%[a], #12]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[2] * B[2] */
        "LDR	r11, [%[a], #8]\n\t"
        "LDR	r12, [%[b], #8]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[3] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[0] * B[4] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #16]\n\t"
        /* A[0] * B[5] */
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[4] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[2] * B[3] */
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[2] */
        "LDR	r8, [%[a], #12]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[1] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[0] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #20]\n\t"
        /* A[6] * B[0] */
        "LDR	r8, [%[a], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[1] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[4] * B[2] */
        "LDR	r8, [%[a], #16]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[3] */
        "LDR	r11, [%[a], #12]\n\t"
        "LDR	r12, [%[b], #12]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[4] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[5] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[0] * B[6] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [sp, #24]\n\t"
        /* A[0] * B[7] */
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[6] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[2] * B[5] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[4] */
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[4] * B[3] */
        "LDR	r8, [%[a], #16]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[2] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[1] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[0] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #28]\n\t"
        /* A[8] * B[0] */
        "LDR	r8, [%[a], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[1] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[6] * B[2] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[3] */
        "LDR	r8, [%[a], #20]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[4] */
        "LDR	r11, [%[a], #16]\n\t"
        "LDR	r12, [%[b], #16]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[5] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[2] * B[6] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[7] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[0] * B[8] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #32]\n\t"
        /* A[0] * B[9] */
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[8] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[7] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[6] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[4] * B[5] */
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[4] */
        "LDR	r8, [%[a], #20]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[6] * B[3] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[2] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[1] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[0] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [sp, #36]\n\t"
        /* A[10] * B[0] */
        "LDR	r8, [%[a], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[1] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[8] * B[2] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[3] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[4] */
        "LDR	r8, [%[a], #24]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[5] */
        "LDR	r11, [%[a], #20]\n\t"
        "LDR	r12, [%[b], #20]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[4] * B[6] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[7] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[2] * B[8] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[9] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[0] * B[10] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #40]\n\t"
        /* A[0] * B[11] */
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[10] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[2] * B[9] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[8] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[7] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[6] */
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[6] * B[5] */
        "LDR	r8, [%[a], #24]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[4] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * B[3] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[2] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[1] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[11] * B[0] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #44]\n\t"
        /* A[11] * B[1] */
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[10] * B[2] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[3] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[4] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[5] */
        "LDR	r8, [%[a], #28]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[6] * B[6] */
        "LDR	r11, [%[a], #24]\n\t"
        "LDR	r12, [%[b], #24]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[7] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[4] * B[8] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[9] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[10] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[11] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #48]\n\t"
        /* A[2] * B[11] */
        "LDR	r8, [%[a], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[10] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[4] * B[9] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[8] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[7] */
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[6] */
        "LDR	r8, [%[a], #28]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[8] * B[5] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[4] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * B[3] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[11] * B[2] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #52]\n\t"
        /* A[11] * B[3] */
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[4] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[5] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * B[6] */
        "LDR	r8, [%[a], #32]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[7] */
        "LDR	r11, [%[a], #28]\n\t"
        "LDR	r12, [%[b], #28]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[6] * B[8] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[9] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[10] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[11] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [%[r], #56]\n\t"
        /* A[4] * B[11] */
        "LDR	r8, [%[a], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[10] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[6] * B[9] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[8] */
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[7] */
        "LDR	r8, [%[a], #32]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[6] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[10] * B[5] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[11] * B[4] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #60]\n\t"
        /* A[11] * B[5] */
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * B[6] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[7] */
        "LDR	r8, [%[a], #36]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[8] * B[8] */
        "LDR	r11, [%[a], #32]\n\t"
        "LDR	r12, [%[b], #32]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[9] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[10] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[11] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #64]\n\t"
        /* A[6] * B[11] */
        "LDR	r8, [%[a], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[10] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * B[9] */
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[8] */
        "LDR	r8, [%[a], #36]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[7] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[11] * B[6] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [%[r], #68]\n\t"
        /* A[11] * B[7] */
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[10] * B[8] */
        "LDR	r8, [%[a], #40]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[9] */
        "LDR	r11, [%[a], #36]\n\t"
        "LDR	r12, [%[b], #36]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[10] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[11] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #72]\n\t"
        /* A[8] * B[11] */
        "LDR	r8, [%[a], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[10] */
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * B[9] */
        "LDR	r8, [%[a], #40]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[11] * B[8] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #76]\n\t"
        /* A[11] * B[9] */
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[10] */
        "LDR	r11, [%[a], #40]\n\t"
        "LDR	r12, [%[b], #40]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[11] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [%[r], #80]\n\t"
        /* A[10] * B[11] */
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[11] * B[10] */
        "LDR	r8, [%[a], #44]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #84]\n\t"
        /* A[11] * B[11] */
        "UMLAL	r4, r5, r8, r9\n\t"
        "STR	r4, [%[r], #88]\n\t"
        "STR	r5, [%[r], #92]\n\t"
        "LDM	sp!, {r3, r4, r5, r6}\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	sp!, {r3, r4, r5, r6}\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	sp!, {r3, r4, r5, r6}\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_384_sqr_12(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x60\n\t"
        "LDR	lr, [%[a]]\n\t"
        "UMULL	r8, r6, lr, lr\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_384_sqr_12_outer:\n\t"
        "SUBS	r3, r5, #0x2c\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_384_sqr_12_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[a], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_384_sqr_12_inner_done\n\t"
#else
        "BGT.N	L_sp_384_sqr_12_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_384_sqr_12_inner\n\t"
#else
        "BLT.N	L_sp_384_sqr_12_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "UMULL	r9, r10, lr, lr\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_384_sqr_12_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x54\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_384_sqr_12_outer\n\t"
#else
        "BLE.N	L_sp_384_sqr_12_outer\n\t"
#endif
        "LDR	lr, [%[a], #44]\n\t"
        "UMLAL	r6, r7, lr, lr\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "\n"
    "L_sp_384_sqr_12_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_384_sqr_12_store\n\t"
#else
        "BGT.N	L_sp_384_sqr_12_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

#else
/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_384_sqr_12(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x30\n\t"
        /* A[0] * A[0] */
        "LDR	r10, [%[a]]\n\t"
        "UMULL	r8, r3, r10, r10\n\t"
        "MOV	r4, #0x0\n\t"
        "STR	r8, [sp]\n\t"
        /* A[0] * A[1] */
        "LDR	r10, [%[a], #4]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "STR	r3, [sp, #4]\n\t"
        /* A[0] * A[2] */
        "LDR	r10, [%[a], #8]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * A[1] */
        "LDR	r10, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #8]\n\t"
        /* A[0] * A[3] */
        "LDR	r10, [%[a], #12]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * A[2] */
        "LDR	r10, [%[a], #8]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r2, [sp, #12]\n\t"
        /* A[0] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        /* A[1] * A[3] */
        "LDR	r10, [%[a], #12]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        /* A[2] * A[2] */
        "LDR	r10, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "STR	r3, [sp, #16]\n\t"
        /* A[0] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[3] */
        "LDR	r10, [%[a], #12]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [sp, #20]\n\t"
        /* A[0] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[3] */
        "LDR	r10, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [sp, #24]\n\t"
        /* A[0] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [sp, #28]\n\t"
        /* A[0] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [sp, #32]\n\t"
        /* A[0] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [sp, #36]\n\t"
        /* A[0] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [sp, #40]\n\t"
        /* A[0] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [sp, #44]\n\t"
        /* A[1] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[2] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [%[r], #48]\n\t"
        /* A[2] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[3] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [%[r], #52]\n\t"
        /* A[3] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[4] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [%[r], #56]\n\t"
        /* A[4] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[5] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [%[r], #60]\n\t"
        /* A[5] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[6] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [%[r], #64]\n\t"
        /* A[6] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[7] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [%[r], #68]\n\t"
        /* A[7] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r2, [%[r], #72]\n\t"
        /* A[8] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        /* A[9] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "STR	r3, [%[r], #76]\n\t"
        /* A[9] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #80]\n\t"
        /* A[10] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r2, [%[r], #84]\n\t"
        /* A[11] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "UMLAL	r3, r4, r10, r10\n\t"
        "STR	r3, [%[r], #88]\n\t"
        "STR	r4, [%[r], #92]\n\t"
        "LDM	sp!, {r2, r3, r4, r8}\n\t"
        "STM	%[r]!, {r2, r3, r4, r8}\n\t"
        "LDM	sp!, {r2, r3, r4, r8}\n\t"
        "STM	%[r]!, {r2, r3, r4, r8}\n\t"
        "LDM	sp!, {r2, r3, r4, r8}\n\t"
        "STM	%[r]!, {r2, r3, r4, r8}\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r3, #0x0\n\t"
        "ADD	r12, %[a], #0x30\n\t"
        "\n"
    "L_sp_384_add_12_word:\n\t"
        "ADDS	r3, r3, #0xffffffff\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r3, r4, #0x0\n\t"
        "CMP	%[a], r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_384_add_12_word\n\t"
#else
        "BNE.N	L_sp_384_add_12_word\n\t"
#endif
        "MOV	%[r], r3\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADDS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "MOV	%[r], #0x0\n\t"
        "ADC	%[r], %[r], #0x0\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
/* Multiply a number by Montgomery normalizer mod modulus (prime).
 *
 * r  The resulting Montgomery form number.
 * a  The number to convert.
 * m  The modulus (prime).
 * returns MEMORY_E when memory allocation fails and MP_OKAY otherwise.
 */
static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    int64_t* t = NULL;
#else
    int64_t t[12];
#endif
    int64_t o;
    int err = MP_OKAY;

    (void)m;

#ifdef WOLFSSL_SP_SMALL_STACK
    t = (int64_t*)XMALLOC(sizeof(int64_t) * 12, NULL, DYNAMIC_TYPE_ECC);
    if (t == NULL) {
        err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        /*  1  0  0  0  0  0  0  0  1  1  0 -1 */
        t[0] = 0 + (int64_t)a[0] + (int64_t)a[8] + (int64_t)a[9] - (int64_t)a[11];
        /* -1  1  0  0  0  0  0  0 -1  0  1  1 */
        t[1] = 0 - (int64_t)a[0] + (int64_t)a[1] - (int64_t)a[8] + (int64_t)a[10] + (int64_t)a[11];
        /*  0 -1  1  0  0  0  0  0  0 -1  0  1 */
        t[2] = 0 - (int64_t)a[1] + (int64_t)a[2] - (int64_t)a[9] + (int64_t)a[11];
        /*  1  0 -1  1  0  0  0  0  1  1 -1 -1 */
        t[3] = 0 + (int64_t)a[0] - (int64_t)a[2] + (int64_t)a[3] + (int64_t)a[8] + (int64_t)a[9] - (int64_t)a[10] - (int64_t)a[11];
        /*  1  1  0 -1  1  0  0  0  1  2  1 -2 */
        t[4] = 0 + (int64_t)a[0] + (int64_t)a[1] - (int64_t)a[3] + (int64_t)a[4] + (int64_t)a[8] + 2 * (int64_t)a[9] + (int64_t)a[10] -  2 * (int64_t)a[11];
        /*  0  1  1  0 -1  1  0  0  0  1  2  1 */
        t[5] = 0 + (int64_t)a[1] + (int64_t)a[2] - (int64_t)a[4] + (int64_t)a[5] + (int64_t)a[9] + 2 * (int64_t)a[10] + (int64_t)a[11];
        /*  0  0  1  1  0 -1  1  0  0  0  1  2 */
        t[6] = 0 + (int64_t)a[2] + (int64_t)a[3] - (int64_t)a[5] + (int64_t)a[6] + (int64_t)a[10] + 2 * (int64_t)a[11];
        /*  0  0  0  1  1  0 -1  1  0  0  0  1 */
        t[7] = 0 + (int64_t)a[3] + (int64_t)a[4] - (int64_t)a[6] + (int64_t)a[7] + (int64_t)a[11];
        /*  0  0  0  0  1  1  0 -1  1  0  0  0 */
        t[8] = 0 + (int64_t)a[4] + (int64_t)a[5] - (int64_t)a[7] + (int64_t)a[8];
        /*  0  0  0  0  0  1  1  0 -1  1  0  0 */
        t[9] = 0 + (int64_t)a[5] + (int64_t)a[6] - (int64_t)a[8] + (int64_t)a[9];
        /*  0  0  0  0  0  0  1  1  0 -1  1  0 */
        t[10] = 0 + (int64_t)a[6] + (int64_t)a[7] - (int64_t)a[9] + (int64_t)a[10];
        /*  0  0  0  0  0  0  0  1  1  0 -1  1 */
        t[11] = 0 + (int64_t)a[7] + (int64_t)a[8] - (int64_t)a[10] + (int64_t)a[11];

        t[1] += t[0] >> 32; t[0] &= 0xffffffff;
        t[2] += t[1] >> 32; t[1] &= 0xffffffff;
        t[3] += t[2] >> 32; t[2] &= 0xffffffff;
        t[4] += t[3] >> 32; t[3] &= 0xffffffff;
        t[5] += t[4] >> 32; t[4] &= 0xffffffff;
        t[6] += t[5] >> 32; t[5] &= 0xffffffff;
        t[7] += t[6] >> 32; t[6] &= 0xffffffff;
        t[8] += t[7] >> 32; t[7] &= 0xffffffff;
        t[9] += t[8] >> 32; t[8] &= 0xffffffff;
        t[10] += t[9] >> 32; t[9] &= 0xffffffff;
        t[11] += t[10] >> 32; t[10] &= 0xffffffff;
        o     = t[11] >> 32; t[11] &= 0xffffffff;
        t[0] += o;
        t[1] -= o;
        t[3] += o;
        t[4] += o;
        t[1] += t[0] >> 32; t[0] &= 0xffffffff;
        t[2] += t[1] >> 32; t[1] &= 0xffffffff;
        t[3] += t[2] >> 32; t[2] &= 0xffffffff;
        t[4] += t[3] >> 32; t[3] &= 0xffffffff;
        t[5] += t[4] >> 32; t[4] &= 0xffffffff;
        t[6] += t[5] >> 32; t[5] &= 0xffffffff;
        t[7] += t[6] >> 32; t[6] &= 0xffffffff;
        t[8] += t[7] >> 32; t[7] &= 0xffffffff;
        t[9] += t[8] >> 32; t[8] &= 0xffffffff;
        t[10] += t[9] >> 32; t[9] &= 0xffffffff;
        t[11] += t[10] >> 32; t[10] &= 0xffffffff;

        r[0] = t[0];
        r[1] = t[1];
        r[2] = t[2];
        r[3] = t[3];
        r[4] = t[4];
        r[5] = t[5];
        r[6] = t[6];
        r[7] = t[7];
        r[8] = t[8];
        r[9] = t[9];
        r[10] = t[10];
        r[11] = t[11];
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Convert an mp_int to an array of sp_digit.
 *
 * r  A single precision integer.
 * size  Maximum number of bytes to convert
 * a  A multi-precision integer.
 */
static void sp_384_from_mp(sp_digit* r, int size, const mp_int* a)
{
#if DIGIT_BIT == 32
    int i;
    sp_digit j = (sp_digit)0 - (sp_digit)a->used;
    int o = 0;

    for (i = 0; i < size; i++) {
        sp_digit mask = (sp_digit)0 - (j >> 31);
        r[i] = a->dp[o] & mask;
        j++;
        o += (int)(j >> 31);
    }
#elif DIGIT_BIT > 32
    unsigned int i;
    int j = 0;
    word32 s = 0;

    r[0] = 0;
    for (i = 0; i < (unsigned int)a->used && j < size; i++) {
        r[j] |= ((sp_digit)a->dp[i] << s);
        r[j] &= 0xffffffff;
        s = 32U - s;
        if (j + 1 >= size) {
            break;
        }
        /* lint allow cast of mismatch word32 and mp_digit */
        r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
        while ((s + 32U) <= (word32)DIGIT_BIT) {
            s += 32U;
            r[j] &= 0xffffffff;
            if (j + 1 >= size) {
                break;
            }
            if (s < (word32)DIGIT_BIT) {
                /* lint allow cast of mismatch word32 and mp_digit */
                r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
            }
            else {
                r[++j] = (sp_digit)0;
            }
        }
        s = (word32)DIGIT_BIT - s;
    }

    for (j++; j < size; j++) {
        r[j] = 0;
    }
#else
    unsigned int i;
    int j = 0;
    int s = 0;

    r[0] = 0;
    for (i = 0; i < (unsigned int)a->used && j < size; i++) {
        r[j] |= ((sp_digit)a->dp[i]) << s;
        if (s + DIGIT_BIT >= 32) {
            r[j] &= 0xffffffff;
            if (j + 1 >= size) {
                break;
            }
            s = 32 - s;
            if (s == DIGIT_BIT) {
                r[++j] = 0;
                s = 0;
            }
            else {
                r[++j] = a->dp[i] >> s;
                s = DIGIT_BIT - s;
            }
        }
        else {
            s += DIGIT_BIT;
        }
    }

    for (j++; j < size; j++) {
        r[j] = 0;
    }
#endif
}

/* Convert a point of type ecc_point to type sp_point_384.
 *
 * p   Point of type sp_point_384 (result).
 * pm  Point of type ecc_point.
 */
static void sp_384_point_from_ecc_point_12(sp_point_384* p,
        const ecc_point* pm)
{
    XMEMSET(p->x, 0, sizeof(p->x));
    XMEMSET(p->y, 0, sizeof(p->y));
    XMEMSET(p->z, 0, sizeof(p->z));
    sp_384_from_mp(p->x, 12, pm->x);
    sp_384_from_mp(p->y, 12, pm->y);
    sp_384_from_mp(p->z, 12, pm->z);
    p->infinity = 0;
}

/* Convert an array of sp_digit to an mp_int.
 *
 * a  A single precision integer.
 * r  A multi-precision integer.
 */
static int sp_384_to_mp(const sp_digit* a, mp_int* r)
{
    int err;

    err = mp_grow(r, (384 + DIGIT_BIT - 1) / DIGIT_BIT);
    if (err == MP_OKAY) { /*lint !e774 case where err is always MP_OKAY*/
#if DIGIT_BIT == 32
        XMEMCPY(r->dp, a, sizeof(sp_digit) * 12);
        r->used = 12;
        mp_clamp(r);
#elif DIGIT_BIT < 32
        int i;
        int j = 0;
        int s = 0;

        r->dp[0] = 0;
        for (i = 0; i < 12; i++) {
            r->dp[j] |= (mp_digit)(a[i] << s);
            r->dp[j] &= ((sp_digit)1 << DIGIT_BIT) - 1;
            s = DIGIT_BIT - s;
            r->dp[++j] = (mp_digit)(a[i] >> s);
            while (s + DIGIT_BIT <= 32) {
                s += DIGIT_BIT;
                r->dp[j++] &= ((sp_digit)1 << DIGIT_BIT) - 1;
                if (s == SP_WORD_SIZE) {
                    r->dp[j] = 0;
                }
                else {
                    r->dp[j] = (mp_digit)(a[i] >> s);
                }
            }
            s = 32 - s;
        }
        r->used = (384 + DIGIT_BIT - 1) / DIGIT_BIT;
        mp_clamp(r);
#else
        int i;
        int j = 0;
        int s = 0;

        r->dp[0] = 0;
        for (i = 0; i < 12; i++) {
            r->dp[j] |= ((mp_digit)a[i]) << s;
            if (s + 32 >= DIGIT_BIT) {
    #if DIGIT_BIT != 32 && DIGIT_BIT != 64
                r->dp[j] &= ((sp_digit)1 << DIGIT_BIT) - 1;
    #endif
                s = DIGIT_BIT - s;
                r->dp[++j] = a[i] >> s;
                s = 32 - s;
            }
            else {
                s += 32;
            }
        }
        r->used = (384 + DIGIT_BIT - 1) / DIGIT_BIT;
        mp_clamp(r);
#endif
    }

    return err;
}

/* Convert a point of type sp_point_384 to type ecc_point.
 *
 * p   Point of type sp_point_384.
 * pm  Point of type ecc_point (result).
 * returns MEMORY_E when allocation of memory in ecc_point fails otherwise
 * MP_OKAY.
 */
static int sp_384_point_to_ecc_point_12(const sp_point_384* p, ecc_point* pm)
{
    int err;

    err = sp_384_to_mp(p->x, pm->x);
    if (err == MP_OKAY) {
        err = sp_384_to_mp(p->y, pm->y);
    }
    if (err == MP_OKAY) {
        err = sp_384_to_mp(p->z, pm->z);
    }

    return err;
}

#ifdef WOLFSSL_SP_SMALL
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r8, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "\n"
    "L_sp_384_cond_sub_12_words:\n\t"
        "SUBS	r4, r8, r4\n\t"
        "LDR	r6, [%[a], r5]\n\t"
        "LDR	r7, [%[b], r5]\n\t"
        "AND	r7, r7, %[m]\n\t"
        "SBCS	r6, r6, r7\n\t"
        "SBC	r4, r8, r8\n\t"
        "STR	r6, [%[r], r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x30\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_384_cond_sub_12_words\n\t"
#else
        "BLT.N	L_sp_384_cond_sub_12_words\n\t"
#endif
        "MOV	%[r], r4\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r5, #0x0\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SUBS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "SBC	%[r], r5, r5\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#define sp_384_mont_reduce_order_12   sp_384_mont_reduce_12

#ifdef WOLFSSL_SP_NO_UMAAL
/* Reduce the number back to 384 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	lr, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r11, #0x0\n\t"
        "MOV	r3, #0x0\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[a], #4]\n\t"
        "\n"
    "L_sp_384_mont_reduce_12_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	r10, %[mp], r4\n\t"
        /* a[i+0] += m[0] * mu */
        "MOV	r7, #0x0\n\t"
        "UMLAL	r4, r7, r10, lr\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r9, [%[m], #4]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r5, r6, r10, r9\n\t"
        "MOV	r4, r5\n\t"
        "ADDS	r4, r4, r7\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r9, [%[m], #8]\n\t"
        "LDR	r5, [%[a], #8]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r5, r7, r10, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r9, [%[m], #12]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #12]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r9, [%[m], #16]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #16]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r9, [%[m], #20]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #20]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r9, [%[m], #24]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #24]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r9, [%[m], #28]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #28]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+8] += m[8] * mu */
        "LDR	r9, [%[m], #32]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #32]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+9] += m[9] * mu */
        "LDR	r9, [%[m], #36]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #36]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+10] += m[10] * mu */
        "LDR	r9, [%[m], #40]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #40]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+11] += m[11] * mu */
        "LDR	r9, [%[m], #44]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "UMULL	r8, r9, r10, r9\n\t"
        "ADDS	r7, r7, r8\n\t"
        "ADCS	r6, r9, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, r3\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #48]\n\t"
        "ADCS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #48]\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* i += 1 */
        "ADD	r11, r11, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r11, #0x30\n\t"
#ifdef __GNUC__
        "BLT	L_sp_384_mont_reduce_12_word\n\t"
#else
        "BLT.W	L_sp_384_mont_reduce_12_word\n\t"
#endif
        /* Loop Done */
        "STR	r4, [%[a]]\n\t"
        "STR	r5, [%[a], #4]\n\t"
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp);
}

#else
/* Reduce the number back to 384 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* i = 0 */
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "LDR	r6, [%[a]]\n\t"
        "LDR	r7, [%[a], #4]\n\t"
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[a], #12]\n\t"
        "LDR	r10, [%[a], #16]\n\t"
        "\n"
    "L_sp_384_mont_reduce_12_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	lr, %[mp], r6\n\t"
        /* a[i+0] += m[0] * mu */
        "LDR	r12, [%[m]]\n\t"
        "MOV	r3, #0x0\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r12, [%[m], #4]\n\t"
        "MOV	r6, r7\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r12, [%[m], #8]\n\t"
        "MOV	r7, r8\n\t"
        "UMAAL	r7, r3, lr, r12\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r12, [%[m], #12]\n\t"
        "MOV	r8, r9\n\t"
        "UMAAL	r8, r3, lr, r12\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r12, [%[m], #16]\n\t"
        "MOV	r9, r10\n\t"
        "UMAAL	r9, r3, lr, r12\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r12, [%[m], #20]\n\t"
        "LDR	r10, [%[a], #20]\n\t"
        "UMAAL	r10, r3, lr, r12\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r12, [%[m], #24]\n\t"
        "LDR	r11, [%[a], #24]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #24]\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r12, [%[m], #28]\n\t"
        "LDR	r11, [%[a], #28]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #28]\n\t"
        /* a[i+8] += m[8] * mu */
        "LDR	r12, [%[m], #32]\n\t"
        "LDR	r11, [%[a], #32]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #32]\n\t"
        /* a[i+9] += m[9] * mu */
        "LDR	r12, [%[m], #36]\n\t"
        "LDR	r11, [%[a], #36]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #36]\n\t"
        /* a[i+10] += m[10] * mu */
        "LDR	r12, [%[m], #40]\n\t"
        "LDR	r11, [%[a], #40]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #40]\n\t"
        /* a[i+11] += m[11] * mu */
        "LDR	r12, [%[m], #44]\n\t"
        "LDR	r11, [%[a], #44]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "LDR	lr, [%[a], #48]\n\t"
        "MOV	r12, #0x0\n\t"
        "UMAAL	r3, lr, r12, r12\n\t"
        "STR	r11, [%[a], #44]\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADC	r5, lr, #0x0\n\t"
        "STR	r3, [%[a], #48]\n\t"
        /* i += 1 */
        "ADD	r4, r4, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r4, #0x30\n\t"
#ifdef __GNUC__
        "BLT	L_sp_384_mont_reduce_12_word\n\t"
#else
        "BLT.W	L_sp_384_mont_reduce_12_word\n\t"
#endif
        /* Loop Done */
        "STR	r6, [%[a]]\n\t"
        "STR	r7, [%[a], #4]\n\t"
        "STR	r8, [%[a], #8]\n\t"
        "STR	r9, [%[a], #12]\n\t"
        "STR	r10, [%[a], #16]\n\t"
        "MOV	%[mp], r5\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp);
}

#endif
/* Multiply two Montgomery form numbers mod the modulus (prime).
 * (r = a * b mod m)
 *
 * r   Result of multiplication.
 * a   First number to multiply in Montgomery form.
 * b   Second number to multiply in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_384_mont_mul_12(sp_digit* r, const sp_digit* a,
        const sp_digit* b, const sp_digit* m, sp_digit mp)
{
    sp_384_mul_12(r, a, b);
    sp_384_mont_reduce_12(r, m, mp);
}

/* Square the Montgomery form number. (r = a * a mod m)
 *
 * r   Result of squaring.
 * a   Number to square in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_384_mont_sqr_12(sp_digit* r, const sp_digit* a,
        const sp_digit* m, sp_digit mp)
{
    sp_384_sqr_12(r, a);
    sp_384_mont_reduce_12(r, m, mp);
}

#if !defined(WOLFSSL_SP_SMALL) || defined(HAVE_COMP_KEY)
/* Square the Montgomery form number a number of times. (r = a ^ n mod m)
 *
 * r   Result of squaring.
 * a   Number to square in Montgomery form.
 * n   Number of times to square.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r,
    const sp_digit* a, int n, const sp_digit* m, sp_digit mp)
{
    sp_384_mont_sqr_12(r, a, m, mp);
    for (; n > 1; n--) {
        sp_384_mont_sqr_12(r, r, m, mp);
    }
}

#endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
#ifdef WOLFSSL_SP_SMALL
/* Mod-2 for the P384 curve. */
static const uint32_t p384_mod_minus_2[12] = {
    0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU,
    0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
};
#endif /* !WOLFSSL_SP_SMALL */

/* Invert the number, in Montgomery form, modulo the modulus (prime) of the
 * P384 curve. (r = 1 / a mod m)
 *
 * r   Inverse result.
 * a   Number to invert.
 * td  Temporary data.
 */
static void sp_384_mont_inv_12(sp_digit* r, const sp_digit* a, sp_digit* td)
{
#ifdef WOLFSSL_SP_SMALL
    sp_digit* t = td;
    int i;

    XMEMCPY(t, a, sizeof(sp_digit) * 12);
    for (i=382; i>=0; i--) {
        sp_384_mont_sqr_12(t, t, p384_mod, p384_mp_mod);
        if (p384_mod_minus_2[i / 32] & ((sp_digit)1 << (i % 32)))
            sp_384_mont_mul_12(t, t, a, p384_mod, p384_mp_mod);
    }
    XMEMCPY(r, t, sizeof(sp_digit) * 12);
#else
    sp_digit* t1 = td;
    sp_digit* t2 = td + 2 * 12;
    sp_digit* t3 = td + 4 * 12;
    sp_digit* t4 = td + 6 * 12;
    sp_digit* t5 = td + 8 * 12;

    /* 0x2 */
    sp_384_mont_sqr_12(t1, a, p384_mod, p384_mp_mod);
    /* 0x3 */
    sp_384_mont_mul_12(t5, t1, a, p384_mod, p384_mp_mod);
    /* 0xc */
    sp_384_mont_sqr_n_12(t1, t5, 2, p384_mod, p384_mp_mod);
    /* 0xf */
    sp_384_mont_mul_12(t2, t5, t1, p384_mod, p384_mp_mod);
    /* 0x1e */
    sp_384_mont_sqr_12(t1, t2, p384_mod, p384_mp_mod);
    /* 0x1f */
    sp_384_mont_mul_12(t4, t1, a, p384_mod, p384_mp_mod);
    /* 0x3e0 */
    sp_384_mont_sqr_n_12(t1, t4, 5, p384_mod, p384_mp_mod);
    /* 0x3ff */
    sp_384_mont_mul_12(t2, t4, t1, p384_mod, p384_mp_mod);
    /* 0x7fe0 */
    sp_384_mont_sqr_n_12(t1, t2, 5, p384_mod, p384_mp_mod);
    /* 0x7fff */
    sp_384_mont_mul_12(t4, t4, t1, p384_mod, p384_mp_mod);
    /* 0x3fff8000 */
    sp_384_mont_sqr_n_12(t1, t4, 15, p384_mod, p384_mp_mod);
    /* 0x3fffffff */
    sp_384_mont_mul_12(t2, t4, t1, p384_mod, p384_mp_mod);
    /* 0xfffffffc */
    sp_384_mont_sqr_n_12(t3, t2, 2, p384_mod, p384_mp_mod);
    /* 0xfffffffd */
    sp_384_mont_mul_12(r, t3, a, p384_mod, p384_mp_mod);
    /* 0xffffffff */
    sp_384_mont_mul_12(t3, t5, t3, p384_mod, p384_mp_mod);
    /* 0xfffffffc0000000 */
    sp_384_mont_sqr_n_12(t1, t2, 30, p384_mod, p384_mp_mod);
    /* 0xfffffffffffffff */
    sp_384_mont_mul_12(t2, t2, t1, p384_mod, p384_mp_mod);
    /* 0xfffffffffffffff000000000000000 */
    sp_384_mont_sqr_n_12(t1, t2, 60, p384_mod, p384_mp_mod);
    /* 0xffffffffffffffffffffffffffffff */
    sp_384_mont_mul_12(t2, t2, t1, p384_mod, p384_mp_mod);
    /* 0xffffffffffffffffffffffffffffff000000000000000000000000000000 */
    sp_384_mont_sqr_n_12(t1, t2, 120, p384_mod, p384_mp_mod);
    /* 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff */
    sp_384_mont_mul_12(t2, t2, t1, p384_mod, p384_mp_mod);
    /* 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff8000 */
    sp_384_mont_sqr_n_12(t1, t2, 15, p384_mod, p384_mp_mod);
    /* 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff */
    sp_384_mont_mul_12(t2, t4, t1, p384_mod, p384_mp_mod);
    /* 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe00000000 */
    sp_384_mont_sqr_n_12(t1, t2, 33, p384_mod, p384_mp_mod);
    /* 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff */
    sp_384_mont_mul_12(t2, t3, t1, p384_mod, p384_mp_mod);
    /* 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff000000000000000000000000 */
    sp_384_mont_sqr_n_12(t1, t2, 96, p384_mod, p384_mp_mod);
    /* 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffd */
    sp_384_mont_mul_12(r, r, t1, p384_mod, p384_mp_mod);

#endif /* WOLFSSL_SP_SMALL */
}

/* Compare a with b in constant time.
 *
 * a  A single precision integer.
 * b  A single precision integer.
 * return -ve, 0 or +ve if a is less than, equal to or greater than b
 * respectively.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_int32 sp_384_cmp_12(const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register const sp_digit* a __asm__ ("r0") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r2, #0xffffffff\n\t"
        "MOV	r8, #0x1\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r3, #0xffffffff\n\t"
#ifdef WOLFSSL_SP_SMALL
        "MOV	r6, #0x2c\n\t"
        "\n"
    "L_sp_384_cmp_12_words:\n\t"
        "LDR	r4, [%[a], r6]\n\t"
        "LDR	r5, [%[b], r6]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "SUBS	r6, r6, #0x4\n\t"
        "bcs	L_sp_384_cmp_12_words\n\t"
        "EOR	r2, r2, r3\n\t"
#else
        "LDR	r4, [%[a], #44]\n\t"
        "LDR	r5, [%[b], #44]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #40]\n\t"
        "LDR	r5, [%[b], #40]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #36]\n\t"
        "LDR	r5, [%[b], #36]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #32]\n\t"
        "LDR	r5, [%[b], #32]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #28]\n\t"
        "LDR	r5, [%[b], #28]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #24]\n\t"
        "LDR	r5, [%[b], #24]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #20]\n\t"
        "LDR	r5, [%[b], #20]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #16]\n\t"
        "LDR	r5, [%[b], #16]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #12]\n\t"
        "LDR	r5, [%[b], #12]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #8]\n\t"
        "LDR	r5, [%[b], #8]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #4]\n\t"
        "LDR	r5, [%[b], #4]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[b]]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "EOR	r2, r2, r3\n\t"
#endif /*WOLFSSL_SP_SMALL */
        "MOV	%[a], r2\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Normalize the values in each word to 32.
 *
 * a  Array of sp_digit to normalize.
 */
#define sp_384_norm_12(a)

/* Map the Montgomery form projective coordinate point to an affine point.
 *
 * r  Resulting affine coordinate point.
 * p  Montgomery form projective coordinate point.
 * t  Temporary ordinate data.
 */
static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
    sp_digit* t)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t + 2*12;
    sp_int32 n;

    sp_384_mont_inv_12(t1, p->z, t + 2*12);

    sp_384_mont_sqr_12(t2, t1, p384_mod, p384_mp_mod);
    sp_384_mont_mul_12(t1, t2, t1, p384_mod, p384_mp_mod);

    /* x /= z^2 */
    sp_384_mont_mul_12(r->x, p->x, t2, p384_mod, p384_mp_mod);
    XMEMSET(r->x + 12, 0, sizeof(sp_digit) * 12U);
    sp_384_mont_reduce_12(r->x, p384_mod, p384_mp_mod);
    /* Reduce x to less than modulus */
    n = sp_384_cmp_12(r->x, p384_mod);
    sp_384_cond_sub_12(r->x, r->x, p384_mod, ~(n >> 31));
    sp_384_norm_12(r->x);

    /* y /= z^3 */
    sp_384_mont_mul_12(r->y, p->y, t1, p384_mod, p384_mp_mod);
    XMEMSET(r->y + 12, 0, sizeof(sp_digit) * 12U);
    sp_384_mont_reduce_12(r->y, p384_mod, p384_mp_mod);
    /* Reduce y to less than modulus */
    n = sp_384_cmp_12(r->y, p384_mod);
    sp_384_cond_sub_12(r->y, r->y, p384_mod, ~(n >> 31));
    sp_384_norm_12(r->y);

    XMEMSET(r->z, 0, sizeof(r->z) / 2);
    r->z[0] = 1;
}

/* Add two Montgomery form numbers (r = a + b % m).
 *
 * r   Result of addition.
 * a   First number to add in Montgomery form.
 * b   Second number to add in Montgomery form.
 * m   Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_384_mont_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register const sp_digit* m __asm__ ("r3") = (const sp_digit*)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    sp_digit o;

    o = sp_384_add_12(r, a, b);
    sp_384_cond_sub_12(r, r, m, 0 - o);
}

/* Double a Montgomery form number (r = a + a % m).
 *
 * r   Result of doubling.
 * a   Number to double in Montgomery form.
 * m   Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_384_mont_dbl_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_384_mont_dbl_12(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r2") = (const sp_digit*)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    sp_digit o;

    o = sp_384_add_12(r, a, a);
    sp_384_cond_sub_12(r, r, m, 0 - o);
}

/* Triple a Montgomery form number (r = a + a + a % m).
 *
 * r   Result of Tripling.
 * a   Number to triple in Montgomery form.
 * m   Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_384_mont_tpl_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_384_mont_tpl_12(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r2") = (const sp_digit*)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    sp_digit o;

    o = sp_384_add_12(r, a, a);
    sp_384_cond_sub_12(r, r, m, 0 - o);
    o = sp_384_add_12(r, r, a);
    sp_384_cond_sub_12(r, r, m, 0 - o);
}

#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r11, #0x0\n\t"
        "ADD	r12, %[a], #0x30\n\t"
        "\n"
    "L_sp_384_sub_12_word:\n\t"
        "RSBS	r11, r11, #0x0\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	r11, r3, r3\n\t"
        "CMP	%[a], r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_384_sub_12_word\n\t"
#else
        "BNE.N	L_sp_384_sub_12_word\n\t"
#endif
        "MOV	%[r], r11\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SUBS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	%[r], r6, r6\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Conditionally add a and b using the mask m.
 * m is -1 to add and 0 when not.
 *
 * r  A single precision number representing conditional add result.
 * a  A single precision number to add with.
 * b  A single precision number to add.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r5, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "\n"
    "L_sp_384_cond_add_12_words:\n\t"
        "ADDS	r5, r5, #0xffffffff\n\t"
        "LDR	r6, [%[a], r4]\n\t"
        "LDR	r7, [%[b], r4]\n\t"
        "AND	r7, r7, %[m]\n\t"
        "ADCS	r6, r6, r7\n\t"
        "ADC	r5, r8, r8\n\t"
        "STR	r6, [%[r], r4]\n\t"
        "ADD	r4, r4, #0x4\n\t"
        "CMP	r4, #0x30\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_384_cond_add_12_words\n\t"
#else
        "BLT.N	L_sp_384_cond_add_12_words\n\t"
#endif
        "MOV	%[r], r5\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Conditionally add a and b using the mask m.
 * m is -1 to add and 0 when not.
 *
 * r  A single precision number representing conditional add result.
 * a  A single precision number to add with.
 * b  A single precision number to add.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r10, #0x0\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADDS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "ADC	%[r], r10, r10\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
/* Subtract two Montgomery form numbers (r = a - b % m).
 *
 * r   Result of subtration.
 * a   Number to subtract from in Montgomery form.
 * b   Number to subtract with in Montgomery form.
 * m   Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_384_mont_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register const sp_digit* m __asm__ ("r3") = (const sp_digit*)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    sp_digit o;

    o = sp_384_sub_12(r, a, b);
    sp_384_cond_add_12(r, r, m, o);
}

#ifdef WOLFSSL_SP_SMALL
#else
#endif /* WOLFSSL_SP_SMALL */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_384_rshift1_12(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_384_rshift1_12(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r2, r3}\n\t"
        "LSR	r2, r2, #1\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #8]\n\t"
        "STR	r2, [%[r]]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #12]\n\t"
        "STR	r3, [%[r], #4]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #16]\n\t"
        "STR	r4, [%[r], #8]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #20]\n\t"
        "STR	r2, [%[r], #12]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #24]\n\t"
        "STR	r3, [%[r], #16]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #28]\n\t"
        "STR	r4, [%[r], #20]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #32]\n\t"
        "STR	r2, [%[r], #24]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #36]\n\t"
        "STR	r3, [%[r], #28]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #40]\n\t"
        "STR	r4, [%[r], #32]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #44]\n\t"
        "STR	r2, [%[r], #36]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "STR	r3, [%[r], #40]\n\t"
        "STR	r4, [%[r], #44]\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r2", "r3", "r4", "cc"
    );
}

/* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m)
 *
 * r  Result of division by 2.
 * a  Number to divide.
 * m  Modulus (prime).
 */
static void sp_384_mont_div2_12(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    sp_digit o;

    o = sp_384_cond_add_12(r, a, m, 0 - (a[0] & 1));
    sp_384_rshift1_12(r, r);
    r[11] |= o << 31;
}

/* Double the Montgomery form projective point p.
 *
 * r  Result of doubling point.
 * p  Point to double.
 * t  Temporary ordinate data.
 */
static void sp_384_proj_point_dbl_12(sp_point_384* r, const sp_point_384* p,
    sp_digit* t)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t + 2*12;
    sp_digit* x;
    sp_digit* y;
    sp_digit* z;

    x = r->x;
    y = r->y;
    z = r->z;
    /* Put infinity into result. */
    if (r != p) {
        r->infinity = p->infinity;
    }

    /* T1 = Z * Z */
    sp_384_mont_sqr_12(t1, p->z, p384_mod, p384_mp_mod);
    /* Z = Y * Z */
    sp_384_mont_mul_12(z, p->y, p->z, p384_mod, p384_mp_mod);
    /* Z = 2Z */
    sp_384_mont_dbl_12(z, z, p384_mod);
    /* T2 = X - T1 */
    sp_384_mont_sub_12(t2, p->x, t1, p384_mod);
    /* T1 = X + T1 */
    sp_384_mont_add_12(t1, p->x, t1, p384_mod);
    /* T2 = T1 * T2 */
    sp_384_mont_mul_12(t2, t1, t2, p384_mod, p384_mp_mod);
    /* T1 = 3T2 */
    sp_384_mont_tpl_12(t1, t2, p384_mod);
    /* Y = 2Y */
    sp_384_mont_dbl_12(y, p->y, p384_mod);
    /* Y = Y * Y */
    sp_384_mont_sqr_12(y, y, p384_mod, p384_mp_mod);
    /* T2 = Y * Y */
    sp_384_mont_sqr_12(t2, y, p384_mod, p384_mp_mod);
    /* T2 = T2/2 */
    sp_384_mont_div2_12(t2, t2, p384_mod);
    /* Y = Y * X */
    sp_384_mont_mul_12(y, y, p->x, p384_mod, p384_mp_mod);
    /* X = T1 * T1 */
    sp_384_mont_sqr_12(x, t1, p384_mod, p384_mp_mod);
    /* X = X - Y */
    sp_384_mont_sub_12(x, x, y, p384_mod);
    /* X = X - Y */
    sp_384_mont_sub_12(x, x, y, p384_mod);
    /* Y = Y - X */
    sp_384_mont_sub_12(y, y, x, p384_mod);
    /* Y = Y * T1 */
    sp_384_mont_mul_12(y, y, t1, p384_mod, p384_mp_mod);
    /* Y = Y - T2 */
    sp_384_mont_sub_12(y, y, t2, p384_mod);
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_384_proj_point_dbl_12_ctx {
    int state;
    sp_digit* t1;
    sp_digit* t2;
    sp_digit* x;
    sp_digit* y;
    sp_digit* z;
} sp_384_proj_point_dbl_12_ctx;

/* Double the Montgomery form projective point p.
 *
 * r  Result of doubling point.
 * p  Point to double.
 * t  Temporary ordinate data.
 */
static int sp_384_proj_point_dbl_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
        const sp_point_384* p, sp_digit* t)
{
    int err = FP_WOULDBLOCK;
    sp_384_proj_point_dbl_12_ctx* ctx = (sp_384_proj_point_dbl_12_ctx*)sp_ctx->data;

    typedef char ctx_size_test[sizeof(sp_384_proj_point_dbl_12_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0:
        ctx->t1 = t;
        ctx->t2 = t + 2*12;
        ctx->x = r->x;
        ctx->y = r->y;
        ctx->z = r->z;

        /* Put infinity into result. */
        if (r != p) {
            r->infinity = p->infinity;
        }
        ctx->state = 1;
        break;
    case 1:
        /* T1 = Z * Z */
        sp_384_mont_sqr_12(ctx->t1, p->z, p384_mod, p384_mp_mod);
        ctx->state = 2;
        break;
    case 2:
        /* Z = Y * Z */
        sp_384_mont_mul_12(ctx->z, p->y, p->z, p384_mod, p384_mp_mod);
        ctx->state = 3;
        break;
    case 3:
        /* Z = 2Z */
        sp_384_mont_dbl_12(ctx->z, ctx->z, p384_mod);
        ctx->state = 4;
        break;
    case 4:
        /* T2 = X - T1 */
        sp_384_mont_sub_12(ctx->t2, p->x, ctx->t1, p384_mod);
        ctx->state = 5;
        break;
    case 5:
        /* T1 = X + T1 */
        sp_384_mont_add_12(ctx->t1, p->x, ctx->t1, p384_mod);
        ctx->state = 6;
        break;
    case 6:
        /* T2 = T1 * T2 */
        sp_384_mont_mul_12(ctx->t2, ctx->t1, ctx->t2, p384_mod, p384_mp_mod);
        ctx->state = 7;
        break;
    case 7:
        /* T1 = 3T2 */
        sp_384_mont_tpl_12(ctx->t1, ctx->t2, p384_mod);
        ctx->state = 8;
        break;
    case 8:
        /* Y = 2Y */
        sp_384_mont_dbl_12(ctx->y, p->y, p384_mod);
        ctx->state = 9;
        break;
    case 9:
        /* Y = Y * Y */
        sp_384_mont_sqr_12(ctx->y, ctx->y, p384_mod, p384_mp_mod);
        ctx->state = 10;
        break;
    case 10:
        /* T2 = Y * Y */
        sp_384_mont_sqr_12(ctx->t2, ctx->y, p384_mod, p384_mp_mod);
        ctx->state = 11;
        break;
    case 11:
        /* T2 = T2/2 */
        sp_384_mont_div2_12(ctx->t2, ctx->t2, p384_mod);
        ctx->state = 12;
        break;
    case 12:
        /* Y = Y * X */
        sp_384_mont_mul_12(ctx->y, ctx->y, p->x, p384_mod, p384_mp_mod);
        ctx->state = 13;
        break;
    case 13:
        /* X = T1 * T1 */
        sp_384_mont_sqr_12(ctx->x, ctx->t1, p384_mod, p384_mp_mod);
        ctx->state = 14;
        break;
    case 14:
        /* X = X - Y */
        sp_384_mont_sub_12(ctx->x, ctx->x, ctx->y, p384_mod);
        ctx->state = 15;
        break;
    case 15:
        /* X = X - Y */
        sp_384_mont_sub_12(ctx->x, ctx->x, ctx->y, p384_mod);
        ctx->state = 16;
        break;
    case 16:
        /* Y = Y - X */
        sp_384_mont_sub_12(ctx->y, ctx->y, ctx->x, p384_mod);
        ctx->state = 17;
        break;
    case 17:
        /* Y = Y * T1 */
        sp_384_mont_mul_12(ctx->y, ctx->y, ctx->t1, p384_mod, p384_mp_mod);
        ctx->state = 18;
        break;
    case 18:
        /* Y = Y - T2 */
        sp_384_mont_sub_12(ctx->y, ctx->y, ctx->t2, p384_mod);
        ctx->state = 19;
        /* fall-through */
    case 19:
        err = MP_OKAY;
        break;
    }

    if (err == MP_OKAY && ctx->state != 19) {
        err = FP_WOULDBLOCK;
    }

    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */
/* Compare two numbers to determine if they are equal.
 * Constant time implementation.
 *
 * a  First number to compare.
 * b  Second number to compare.
 * returns 1 when equal and 0 otherwise.
 */
static int sp_384_cmp_equal_12(const sp_digit* a, const sp_digit* b)
{
    return ((a[0] ^ b[0]) | (a[1] ^ b[1]) | (a[2] ^ b[2]) |
            (a[3] ^ b[3]) | (a[4] ^ b[4]) | (a[5] ^ b[5]) |
            (a[6] ^ b[6]) | (a[7] ^ b[7]) | (a[8] ^ b[8]) |
            (a[9] ^ b[9]) | (a[10] ^ b[10]) | (a[11] ^ b[11])) == 0;
}

/* Returns 1 if the number of zero.
 * Implementation is constant time.
 *
 * a  Number to check.
 * returns 1 if the number is zero and 0 otherwise.
 */
static int sp_384_iszero_12(const sp_digit* a)
{
    return (a[0] | a[1] | a[2] | a[3] | a[4] | a[5] | a[6] | a[7] |
            a[8] | a[9] | a[10] | a[11]) == 0;
}


/* Add two Montgomery form projective points.
 *
 * r  Result of addition.
 * p  First point to add.
 * q  Second point to add.
 * t  Temporary ordinate data.
 */
static void sp_384_proj_point_add_12(sp_point_384* r,
        const sp_point_384* p, const sp_point_384* q, sp_digit* t)
{
    sp_digit* t6 = t;
    sp_digit* t1 = t + 2*12;
    sp_digit* t2 = t + 4*12;
    sp_digit* t3 = t + 6*12;
    sp_digit* t4 = t + 8*12;
    sp_digit* t5 = t + 10*12;

    /* U1 = X1*Z2^2 */
    sp_384_mont_sqr_12(t1, q->z, p384_mod, p384_mp_mod);
    sp_384_mont_mul_12(t3, t1, q->z, p384_mod, p384_mp_mod);
    sp_384_mont_mul_12(t1, t1, p->x, p384_mod, p384_mp_mod);
    /* U2 = X2*Z1^2 */
    sp_384_mont_sqr_12(t2, p->z, p384_mod, p384_mp_mod);
    sp_384_mont_mul_12(t4, t2, p->z, p384_mod, p384_mp_mod);
    sp_384_mont_mul_12(t2, t2, q->x, p384_mod, p384_mp_mod);
    /* S1 = Y1*Z2^3 */
    sp_384_mont_mul_12(t3, t3, p->y, p384_mod, p384_mp_mod);
    /* S2 = Y2*Z1^3 */
    sp_384_mont_mul_12(t4, t4, q->y, p384_mod, p384_mp_mod);

    /* Check double */
    if ((~p->infinity) & (~q->infinity) &
            sp_384_cmp_equal_12(t2, t1) &
            sp_384_cmp_equal_12(t4, t3)) {
        sp_384_proj_point_dbl_12(r, p, t);
    }
    else {
        sp_digit* x = t6;
        sp_digit* y = t1;
        sp_digit* z = t2;

        /* H = U2 - U1 */
        sp_384_mont_sub_12(t2, t2, t1, p384_mod);
        /* R = S2 - S1 */
        sp_384_mont_sub_12(t4, t4, t3, p384_mod);
        /* X3 = R^2 - H^3 - 2*U1*H^2 */
        sp_384_mont_sqr_12(t5, t2, p384_mod, p384_mp_mod);
        sp_384_mont_mul_12(y, t1, t5, p384_mod, p384_mp_mod);
        sp_384_mont_mul_12(t5, t5, t2, p384_mod, p384_mp_mod);
        /* Z3 = H*Z1*Z2 */
        sp_384_mont_mul_12(z, p->z, t2, p384_mod, p384_mp_mod);
        sp_384_mont_mul_12(z, z, q->z, p384_mod, p384_mp_mod);
        sp_384_mont_sqr_12(x, t4, p384_mod, p384_mp_mod);
        sp_384_mont_sub_12(x, x, t5, p384_mod);
        sp_384_mont_mul_12(t5, t5, t3, p384_mod, p384_mp_mod);
        sp_384_mont_dbl_12(t3, y, p384_mod);
        sp_384_mont_sub_12(x, x, t3, p384_mod);
        /* Y3 = R*(U1*H^2 - X3) - S1*H^3 */
        sp_384_mont_sub_12(y, y, x, p384_mod);
        sp_384_mont_mul_12(y, y, t4, p384_mod, p384_mp_mod);
        sp_384_mont_sub_12(y, y, t5, p384_mod);
        {
            int i;
            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
            sp_digit maskt = ~(maskp | maskq);
            sp_digit inf = (sp_digit)(p->infinity & q->infinity);

            for (i = 0; i < 12; i++) {
                r->x[i] = (p->x[i] & maskp) | (q->x[i] & maskq) |
                          (x[i] & maskt);
            }
            for (i = 0; i < 12; i++) {
                r->y[i] = (p->y[i] & maskp) | (q->y[i] & maskq) |
                          (y[i] & maskt);
            }
            for (i = 0; i < 12; i++) {
                r->z[i] = (p->z[i] & maskp) | (q->z[i] & maskq) |
                          (z[i] & maskt);
            }
            r->z[0] |= inf;
            r->infinity = (word32)inf;
        }
    }
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_384_proj_point_add_12_ctx {
    int state;
    sp_384_proj_point_dbl_12_ctx dbl_ctx;
    const sp_point_384* ap[2];
    sp_point_384* rp[2];
    sp_digit* t1;
    sp_digit* t2;
    sp_digit* t3;
    sp_digit* t4;
    sp_digit* t5;
    sp_digit* t6;
    sp_digit* x;
    sp_digit* y;
    sp_digit* z;
} sp_384_proj_point_add_12_ctx;

/* Add two Montgomery form projective points.
 *
 * r  Result of addition.
 * p  First point to add.
 * q  Second point to add.
 * t  Temporary ordinate data.
 */
static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
    const sp_point_384* p, const sp_point_384* q, sp_digit* t)
{
    int err = FP_WOULDBLOCK;
    sp_384_proj_point_add_12_ctx* ctx = (sp_384_proj_point_add_12_ctx*)sp_ctx->data;

    /* Ensure only the first point is the same as the result. */
    if (q == r) {
        const sp_point_384* a = p;
        p = q;
        q = a;
    }

    typedef char ctx_size_test[sizeof(sp_384_proj_point_add_12_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0: /* INIT */
        ctx->t6 = t;
        ctx->t1 = t + 2*12;
        ctx->t2 = t + 4*12;
        ctx->t3 = t + 6*12;
        ctx->t4 = t + 8*12;
        ctx->t5 = t + 10*12;
        ctx->x = ctx->t6;
        ctx->y = ctx->t1;
        ctx->z = ctx->t2;

        ctx->state = 1;
        break;
    case 1:
        /* U1 = X1*Z2^2 */
        sp_384_mont_sqr_12(ctx->t1, q->z, p384_mod, p384_mp_mod);
        ctx->state = 2;
        break;
    case 2:
        sp_384_mont_mul_12(ctx->t3, ctx->t1, q->z, p384_mod, p384_mp_mod);
        ctx->state = 3;
        break;
    case 3:
        sp_384_mont_mul_12(ctx->t1, ctx->t1, p->x, p384_mod, p384_mp_mod);
        ctx->state = 4;
        break;
    case 4:
        /* U2 = X2*Z1^2 */
        sp_384_mont_sqr_12(ctx->t2, p->z, p384_mod, p384_mp_mod);
        ctx->state = 5;
        break;
    case 5:
        sp_384_mont_mul_12(ctx->t4, ctx->t2, p->z, p384_mod, p384_mp_mod);
        ctx->state = 6;
        break;
    case 6:
        sp_384_mont_mul_12(ctx->t2, ctx->t2, q->x, p384_mod, p384_mp_mod);
        ctx->state = 7;
        break;
    case 7:
        /* S1 = Y1*Z2^3 */
        sp_384_mont_mul_12(ctx->t3, ctx->t3, p->y, p384_mod, p384_mp_mod);
        ctx->state = 8;
        break;
    case 8:
        /* S2 = Y2*Z1^3 */
        sp_384_mont_mul_12(ctx->t4, ctx->t4, q->y, p384_mod, p384_mp_mod);
        ctx->state = 9;
        break;
    case 9:
        /* Check double */
        if ((~p->infinity) & (~q->infinity) &
                sp_384_cmp_equal_12(ctx->t2, ctx->t1) &
                sp_384_cmp_equal_12(ctx->t4, ctx->t3)) {
            XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
            sp_384_proj_point_dbl_12(r, p, t);
            ctx->state = 25;
        }
        else {
            ctx->state = 10;
        }
        break;
    case 10:
        /* H = U2 - U1 */
        sp_384_mont_sub_12(ctx->t2, ctx->t2, ctx->t1, p384_mod);
        ctx->state = 11;
        break;
    case 11:
        /* R = S2 - S1 */
        sp_384_mont_sub_12(ctx->t4, ctx->t4, ctx->t3, p384_mod);
        ctx->state = 12;
        break;
    case 12:
        /* X3 = R^2 - H^3 - 2*U1*H^2 */
        sp_384_mont_sqr_12(ctx->t5, ctx->t2, p384_mod, p384_mp_mod);
        ctx->state = 13;
        break;
    case 13:
        sp_384_mont_mul_12(ctx->y, ctx->t1, ctx->t5, p384_mod, p384_mp_mod);
        ctx->state = 14;
        break;
    case 14:
        sp_384_mont_mul_12(ctx->t5, ctx->t5, ctx->t2, p384_mod, p384_mp_mod);
        ctx->state = 15;
        break;
    case 15:
        /* Z3 = H*Z1*Z2 */
        sp_384_mont_mul_12(ctx->z, p->z, ctx->t2, p384_mod, p384_mp_mod);
        ctx->state = 16;
        break;
    case 16:
        sp_384_mont_mul_12(ctx->z, ctx->z, q->z, p384_mod, p384_mp_mod);
        ctx->state = 17;
        break;
    case 17:
        sp_384_mont_sqr_12(ctx->x, ctx->t4, p384_mod, p384_mp_mod);
        ctx->state = 18;
        break;
    case 18:
        sp_384_mont_sub_12(ctx->x, ctx->x, ctx->t5, p384_mod);
        ctx->state = 19;
        break;
    case 19:
        sp_384_mont_mul_12(ctx->t5, ctx->t5, ctx->t3, p384_mod, p384_mp_mod);
        ctx->state = 20;
        break;
    case 20:
        sp_384_mont_dbl_12(ctx->t3, ctx->y, p384_mod);
        sp_384_mont_sub_12(ctx->x, ctx->x, ctx->t3, p384_mod);
        ctx->state = 21;
        break;
    case 21:
        /* Y3 = R*(U1*H^2 - X3) - S1*H^3 */
        sp_384_mont_sub_12(ctx->y, ctx->y, ctx->x, p384_mod);
        ctx->state = 22;
        break;
    case 22:
        sp_384_mont_mul_12(ctx->y, ctx->y, ctx->t4, p384_mod, p384_mp_mod);
        ctx->state = 23;
        break;
    case 23:
        sp_384_mont_sub_12(ctx->y, ctx->y, ctx->t5, p384_mod);
        ctx->state = 24;
        break;
    case 24:
    {
        {
            int i;
            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
            sp_digit maskt = ~(maskp | maskq);
            sp_digit inf = (sp_digit)(p->infinity & q->infinity);

            for (i = 0; i < 12; i++) {
                r->x[i] = (p->x[i] & maskp) | (q->x[i] & maskq) |
                          (ctx->x[i] & maskt);
            }
            for (i = 0; i < 12; i++) {
                r->y[i] = (p->y[i] & maskp) | (q->y[i] & maskq) |
                          (ctx->y[i] & maskt);
            }
            for (i = 0; i < 12; i++) {
                r->z[i] = (p->z[i] & maskp) | (q->z[i] & maskq) |
                          (ctx->z[i] & maskt);
            }
            r->z[0] |= inf;
            r->infinity = (word32)inf;
        }
        ctx->state = 25;
        break;
    }
    case 25:
        err = MP_OKAY;
        break;
    }

    if (err == MP_OKAY && ctx->state != 25) {
        err = FP_WOULDBLOCK;
    }
    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */

#ifndef WC_NO_CACHE_RESISTANT
/* Touch each possible point that could be being copied.
 *
 * r      Point to copy into.
 * table  Table - start of the entries to access
 * idx    Index of entry to retrieve.
 */
static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table,
    int idx)
{
    int i;
    sp_digit mask;

    r->x[0] = 0;
    r->x[1] = 0;
    r->x[2] = 0;
    r->x[3] = 0;
    r->x[4] = 0;
    r->x[5] = 0;
    r->x[6] = 0;
    r->x[7] = 0;
    r->x[8] = 0;
    r->x[9] = 0;
    r->x[10] = 0;
    r->x[11] = 0;
    r->y[0] = 0;
    r->y[1] = 0;
    r->y[2] = 0;
    r->y[3] = 0;
    r->y[4] = 0;
    r->y[5] = 0;
    r->y[6] = 0;
    r->y[7] = 0;
    r->y[8] = 0;
    r->y[9] = 0;
    r->y[10] = 0;
    r->y[11] = 0;
    r->z[0] = 0;
    r->z[1] = 0;
    r->z[2] = 0;
    r->z[3] = 0;
    r->z[4] = 0;
    r->z[5] = 0;
    r->z[6] = 0;
    r->z[7] = 0;
    r->z[8] = 0;
    r->z[9] = 0;
    r->z[10] = 0;
    r->z[11] = 0;
    for (i = 1; i < 16; i++) {
        mask = 0 - (i == idx);
        r->x[0] |= mask & table[i].x[0];
        r->x[1] |= mask & table[i].x[1];
        r->x[2] |= mask & table[i].x[2];
        r->x[3] |= mask & table[i].x[3];
        r->x[4] |= mask & table[i].x[4];
        r->x[5] |= mask & table[i].x[5];
        r->x[6] |= mask & table[i].x[6];
        r->x[7] |= mask & table[i].x[7];
        r->x[8] |= mask & table[i].x[8];
        r->x[9] |= mask & table[i].x[9];
        r->x[10] |= mask & table[i].x[10];
        r->x[11] |= mask & table[i].x[11];
        r->y[0] |= mask & table[i].y[0];
        r->y[1] |= mask & table[i].y[1];
        r->y[2] |= mask & table[i].y[2];
        r->y[3] |= mask & table[i].y[3];
        r->y[4] |= mask & table[i].y[4];
        r->y[5] |= mask & table[i].y[5];
        r->y[6] |= mask & table[i].y[6];
        r->y[7] |= mask & table[i].y[7];
        r->y[8] |= mask & table[i].y[8];
        r->y[9] |= mask & table[i].y[9];
        r->y[10] |= mask & table[i].y[10];
        r->y[11] |= mask & table[i].y[11];
        r->z[0] |= mask & table[i].z[0];
        r->z[1] |= mask & table[i].z[1];
        r->z[2] |= mask & table[i].z[2];
        r->z[3] |= mask & table[i].z[3];
        r->z[4] |= mask & table[i].z[4];
        r->z[5] |= mask & table[i].z[5];
        r->z[6] |= mask & table[i].z[6];
        r->z[7] |= mask & table[i].z[7];
        r->z[8] |= mask & table[i].z[8];
        r->z[9] |= mask & table[i].z[9];
        r->z[10] |= mask & table[i].z[10];
        r->z[11] |= mask & table[i].z[11];
    }
}
#endif /* !WC_NO_CACHE_RESISTANT */
/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Fast implementation that generates a pre-computation table.
 * 4 bits of window (no sliding!).
 * Uses add and double for calculating table.
 * 384 doubles.
 * 108 adds.
 *
 * r     Resulting point.
 * g     Point to multiply.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, const sp_digit* k,
        int map, int ct, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_384* t = NULL;
    sp_digit* tmp = NULL;
#else
    sp_point_384 t[16 + 1];
    sp_digit tmp[2 * 12 * 6];
#endif
    sp_point_384* rt = NULL;
#ifndef WC_NO_CACHE_RESISTANT
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_384* p = NULL;
#else
    sp_point_384 p[1];
#endif
#endif /* !WC_NO_CACHE_RESISTANT */
    sp_digit n;
    int i;
    int c;
    int y;
    int err = MP_OKAY;

    /* Constant time used for cache attack resistance implementation. */
    (void)ct;
    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * (16 + 1),
        heap, DYNAMIC_TYPE_ECC);
    if (t == NULL)
        err = MEMORY_E;
    #ifndef WC_NO_CACHE_RESISTANT
    if (err == MP_OKAY) {
        p = (sp_point_384*)XMALLOC(sizeof(sp_point_384),
            heap, DYNAMIC_TYPE_ECC);
        if (p == NULL)
            err = MEMORY_E;
    }
    #endif
    if (err == MP_OKAY) {
        tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
                                DYNAMIC_TYPE_ECC);
        if (tmp == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        rt = t + 16;

        /* t[0] = {0, 0, 1} * norm */
        XMEMSET(&t[0], 0, sizeof(t[0]));
        t[0].infinity = 1;
        /* t[1] = {g->x, g->y, g->z} * norm */
        (void)sp_384_mod_mul_norm_12(t[1].x, g->x, p384_mod);
        (void)sp_384_mod_mul_norm_12(t[1].y, g->y, p384_mod);
        (void)sp_384_mod_mul_norm_12(t[1].z, g->z, p384_mod);
        t[1].infinity = 0;
        sp_384_proj_point_dbl_12(&t[ 2], &t[ 1], tmp);
        t[ 2].infinity = 0;
        sp_384_proj_point_add_12(&t[ 3], &t[ 2], &t[ 1], tmp);
        t[ 3].infinity = 0;
        sp_384_proj_point_dbl_12(&t[ 4], &t[ 2], tmp);
        t[ 4].infinity = 0;
        sp_384_proj_point_add_12(&t[ 5], &t[ 3], &t[ 2], tmp);
        t[ 5].infinity = 0;
        sp_384_proj_point_dbl_12(&t[ 6], &t[ 3], tmp);
        t[ 6].infinity = 0;
        sp_384_proj_point_add_12(&t[ 7], &t[ 4], &t[ 3], tmp);
        t[ 7].infinity = 0;
        sp_384_proj_point_dbl_12(&t[ 8], &t[ 4], tmp);
        t[ 8].infinity = 0;
        sp_384_proj_point_add_12(&t[ 9], &t[ 5], &t[ 4], tmp);
        t[ 9].infinity = 0;
        sp_384_proj_point_dbl_12(&t[10], &t[ 5], tmp);
        t[10].infinity = 0;
        sp_384_proj_point_add_12(&t[11], &t[ 6], &t[ 5], tmp);
        t[11].infinity = 0;
        sp_384_proj_point_dbl_12(&t[12], &t[ 6], tmp);
        t[12].infinity = 0;
        sp_384_proj_point_add_12(&t[13], &t[ 7], &t[ 6], tmp);
        t[13].infinity = 0;
        sp_384_proj_point_dbl_12(&t[14], &t[ 7], tmp);
        t[14].infinity = 0;
        sp_384_proj_point_add_12(&t[15], &t[ 8], &t[ 7], tmp);
        t[15].infinity = 0;

        i = 10;
        n = k[i+1] << 0;
        c = 28;
        y = (int)(n >> 28);
    #ifndef WC_NO_CACHE_RESISTANT
        if (ct) {
            sp_384_get_point_16_12(rt, t, y);
            rt->infinity = !y;
        }
        else
    #endif
        {
            XMEMCPY(rt, &t[y], sizeof(sp_point_384));
        }
        n <<= 4;
        for (; i>=0 || c>=4; ) {
            if (c < 4) {
                n |= k[i--];
                c += 32;
            }
            y = (n >> 28) & 0xf;
            n <<= 4;
            c -= 4;

            sp_384_proj_point_dbl_12(rt, rt, tmp);
            sp_384_proj_point_dbl_12(rt, rt, tmp);
            sp_384_proj_point_dbl_12(rt, rt, tmp);
            sp_384_proj_point_dbl_12(rt, rt, tmp);

    #ifndef WC_NO_CACHE_RESISTANT
            if (ct) {
                sp_384_get_point_16_12(p, t, y);
                p->infinity = !y;
                sp_384_proj_point_add_12(rt, rt, p, tmp);
            }
            else
    #endif
            {
                sp_384_proj_point_add_12(rt, rt, &t[y], tmp);
            }
        }

        if (map != 0) {
            sp_384_map_12(r, rt, tmp);
        }
        else {
            XMEMCPY(r, rt, sizeof(sp_point_384));
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (tmp != NULL)
#endif
    {
        ForceZero(tmp, sizeof(sp_digit) * 2 * 12 * 6);
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
    #endif
    }
#ifndef WC_NO_CACHE_RESISTANT
    #ifdef WOLFSSL_SP_SMALL_STACK
    if (p != NULL)
    #endif
        {
            ForceZero(p, sizeof(sp_point_384));
        #ifdef WOLFSSL_SP_SMALL_STACK
            XFREE(p, heap, DYNAMIC_TYPE_ECC);
        #endif
        }
#endif /* !WC_NO_CACHE_RESISTANT */
#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
#endif
    {
        ForceZero(t, sizeof(sp_point_384) * 17);
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
    #endif
    }

    return err;
}

#ifdef FP_ECC
/* Double the Montgomery form projective point p a number of times.
 *
 * r  Result of repeated doubling of point.
 * p  Point to double.
 * n  Number of times to double
 * t  Temporary ordinate data.
 */
static void sp_384_proj_point_dbl_n_12(sp_point_384* p, int i,
    sp_digit* t)
{
    sp_digit* w = t;
    sp_digit* a = t + 2*12;
    sp_digit* b = t + 4*12;
    sp_digit* t1 = t + 6*12;
    sp_digit* t2 = t + 8*12;
    sp_digit* x;
    sp_digit* y;
    sp_digit* z;
    volatile int n = i;

    x = p->x;
    y = p->y;
    z = p->z;

    /* Y = 2*Y */
    sp_384_mont_dbl_12(y, y, p384_mod);
    /* W = Z^4 */
    sp_384_mont_sqr_12(w, z, p384_mod, p384_mp_mod);
    sp_384_mont_sqr_12(w, w, p384_mod, p384_mp_mod);
#ifndef WOLFSSL_SP_SMALL
    while (--n > 0)
#else
    while (--n >= 0)
#endif
    {
        /* A = 3*(X^2 - W) */
        sp_384_mont_sqr_12(t1, x, p384_mod, p384_mp_mod);
        sp_384_mont_sub_12(t1, t1, w, p384_mod);
        sp_384_mont_tpl_12(a, t1, p384_mod);
        /* B = X*Y^2 */
        sp_384_mont_sqr_12(t1, y, p384_mod, p384_mp_mod);
        sp_384_mont_mul_12(b, t1, x, p384_mod, p384_mp_mod);
        /* X = A^2 - 2B */
        sp_384_mont_sqr_12(x, a, p384_mod, p384_mp_mod);
        sp_384_mont_dbl_12(t2, b, p384_mod);
        sp_384_mont_sub_12(x, x, t2, p384_mod);
        /* B = 2.(B - X) */
        sp_384_mont_sub_12(t2, b, x, p384_mod);
        sp_384_mont_dbl_12(b, t2, p384_mod);
        /* Z = Z*Y */
        sp_384_mont_mul_12(z, z, y, p384_mod, p384_mp_mod);
        /* t1 = Y^4 */
        sp_384_mont_sqr_12(t1, t1, p384_mod, p384_mp_mod);
#ifdef WOLFSSL_SP_SMALL
        if (n != 0)
#endif
        {
            /* W = W*Y^4 */
            sp_384_mont_mul_12(w, w, t1, p384_mod, p384_mp_mod);
        }
        /* y = 2*A*(B - X) - Y^4 */
        sp_384_mont_mul_12(y, b, a, p384_mod, p384_mp_mod);
        sp_384_mont_sub_12(y, y, t1, p384_mod);
    }
#ifndef WOLFSSL_SP_SMALL
    /* A = 3*(X^2 - W) */
    sp_384_mont_sqr_12(t1, x, p384_mod, p384_mp_mod);
    sp_384_mont_sub_12(t1, t1, w, p384_mod);
    sp_384_mont_tpl_12(a, t1, p384_mod);
    /* B = X*Y^2 */
    sp_384_mont_sqr_12(t1, y, p384_mod, p384_mp_mod);
    sp_384_mont_mul_12(b, t1, x, p384_mod, p384_mp_mod);
    /* X = A^2 - 2B */
    sp_384_mont_sqr_12(x, a, p384_mod, p384_mp_mod);
    sp_384_mont_dbl_12(t2, b, p384_mod);
    sp_384_mont_sub_12(x, x, t2, p384_mod);
    /* B = 2.(B - X) */
    sp_384_mont_sub_12(t2, b, x, p384_mod);
    sp_384_mont_dbl_12(b, t2, p384_mod);
    /* Z = Z*Y */
    sp_384_mont_mul_12(z, z, y, p384_mod, p384_mp_mod);
    /* t1 = Y^4 */
    sp_384_mont_sqr_12(t1, t1, p384_mod, p384_mp_mod);
    /* y = 2*A*(B - X) - Y^4 */
    sp_384_mont_mul_12(y, b, a, p384_mod, p384_mp_mod);
    sp_384_mont_sub_12(y, y, t1, p384_mod);
#endif /* WOLFSSL_SP_SMALL */
    /* Y = Y/2 */
    sp_384_mont_div2_12(y, y, p384_mod);
}

/* Convert the projective point to affine.
 * Ordinates are in Montgomery form.
 *
 * a  Point to convert.
 * t  Temporary data.
 */
static void sp_384_proj_to_affine_12(sp_point_384* a, sp_digit* t)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t + 2 * 12;
    sp_digit* tmp = t + 4 * 12;

    sp_384_mont_inv_12(t1, a->z, tmp);

    sp_384_mont_sqr_12(t2, t1, p384_mod, p384_mp_mod);
    sp_384_mont_mul_12(t1, t2, t1, p384_mod, p384_mp_mod);

    sp_384_mont_mul_12(a->x, a->x, t2, p384_mod, p384_mp_mod);
    sp_384_mont_mul_12(a->y, a->y, t1, p384_mod, p384_mp_mod);
    XMEMCPY(a->z, p384_norm_mod, sizeof(p384_norm_mod));
}

#endif /* FP_ECC */
/* A table entry for pre-computed points. */
typedef struct sp_table_entry_384 {
    sp_digit x[12];
    sp_digit y[12];
} sp_table_entry_384;

#ifdef FP_ECC
#endif /* FP_ECC */
/* Add two Montgomery form projective points. The second point has a q value of
 * one.
 * Only the first point can be the same pointer as the result point.
 *
 * r  Result of addition.
 * p  First point to add.
 * q  Second point to add.
 * t  Temporary ordinate data.
 */
static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
    const sp_point_384* p, const sp_point_384* q, sp_digit* t)
{
    sp_digit* t2 = t;
    sp_digit* t3 = t + 2*12;
    sp_digit* t6 = t + 4*12;
    sp_digit* t1 = t + 6*12;
    sp_digit* t4 = t + 8*12;
    sp_digit* t5 = t + 10*12;

    /* Calculate values to subtract from P->x and P->y. */
    /* U2 = X2*Z1^2 */
    sp_384_mont_sqr_12(t2, p->z, p384_mod, p384_mp_mod);
    sp_384_mont_mul_12(t4, t2, p->z, p384_mod, p384_mp_mod);
    sp_384_mont_mul_12(t2, t2, q->x, p384_mod, p384_mp_mod);
    /* S2 = Y2*Z1^3 */
    sp_384_mont_mul_12(t4, t4, q->y, p384_mod, p384_mp_mod);

    if ((~p->infinity) & (~q->infinity) &
            sp_384_cmp_equal_12(p->x, t2) &
            sp_384_cmp_equal_12(p->y, t4)) {
        sp_384_proj_point_dbl_12(r, p, t);
    }
    else {
        sp_digit* x = t2;
        sp_digit* y = t3;
        sp_digit* z = t6;

        /* H = U2 - X1 */
        sp_384_mont_sub_12(t2, t2, p->x, p384_mod);
        /* R = S2 - Y1 */
        sp_384_mont_sub_12(t4, t4, p->y, p384_mod);
        /* Z3 = H*Z1 */
        sp_384_mont_mul_12(z, p->z, t2, p384_mod, p384_mp_mod);
        /* X3 = R^2 - H^3 - 2*X1*H^2 */
        sp_384_mont_sqr_12(t1, t2, p384_mod, p384_mp_mod);
        sp_384_mont_mul_12(t3, p->x, t1, p384_mod, p384_mp_mod);
        sp_384_mont_mul_12(t1, t1, t2, p384_mod, p384_mp_mod);
        sp_384_mont_sqr_12(t2, t4, p384_mod, p384_mp_mod);
        sp_384_mont_sub_12(t2, t2, t1, p384_mod);
        sp_384_mont_dbl_12(t5, t3, p384_mod);
        sp_384_mont_sub_12(x, t2, t5, p384_mod);
        /* Y3 = R*(X1*H^2 - X3) - Y1*H^3 */
        sp_384_mont_sub_12(t3, t3, x, p384_mod);
        sp_384_mont_mul_12(t3, t3, t4, p384_mod, p384_mp_mod);
        sp_384_mont_mul_12(t1, t1, p->y, p384_mod, p384_mp_mod);
        sp_384_mont_sub_12(y, t3, t1, p384_mod);
        {
            int i;
            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
            sp_digit maskt = ~(maskp | maskq);
            sp_digit inf = (sp_digit)(p->infinity & q->infinity);

            for (i = 0; i < 12; i++) {
                r->x[i] = (p->x[i] & maskp) | (q->x[i] & maskq) |
                          (x[i] & maskt);
            }
            for (i = 0; i < 12; i++) {
                r->y[i] = (p->y[i] & maskp) | (q->y[i] & maskq) |
                          (y[i] & maskt);
            }
            for (i = 0; i < 12; i++) {
                r->z[i] = (p->z[i] & maskp) | (q->z[i] & maskq) |
                          (z[i] & maskt);
            }
            r->z[0] |= inf;
            r->infinity = (word32)inf;
        }
    }
}

#ifdef WOLFSSL_SP_SMALL
#ifdef FP_ECC
/* Generate the pre-computed table of points for the base point.
 *
 * width = 4
 * 16 entries
 * 96 bits between
 *
 * a      The base point.
 * table  Place to store generated point data.
 * tmp    Temporary data.
 * heap  Heap to use for allocation.
 */
static int sp_384_gen_stripe_table_12(const sp_point_384* a,
        sp_table_entry_384* table, sp_digit* tmp, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_384* t = NULL;
#else
    sp_point_384 t[3];
#endif
    sp_point_384* s1 = NULL;
    sp_point_384* s2 = NULL;
    int i;
    int j;
    int err = MP_OKAY;

    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap,
                                     DYNAMIC_TYPE_ECC);
    if (t == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {
        s1 = t + 1;
        s2 = t + 2;

        err = sp_384_mod_mul_norm_12(t->x, a->x, p384_mod);
    }
    if (err == MP_OKAY) {
        err = sp_384_mod_mul_norm_12(t->y, a->y, p384_mod);
    }
    if (err == MP_OKAY) {
        err = sp_384_mod_mul_norm_12(t->z, a->z, p384_mod);
    }
    if (err == MP_OKAY) {
        t->infinity = 0;
        sp_384_proj_to_affine_12(t, tmp);

        XMEMCPY(s1->z, p384_norm_mod, sizeof(p384_norm_mod));
        s1->infinity = 0;
        XMEMCPY(s2->z, p384_norm_mod, sizeof(p384_norm_mod));
        s2->infinity = 0;

        /* table[0] = {0, 0, infinity} */
        XMEMSET(&table[0], 0, sizeof(sp_table_entry_384));
        /* table[1] = Affine version of 'a' in Montgomery form */
        XMEMCPY(table[1].x, t->x, sizeof(table->x));
        XMEMCPY(table[1].y, t->y, sizeof(table->y));

        for (i=1; i<4; i++) {
            sp_384_proj_point_dbl_n_12(t, 96, tmp);
            sp_384_proj_to_affine_12(t, tmp);
            XMEMCPY(table[1<<i].x, t->x, sizeof(table->x));
            XMEMCPY(table[1<<i].y, t->y, sizeof(table->y));
        }

        for (i=1; i<4; i++) {
            XMEMCPY(s1->x, table[1<<i].x, sizeof(table->x));
            XMEMCPY(s1->y, table[1<<i].y, sizeof(table->y));
            for (j=(1<<i)+1; j<(1<<(i+1)); j++) {
                XMEMCPY(s2->x, table[j-(1<<i)].x, sizeof(table->x));
                XMEMCPY(s2->y, table[j-(1<<i)].y, sizeof(table->y));
                sp_384_proj_point_add_qz1_12(t, s1, s2, tmp);
                sp_384_proj_to_affine_12(t, tmp);
                XMEMCPY(table[j].x, t->x, sizeof(table->x));
                XMEMCPY(table[j].y, t->y, sizeof(table->y));
            }
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#endif /* FP_ECC */
#ifndef WC_NO_CACHE_RESISTANT
/* Touch each possible entry that could be being copied.
 *
 * r      Point to copy into.
 * table  Table - start of the entries to access
 * idx    Index of entry to retrieve.
 */
static void sp_384_get_entry_16_12(sp_point_384* r,
    const sp_table_entry_384* table, int idx)
{
    int i;
    sp_digit mask;

    r->x[0] = 0;
    r->x[1] = 0;
    r->x[2] = 0;
    r->x[3] = 0;
    r->x[4] = 0;
    r->x[5] = 0;
    r->x[6] = 0;
    r->x[7] = 0;
    r->x[8] = 0;
    r->x[9] = 0;
    r->x[10] = 0;
    r->x[11] = 0;
    r->y[0] = 0;
    r->y[1] = 0;
    r->y[2] = 0;
    r->y[3] = 0;
    r->y[4] = 0;
    r->y[5] = 0;
    r->y[6] = 0;
    r->y[7] = 0;
    r->y[8] = 0;
    r->y[9] = 0;
    r->y[10] = 0;
    r->y[11] = 0;
    for (i = 1; i < 16; i++) {
        mask = 0 - (i == idx);
        r->x[0] |= mask & table[i].x[0];
        r->x[1] |= mask & table[i].x[1];
        r->x[2] |= mask & table[i].x[2];
        r->x[3] |= mask & table[i].x[3];
        r->x[4] |= mask & table[i].x[4];
        r->x[5] |= mask & table[i].x[5];
        r->x[6] |= mask & table[i].x[6];
        r->x[7] |= mask & table[i].x[7];
        r->x[8] |= mask & table[i].x[8];
        r->x[9] |= mask & table[i].x[9];
        r->x[10] |= mask & table[i].x[10];
        r->x[11] |= mask & table[i].x[11];
        r->y[0] |= mask & table[i].y[0];
        r->y[1] |= mask & table[i].y[1];
        r->y[2] |= mask & table[i].y[2];
        r->y[3] |= mask & table[i].y[3];
        r->y[4] |= mask & table[i].y[4];
        r->y[5] |= mask & table[i].y[5];
        r->y[6] |= mask & table[i].y[6];
        r->y[7] |= mask & table[i].y[7];
        r->y[8] |= mask & table[i].y[8];
        r->y[9] |= mask & table[i].y[9];
        r->y[10] |= mask & table[i].y[10];
        r->y[11] |= mask & table[i].y[11];
    }
}
#endif /* !WC_NO_CACHE_RESISTANT */
/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Stripe implementation.
 * Pre-generated: 2^0, 2^96, ...
 * Pre-generated: products of all combinations of above.
 * 4 doubles and adds (with qz=1)
 *
 * r      Resulting point.
 * k      Scalar to multiply by.
 * table  Pre-computed table.
 * map    Indicates whether to convert result to affine.
 * ct     Constant time required.
 * heap   Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
        const sp_table_entry_384* table, const sp_digit* k, int map,
        int ct, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_384* rt = NULL;
    sp_digit* t = NULL;
#else
    sp_point_384 rt[2];
    sp_digit t[2 * 12 * 6];
#endif
    sp_point_384* p = NULL;
    int i;
    int j;
    int y;
    int x;
    int err = MP_OKAY;

    (void)g;
    /* Constant time used for cache attack resistance implementation. */
    (void)ct;
    (void)heap;


#ifdef WOLFSSL_SP_SMALL_STACK
    rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
                                      DYNAMIC_TYPE_ECC);
    if (rt == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
                               DYNAMIC_TYPE_ECC);
        if (t == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        p = rt + 1;

        XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod));
        XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod));

        y = 0;
        x = 95;
        for (j=0; j<4; j++) {
            y |= (int)(((k[x / 32] >> (x % 32)) & 1) << j);
            x += 96;
        }
    #ifndef WC_NO_CACHE_RESISTANT
        if (ct) {
            sp_384_get_entry_16_12(rt, table, y);
        } else
    #endif
        {
            XMEMCPY(rt->x, table[y].x, sizeof(table[y].x));
            XMEMCPY(rt->y, table[y].y, sizeof(table[y].y));
        }
        rt->infinity = !y;
        for (i=94; i>=0; i--) {
            y = 0;
            x = i;
            for (j=0; j<4; j++) {
                y |= (int)(((k[x / 32] >> (x % 32)) & 1) << j);
                x += 96;
            }

            sp_384_proj_point_dbl_12(rt, rt, t);
        #ifndef WC_NO_CACHE_RESISTANT
            if (ct) {
                sp_384_get_entry_16_12(p, table, y);
            }
            else
        #endif
            {
                XMEMCPY(p->x, table[y].x, sizeof(table[y].x));
                XMEMCPY(p->y, table[y].y, sizeof(table[y].y));
            }
            p->infinity = !y;
            sp_384_proj_point_add_qz1_12(rt, rt, p, t);
        }

        if (map != 0) {
            sp_384_map_12(r, rt, t);
        }
        else {
            XMEMCPY(r, rt, sizeof(sp_point_384));
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
    if (rt != NULL)
        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef FP_ECC
#ifndef FP_ENTRIES
    #define FP_ENTRIES 16
#endif

/* Cache entry - holds precomputation tables for a point. */
typedef struct sp_cache_384_t {
    /* X ordinate of point that table was generated from. */
    sp_digit x[12];
    /* Y ordinate of point that table was generated from. */
    sp_digit y[12];
    /* Precomputation table for point. */
    sp_table_entry_384 table[16];
    /* Count of entries in table. */
    uint32_t cnt;
    /* Point and table set in entry. */
    int set;
} sp_cache_384_t;

/* Cache of tables. */
static THREAD_LS_T sp_cache_384_t sp_cache_384[FP_ENTRIES];
/* Index of last entry in cache. */
static THREAD_LS_T int sp_cache_384_last = -1;
/* Cache has been initialized. */
static THREAD_LS_T int sp_cache_384_inited = 0;

#ifndef HAVE_THREAD_LS
    static volatile int initCacheMutex_384 = 0;
    static wolfSSL_Mutex sp_cache_384_lock;
#endif

/* Get the cache entry for the point.
 *
 * g      [in]   Point scalar multiplying.
 * cache  [out]  Cache table to use.
 */
static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
{
    int i;
    int j;
    uint32_t least;

    if (sp_cache_384_inited == 0) {
        for (i=0; i<FP_ENTRIES; i++) {
            sp_cache_384[i].set = 0;
        }
        sp_cache_384_inited = 1;
    }

    /* Compare point with those in cache. */
    for (i=0; i<FP_ENTRIES; i++) {
        if (!sp_cache_384[i].set)
            continue;

        if (sp_384_cmp_equal_12(g->x, sp_cache_384[i].x) &
                           sp_384_cmp_equal_12(g->y, sp_cache_384[i].y)) {
            sp_cache_384[i].cnt++;
            break;
        }
    }

    /* No match. */
    if (i == FP_ENTRIES) {
        /* Find empty entry. */
        i = (sp_cache_384_last + 1) % FP_ENTRIES;
        for (; i != sp_cache_384_last; i=(i+1)%FP_ENTRIES) {
            if (!sp_cache_384[i].set) {
                break;
            }
        }

        /* Evict least used. */
        if (i == sp_cache_384_last) {
            least = sp_cache_384[0].cnt;
            for (j=1; j<FP_ENTRIES; j++) {
                if (sp_cache_384[j].cnt < least) {
                    i = j;
                    least = sp_cache_384[i].cnt;
                }
            }
        }

        XMEMCPY(sp_cache_384[i].x, g->x, sizeof(sp_cache_384[i].x));
        XMEMCPY(sp_cache_384[i].y, g->y, sizeof(sp_cache_384[i].y));
        sp_cache_384[i].set = 1;
        sp_cache_384[i].cnt = 1;
    }

    *cache = &sp_cache_384[i];
    sp_cache_384_last = i;
}
#endif /* FP_ECC */

/* Multiply the base point of P384 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * r     Resulting point.
 * g     Point to multiply.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
        const sp_digit* k, int map, int ct, void* heap)
{
#ifndef FP_ECC
    return sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap);
#else
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp;
#else
    sp_digit tmp[2 * 12 * 7];
#endif
    sp_cache_384_t* cache;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 7, heap, DYNAMIC_TYPE_ECC);
    if (tmp == NULL) {
        err = MEMORY_E;
    }
#endif
#ifndef HAVE_THREAD_LS
    if (err == MP_OKAY) {
        if (initCacheMutex_384 == 0) {
            wc_InitMutex(&sp_cache_384_lock);
            initCacheMutex_384 = 1;
        }
        if (wc_LockMutex(&sp_cache_384_lock) != 0) {
            err = BAD_MUTEX_E;
        }
    }
#endif /* HAVE_THREAD_LS */

    if (err == MP_OKAY) {
        sp_ecc_get_cache_384(g, &cache);
        if (cache->cnt == 2)
            sp_384_gen_stripe_table_12(g, cache->table, tmp, heap);

#ifndef HAVE_THREAD_LS
        wc_UnLockMutex(&sp_cache_384_lock);
#endif /* HAVE_THREAD_LS */

        if (cache->cnt < 2) {
            err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap);
        }
        else {
            err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k,
                    map, ct, heap);
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
    return err;
#endif
}

#else
#ifdef FP_ECC
/* Generate the pre-computed table of points for the base point.
 *
 * width = 8
 * 256 entries
 * 48 bits between
 *
 * a      The base point.
 * table  Place to store generated point data.
 * tmp    Temporary data.
 * heap  Heap to use for allocation.
 */
static int sp_384_gen_stripe_table_12(const sp_point_384* a,
        sp_table_entry_384* table, sp_digit* tmp, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_384* t = NULL;
#else
    sp_point_384 t[3];
#endif
    sp_point_384* s1 = NULL;
    sp_point_384* s2 = NULL;
    int i;
    int j;
    int err = MP_OKAY;

    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap,
                                     DYNAMIC_TYPE_ECC);
    if (t == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {
        s1 = t + 1;
        s2 = t + 2;

        err = sp_384_mod_mul_norm_12(t->x, a->x, p384_mod);
    }
    if (err == MP_OKAY) {
        err = sp_384_mod_mul_norm_12(t->y, a->y, p384_mod);
    }
    if (err == MP_OKAY) {
        err = sp_384_mod_mul_norm_12(t->z, a->z, p384_mod);
    }
    if (err == MP_OKAY) {
        t->infinity = 0;
        sp_384_proj_to_affine_12(t, tmp);

        XMEMCPY(s1->z, p384_norm_mod, sizeof(p384_norm_mod));
        s1->infinity = 0;
        XMEMCPY(s2->z, p384_norm_mod, sizeof(p384_norm_mod));
        s2->infinity = 0;

        /* table[0] = {0, 0, infinity} */
        XMEMSET(&table[0], 0, sizeof(sp_table_entry_384));
        /* table[1] = Affine version of 'a' in Montgomery form */
        XMEMCPY(table[1].x, t->x, sizeof(table->x));
        XMEMCPY(table[1].y, t->y, sizeof(table->y));

        for (i=1; i<8; i++) {
            sp_384_proj_point_dbl_n_12(t, 48, tmp);
            sp_384_proj_to_affine_12(t, tmp);
            XMEMCPY(table[1<<i].x, t->x, sizeof(table->x));
            XMEMCPY(table[1<<i].y, t->y, sizeof(table->y));
        }

        for (i=1; i<8; i++) {
            XMEMCPY(s1->x, table[1<<i].x, sizeof(table->x));
            XMEMCPY(s1->y, table[1<<i].y, sizeof(table->y));
            for (j=(1<<i)+1; j<(1<<(i+1)); j++) {
                XMEMCPY(s2->x, table[j-(1<<i)].x, sizeof(table->x));
                XMEMCPY(s2->y, table[j-(1<<i)].y, sizeof(table->y));
                sp_384_proj_point_add_qz1_12(t, s1, s2, tmp);
                sp_384_proj_to_affine_12(t, tmp);
                XMEMCPY(table[j].x, t->x, sizeof(table->x));
                XMEMCPY(table[j].y, t->y, sizeof(table->y));
            }
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#endif /* FP_ECC */
#ifndef WC_NO_CACHE_RESISTANT
/* Touch each possible entry that could be being copied.
 *
 * r      Point to copy into.
 * table  Table - start of the entries to access
 * idx    Index of entry to retrieve.
 */
static void sp_384_get_entry_256_12(sp_point_384* r,
    const sp_table_entry_384* table, int idx)
{
    int i;
    sp_digit mask;

    r->x[0] = 0;
    r->x[1] = 0;
    r->x[2] = 0;
    r->x[3] = 0;
    r->x[4] = 0;
    r->x[5] = 0;
    r->x[6] = 0;
    r->x[7] = 0;
    r->x[8] = 0;
    r->x[9] = 0;
    r->x[10] = 0;
    r->x[11] = 0;
    r->y[0] = 0;
    r->y[1] = 0;
    r->y[2] = 0;
    r->y[3] = 0;
    r->y[4] = 0;
    r->y[5] = 0;
    r->y[6] = 0;
    r->y[7] = 0;
    r->y[8] = 0;
    r->y[9] = 0;
    r->y[10] = 0;
    r->y[11] = 0;
    for (i = 1; i < 256; i++) {
        mask = 0 - (i == idx);
        r->x[0] |= mask & table[i].x[0];
        r->x[1] |= mask & table[i].x[1];
        r->x[2] |= mask & table[i].x[2];
        r->x[3] |= mask & table[i].x[3];
        r->x[4] |= mask & table[i].x[4];
        r->x[5] |= mask & table[i].x[5];
        r->x[6] |= mask & table[i].x[6];
        r->x[7] |= mask & table[i].x[7];
        r->x[8] |= mask & table[i].x[8];
        r->x[9] |= mask & table[i].x[9];
        r->x[10] |= mask & table[i].x[10];
        r->x[11] |= mask & table[i].x[11];
        r->y[0] |= mask & table[i].y[0];
        r->y[1] |= mask & table[i].y[1];
        r->y[2] |= mask & table[i].y[2];
        r->y[3] |= mask & table[i].y[3];
        r->y[4] |= mask & table[i].y[4];
        r->y[5] |= mask & table[i].y[5];
        r->y[6] |= mask & table[i].y[6];
        r->y[7] |= mask & table[i].y[7];
        r->y[8] |= mask & table[i].y[8];
        r->y[9] |= mask & table[i].y[9];
        r->y[10] |= mask & table[i].y[10];
        r->y[11] |= mask & table[i].y[11];
    }
}
#endif /* !WC_NO_CACHE_RESISTANT */
/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Stripe implementation.
 * Pre-generated: 2^0, 2^48, ...
 * Pre-generated: products of all combinations of above.
 * 8 doubles and adds (with qz=1)
 *
 * r      Resulting point.
 * k      Scalar to multiply by.
 * table  Pre-computed table.
 * map    Indicates whether to convert result to affine.
 * ct     Constant time required.
 * heap   Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
        const sp_table_entry_384* table, const sp_digit* k, int map,
        int ct, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_384* rt = NULL;
    sp_digit* t = NULL;
#else
    sp_point_384 rt[2];
    sp_digit t[2 * 12 * 6];
#endif
    sp_point_384* p = NULL;
    int i;
    int j;
    int y;
    int x;
    int err = MP_OKAY;

    (void)g;
    /* Constant time used for cache attack resistance implementation. */
    (void)ct;
    (void)heap;


#ifdef WOLFSSL_SP_SMALL_STACK
    rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
                                      DYNAMIC_TYPE_ECC);
    if (rt == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
                               DYNAMIC_TYPE_ECC);
        if (t == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        p = rt + 1;

        XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod));
        XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod));

        y = 0;
        x = 47;
        for (j=0; j<8; j++) {
            y |= (int)(((k[x / 32] >> (x % 32)) & 1) << j);
            x += 48;
        }
    #ifndef WC_NO_CACHE_RESISTANT
        if (ct) {
            sp_384_get_entry_256_12(rt, table, y);
        } else
    #endif
        {
            XMEMCPY(rt->x, table[y].x, sizeof(table[y].x));
            XMEMCPY(rt->y, table[y].y, sizeof(table[y].y));
        }
        rt->infinity = !y;
        for (i=46; i>=0; i--) {
            y = 0;
            x = i;
            for (j=0; j<8; j++) {
                y |= (int)(((k[x / 32] >> (x % 32)) & 1) << j);
                x += 48;
            }

            sp_384_proj_point_dbl_12(rt, rt, t);
        #ifndef WC_NO_CACHE_RESISTANT
            if (ct) {
                sp_384_get_entry_256_12(p, table, y);
            }
            else
        #endif
            {
                XMEMCPY(p->x, table[y].x, sizeof(table[y].x));
                XMEMCPY(p->y, table[y].y, sizeof(table[y].y));
            }
            p->infinity = !y;
            sp_384_proj_point_add_qz1_12(rt, rt, p, t);
        }

        if (map != 0) {
            sp_384_map_12(r, rt, t);
        }
        else {
            XMEMCPY(r, rt, sizeof(sp_point_384));
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
    if (rt != NULL)
        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef FP_ECC
#ifndef FP_ENTRIES
    #define FP_ENTRIES 16
#endif

/* Cache entry - holds precomputation tables for a point. */
typedef struct sp_cache_384_t {
    /* X ordinate of point that table was generated from. */
    sp_digit x[12];
    /* Y ordinate of point that table was generated from. */
    sp_digit y[12];
    /* Precomputation table for point. */
    sp_table_entry_384 table[256];
    /* Count of entries in table. */
    uint32_t cnt;
    /* Point and table set in entry. */
    int set;
} sp_cache_384_t;

/* Cache of tables. */
static THREAD_LS_T sp_cache_384_t sp_cache_384[FP_ENTRIES];
/* Index of last entry in cache. */
static THREAD_LS_T int sp_cache_384_last = -1;
/* Cache has been initialized. */
static THREAD_LS_T int sp_cache_384_inited = 0;

#ifndef HAVE_THREAD_LS
    static volatile int initCacheMutex_384 = 0;
    static wolfSSL_Mutex sp_cache_384_lock;
#endif

/* Get the cache entry for the point.
 *
 * g      [in]   Point scalar multiplying.
 * cache  [out]  Cache table to use.
 */
static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
{
    int i;
    int j;
    uint32_t least;

    if (sp_cache_384_inited == 0) {
        for (i=0; i<FP_ENTRIES; i++) {
            sp_cache_384[i].set = 0;
        }
        sp_cache_384_inited = 1;
    }

    /* Compare point with those in cache. */
    for (i=0; i<FP_ENTRIES; i++) {
        if (!sp_cache_384[i].set)
            continue;

        if (sp_384_cmp_equal_12(g->x, sp_cache_384[i].x) &
                           sp_384_cmp_equal_12(g->y, sp_cache_384[i].y)) {
            sp_cache_384[i].cnt++;
            break;
        }
    }

    /* No match. */
    if (i == FP_ENTRIES) {
        /* Find empty entry. */
        i = (sp_cache_384_last + 1) % FP_ENTRIES;
        for (; i != sp_cache_384_last; i=(i+1)%FP_ENTRIES) {
            if (!sp_cache_384[i].set) {
                break;
            }
        }

        /* Evict least used. */
        if (i == sp_cache_384_last) {
            least = sp_cache_384[0].cnt;
            for (j=1; j<FP_ENTRIES; j++) {
                if (sp_cache_384[j].cnt < least) {
                    i = j;
                    least = sp_cache_384[i].cnt;
                }
            }
        }

        XMEMCPY(sp_cache_384[i].x, g->x, sizeof(sp_cache_384[i].x));
        XMEMCPY(sp_cache_384[i].y, g->y, sizeof(sp_cache_384[i].y));
        sp_cache_384[i].set = 1;
        sp_cache_384[i].cnt = 1;
    }

    *cache = &sp_cache_384[i];
    sp_cache_384_last = i;
}
#endif /* FP_ECC */

/* Multiply the base point of P384 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * r     Resulting point.
 * g     Point to multiply.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
        const sp_digit* k, int map, int ct, void* heap)
{
#ifndef FP_ECC
    return sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap);
#else
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp;
#else
    sp_digit tmp[2 * 12 * 7];
#endif
    sp_cache_384_t* cache;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 7, heap, DYNAMIC_TYPE_ECC);
    if (tmp == NULL) {
        err = MEMORY_E;
    }
#endif
#ifndef HAVE_THREAD_LS
    if (err == MP_OKAY) {
        if (initCacheMutex_384 == 0) {
            wc_InitMutex(&sp_cache_384_lock);
            initCacheMutex_384 = 1;
        }
        if (wc_LockMutex(&sp_cache_384_lock) != 0) {
            err = BAD_MUTEX_E;
        }
    }
#endif /* HAVE_THREAD_LS */

    if (err == MP_OKAY) {
        sp_ecc_get_cache_384(g, &cache);
        if (cache->cnt == 2)
            sp_384_gen_stripe_table_12(g, cache->table, tmp, heap);

#ifndef HAVE_THREAD_LS
        wc_UnLockMutex(&sp_cache_384_lock);
#endif /* HAVE_THREAD_LS */

        if (cache->cnt < 2) {
            err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap);
        }
        else {
            err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k,
                    map, ct, heap);
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
    return err;
#endif
}

#endif /* WOLFSSL_SP_SMALL */
/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * km    Scalar to multiply by.
 * p     Point to multiply.
 * r     Resulting point.
 * map   Indicates whether to convert result to affine.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
        int map, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_384* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_384 point[1];
    sp_digit k[12];
#endif
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
                                         DYNAMIC_TYPE_ECC);
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
                               DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        sp_384_from_mp(k, 12, km);
        sp_384_point_from_ecc_point_12(point, gm);

            err = sp_384_ecc_mulmod_12(point, point, k, map, 1, heap);
    }
    if (err == MP_OKAY) {
        err = sp_384_point_to_ecc_point_12(point, r);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Multiply the point by the scalar, add point a and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * km      Scalar to multiply by.
 * p       Point to multiply.
 * am      Point to add to scalar multiply result.
 * inMont  Point to add is in montgomery form.
 * r       Resulting point.
 * map     Indicates whether to convert result to affine.
 * heap    Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
    const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_384* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_384 point[2];
    sp_digit k[12 + 12 * 2 * 6];
#endif
    sp_point_384* addP = NULL;
    sp_digit* tmp = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
                                         DYNAMIC_TYPE_ECC);
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(
            sizeof(sp_digit) * (12 + 12 * 2 * 6), heap,
            DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        addP = point + 1;
        tmp = k + 12;

        sp_384_from_mp(k, 12, km);
        sp_384_point_from_ecc_point_12(point, gm);
        sp_384_point_from_ecc_point_12(addP, am);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_384_mod_mul_norm_12(addP->x, addP->x, p384_mod);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_384_mod_mul_norm_12(addP->y, addP->y, p384_mod);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_384_mod_mul_norm_12(addP->z, addP->z, p384_mod);
    }
    if (err == MP_OKAY) {
            err = sp_384_ecc_mulmod_12(point, point, k, 0, 0, heap);
    }
    if (err == MP_OKAY) {
            sp_384_proj_point_add_12(point, point, addP, tmp);

        if (map) {
                sp_384_map_12(point, point, tmp);
        }

        err = sp_384_point_to_ecc_point_12(point, r);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef WOLFSSL_SP_SMALL
/* Striping precomputation table.
 * 4 points combined into a table of 16 points.
 * Distance of 96 between points.
 */
static const sp_table_entry_384 p384_table[16] = {
    /* 0 */
    { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
      { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
    /* 1 */
    { { 0x49c0b528,0x3dd07566,0xa0d6ce38,0x20e378e2,0x541b4d6e,0x879c3afc,
        0x59a30eff,0x64548684,0x614ede2b,0x812ff723,0x299e1513,0x4d3aadc2 },
      { 0x4b03a4fe,0x23043dad,0x7bb4a9ac,0xa1bfa8bf,0x2e83b050,0x8bade756,
        0x68f4ffd9,0xc6c35219,0x3969a840,0xdd800226,0x5a15c5e9,0x2b78abc2 } },
    /* 2 */
    { { 0xf26feef9,0x24480c57,0x3a0e1240,0xc31a2694,0x273e2bc7,0x735002c3,
        0x3ef1ed4c,0x8c42e9c5,0x7f4948e8,0x028babf6,0x8a978632,0x6a502f43 },
      { 0xb74536fe,0xf5f13a46,0xd8a9f0eb,0x1d218bab,0x37232768,0x30f36bcc,
        0x576e8c18,0xc5317b31,0x9bbcb766,0xef1d57a6,0xb3e3d4dc,0x917c4930 } },
    /* 3 */
    { { 0xe349ddd0,0x11426e2e,0x9b2fc250,0x9f117ef9,0xec0174a6,0xff36b480,
        0x18458466,0x4f4bde76,0x05806049,0x2f2edb6d,0x19dfca92,0x8adc75d1 },
      { 0xb7d5a7ce,0xa619d097,0xa34411e9,0x874275e5,0x0da4b4ef,0x5403e047,
        0x77901d8f,0x2ebaafd9,0xa747170f,0x5e63ebce,0x7f9d8036,0x12a36944 } },
    /* 4 */
    { { 0x2f9fbe67,0x378205de,0x7f728e44,0xc4afcb83,0x682e00f1,0xdbcec06c,
        0x114d5423,0xf2a145c3,0x7a52463e,0xa01d9874,0x7d717b0a,0xfc0935b1 },
      { 0xd4d01f95,0x9653bc4f,0x9560ad34,0x9aa83ea8,0xaf8e3f3f,0xf77943dc,
        0xe86fe16e,0x70774a10,0xbf9ffdcf,0x6b62e6f1,0x588745c9,0x8a72f39e } },
    /* 5 */
    { { 0x2341c342,0x73ade4da,0xea704422,0xdd326e54,0x3741cef3,0x336c7d98,
        0x59e61549,0x1eafa00d,0xbd9a3efd,0xcd3ed892,0xc5c6c7e4,0x03faf26c },
      { 0x3045f8ac,0x087e2fcf,0x174f1e73,0x14a65532,0xfe0af9a7,0x2cf84f28,
        0x2cdc935b,0xddfd7a84,0x6929c895,0x4c0f117b,0x4c8bcfcc,0x356572d6 } },
    /* 6 */
    { { 0x3f3b236f,0xfab08607,0x81e221da,0x19e9d41d,0x3927b428,0xf3f6571e,
        0x7550f1f6,0x4348a933,0xa85e62f0,0x7167b996,0x7f5452bf,0x62d43759 },
      { 0xf2955926,0xd85feb9e,0x6df78353,0x440a561f,0x9ca36b59,0x389668ec,
        0xa22da016,0x052bf1a1,0xf6093254,0xbdfbff72,0xe22209f3,0x94e50f28 } },
    /* 7 */
    { { 0x3062e8af,0x90b2e5b3,0xe8a3d369,0xa8572375,0x201db7b1,0x3fe1b00b,
        0xee651aa2,0xe926def0,0xb9b10ad7,0x6542c9be,0xa2fcbe74,0x098e309b },
      { 0xfff1d63f,0x779deeb3,0x20bfd374,0x23d0e80a,0x8768f797,0x8452bb3b,
        0x1f952856,0xcf75bb4d,0x29ea3faa,0x8fe6b400,0x81373a53,0x12bd3e40 } },
    /* 8 */
    { { 0x16973cf4,0x070d34e1,0x7e4f34f7,0x20aee08b,0x5eb8ad29,0x269af9b9,
        0xa6a45dda,0xdde0a036,0x63df41e0,0xa18b528e,0xa260df2a,0x03cc71b2 },
      { 0xa06b1dd7,0x24a6770a,0x9d2675d3,0x5bfa9c11,0x96844432,0x73c1e2a1,
        0x131a6cf0,0x3660558d,0x2ee79454,0xb0289c83,0xc6d8ddcd,0xa6aefb01 } },
    /* 9 */
    { { 0x01ab5245,0xba1464b4,0xc48d93ff,0x9b8d0b6d,0x93ad272c,0x939867dc,
        0xae9fdc77,0xbebe085e,0x894ea8bd,0x73ae5103,0x39ac22e1,0x740fc89a },
      { 0x28e23b23,0x5e28b0a3,0xe13104d0,0x2352722e,0xb0a2640d,0xf4667a18,
        0x49bb37c3,0xac74a72e,0xe81e183a,0x79f734f0,0x3fd9c0eb,0xbffe5b6c } },
    /* 10 */
    { { 0x00623f3b,0x03cf2922,0x5f29ebff,0x095c7111,0x80aa6823,0x42d72247,
        0x7458c0b0,0x044c7ba1,0x0959ec20,0xca62f7ef,0xf8ca929f,0x40ae2ab7 },
      { 0xa927b102,0xb8c5377a,0xdc031771,0x398a86a0,0xc216a406,0x04908f9d,
        0x918d3300,0xb423a73a,0xe0b94739,0x634b0ff1,0x2d69f697,0xe29de725 } },
    /* 11 */
    { { 0x8435af04,0x744d1400,0xfec192da,0x5f255b1d,0x336dc542,0x1f17dc12,
        0x636a68a8,0x5c90c2a7,0x7704ca1e,0x960c9eb7,0x6fb3d65a,0x9de8cf1e },
      { 0x511d3d06,0xc60fee0d,0xf9eb52c7,0x466e2313,0x206b0914,0x743c0f5f,
        0x2191aa4d,0x42f55bac,0xffebdbc2,0xcefc7c8f,0xe6e8ed1c,0xd4fa6081 } },
    /* 12 */
    { { 0x98683186,0x867db639,0xddcc4ea9,0xfb5cf424,0xd4f0e7bd,0xcc9a7ffe,
        0x7a779f7e,0x7c57f71c,0xd6b25ef2,0x90774079,0xb4081680,0x90eae903 },
      { 0x0ee1fceb,0xdf2aae5e,0xe86c1a1f,0x3ff1da24,0xca193edf,0x80f587d6,
        0xdc9b9d6a,0xa5695523,0x85920303,0x7b840900,0xba6dbdef,0x1efa4dfc } },
    /* 13 */
    { { 0xe0540015,0xfbd838f9,0xc39077dc,0x2c323946,0xad619124,0x8b1fb9e6,
        0x0ca62ea8,0x9612440c,0x2dbe00ff,0x9ad9b52c,0xae197643,0xf52abaa1 },
      { 0x2cac32ad,0xd0e89894,0x62a98f91,0xdfb79e42,0x276f55cb,0x65452ecf,
        0x7ad23e12,0xdb1ac0d2,0xde4986f0,0xf68c5f6a,0x82ce327d,0x389ac37b } },
    /* 14 */
    { { 0xb8a9e8c9,0xcd96866d,0x5bb8091e,0xa11963b8,0x045b3cd2,0xc7f90d53,
        0x80f36504,0x755a72b5,0x21d3751c,0x46f8b399,0x53c193de,0x4bffdc91 },
      { 0xb89554e7,0xcd15c049,0xf7a26be6,0x353c6754,0xbd41d970,0x79602370,
        0x12b176c0,0xde16470b,0x40c8809d,0x56ba1175,0xe435fb1e,0xe2db35c3 } },
    /* 15 */
    { { 0x6328e33f,0xd71e4aab,0xaf8136d1,0x5486782b,0x86d57231,0x07a4995f,
        0x1651a968,0xf1f0a5bd,0x76803b6d,0xa5dc5b24,0x42dda935,0x5c587cbc },
      { 0xbae8b4c0,0x2b6cdb32,0xb1331138,0x66d1598b,0x5d7e9614,0x4a23b2d2,
        0x74a8c05d,0x93e402a6,0xda7ce82e,0x45ac94e6,0xe463d465,0xeb9f8281 } },
};

/* Multiply the base point of P384 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Stripe implementation.
 * Pre-generated: 2^0, 2^96, ...
 * Pre-generated: products of all combinations of above.
 * 4 doubles and adds (with qz=1)
 *
 * r     Resulting point.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_384_ecc_mulmod_base_12(sp_point_384* r, const sp_digit* k,
        int map, int ct, void* heap)
{
    return sp_384_ecc_mulmod_stripe_12(r, &p384_base, p384_table,
                                      k, map, ct, heap);
}

#else
/* Striping precomputation table.
 * 8 points combined into a table of 256 points.
 * Distance of 48 between points.
 */
static const sp_table_entry_384 p384_table[256] = {
    /* 0 */
    { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
      { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
    /* 1 */
    { { 0x49c0b528,0x3dd07566,0xa0d6ce38,0x20e378e2,0x541b4d6e,0x879c3afc,
        0x59a30eff,0x64548684,0x614ede2b,0x812ff723,0x299e1513,0x4d3aadc2 },
      { 0x4b03a4fe,0x23043dad,0x7bb4a9ac,0xa1bfa8bf,0x2e83b050,0x8bade756,
        0x68f4ffd9,0xc6c35219,0x3969a840,0xdd800226,0x5a15c5e9,0x2b78abc2 } },
    /* 2 */
    { { 0x2b0c535b,0x29864753,0x70506296,0x90dd6953,0x216ab9ac,0x038cd6b4,
        0xbe12d76a,0x3df9b7b7,0x5f347bdb,0x13f4d978,0x13e94489,0x222c5c9c },
      { 0x2680dc64,0x5f8e796f,0x58352417,0x120e7cb7,0xd10740b8,0x254b5d8a,
        0x5337dee6,0xc38b8efb,0x94f02247,0xf688c2e1,0x6c25bc4c,0x7b5c75f3 } },
    /* 3 */
    { { 0x9edffea5,0xe26a3cc3,0x37d7e9fc,0x35bbfd1c,0x9bde3ef6,0xf0e7700d,
        0x1a538f5a,0x0380eb47,0x05bf9eb3,0x2e9da8bb,0x1a460c3e,0xdbb93c73 },
      { 0xf526b605,0x37dba260,0xfd785537,0x95d4978e,0xed72a04a,0x24ed793a,
        0x76005b1a,0x26948377,0x9e681f82,0x99f557b9,0xd64954ef,0xae5f9557 } },
    /* 4 */
    { { 0xf26feef9,0x24480c57,0x3a0e1240,0xc31a2694,0x273e2bc7,0x735002c3,
        0x3ef1ed4c,0x8c42e9c5,0x7f4948e8,0x028babf6,0x8a978632,0x6a502f43 },
      { 0xb74536fe,0xf5f13a46,0xd8a9f0eb,0x1d218bab,0x37232768,0x30f36bcc,
        0x576e8c18,0xc5317b31,0x9bbcb766,0xef1d57a6,0xb3e3d4dc,0x917c4930 } },
    /* 5 */
    { { 0xe349ddd0,0x11426e2e,0x9b2fc250,0x9f117ef9,0xec0174a6,0xff36b480,
        0x18458466,0x4f4bde76,0x05806049,0x2f2edb6d,0x19dfca92,0x8adc75d1 },
      { 0xb7d5a7ce,0xa619d097,0xa34411e9,0x874275e5,0x0da4b4ef,0x5403e047,
        0x77901d8f,0x2ebaafd9,0xa747170f,0x5e63ebce,0x7f9d8036,0x12a36944 } },
    /* 6 */
    { { 0x4fc52870,0x28f9c07a,0x1a53a961,0xce0b3748,0x0e1828d9,0xd550fa18,
        0x6adb225a,0xa24abaf7,0x6e58a348,0xd11ed0a5,0x948acb62,0xf3d811e6 },
      { 0x4c61ed22,0x8618dd77,0x80b47c9d,0x0bb747f9,0xde6b8559,0x22bf796f,
        0x680a21e9,0xfdfd1c6d,0x2af2c9dd,0xc0db1577,0xc1e90f3d,0xa09379e6 } },
    /* 7 */
    { { 0xe085c629,0x386c66ef,0x095bc89a,0x5fc2a461,0x203f4b41,0x1353d631,
        0x7e4bd8f5,0x7ca1972b,0xa7df8ce9,0xb077380a,0xee7e4ea3,0xd8a90389 },
      { 0xe7b14461,0x1bc74dc7,0x0c9c4f78,0xdc2cb014,0x84ef0a10,0x52b4b3a6,
        0x20327fe2,0xbde6ea5d,0x660f9615,0xb71ec435,0xb8ad8173,0xeede5a04 } },
    /* 8 */
    { { 0x893b9a2d,0x5584cbb3,0x00850c5d,0x820c660b,0x7df2d43d,0x4126d826,
        0x0109e801,0xdd5bbbf0,0x38172f1c,0x85b92ee3,0xf31430d9,0x609d4f93 },
      { 0xeadaf9d6,0x1e059a07,0x0f125fb0,0x70e6536c,0x560f20e7,0xd6220751,
        0x7aaf3a9a,0xa59489ae,0x64bae14e,0x7b70e2f6,0x76d08249,0x0dd03701 } },
    /* 9 */
    { { 0x8510521f,0x4cc13be8,0xf724cc17,0x87315ba9,0x353dc263,0xb49d83bb,
        0x0c279257,0x8b677efe,0xc93c9537,0x510a1c1c,0xa4702c99,0x33e30cd8 },
      { 0x2208353f,0xf0ffc89d,0xced42b2b,0x0170fa8d,0x26e2a5f5,0x090851ed,
        0xecb52c96,0x81276455,0x7fe1adf4,0x0646c4e1,0xb0868eab,0x513f047e } },
    /* 10 */
    { { 0xdf5bdf53,0xc07611f4,0x58b11a6d,0x45d331a7,0x1c4ee394,0x58965daf,
        0x5a5878d1,0xba8bebe7,0x82dd3025,0xaecc0a18,0xa923eb8b,0xcf2a3899 },
      { 0xd24fd048,0xf98c9281,0x8bbb025d,0x841bfb59,0xc9ab9d53,0xb8ddf8ce,
        0x7fef044e,0x538a4cb6,0x23236662,0x092ac21f,0x0b66f065,0xa919d385 } },
    /* 11 */
    { { 0x85d480d8,0x3db03b40,0x1b287a7d,0x8cd9f479,0x4a8f3bae,0x8f24dc75,
        0x3db41892,0x482eb800,0x9c56e0f5,0x38bf9eb3,0x9a91dc6f,0x8b977320 },
      { 0x7209cfc2,0xa31b05b2,0x05b2db70,0x4c49bf85,0xd619527b,0x56462498,
        0x1fac51ba,0x3fe51039,0xab4b8342,0xfb04f55e,0x04c6eabf,0xc07c10dc } },
    /* 12 */
    { { 0xdb32f048,0xad22fe4c,0x475ed6df,0x5f23bf91,0xaa66b6cb,0xa50ce0c0,
        0xf03405c0,0xdf627a89,0xf95e2d6a,0x3674837d,0xba42e64e,0x081c95b6 },
      { 0xe71d6ceb,0xeba3e036,0x6c6b0271,0xb45bcccf,0x0684701d,0x67b47e63,
        0xe712523f,0x60f8f942,0x5cd47adc,0x82423472,0x87649cbb,0x83027d79 } },
    /* 13 */
    { { 0x3615b0b8,0xb3929ea6,0xa54dac41,0xb41441fd,0xb5b6a368,0x8995d556,
        0x167ef05e,0xa80d4529,0x6d25a27f,0xf6bcb4a1,0x7bd55b68,0x210d6a4c },
      { 0x25351130,0xf3804abb,0x903e37eb,0x1d2df699,0x084c25c8,0x5f201efc,
        0xa1c68e91,0x31a28c87,0x563f62a5,0x81dad253,0xd6c415d4,0x5dd6de70 } },
    /* 14 */
    { { 0x846612ce,0x29f470fd,0xda18d997,0x986f3eec,0x2f34af86,0x6b84c161,
        0x46ddaf8b,0x5ef0a408,0xe49e795f,0x14405a00,0xaa2f7a37,0x5f491b16 },
      { 0xdb41b38d,0xc7f07ae4,0x18fbfcaa,0xef7d119e,0x14443b19,0x3a18e076,
        0x79a19926,0x4356841a,0xe2226fbe,0x91f4a91c,0x3cc88721,0xdc77248c } },
    /* 15 */
    { { 0xe4b1ec9d,0xd570ff1a,0xe7eef706,0x21d23e0e,0xca19e086,0x3cde40f4,
        0xcd4bb270,0x7d6523c4,0xbf13aa6c,0x16c1f06c,0xd14c4b60,0x5aa7245a },
      { 0x44b74de8,0x37f81467,0x620a934e,0x839e7a17,0xde8b1aa1,0xf74d14e8,
        0xf30d75e2,0x8789fa51,0xc81c261e,0x09b24052,0x33c565ee,0x654e2678 } },
    /* 16 */
    { { 0x2f9fbe67,0x378205de,0x7f728e44,0xc4afcb83,0x682e00f1,0xdbcec06c,
        0x114d5423,0xf2a145c3,0x7a52463e,0xa01d9874,0x7d717b0a,0xfc0935b1 },
      { 0xd4d01f95,0x9653bc4f,0x9560ad34,0x9aa83ea8,0xaf8e3f3f,0xf77943dc,
        0xe86fe16e,0x70774a10,0xbf9ffdcf,0x6b62e6f1,0x588745c9,0x8a72f39e } },
    /* 17 */
    { { 0x2341c342,0x73ade4da,0xea704422,0xdd326e54,0x3741cef3,0x336c7d98,
        0x59e61549,0x1eafa00d,0xbd9a3efd,0xcd3ed892,0xc5c6c7e4,0x03faf26c },
      { 0x3045f8ac,0x087e2fcf,0x174f1e73,0x14a65532,0xfe0af9a7,0x2cf84f28,
        0x2cdc935b,0xddfd7a84,0x6929c895,0x4c0f117b,0x4c8bcfcc,0x356572d6 } },
    /* 18 */
    { { 0x7d8c1bba,0x7ecbac01,0x90b0f3d5,0x6058f9c3,0xf6197d0f,0xaee116e3,
        0x4033b128,0xc4dd7068,0xc209b983,0xf084dba6,0x831dbc4a,0x97c7c2cf },
      { 0xf96010e8,0x2f4e61dd,0x529faa17,0xd97e4e20,0x69d37f20,0x4ee66660,
        0x3d366d72,0xccc139ed,0x13488e0f,0x690b6ee2,0xf3a6d533,0x7cad1dc5 } },
    /* 19 */
    { { 0xda57a41f,0x660a9a81,0xec0039b6,0xe74a0412,0x5e1dad15,0x42343c6b,
        0x46681d4c,0x284f3ff5,0x63749e89,0xb51087f1,0x6f9f2f13,0x070f23cc },
      { 0x5d186e14,0x542211da,0xfddb0dff,0x84748f37,0xdb1f4180,0x41a3aab4,
        0xa6402d0e,0x25ed667b,0x02f58355,0x2f2924a9,0xfa44a689,0x5844ee7c } },
    /* 20 */
    { { 0x3f3b236f,0xfab08607,0x81e221da,0x19e9d41d,0x3927b428,0xf3f6571e,
        0x7550f1f6,0x4348a933,0xa85e62f0,0x7167b996,0x7f5452bf,0x62d43759 },
      { 0xf2955926,0xd85feb9e,0x6df78353,0x440a561f,0x9ca36b59,0x389668ec,
        0xa22da016,0x052bf1a1,0xf6093254,0xbdfbff72,0xe22209f3,0x94e50f28 } },
    /* 21 */
    { { 0x3062e8af,0x90b2e5b3,0xe8a3d369,0xa8572375,0x201db7b1,0x3fe1b00b,
        0xee651aa2,0xe926def0,0xb9b10ad7,0x6542c9be,0xa2fcbe74,0x098e309b },
      { 0xfff1d63f,0x779deeb3,0x20bfd374,0x23d0e80a,0x8768f797,0x8452bb3b,
        0x1f952856,0xcf75bb4d,0x29ea3faa,0x8fe6b400,0x81373a53,0x12bd3e40 } },
    /* 22 */
    { { 0x104cbba5,0xc023780d,0xfa35dd4c,0x6207e747,0x1ca9b6a3,0x35c23928,
        0x97987b10,0x4ff19be8,0x8022eee8,0xb8476bbf,0xd3bbe74d,0xaa0a4a14 },
      { 0x187d4543,0x20f94331,0x79f6e066,0x32153870,0xac7e82e1,0x83b0f74e,
        0x828f06ab,0xa7748ba2,0xc26ef35f,0xc5f0298a,0x8e9a7dbd,0x0f0c5070 } },
    /* 23 */
    { { 0xdef029dd,0x0c5c244c,0x850661b8,0x3dabc687,0xfe11d981,0x9992b865,
        0x6274dbad,0xe9801b8f,0x098da242,0xe54e6319,0x91a53d08,0x9929a91a },
      { 0x35285887,0x37bffd72,0xf1418102,0xbc759425,0xfd2e6e20,0x9280cc35,
        0xfbc42ee5,0x735c600c,0x8837619a,0xb7ad2864,0xa778c57b,0xa3627231 } },
    /* 24 */
    { { 0x91361ed8,0xae799b5c,0x6c63366c,0x47d71b75,0x1b265a6a,0x54cdd521,
        0x98d77b74,0xe0215a59,0xbab29db0,0x4424d9b7,0x7fd9e536,0x8b0ffacc },
      { 0x37b5d9ef,0x46d85d12,0xbfa91747,0x5b106d62,0x5f99ba2d,0xed0479f8,
        0x1d104de4,0x0e6f3923,0x25e8983f,0x83a84c84,0xf8105a70,0xa9507e0a } },
    /* 25 */
    { { 0x14cf381c,0xf6c68a6e,0xc22e31cc,0xaf9d27bd,0xaa8a5ccb,0x23568d4d,
        0xe338e4d2,0xe431eec0,0x8f52ad1f,0xf1a828fe,0xe86acd80,0xdb6a0579 },
      { 0x4507832a,0x2885672e,0x887e5289,0x73fc275f,0x05610d08,0x65f80278,
        0x075ff5b0,0x8d9b4554,0x09f712b5,0x3a8e8fb1,0x2ebe9cf2,0x39f0ac86 } },
    /* 26 */
    { { 0x4c52edf5,0xd8fabf78,0xa589ae53,0xdcd737e5,0xd791ab17,0x94918bf0,
        0xbcff06c9,0xb5fbd956,0xdca46d45,0xf6d3032e,0x41a3e486,0x2cdff7e1 },
      { 0x61f47ec8,0x6674b3ba,0xeef84608,0x8a882163,0x4c687f90,0xa257c705,
        0xf6cdf227,0xe30cb2ed,0x7f6ea846,0x2c4c64ca,0xcc6bcd3c,0x186fa17c } },
    /* 27 */
    { { 0x1dfcb91e,0x48a3f536,0x646d358a,0x83595e13,0x91128798,0xbd15827b,
        0x2187757a,0x3ce612b8,0x61bd7372,0x873150a1,0xb662f568,0xf4684530 },
      { 0x401896f6,0x8833950b,0x77f3e090,0xe11cb89a,0x48e7f4a5,0xb2f12cac,
        0xf606677e,0x313dd769,0x16579f93,0xfdcf08b3,0x46b8f22b,0x6429cec9 } },
    /* 28 */
    { { 0xbb75f9a4,0x4984dd54,0x29d3b570,0x4aef06b9,0x3d6e4c1e,0xb5f84ca2,
        0xb083ef35,0x24c61c11,0x392ca9ff,0xce4a7392,0x6730a800,0x865d6517 },
      { 0x722b4a2b,0xca3dfe76,0x7b083e0e,0x12c04bf9,0x1b86b8a5,0x803ce5b5,
        0x6a7e3e0c,0x3fc7632d,0xc81adbe4,0xc89970c2,0x120e16b1,0x3cbcd3ad } },
    /* 29 */
    { { 0xec30ce93,0xfbfb4cc7,0xb72720a2,0x10ed6c7d,0x47b55500,0xec675bf7,
        0x333ff7c3,0x90725903,0x5075bfc0,0xc7c3973e,0x07acf31b,0xb049ecb0 },
      { 0x4f58839c,0xb4076eaf,0xa2b05e4f,0x101896da,0xab40c66e,0x3f6033b0,
        0xc8d864ba,0x19ee9eeb,0x47bf6d2a,0xeb6cf155,0xf826477d,0x8e5a9663 } },
    /* 30 */
    { { 0xf7fbd5e1,0x69e62fdd,0x76912b1d,0x38ecfe54,0xd1da3bfb,0x845a3d56,
        0x1c86f0d4,0x0494950e,0x3bc36ce8,0x83cadbf9,0x4fccc8d1,0x41fce572 },
      { 0x8332c144,0x05f939c2,0x0871e46e,0xb17f248b,0x66e8aff6,0x3d8534e2,
        0x3b85c629,0x1d06f1dc,0xa3131b73,0xdb06a32e,0x8b3f64e5,0xf295184d } },
    /* 31 */
    { { 0x36ddc103,0xd9653ff7,0x95ef606f,0x25f43e37,0xfe06dce8,0x09e301fc,
        0x30b6eebf,0x85af2341,0x0ff56b20,0x79b12b53,0xfe9a3c6b,0x9b4fb499 },
      { 0x51d27ac2,0x0154f892,0x56ca5389,0xd33167e3,0xafc065a6,0x7828ec1f,
        0x7f746c9b,0x0959a258,0x0c44f837,0xb18f1be3,0xc4132fdb,0xa7946117 } },
    /* 32 */
    { { 0x5e3c647b,0xc0426b77,0x8cf05348,0xbfcbd939,0x172c0d3d,0x31d312e3,
        0xee754737,0x5f49fde6,0x6da7ee61,0x895530f0,0xe8b3a5fb,0xcf281b0a },
      { 0x41b8a543,0xfd149735,0x3080dd30,0x41a625a7,0x653908cf,0xe2baae07,
        0xba02a278,0xc3d01436,0x7b21b8f8,0xa0d0222e,0xd7ec1297,0xfdc270e9 } },
    /* 33 */
    { { 0xbc7f41d6,0x00873c0c,0x1b7ad641,0xd976113e,0x238443fb,0x2a536ff4,
        0x41e62e45,0x030d00e2,0x5f545fc6,0x532e9867,0x8e91208c,0xcd033108 },
      { 0x9797612c,0xd1a04c99,0xeea674e2,0xd4393e02,0xe19742a1,0xd56fa69e,
        0x85f0590e,0xdd2ab480,0x48a2243d,0xa5cefc52,0x54383f41,0x48cc67b6 } },
    /* 34 */
    { { 0xfc14ab48,0x4e50430e,0x26706a74,0x195b7f4f,0xcc881ff6,0x2fe8a228,
        0xd945013d,0xb1b968e2,0x4b92162b,0x936aa579,0x364e754a,0x4fb766b7 },
      { 0x31e1ff7f,0x13f93bca,0xce4f2691,0x696eb5ca,0xa2b09e02,0xff754bf8,
        0xe58e3ff8,0x58f13c9c,0x1678c0b0,0xb757346f,0xa86692b3,0xd54200db } },
    /* 35 */
    { { 0x6dda1265,0x9a030bbd,0xe89718dd,0xf7b4f3fc,0x936065b8,0xa6a4931f,
        0x5f72241c,0xbce72d87,0x65775857,0x6cbb51cb,0x4e993675,0xc7161815 },
      { 0x2ee32189,0xe81a0f79,0x277dc0b2,0xef2fab26,0xb71f469f,0x9e64f6fe,
        0xdfdaf859,0xb448ce33,0xbe6b5df1,0x3f5c1c4c,0x1de45f7b,0xfb8dfb00 } },
    /* 36 */
    { { 0x4d5bb921,0xc7345fa7,0x4d2b667e,0x5c7e04be,0x282d7a3e,0x47ed3a80,
        0x7e47b2a4,0x5c2777f8,0x08488e2e,0x89b3b100,0xb2eb5b45,0x9aad77c2 },
      { 0xdaac34ae,0xd681bca7,0x26afb326,0x2452e4e5,0x41a1ee14,0x0c887924,
        0xc2407ade,0x743b04d4,0xfc17a2ac,0xcb5e999b,0x4a701a06,0x4dca2f82 } },
    /* 37 */
    { { 0x1127bc1a,0x68e31ca6,0x17ead3be,0xa3edd59b,0xe25f5a15,0x67b6b645,
        0xa420e15e,0x76221794,0x4b1e872e,0x794fd83b,0xb2dece1b,0x7cab3f03 },
      { 0xca9b3586,0x7119bf15,0x4d250bd7,0xa5545924,0xcc6bcf24,0x173633ea,
        0xb1b6f884,0x9bd308c2,0x447d38c3,0x3bae06f5,0xf341fe1c,0x54dcc135 } },
    /* 38 */
    { { 0x943caf0d,0x56d3598d,0x225ff133,0xce044ea9,0x563fadea,0x9edf6a7c,
        0x73e8dc27,0x632eb944,0x3190dcab,0x814b467e,0x6dbb1e31,0x2d4f4f31 },
      { 0xa143b7ca,0x8d69811c,0xde7cf950,0x4ec1ac32,0x37b5fe82,0x223ab5fd,
        0x9390f1d9,0xe82616e4,0x75804610,0xabff4b20,0x875b08f0,0x11b9be15 } },
    /* 39 */
    { { 0x3bbe682c,0x4ae31a3d,0x74eef2dd,0xbc7c5d26,0x3c47dd40,0x92afd10a,
        0xc14ab9e1,0xec7e0a3b,0xb2e495e4,0x6a6c3dd1,0x309bcd85,0x085ee5e9 },
      { 0x8c2e67fd,0xf381a908,0xe261eaf2,0x32083a80,0x96deee15,0x0fcd6a49,
        0x5e524c79,0xe3b8fb03,0x1d5b08b9,0x8dc360d9,0x7f26719f,0x3a06e2c8 } },
    /* 40 */
    { { 0x7237cac0,0x5cd9f5a8,0x43586794,0x93f0b59d,0xe94f6c4e,0x4384a764,
        0xb62782d3,0x8304ed2b,0xcde06015,0x0b8db8b3,0x5dbe190f,0x4336dd53 },
      { 0x92ab473a,0x57443553,0xbe5ed046,0x031c7275,0x21909aa4,0x3e78678c,
        0x99202ddb,0x4ab7e04f,0x6977e635,0x2648d206,0x093198be,0xd427d184 } },
    /* 41 */
    { { 0x0f9b5a31,0x822848f5,0xbaadb62a,0xbb003468,0x3357559c,0x233a0472,
        0x79aee843,0x49ef6880,0xaeb9e1e3,0xa89867a0,0x1f6f9a55,0xc151931b },
      { 0xad74251e,0xd264eb0b,0x4abf295e,0x37b9b263,0x04960d10,0xb600921b,
        0x4da77dc0,0x0de53dbc,0xd2b18697,0x01d9bab3,0xf7156ddf,0xad54ec7a } },
    /* 42 */
    { { 0x79efdc58,0x8e74dc35,0x4ff68ddb,0x456bd369,0xd32096a5,0x724e74cc,
        0x386783d0,0xe41cff42,0x7c70d8a4,0xa04c7f21,0xe61a19a2,0x41199d2f },
      { 0x29c05dd2,0xd389a3e0,0xe7e3fda9,0x535f2a6b,0x7c2b4df8,0x26ecf72d,
        0xfe745294,0x678275f4,0x9d23f519,0x6319c9cc,0x88048fc4,0x1e05a02d } },
    /* 43 */
    { { 0xd4d5ffe8,0x75cc8e2e,0xdbea17f2,0xf8bb4896,0xcee3cb4a,0x35059790,
        0xa47c6165,0x4c06ee85,0x92935d2f,0xf98fff25,0x32ffd7c7,0x34c4a572 },
      { 0xea0376a2,0xc4b14806,0x4f115e02,0x2ea5e750,0x1e55d7c0,0x532d76e2,
        0xf31044da,0x68dc9411,0x71b77993,0x9272e465,0x93a8cfd5,0xadaa38bb } },
    /* 44 */
    { { 0x7d4ed72a,0x4bf0c712,0xba1f79a3,0xda0e9264,0xf4c39ea4,0x48c0258b,
        0x2a715138,0xa5394ed8,0xbf06c660,0x4af511ce,0xec5c37cd,0xfcebceef },
      { 0x779ae8c1,0xf23b75aa,0xad1e606e,0xdeff59cc,0x22755c82,0xf3f526fd,
        0xbb32cefd,0x64c5ab44,0x915bdefd,0xa96e11a2,0x1143813e,0xab19746a } },
    /* 45 */
    { { 0xec837d7d,0x43c78585,0xb8ee0ba4,0xca5b6fbc,0xd5dbb5ee,0x34e924d9,
        0xbb4f1ca5,0x3f4fa104,0x398640f7,0x15458b72,0xd7f407ea,0x4231faa9 },
      { 0xf96e6896,0x53e0661e,0xd03b0f9d,0x554e4c69,0x9c7858d1,0xd4fcb07b,
        0x52cb04fa,0x7e952793,0x8974e7f7,0x5f5f1574,0x6b6d57c8,0x2e3fa558 } },
    /* 46 */
    { { 0x6a9951a8,0x42cd4803,0x42792ad0,0xa8b15b88,0xabb29a73,0x18e8bcf9,
        0x409933e8,0xbfd9a092,0xefb88dc4,0x760a3594,0x40724458,0x14418863 },
      { 0x99caedc7,0x162a56ee,0x91d101c9,0x8fb12ecd,0x393202da,0xea671967,
        0xa4ccd796,0x1aac8c4a,0x1cf185a8,0x7db05036,0x8cfd095a,0x0c9f86cd } },
    /* 47 */
    { { 0x10b2a556,0x9a728147,0x327b70b2,0x767ca964,0x5e3799b7,0x04ed9e12,
        0x22a3eb2a,0x6781d2dc,0x0d9450ac,0x5bd116eb,0xa7ebe08a,0xeccac1fc },
      { 0xdc2d6e94,0xde68444f,0x35ecf21b,0x3621f429,0x29e03a2c,0x14e2d543,
        0x7d3e7f0a,0x53e42cd5,0x73ed00b9,0xbba26c09,0xc57d2272,0x00297c39 } },
    /* 48 */
    { { 0xb8243a7d,0x3aaaab10,0x8fa58c5b,0x6eeef93e,0x9ae7f764,0xf866fca3,
        0x61ab04d3,0x64105a26,0x03945d66,0xa3578d8a,0x791b848c,0xb08cd3e4 },
      { 0x756d2411,0x45edc5f8,0xa755128c,0xd4a790d9,0x49e5f6a0,0xc2cf0963,
        0xf649beaa,0xc66d267d,0x8467039e,0x3ce6d968,0x42f7816f,0x50046c6b } },
    /* 49 */
    { { 0x66425043,0x92ae1602,0xf08db890,0x1ff66afd,0x8f162ce5,0x386f5a7f,
        0xfcf5598f,0x18d2dea0,0x1a8ca18e,0x78372b3a,0x8cd0e6f7,0xdf0d20eb },
      { 0x75bb4045,0x7edd5e1d,0xb96d94b7,0x252a47ce,0x2c626776,0xbdb29358,
        0x40dd1031,0x853c3943,0x7d5f47fd,0x9dc9becf,0xbae4044a,0x27c2302f } },
    /* 50 */
    { { 0x8f2d49ce,0x2d1d208a,0x162df0a2,0x0d91aa02,0x09a07f65,0x9c5cce87,
        0x84339012,0xdf07238b,0x419442cd,0x5028e2c8,0x72062aba,0x2dcbd358 },
      { 0xe4680967,0xb5fbc3cb,0x9f92d72c,0x2a7bc645,0x116c369d,0x806c76e1,
        0x3177e8d8,0x5c50677a,0x4569df57,0x753739eb,0x36c3f40b,0x2d481ef6 } },
    /* 51 */
    { { 0xfea1103e,0x1a2d39fd,0x95f81b17,0xeaae5592,0xf59b264a,0xdbd0aa18,
        0xcb592ee0,0x90c39c1a,0x9750cca3,0xdf62f80d,0xdf97cc6c,0xda4d8283 },
      { 0x1e201067,0x0a6dd346,0x69fb1f6b,0x1531f859,0x1d60121f,0x4895e552,
        0x4c041c91,0x0b21aab0,0xbcc1ccf8,0x9d896c46,0x3141bde7,0xd24da3b3 } },
    /* 52 */
    { { 0x53b0a354,0x575a0537,0x0c6ddcd8,0x392ff2f4,0x56157b94,0x0b8e8cff,
        0x3b1b80d1,0x073e57bd,0x3fedee15,0x2a75e0f0,0xaa8e6f19,0x752380e4 },
      { 0x6558ffe9,0x1f4e227c,0x19ec5415,0x3a348618,0xf7997085,0xab382d5e,
        0xddc46ac2,0x5e6deaff,0xfc8d094c,0xe5144078,0xf60e37c6,0xf674fe51 } },
    /* 53 */
    { { 0xaf63408f,0x6fb87ae5,0xcd75a737,0xa39c36a9,0xcf4c618d,0x7833313f,
        0xf034c88d,0xfbcd4482,0x39b35288,0x4469a761,0x66b5d9c9,0x77a711c5 },
      { 0x944f8d65,0x4a695dc7,0x161aaba8,0xe6da5f65,0x24601669,0x8654e9c3,
        0x28ae7491,0xbc8b93f5,0x8f5580d8,0x5f1d1e83,0xcea32cc8,0x8ccf9a1a } },
    /* 54 */
    { { 0x7196fee2,0x28ab110c,0x874c8945,0x75799d63,0x29aedadd,0xa2629348,
        0x2be88ff4,0x9714cc7b,0xd58d60d6,0xf71293cf,0x32a564e9,0xda6b6cb3 },
      { 0x3dd821c2,0xf43fddb1,0x90dd323d,0xf2f2785f,0x048489f8,0x91246419,
        0xd24c6749,0x61660f26,0xc803c15c,0x961d9e8c,0xfaadc4c9,0x631c6158 } },
    /* 55 */
    { { 0xfd752366,0xacf2ebe0,0x139be88b,0xb93c340e,0x0f20179e,0x98f66485,
        0xff1da785,0x14820254,0x4f85c16e,0x5278e276,0x7aab1913,0xa246ee45 },
      { 0x53763b33,0x43861eb4,0x45c0bc0d,0xc49f03fc,0xad6b1ea1,0xafff16bc,
        0x6fd49c99,0xce33908b,0xf7fde8c3,0x5c51e9bf,0xff142c5e,0x076a7a39 } },
    /* 56 */
    { { 0x9e338d10,0x04639dfe,0xf42b411b,0x8ee6996f,0xa875cef2,0x960461d1,
        0x95b4d0ba,0x1057b6d6,0xa906e0bc,0x27639252,0xe1c20f8a,0x2c19f09a },
      { 0xeef4c43d,0x5b8fc3f0,0x07a84aa9,0xe2e1b1a8,0x835d2bdb,0x5f455528,
        0x207132dd,0x0f4aee4d,0x3907f675,0xe9f8338c,0x0e0531f0,0x7a874dc9 } },
    /* 57 */
    { { 0x97c27050,0x84b22d45,0x59e70bf8,0xbd0b8df7,0x79738b9b,0xb4d67405,
        0xcd917c4f,0x47f4d5f5,0x13ce6e33,0x9099c4ce,0x521d0f8b,0x942bfd39 },
      { 0xa43b566d,0x5028f0f6,0x21bff7de,0xaf6e8669,0xc44232cd,0x83f6f856,
        0xf915069a,0x65680579,0xecfecb85,0xd12095a2,0xdb01ba16,0xcf7f06ae } },
    /* 58 */
    { { 0x8ef96c80,0x0f56e3c4,0x3ddb609c,0xd521f2b3,0x7dc1450d,0x2be94102,
        0x02a91fe2,0x2d21a071,0x1efa37de,0x2e6f74fa,0x156c28a1,0x9a9a90b8 },
      { 0x9dc7dfcb,0xc54ea9ea,0x2c2c1d62,0xc74e66fc,0x49d3e067,0x9f23f967,
        0x54dd38ad,0x1c7c3a46,0x5946cee3,0xc7005884,0x45cc045d,0x89856368 } },
    /* 59 */
    { { 0xfce73946,0x29da7cd4,0x23168563,0x8f697db5,0xcba92ec6,0x8e235e9c,
        0x9f91d3ea,0x55d4655f,0xaa50a6cd,0xf3689f23,0x21e6a1a0,0xdcf21c26 },
      { 0x61b818bf,0xcffbc82e,0xda47a243,0xc74a2f96,0x8bc1a0cf,0x234e980a,
        0x7929cb6d,0xf35fd6b5,0xefe17d6c,0x81468e12,0x58b2dafb,0xddea6ae5 } },
    /* 60 */
    { { 0x7e787b2e,0x294de887,0x39a9310d,0x258acc1f,0xac14265d,0x92d9714a,
        0x708b48a0,0x18b5591c,0xe1abbf71,0x27cc6bb0,0x568307b9,0xc0581fa3 },
      { 0xf24d4d58,0x9e0f58a3,0xe0ce2327,0xfebe9bb8,0x9d1be702,0x91fd6a41,
        0xfacac993,0x9a7d8a45,0x9e50d66d,0xabc0a08c,0x06498201,0x02c342f7 } },
    /* 61 */
    { { 0x157bdbc2,0xccd71407,0xad0e1605,0x72fa89c6,0xb92a015f,0xb1d3da2b,
        0xa0a3fe56,0x8ad9e7cd,0x24f06737,0x160edcbd,0x61275be6,0x79d4db33 },
      { 0x5f3497c4,0xd3d31fd9,0x04192fb0,0x8cafeaee,0x13a50af3,0xe13ca745,
        0x8c85aae5,0x18826167,0x9eb556ff,0xce06cea8,0xbdb549f3,0x2eef1995 } },
    /* 62 */
    { { 0x50596edc,0x8ed7d3eb,0x905243a2,0xaa359362,0xa4b6d02b,0xa212c2c2,
        0xc4fbec68,0x611fd727,0xb84f733d,0x8a0b8ff7,0x5f0daf0e,0xd85a6b90 },
      { 0xd4091cf7,0x60e899f5,0x2eff2768,0x4fef2b67,0x10c33964,0xc1f195cb,
        0x93626a8f,0x8275d369,0x0d6c840a,0xc77904f4,0x7a868acd,0x88d8b7fd } },
    /* 63 */
    { { 0x7bd98425,0x85f23723,0xc70b154e,0xd4463992,0x96687a2e,0xcbb00ee2,
        0xc83214fd,0x905fdbf7,0x13593684,0x2019d293,0xef51218e,0x0428c393 },
      { 0x981e909a,0x40c7623f,0x7be192da,0x92513385,0x4010907e,0x48fe480f,
        0x3120b459,0xdd7a187c,0xa1fd8f3c,0xc9d7702d,0xe358efc5,0x66e4753b } },
    /* 64 */
    { { 0x16973cf4,0x070d34e1,0x7e4f34f7,0x20aee08b,0x5eb8ad29,0x269af9b9,
        0xa6a45dda,0xdde0a036,0x63df41e0,0xa18b528e,0xa260df2a,0x03cc71b2 },
      { 0xa06b1dd7,0x24a6770a,0x9d2675d3,0x5bfa9c11,0x96844432,0x73c1e2a1,
        0x131a6cf0,0x3660558d,0x2ee79454,0xb0289c83,0xc6d8ddcd,0xa6aefb01 } },
    /* 65 */
    { { 0x01ab5245,0xba1464b4,0xc48d93ff,0x9b8d0b6d,0x93ad272c,0x939867dc,
        0xae9fdc77,0xbebe085e,0x894ea8bd,0x73ae5103,0x39ac22e1,0x740fc89a },
      { 0x28e23b23,0x5e28b0a3,0xe13104d0,0x2352722e,0xb0a2640d,0xf4667a18,
        0x49bb37c3,0xac74a72e,0xe81e183a,0x79f734f0,0x3fd9c0eb,0xbffe5b6c } },
    /* 66 */
    { { 0xc6a2123f,0xb1a358f5,0xfe28df6d,0x927b2d95,0xf199d2f9,0x89702753,
        0x1a3f82dc,0x0a73754c,0x777affe1,0x063d029d,0xdae6d34d,0x5439817e },
      { 0x6b8b83c4,0xf7979eef,0x9d945682,0x615cb214,0xc5e57eae,0x8f0e4fac,
        0x113047dd,0x042b89b8,0x93f36508,0x888356dc,0x5fd1f32f,0xbf008d18 } },
    /* 67 */
    { { 0x4e8068db,0x8012aa24,0xa5729a47,0xc72cc641,0x43f0691d,0x3c33df2c,
        0x1d92145f,0xfa057347,0xb97f7946,0xaefc0f2f,0x2f8121bf,0x813d75cb },
      { 0x4383bba6,0x05613c72,0xa4224b3f,0xa924ce70,0x5f2179a6,0xe59cecbe,
        0x79f62b61,0x78e2e8aa,0x53ad8079,0x3ac2cc3b,0xd8f4fa96,0x55518d71 } },
    /* 68 */
    { { 0x00623f3b,0x03cf2922,0x5f29ebff,0x095c7111,0x80aa6823,0x42d72247,
        0x7458c0b0,0x044c7ba1,0x0959ec20,0xca62f7ef,0xf8ca929f,0x40ae2ab7 },
      { 0xa927b102,0xb8c5377a,0xdc031771,0x398a86a0,0xc216a406,0x04908f9d,
        0x918d3300,0xb423a73a,0xe0b94739,0x634b0ff1,0x2d69f697,0xe29de725 } },
    /* 69 */
    { { 0x8435af04,0x744d1400,0xfec192da,0x5f255b1d,0x336dc542,0x1f17dc12,
        0x636a68a8,0x5c90c2a7,0x7704ca1e,0x960c9eb7,0x6fb3d65a,0x9de8cf1e },
      { 0x511d3d06,0xc60fee0d,0xf9eb52c7,0x466e2313,0x206b0914,0x743c0f5f,
        0x2191aa4d,0x42f55bac,0xffebdbc2,0xcefc7c8f,0xe6e8ed1c,0xd4fa6081 } },
    /* 70 */
    { { 0xb0ab9645,0xb5e405d3,0xd5f1f711,0xaeec7f98,0x585c2a6e,0x8ad42311,
        0x512c6944,0x045acb9e,0xa90db1c6,0xae106c4e,0x898e6563,0xb89f33d5 },
      { 0x7fed2ce4,0x43b07cd9,0xdd815b20,0xf9934e17,0x0a81a349,0x6778d4d5,
        0x52918061,0x9e616ade,0xd7e67112,0xfa06db06,0x88488091,0x1da23cf1 } },
    /* 71 */
    { { 0x42f2c4b5,0x821c46b3,0x66059e47,0x931513ef,0x66f50cd1,0x7030ae43,
        0x43e7b127,0x43b536c9,0x5fca5360,0x006258cf,0x6b557abf,0xe4e3ee79 },
      { 0x24c8b22f,0xbb6b3900,0xfcbf1054,0x2eb5e2c1,0x567492af,0x937b18c9,
        0xacf53957,0xf09432e4,0x1dbf3a56,0x585f5a9d,0xbe0887cf,0xf86751fd } },
    /* 72 */
    { { 0x9d10e0b2,0x157399cb,0x60dc51b7,0x1c0d5956,0x1f583090,0x1d496b8a,
        0x88590484,0x6658bc26,0x03213f28,0x88c08ab7,0x7ae58de4,0x8d2e0f73 },
      { 0x486cfee6,0x9b79bc95,0xe9e5bc57,0x036a26c7,0xcd8ae97a,0x1ad03601,
        0xff3a0494,0x06907f87,0x2c7eb584,0x078f4bbf,0x7e8d0a5a,0xe3731bf5 } },
    /* 73 */
    { { 0xe1cd0abe,0x72f2282b,0x87efefa2,0xd4f9015e,0x6c3834bd,0x9d189806,
        0xb8a29ced,0x9c8cdcc1,0xfee82ebc,0x0601b9f4,0x7206a756,0x371052bc },
      { 0x46f32562,0x76fa1092,0x17351bb4,0xdaad534c,0xb3636bb5,0xc3d64c37,
        0x45d54e00,0x038a8c51,0x32c09e7c,0x301e6180,0x95735151,0x9764eae7 } },
    /* 74 */
    { { 0xcbd5256a,0x8791b19f,0x6ca13a3b,0x4007e0f2,0x4cf06904,0x03b79460,
        0xb6c17589,0xb18a9c22,0x81d45908,0xa1cb7d7d,0x21bb68f1,0x6e13fa9d },
      { 0xa71e6e16,0x47183c62,0xe18749ed,0x5cf0ef8e,0x2e5ed409,0x2c9c7f9b,
        0xe6e117e1,0x042eeacc,0x13fb5a7f,0xb86d4816,0xc9e5feb1,0xea1cf0ed } },
    /* 75 */
    { { 0xcea4cc9b,0x6e6573c9,0xafcec8f3,0x5417961d,0xa438b6f6,0x804bf02a,
        0xdcd4ea88,0xb894b03c,0x3799571f,0xd0f807e9,0x862156e8,0x3466a7f5 },
      { 0x56515664,0x51e59acd,0xa3c5eb0b,0x55b0f93c,0x6a4279db,0x84a06b02,
        0xc5fae08e,0x5c850579,0xa663a1a2,0xcf07b8db,0xf46ffc8d,0x49a36bbc } },
    /* 76 */
    { { 0x46d93106,0xe47f5acc,0xaa897c9c,0x65b7ade0,0x12d7e4be,0x37cf4c94,
        0xd4b2caa9,0xa2ae9b80,0xe60357a3,0x5e7ce09c,0xc8ecd5f9,0x29f77667 },
      { 0xa8a0b1c5,0xdf6868f5,0x62978ad8,0x240858cf,0xdc0002a1,0x0f7ac101,
        0xffe9aa05,0x1d28a9d7,0x5b962c97,0x744984d6,0x3d28c8b2,0xa8a7c00b } },
    /* 77 */
    { { 0xae11a338,0x7c58a852,0xd1af96e7,0xa78613f1,0x5355cc73,0x7e9767d2,
        0x792a2de6,0x6ba37009,0x124386b2,0x7d60f618,0x11157674,0xab09b531 },
      { 0x98eb9dd0,0x95a04841,0x15070328,0xe6c17acc,0x489c6e49,0xafc6da45,
        0xbb211530,0xab45a60a,0x7d7ea933,0xc58d6592,0x095642c6,0xa3ef3c65 } },
    /* 78 */
    { { 0xdf010879,0x89d420e9,0x39576179,0x9d25255d,0xe39513b6,0x9cdefd50,
        0xd5d1c313,0xe4efe45b,0x3f7af771,0xc0149de7,0x340ab06b,0x55a6b4f4 },
      { 0xebeaf771,0xf1325251,0x878d4288,0x2ab44128,0x18e05afe,0xfcd5832e,
        0xcc1fb62b,0xef52a348,0xc1c4792a,0x2bd08274,0x877c6dc7,0x345c5846 } },
    /* 79 */
    { { 0xbea65e90,0xde15ceb0,0x2416d99c,0x0987f72b,0xfd863dec,0x44db578d,
        0xac6a3578,0xf617b74b,0xdb48e999,0x9e62bd7a,0xeab1a1be,0x877cae61 },
      { 0x3a358610,0x23adddaa,0x325e2b07,0x2fc4d6d1,0x1585754e,0x897198f5,
        0xb392b584,0xf741852c,0xb55f7de1,0x9927804c,0x1aa8efae,0xe9e6c4ed } },
    /* 80 */
    { { 0x98683186,0x867db639,0xddcc4ea9,0xfb5cf424,0xd4f0e7bd,0xcc9a7ffe,
        0x7a779f7e,0x7c57f71c,0xd6b25ef2,0x90774079,0xb4081680,0x90eae903 },
      { 0x0ee1fceb,0xdf2aae5e,0xe86c1a1f,0x3ff1da24,0xca193edf,0x80f587d6,
        0xdc9b9d6a,0xa5695523,0x85920303,0x7b840900,0xba6dbdef,0x1efa4dfc } },
    /* 81 */
    { { 0xe0540015,0xfbd838f9,0xc39077dc,0x2c323946,0xad619124,0x8b1fb9e6,
        0x0ca62ea8,0x9612440c,0x2dbe00ff,0x9ad9b52c,0xae197643,0xf52abaa1 },
      { 0x2cac32ad,0xd0e89894,0x62a98f91,0xdfb79e42,0x276f55cb,0x65452ecf,
        0x7ad23e12,0xdb1ac0d2,0xde4986f0,0xf68c5f6a,0x82ce327d,0x389ac37b } },
    /* 82 */
    { { 0xf8e60f5b,0x511188b4,0x48aa2ada,0x7fe67015,0x381abca2,0xdb333cb8,
        0xdaf3fc97,0xb15e6d9d,0x36aabc03,0x4b24f6eb,0x72a748b4,0xc59789df },
      { 0x29cf5279,0x26fcb8a5,0x01ad9a6c,0x7a3c6bfc,0x4b8bac9b,0x866cf88d,
        0x9c80d041,0xf4c89989,0x70add148,0xf0a04241,0x45d81a41,0x5a02f479 } },
    /* 83 */
    { { 0xc1c90202,0xfa5c877c,0xf8ac7570,0xd099d440,0xd17881f7,0x428a5b1b,
        0x5b2501d7,0x61e267db,0xf2e4465b,0xf889bf04,0x76aa4cb8,0x4da3ae08 },
      { 0xe3e66861,0x3ef0fe26,0x3318b86d,0x5e772953,0x747396df,0xc3c35fbc,
        0x439ffd37,0x5115a29c,0xb2d70374,0xbfc4bd97,0x56246b9d,0x088630ea } },
    /* 84 */
    { { 0xb8a9e8c9,0xcd96866d,0x5bb8091e,0xa11963b8,0x045b3cd2,0xc7f90d53,
        0x80f36504,0x755a72b5,0x21d3751c,0x46f8b399,0x53c193de,0x4bffdc91 },
      { 0xb89554e7,0xcd15c049,0xf7a26be6,0x353c6754,0xbd41d970,0x79602370,
        0x12b176c0,0xde16470b,0x40c8809d,0x56ba1175,0xe435fb1e,0xe2db35c3 } },
    /* 85 */
    { { 0x6328e33f,0xd71e4aab,0xaf8136d1,0x5486782b,0x86d57231,0x07a4995f,
        0x1651a968,0xf1f0a5bd,0x76803b6d,0xa5dc5b24,0x42dda935,0x5c587cbc },
      { 0xbae8b4c0,0x2b6cdb32,0xb1331138,0x66d1598b,0x5d7e9614,0x4a23b2d2,
        0x74a8c05d,0x93e402a6,0xda7ce82e,0x45ac94e6,0xe463d465,0xeb9f8281 } },
    /* 86 */
    { { 0xfecf5b9b,0x34e0f9d1,0xf206966a,0xa115b12b,0x1eaa0534,0x5591cf3b,
        0xfb1558f9,0x5f0293cb,0x1bc703a5,0x1c8507a4,0x862c1f81,0x92e6b81c },
      { 0xcdaf24e3,0xcc9ebc66,0x72fcfc70,0x68917ecd,0x8157ba48,0x6dc9a930,
        0xb06ab2b2,0x5d425c08,0x36e929c4,0x362f8ce7,0x62e89324,0x09f6f57c } },
    /* 87 */
    { { 0xd29375fb,0x1c7d6b78,0xe35d1157,0xfabd851e,0x4243ea47,0xf6f62dcd,
        0x8fe30b0f,0x1dd92460,0xffc6e709,0x08166dfa,0x0881e6a7,0xc6c4c693 },
      { 0xd6a53fb0,0x20368f87,0x9eb4d1f9,0x38718e9f,0xafd7e790,0x03f08acd,
        0x72fe2a1c,0x0835eb44,0x88076e5d,0x7e050903,0xa638e731,0x538f765e } },
    /* 88 */
    { { 0xc2663b4b,0x0e0249d9,0x47cd38dd,0xe700ab5b,0x2c46559f,0xb192559d,
        0x4bcde66d,0x8f9f74a8,0x3e2aced5,0xad161523,0x3dd03a5b,0xc155c047 },
      { 0x3be454eb,0x346a8799,0x83b7dccd,0x66ee94db,0xab9d2abe,0x1f6d8378,
        0x7733f355,0x4a396dd2,0xf53553c2,0x419bd40a,0x731dd943,0xd0ead98d } },
    /* 89 */
    { { 0xec142408,0x908e0b0e,0x4114b310,0x98943cb9,0x1742b1d7,0x03dbf7d8,
        0x693412f4,0xd270df6b,0x8f69e20c,0xc5065494,0x697e43a1,0xa76a90c3 },
      { 0x4624825a,0xe0fa3384,0x8acc34c2,0x82e48c0b,0xe9a14f2b,0x7b24bd14,
        0x4db30803,0x4f5dd5e2,0x932da0a3,0x0c77a9e7,0x74c653dc,0x20db90f2 } },
    /* 90 */
    { { 0x0e6c5fd9,0x261179b7,0x6c982eea,0xf8bec123,0xd4957b7e,0x47683338,
        0x0a72f66a,0xcc47e664,0x1bad9350,0xbd54bf6a,0xf454e95a,0xdfbf4c6a },
      { 0x6907f4fa,0x3f7a7afa,0x865ca735,0x7311fae0,0x2a496ada,0x24737ab8,
        0x15feb79b,0x13e425f1,0xa1b93c21,0xe9e97c50,0x4ddd3eb5,0xb26b6eac } },
    /* 91 */
    { { 0x2a2e5f2b,0x81cab9f5,0xbf385ac4,0xf93caf29,0xc909963a,0xf4bf35c3,
        0x74c9143c,0x081e7300,0xc281b4c5,0x3ea57fa8,0x9b340741,0xe497905c },
      { 0x55ab3cfb,0xf556dd8a,0x518db6ad,0xd444b96b,0x5ef4b955,0x34f5425a,
        0xecd26aa3,0xdda7a3ac,0xda655e97,0xb57da11b,0xc2024c70,0x02da3eff } },
    /* 92 */
    { { 0x6481d0d9,0xe24b0036,0x818fdfe2,0x3740dbe5,0x190fda00,0xc1fc1f45,
        0x3cf27fde,0x329c9280,0x6934f43e,0x7435cb53,0x7884e8fe,0x2b505a5d },
      { 0x711adcc9,0x6cfcc6a6,0x531e21e1,0xf034325c,0x9b2a8a99,0xa2f4a967,
        0x3c21bdff,0x9d5f3842,0x31b57d66,0xb25c7811,0x0b8093b9,0xdb5344d8 } },
    /* 93 */
    { { 0xae50a2f5,0x0d72e667,0xe4a861d1,0x9b7f8d8a,0x330df1cb,0xa129f70f,
        0xe04fefc3,0xe90aa5d7,0xe72c3ae1,0xff561ecb,0xcdb955fa,0x0d8fb428 },
      { 0xd7663784,0xd2235f73,0x7e2c456a,0xc05baec6,0x2adbfccc,0xe5c292e4,
        0xefb110d5,0x4fd17988,0xd19d49f3,0x27e57734,0x84f679fe,0x188ac4ce } },
    /* 94 */
    { { 0xa796c53e,0x7ee344cf,0x0868009b,0xbbf6074d,0x474a1295,0x1f1594f7,
        0xac11632d,0x66776edc,0x04e2fa5a,0x1862278b,0xc854a89a,0x52665cf2 },
      { 0x8104ab58,0x7e376464,0x7204fd6d,0x16775913,0x44ea1199,0x86ca06a5,
        0x1c9240dd,0xaa3f765b,0x24746149,0x5f8501a9,0xdcd251d7,0x7b982e30 } },
    /* 95 */
    { { 0xc15f3060,0xe44e9efc,0xa87ebbe6,0x5ad62f2e,0xc79500d4,0x36499d41,
        0x336fa9d1,0xa66d6dc0,0x5afd3b1f,0xf8afc495,0xe5c9822b,0x1d8ccb24 },
      { 0x79d7584b,0x4031422b,0xea3f20dd,0xc54a0580,0x958468c5,0x3f837c8f,
        0xfbea7735,0x3d82f110,0x7dffe2fc,0x679a8778,0x20704803,0x48eba63b } },
    /* 96 */
    { { 0xdf46e2f6,0x89b10d41,0x19514367,0x13ab57f8,0x1d469c87,0x067372b9,
        0x4f6c5798,0x0c195afa,0x272c9acf,0xea43a12a,0x678abdac,0x9dadd8cb },
      { 0xe182579a,0xcce56c6b,0x2d26c2d8,0x86febadb,0x2a44745c,0x1c668ee1,
        0x98dc047a,0x580acd86,0x51b9ec2d,0x5a2b79cc,0x4054f6a0,0x007da608 } },
    /* 97 */
    { { 0x17b00dd0,0x9e3ca352,0x0e81a7a6,0x046779cb,0xd482d871,0xb999fef3,
        0xd9233fbc,0xe6f38134,0xf48cd0e0,0x112c3001,0x3c6c66ae,0x934e7576 },
      { 0xd73234dc,0xb44d4fc3,0x864eafc1,0xfcae2062,0x26bef21a,0x843afe25,
        0xf3b75fdf,0x61355107,0x794c2e6b,0x8367a5aa,0x8548a372,0x3d2629b1 } },
    /* 98 */
    { { 0x437cfaf8,0x6230618f,0x2032c299,0x5b8742cb,0x2293643a,0x949f7247,
        0x09464f79,0xb8040f1a,0x4f254143,0x049462d2,0x366c7e76,0xabd6b522 },
      { 0xd5338f55,0x119b392b,0x01495a0c,0x1a80a9ce,0xf8d7537e,0xf3118ca7,
        0x6bf4b762,0xb715adc2,0xa8482b6c,0x24506165,0x96a7c84d,0xd958d7c6 } },
    /* 99 */
    { { 0xbdc21f31,0x9ad8aa87,0x8063e58c,0xadb3cab4,0xb07dd7b8,0xefd86283,
        0x1be7c6b4,0xc7b9b762,0x015582de,0x2ef58741,0x299addf3,0xc970c52e },
      { 0x22f24d66,0x78f02e2a,0x74cc100a,0xefec1d10,0x09316e1a,0xaf2a6a39,
        0x5849dd49,0xce7c2205,0x96bffc4c,0x9c1fe75c,0x7ba06ec0,0xcad98fd2 } },
    /* 100 */
    { { 0xb648b73e,0xed76e2d0,0x1cfd285e,0xa9f92ce5,0x2ed13de1,0xa8c86c06,
        0xa5191a93,0x1d3a574e,0x1ad1b8bf,0x385cdf8b,0x47d2cfe3,0xbbecc28a },
      { 0x69cec548,0x98d326c0,0xf240a0b2,0x4f5bc1dd,0x29057236,0x241a7062,
        0xc68294a4,0x0fc6e9c5,0xa319f17a,0x4d04838b,0x9ffc1c6f,0x8b612cf1 } },
    /* 101 */
    { { 0x4c3830eb,0x9bb0b501,0x8ee0d0c5,0x3d08f83c,0x79ba9389,0xa4a62642,
        0x9cbc2914,0x5d5d4044,0x074c46f0,0xae9eb83e,0x74ead7d6,0x63bb758f },
      { 0xc6bb29e0,0x1c40d2ea,0x4b02f41e,0x95aa2d87,0x53cb199a,0x92989175,
        0x51584f6d,0xdd91bafe,0x31a1aaec,0x3715efb9,0x46780f9e,0xc1b6ae5b } },
    /* 102 */
    { { 0x42772f41,0xcded3e4b,0x3bcb79d1,0x3a700d5d,0x80feee60,0x4430d50e,
        0xf5e5d4bb,0x444ef1fc,0xe6e358ff,0xc660194f,0x6a91b43c,0xe68a2f32 },
      { 0x977fe4d2,0x5842775c,0x7e2a41eb,0x78fdef5c,0xff8df00e,0x5f3bec02,
        0x5852525d,0xf4b840cd,0x4e6988bd,0x0870483a,0xcc64b837,0x39499e39 } },
    /* 103 */
    { { 0xb08df5fe,0xfc05de80,0x63ba0362,0x0c12957c,0xd5cf1428,0xea379414,
        0x54ef6216,0xc559132a,0xb9e65cf8,0x33d5f12f,0x1695d663,0x09c60278 },
      { 0x61f7a2fb,0x3ac1ced4,0xd4f5eeb8,0xdd838444,0x8318fcad,0x82a38c6c,
        0xe9f1a864,0x315be2e5,0x442daf47,0x317b5771,0x95aa5f9e,0x81b5904a } },
    /* 104 */
    { { 0x8b21d232,0x6b6b1c50,0x8c2cba75,0x87f3dbc0,0xae9f0faf,0xa7e74b46,
        0xbb7b8079,0x036a0985,0x8d974a25,0x4f185b90,0xd9af5ec9,0x5aa7cef0 },
      { 0x57dcfffc,0xe0566a70,0xb8453225,0x6ea311da,0x23368aa9,0x72ea1a8d,
        0x48cd552d,0xed9b2083,0xc80ea435,0xb987967c,0x6c104173,0xad735c75 } },
    /* 105 */
    { { 0xcee76ef4,0xaea85ab3,0xaf1d2b93,0x44997444,0xeacb923f,0x0851929b,
        0x51e3bc0c,0xb080b590,0x59be68a2,0xc4ee1d86,0x64b26cda,0xf00de219 },
      { 0xf2e90d4d,0x8d7fb5c0,0x77d9ec64,0x00e219a7,0x5d1c491c,0xc4e6febd,
        0x1a8f4585,0x080e3754,0x48d2af9c,0x4a9b86c8,0xb6679851,0x2ed70db6 } },
    /* 106 */
    { { 0x586f25cb,0xaee44116,0xa0fcf70f,0xf7b6861f,0x18a350e8,0x55d2cd20,
        0x92dc286f,0x861bf3e5,0x6226aba7,0x9ab18ffa,0xa9857b03,0xd15827be },
      { 0x92e6acef,0x26c1f547,0xac1fbac3,0x422c63c8,0xfcbfd71d,0xa2d8760d,
        0xb2511224,0x35f6a539,0x048d1a21,0xbaa88fa1,0xebf999db,0x49f1abe9 } },
    /* 107 */
    { { 0xf7492b73,0x16f9f4f4,0xcb392b1a,0xcf28ec1e,0x69ca6ffc,0x45b130d4,
        0xb72efa58,0x28ba8d40,0x5ca066f5,0xace987c7,0x4ad022eb,0x3e399246 },
      { 0x752555bb,0x63a2d84e,0x9c2ae394,0xaaa93b4a,0xc89539ca,0xcd80424e,
        0xaa119a99,0x6d6b5a6d,0x379f2629,0xbd50334c,0xef3cc7d3,0x899e925e } },
    /* 108 */
    { { 0xbf825dc4,0xb7ff3651,0x40b9c462,0x0f741cc4,0x5cc4fb5b,0x771ff5a9,
        0x47fd56fe,0xcb9e9c9b,0x5626c0d3,0xbdf053db,0xf7e14098,0xa97ce675 },
      { 0x6c934f5e,0x68afe5a3,0xccefc46f,0x6cd5e148,0xd7a88586,0xc7758570,
        0xdd558d40,0x49978f5e,0x64ae00c1,0xa1d5088a,0xf1d65bb2,0x58f2a720 } },
    /* 109 */
    { { 0x3e4daedb,0x66fdda4a,0x65d1b052,0x38318c12,0x4c4bbf5c,0x28d910a2,
        0x78a9cd14,0x762fe5c4,0xd2cc0aee,0x08e5ebaa,0xca0c654c,0xd2cdf257 },
      { 0x08b717d2,0x48f7c58b,0x386cd07a,0x3807184a,0xae7d0112,0x3240f626,
        0xc43917b0,0x03e9361b,0x20aea018,0xf261a876,0x7e1e6372,0x53f556a4 } },
    /* 110 */
    { { 0x2f512a90,0xc84cee56,0x1b0ea9f1,0x24b3c004,0xe26cc1ea,0x0ee15d2d,
        0xf0c9ef7d,0xd848762c,0xd5341435,0x1026e9c5,0xfdb16b31,0x8f5b73dc },
      { 0xd2c75d95,0x1f69bef2,0xbe064dda,0x8d33d581,0x57ed35e6,0x8c024c12,
        0xc309c281,0xf8d435f9,0xd6960193,0xfd295061,0xe9e49541,0x66618d78 } },
    /* 111 */
    { { 0x8ce382de,0x571cfd45,0xde900dde,0x175806ee,0x34aba3b5,0x61849965,
        0xde7aec95,0xe899778a,0xff4aa97f,0xe8f00f6e,0x010b0c6d,0xae971cb5 },
      { 0x3af788f1,0x1827eebc,0xe413fe2d,0xd46229ff,0x4741c9b4,0x8a15455b,
        0xf8e424eb,0x5f02e690,0xdae87712,0x40a1202e,0x64944f6d,0x49b3bda2 } },
    /* 112 */
    { { 0x035b2d69,0xd63c6067,0x6bed91b0,0xb507150d,0x7afb39b2,0x1f35f82f,
        0x16012b66,0xb9bd9c01,0xed0a5f50,0x00d97960,0x2716f7c9,0xed705451 },
      { 0x127abdb4,0x1576eff4,0xf01e701c,0x6850d698,0x3fc87e2f,0x9fa7d749,
        0xb0ce3e48,0x0b6bcc6f,0xf7d8c1c0,0xf4fbe1f5,0x02719cc6,0xcf75230e } },
    /* 113 */
    { { 0x722d94ed,0x6761d6c2,0x3718820e,0xd1ec3f21,0x25d0e7c6,0x65a40b70,
        0xbaf3cf31,0xd67f830e,0xb93ea430,0x633b3807,0x0bc96c69,0x17faa0ea },
      { 0xdf866b98,0xe6bf3482,0xa9db52d4,0x205c1ee9,0xff9ab869,0x51ef9bbd,
        0x75eeb985,0x3863dad1,0xd3cf442a,0xef216c3b,0xf9c8e321,0x3fb228e3 } },
    /* 114 */
    { { 0x0760ac07,0x94f9b70c,0x9d79bf4d,0xf3c9ccae,0xc5ffc83d,0x73cea084,
        0xdc49c38e,0xef50f943,0xbc9e7330,0xf467a2ae,0x44ea7fba,0x5ee534b6 },
      { 0x03609e7f,0x20cb6272,0x62fdc9f0,0x09844355,0x0f1457f7,0xaf5c8e58,
        0xb4b25941,0xd1f50a6c,0x2ec82395,0x77cb247c,0xda3dca33,0xa5f3e1e5 } },
    /* 115 */
    { { 0x7d85fa94,0x023489d6,0x2db9ce47,0x0ba40537,0xaed7aad1,0x0fdf7a1f,
        0x9a4ccb40,0xa57b0d73,0x5b18967c,0x48fcec99,0xb7274d24,0xf30b5b6e },
      { 0xc81c5338,0x7ccb4773,0xa3ed6bd0,0xb85639e6,0x1d56eada,0x7d9df95f,
        0x0a1607ad,0xe256d57f,0x957574d6,0x6da7ffdc,0x01c7a8c4,0x65f84046 } },
    /* 116 */
    { { 0xcba1e7f1,0x8d45d0cb,0x02b55f64,0xef0a08c0,0x17e19892,0x771ca31b,
        0x4885907e,0xe1843ecb,0x364ce16a,0x67797ebc,0x8df4b338,0x816d2b2d },
      { 0x39aa8671,0xe870b0e5,0xc102b5f5,0x9f0db3e4,0x1720c697,0x34296659,
        0x613c0d2a,0x0ad4c89e,0x418ddd61,0x1af900b2,0xd336e20e,0xe087ca72 } },
    /* 117 */
    { { 0xaba10079,0x222831ff,0x6d64fff2,0x0dc5f87b,0x3e8cb330,0x44547907,
        0x702a33fb,0xe815aaa2,0x5fba3215,0x338d6b2e,0x79f549c8,0x0f7535cb },
      { 0x2ee95923,0x471ecd97,0xc6d1c09f,0x1e868b37,0xc666ef4e,0x2bc7b8ec,
        0x808a4bfc,0xf5416589,0x3fbc4d2e,0xf23e9ee2,0x2d75125b,0x4357236c } },
    /* 118 */
    { { 0xba9cdb1b,0xfe176d95,0x2f82791e,0x45a1ca01,0x4de4cca2,0x97654af2,
        0x5cc4bcb9,0xbdbf9d0e,0xad97ac0a,0xf6a7df50,0x61359fd6,0xc52112b0 },
      { 0x4f05eae3,0x696d9ce3,0xe943ac2b,0x903adc02,0x0848be17,0xa9075347,
        0x2a3973e5,0x1e20f170,0x6feb67e9,0xe1aacc1c,0xe16bc6b9,0x2ca0ac32 } },
    /* 119 */
    { { 0xef871eb5,0xffea12e4,0xa8bf0a7a,0x94c2f25d,0x78134eaa,0x4d1e4c2a,
        0x0360fb10,0x11ed16fb,0x85fc11be,0x4029b6db,0xf4d390fa,0x5e9f7ab7 },
      { 0x30646612,0x5076d72f,0xdda1d0d8,0xa0afed1d,0x85a1d103,0x29022257,
        0x4e276bcd,0xcb499e17,0x51246c3d,0x16d1da71,0x589a0443,0xc72d56d3 } },
    /* 120 */
    { { 0xdae5bb45,0xdf5ffc74,0x261bd6dc,0x99068c4a,0xaa98ec7b,0xdc0afa7a,
        0xf121e96d,0xedd2ee00,0x1414045c,0x163cc7be,0x335af50e,0xb0b1bbce },
      { 0x01a06293,0xd440d785,0x6552e644,0xcdebab7c,0x8c757e46,0x48cb8dbc,
        0x3cabe3cb,0x81f9cf78,0xb123f59a,0xddd02611,0xeeb3784d,0x3dc7b88e } },
    /* 121 */
    { { 0xc4741456,0xe1b8d398,0x6032a121,0xa9dfa902,0x1263245b,0x1cbfc86d,
        0x5244718c,0xf411c762,0x05b0fc54,0x96521d54,0xdbaa4985,0x1afab46e },
      { 0x8674b4ad,0xa75902ba,0x5ad87d12,0x486b43ad,0x36e0d099,0x72b1c736,
        0xbb6cd6d6,0x39890e07,0x59bace4e,0x8128999c,0x7b535e33,0xd8da430b } },
    /* 122 */
    { { 0xc6b75791,0x39f65642,0x21806bfb,0x050947a6,0x1362ef84,0x0ca3e370,
        0x8c3d2391,0x9bc60aed,0x732e1ddc,0x9b488671,0xa98ee077,0x12d10d9e },
      { 0x3651b7dc,0xb6f2822d,0x80abd138,0x6345a5ba,0x472d3c84,0x62033262,
        0xacc57527,0xd54a1d40,0x424447cb,0x6ea46b3a,0x2fb1a496,0x5bc41057 } },
    /* 123 */
    { { 0xa751cd0e,0xe70c57a3,0xeba3c7d6,0x190d8419,0x9d47d55a,0xb1c3bee7,
        0xf912c6d8,0xda941266,0x407a6ad6,0x12e9aacc,0x6e838911,0xd6ce5f11 },
      { 0x70e1f2ce,0x063ca97b,0x8213d434,0xa3e47c72,0x84df810a,0xa016e241,
        0xdfd881a4,0x688ad7b0,0xa89bf0ad,0xa37d99fc,0xa23c2d23,0xd8e3f339 } },
    /* 124 */
    { { 0x750bed6f,0xbdf53163,0x83e68b0a,0x808abc32,0x5bb08a33,0x85a36627,
        0x6b0e4abe,0xf72a3a0f,0xfaf0c6ad,0xf7716d19,0x5379b25f,0x22dcc020 },
      { 0xf9a56e11,0x7400bf8d,0x56a47f21,0x6cb8bad7,0x7a6eb644,0x7c97176f,
        0xd1f5b646,0xe8fd84f7,0x44ddb054,0x98320a94,0x1dde86f5,0x07071ba3 } },
    /* 125 */
    { { 0x98f8fcb9,0x6fdfa0e5,0x94d0d70c,0x89cec8e0,0x106d20a8,0xa0899397,
        0xba8acc9c,0x915bfb9a,0x5507e01c,0x1370c94b,0x8a821ffb,0x83246a60 },
      { 0xbe3c378f,0xa8273a9f,0x35a25be9,0x7e544789,0x4dd929d7,0x6cfa4972,
        0x365bd878,0x987fed9d,0x5c29a7ae,0x4982ac94,0x5ddd7ec5,0x4589a5d7 } },
    /* 126 */
    { { 0xa95540a9,0x9fabb174,0x0162c5b0,0x7cfb886f,0xea3dee18,0x17be766b,
        0xe88e624c,0xff7da41f,0x8b919c38,0xad0b71eb,0xf31ff9a9,0x86a522e0 },
      { 0x868bc259,0xbc8e6f72,0x3ccef9e4,0x6130c638,0x9a466555,0x09f1f454,
        0x19b2bfb4,0x8e6c0f09,0x0ca7bb22,0x945c46c9,0x4dafb67b,0xacd87168 } },
    /* 127 */
    { { 0x10c53841,0x090c72ca,0x55a4fced,0xc20ae01b,0xe10234ad,0x03f7ebd5,
        0x85892064,0xb3f42a6a,0xb4a14722,0xbdbc30c0,0x8ca124cc,0x971bc437 },
      { 0x517ff2ff,0x6f79f46d,0xecba947b,0x6a9c96e2,0x62925122,0x5e79f2f4,
        0x6a4e91f1,0x30a96bb1,0x2d4c72da,0x1147c923,0x5811e4df,0x65bc311f } },
    /* 128 */
    { { 0x139b3239,0x87c7dd7d,0x4d833bae,0x8b57824e,0x9fff0015,0xbcbc4878,
        0x909eaf1a,0x8ffcef8b,0xf1443a78,0x9905f4ee,0xe15cbfed,0x020dd4a2 },
      { 0xa306d695,0xca2969ec,0xb93caf60,0xdf940cad,0x87ea6e39,0x67f7fab7,
        0xf98c4fe5,0x0d0ee10f,0xc19cb91e,0xc646879a,0x7d1d7ab4,0x4b4ea50c } },
    /* 129 */
    { { 0x7a0db57e,0x19e40945,0x9a8c9702,0xe6017cad,0x1be5cff9,0xdbf739e5,
        0xa7a938a2,0x3646b3cd,0x68350dfc,0x04511085,0x56e098b5,0xad3bd6f3 },
      { 0xee2e3e3e,0x935ebabf,0x473926cb,0xfbd01702,0x9e9fb5aa,0x7c735b02,
        0x2e3feff0,0xc52a1b85,0x046b405a,0x9199abd3,0x39039971,0xe306fcec } },
    /* 130 */
    { { 0x23e4712c,0xd6d9aec8,0xc3c198ee,0x7ca8376c,0x31bebd8a,0xe6d83187,
        0xd88bfef3,0xed57aff3,0xcf44edc7,0x72a645ee,0x5cbb1517,0xd4e63d0b },
      { 0xceee0ecf,0x98ce7a1c,0x5383ee8e,0x8f012633,0xa6b455e8,0x3b879078,
        0xc7658c06,0xcbcd3d96,0x0783336a,0x721d6fe7,0x5a677136,0xf21a7263 } },
    /* 131 */
    { { 0x9586ba11,0x19d8b3cd,0x8a5c0480,0xd9e0aeb2,0x2230ef5c,0xe4261dbf,
        0x02e6bf09,0x095a9dee,0x80dc7784,0x8963723c,0x145157b1,0x5c97dbaf },
      { 0x4bc4503e,0x97e74434,0x85a6b370,0x0fb1cb31,0xcd205d4b,0x3e8df2be,
        0xf8f765da,0x497dd1bc,0x6c988a1a,0x92ef95c7,0x64dc4cfa,0x3f924baa } },
    /* 132 */
    { { 0x7268b448,0x6bf1b8dd,0xefd79b94,0xd4c28ba1,0xe4e3551f,0x2fa1f8c8,
        0x5c9187a9,0x769e3ad4,0x40326c0d,0x28843b4d,0x50d5d669,0xfefc8094 },
      { 0x90339366,0x30c85bfd,0x5ccf6c3a,0x4eeb56f1,0x28ccd1dc,0x0e72b149,
        0xf2ce978e,0x73ee85b5,0x3165bb23,0xcdeb2bf3,0x4e410abf,0x8106c923 } },
    /* 133 */
    { { 0x7d02f4ee,0xc8df0161,0x18e21225,0x8a781547,0x6acf9e40,0x4ea895eb,
        0x6e5a633d,0x8b000cb5,0x7e981ffb,0xf31d86d5,0x4475bc32,0xf5c8029c },
      { 0x1b568973,0x764561ce,0xa62996ec,0x2f809b81,0xda085408,0x9e513d64,
        0xe61ce309,0xc27d815d,0x272999e0,0x0da6ff99,0xfead73f7,0xbd284779 } },
    /* 134 */
    { { 0x9b1cdf2b,0x6033c2f9,0xbc5fa151,0x2a99cf06,0x12177b3b,0x7d27d259,
        0xc4485483,0xb1f15273,0x102e2297,0x5fd57d81,0xc7f6acb7,0x3d43e017 },
      { 0x3a70eb28,0x41a8bb0b,0x3e80b06b,0x67de2d8e,0x70c28de5,0x09245a41,
        0xa7b26023,0xad7dbcb1,0x2cbc6c1e,0x70b08a35,0x9b33041f,0xb504fb66 } },
    /* 135 */
    { { 0xf97a27c2,0xa8e85ab5,0xc10a011b,0x6ac5ec8b,0xffbcf161,0x55745533,
        0x65790a60,0x01780e85,0x99ee75b0,0xe451bf85,0x39c29881,0x8907a63b },
      { 0x260189ed,0x76d46738,0x47bd35cb,0x284a4436,0x20cab61e,0xd74e8c40,
        0x416cf20a,0x6264bf8c,0x5fd820ce,0xfa5a6c95,0xf24bb5fc,0xfa7154d0 } },
    /* 136 */
    { { 0x9b3f5034,0x18482cec,0xcd9e68fd,0x962d445a,0x95746f23,0x266fb1d6,
        0x58c94a4b,0xc66ade5a,0xed68a5b6,0xdbbda826,0x7ab0d6ae,0x05664a4d },
      { 0x025e32fc,0xbcd4fe51,0xa96df252,0x61a5aebf,0x31592a31,0xd88a07e2,
        0x98905517,0x5d9d94de,0x5fd440e7,0x96bb4010,0xe807db4c,0x1b0c47a2 } },
    /* 137 */
    { { 0x08223878,0x5c2a6ac8,0xe65a5558,0xba08c269,0x9bbc27fd,0xd22b1b9b,
        0x72b9607d,0x919171bf,0xe588dc58,0x9ab455f9,0x23662d93,0x6d54916e },
      { 0x3b1de0c1,0x8da8e938,0x804f278f,0xa84d186a,0xd3461695,0xbf4988cc,
        0xe10eb0cb,0xf5eae3be,0xbf2a66ed,0x1ff8b68f,0xc305b570,0xa68daf67 } },
    /* 138 */
    { { 0x44b2e045,0xc1004cff,0x4b1c05d4,0x91b5e136,0x88a48a07,0x53ae4090,
        0xea11bb1a,0x73fb2995,0x3d93a4ea,0x32048570,0x3bfc8a5f,0xcce45de8 },
      { 0xc2b3106e,0xaff4a97e,0xb6848b4f,0x9069c630,0xed76241c,0xeda837a6,
        0x6cc3f6cf,0x8a0daf13,0x3da018a8,0x199d049d,0xd9093ba3,0xf867c6b1 } },
    /* 139 */
    { { 0x56527296,0xe4d42a56,0xce71178d,0xae26c73d,0x6c251664,0x70a0adac,
        0x5dc0ae1d,0x813483ae,0xdaab2daf,0x7574eacd,0xc2d55f4f,0xc56b52dc },
      { 0x95f32923,0x872bc167,0x5bdd2a89,0x4be17581,0xa7699f00,0x9b57f1e7,
        0x3ac2de02,0x5fcd9c72,0x92377739,0x83af3ba1,0xfc50b97f,0xa64d4e2b } },
    /* 140 */
    { { 0x0e552b40,0x2172dae2,0xd34d52e8,0x62f49725,0x07958f98,0x7930ee40,
        0x751fdd74,0x56da2a90,0xf53e48c3,0xf1192834,0x8e53c343,0x34d2ac26 },
      { 0x13111286,0x1073c218,0xda9d9827,0x201dac14,0xee95d378,0xec2c29db,
        0x1f3ee0b1,0x9316f119,0x544ce71c,0x7890c9f0,0x27612127,0xd77138af } },
    /* 141 */
    { { 0x3b4ad1cd,0x78045e6d,0x4aa49bc1,0xcd86b94e,0xfd677a16,0x57e51f1d,
        0xfa613697,0xd9290935,0x34f4d893,0x7a3f9593,0x5d5fcf9b,0x8c9c248b },
      { 0x6f70d4e9,0x9f23a482,0x63190ae9,0x17273454,0x5b081a48,0x4bdd7c13,
        0x28d65271,0x1e2de389,0xe5841d1f,0x0bbaaa25,0x746772e5,0xc4c18a79 } },
    /* 142 */
    { { 0x593375ac,0x10ee2681,0x7dd5e113,0x4f3288be,0x240f3538,0x9a97b2fb,
        0x1de6b1e2,0xfa11089f,0x1351bc58,0x516da562,0x2dfa85b5,0x573b6119 },
      { 0x6cba7df5,0x89e96683,0x8c28ab40,0xf299be15,0xad43fcbf,0xe91c9348,
        0x9a1cefb3,0xe9bbc7cc,0x738b2775,0xc8add876,0x775eaa01,0x6e3b1f2e } },
    /* 143 */
    { { 0xb677788b,0x0365a888,0x3fd6173c,0x634ae8c4,0x9e498dbe,0x30498761,
        0xc8f779ab,0x08c43e6d,0x4c09aca9,0x068ae384,0x2018d170,0x2380c70b },
      { 0xa297c5ec,0xcf77fbc3,0xca457948,0xdacbc853,0x336bec7e,0x3690de04,
        0x14eec461,0x26bbac64,0x1f713abf,0xd1c23c7e,0xe6fd569e,0xf08bbfcd } },
    /* 144 */
    { { 0x84770ee3,0x5f8163f4,0x744a1706,0x0e0c7f94,0xe1b2d46d,0x9c8f05f7,
        0xd01fd99a,0x417eafe7,0x11440e5b,0x2ba15df5,0x91a6fbcf,0xdc5c552a },
      { 0xa270f721,0x86271d74,0xa004485b,0x32c0a075,0x8defa075,0x9d1a87e3,
        0xbf0d20fe,0xb590a7ac,0x8feda1f5,0x430c41c2,0x58f6ec24,0x454d2879 } },
    /* 145 */
    { { 0x7c525435,0x52b7a635,0x37c4bdbc,0x3d9ef57f,0xdffcc475,0x2bb93e9e,
        0x7710f3be,0xf7b8ba98,0x21b727de,0x42ee86da,0x2e490d01,0x55ac3f19 },
      { 0xc0c1c390,0x487e3a6e,0x446cde7b,0x036fb345,0x496ae951,0x089eb276,
        0x71ed1234,0xedfed4d9,0x900f0b46,0x661b0dd5,0x8582f0d3,0x11bd6f1b } },
    /* 146 */
    { { 0x076bc9d1,0x5cf9350f,0xcf3cd2c3,0x15d903be,0x25af031c,0x21cfc8c2,
        0x8b1cc657,0xe0ad3248,0x70014e87,0xdd9fb963,0x297f1658,0xf0f3a5a1 },
      { 0xf1f703aa,0xbb908fba,0x2f6760ba,0x2f9cc420,0x66a38b51,0x00ceec66,
        0x05d645da,0x4deda330,0xf7de3394,0xb9cf5c72,0x1ad4c906,0xaeef6502 } },
    /* 147 */
    { { 0x7a19045d,0x0583c8b1,0xd052824c,0xae7c3102,0xff6cfa58,0x2a234979,
        0x62c733c0,0xfe9dffc9,0x9c0c4b09,0x3a7fa250,0x4fe21805,0x516437bb },
      { 0xc2a23ddb,0x9454e3d5,0x289c104e,0x0726d887,0x4fd15243,0x8977d918,
        0x6d7790ba,0xc559e73f,0x465af85f,0x8fd3e87d,0x5feee46b,0xa2615c74 } },
    /* 148 */
    { { 0x4335167d,0xc8d607a8,0xe0f5c887,0x8b42d804,0x398d11f9,0x5f9f13df,
        0x20740c67,0x5aaa5087,0xa3d9234b,0x83da9a6a,0x2a54bad1,0xbd3a5c4e },
      { 0x2db0f658,0xdd13914c,0x5a3f373a,0x29dcb66e,0x5245a72b,0xbfd62df5,
        0x91e40847,0x19d18023,0xb136b1ae,0xd9df74db,0x3f93bc5b,0x72a06b6b } },
    /* 149 */
    { { 0xad19d96f,0x6da19ec3,0xfb2a4099,0xb342daa4,0x662271ea,0x0e61633a,
        0xce8c054b,0x3bcece81,0x8bd62dc6,0x7cc8e061,0xee578d8b,0xae189e19 },
      { 0xdced1eed,0x73e7a25d,0x7875d3ab,0xc1257f0a,0x1cfef026,0x2cb2d5a2,
        0xb1fdf61c,0xd98ef39b,0x24e83e6c,0xcd8e6f69,0xc7b7088b,0xd71e7076 } },
    /* 150 */
    { { 0x9d4245bf,0x33936830,0x2ac2953b,0x22d96217,0x56c3c3cd,0xb3bf5a82,
        0x0d0699e8,0x50c9be91,0x8f366459,0xec094463,0x513b7c35,0x6c056dba },
      { 0x045ab0e3,0x687a6a83,0x445c9295,0x8d40b57f,0xa16f5954,0x0f345048,
        0x3d8f0a87,0x64b5c639,0x9f71c5e2,0x106353a2,0x874f0dd4,0xdd58b475 } },
    /* 151 */
    { { 0x62230c72,0x67ec084f,0x481385e3,0xf14f6cca,0x4cda7774,0xf58bb407,
        0xaa2dbb6b,0xe15011b1,0x0c035ab1,0xd488369d,0x8245f2fd,0xef83c24a },
      { 0x9fdc2538,0xfb57328f,0x191fe46a,0x79808293,0x32ede548,0xe28f5c44,
        0xea1a022c,0x1b3cda99,0x3df2ec7f,0x39e639b7,0x760e9a18,0x77b6272b } },
    /* 152 */
    { { 0xa65d56d5,0x2b1d51bd,0x7ea696e0,0x3a9b71f9,0x9904f4c4,0x95250ecc,
        0xe75774b7,0x8bc4d6eb,0xeaeeb9aa,0x0e343f8a,0x930e04cb,0xc473c1d1 },
      { 0x064cd8ae,0x282321b1,0x5562221c,0xf4b4371e,0xd1bf1221,0xc1cc81ec,
        0xe2c8082f,0xa52a07a9,0xba64a958,0x350d8e59,0x6fb32c9a,0x29e4f3de } },
    /* 153 */
    { { 0xba89aaa5,0x0aa9d56c,0xc4c6059e,0xf0208ac0,0xbd6ddca4,0x7400d9c6,
        0xf2c2f74a,0xb384e475,0xb1562dd3,0x4c1061fc,0x2e153b8d,0x3924e248 },
      { 0x849808ab,0xf38b8d98,0xa491aa36,0x29bf3260,0x88220ede,0x85159ada,
        0xbe5bc422,0x8b47915b,0xd7300967,0xa934d72e,0x2e515d0d,0xc4f30398 } },
    /* 154 */
    { { 0x1b1de38b,0xe3e9ee42,0x42636760,0xa124e25a,0x90165b1a,0x90bf73c0,
        0x146434c5,0x21802a34,0x2e1fa109,0x54aa83f2,0xed9c51e9,0x1d4bd03c },
      { 0x798751e6,0xc2d96a38,0x8c3507f5,0xed27235f,0xc8c24f88,0xb5fb80e2,
        0xd37f4f78,0xf873eefa,0xf224ba96,0x7229fd74,0x9edd7149,0x9dcd9199 } },
    /* 155 */
    { { 0x4e94f22a,0xee9f81a6,0xf71ec341,0xe5609892,0xa998284e,0x6c818ddd,
        0x3b54b098,0x9fd47295,0x0e8a7cc9,0x47a6ac03,0xb207a382,0xde684e5e },
      { 0x2b6b956b,0x4bdd1ecd,0xf01b3583,0x09084414,0x55233b14,0xe2f80b32,
        0xef5ebc5e,0x5a0fec54,0xbf8b29a2,0x74cf25e6,0x7f29e014,0x1c757fa0 } },
    /* 156 */
    { { 0xeb0fdfe4,0x1bcb5c4a,0xf0899367,0xd7c649b3,0x05bc083b,0xaef68e3f,
        0xa78aa607,0x57a06e46,0x21223a44,0xa2136ecc,0x52f5a50b,0x89bd6484 },
      { 0x4455f15a,0x724411b9,0x08a9c0fd,0x23dfa970,0x6db63bef,0x7b0da4d1,
        0xfb162443,0x6f8a7ec1,0xe98284fb,0xc1ac9cee,0x33566022,0x085a582b } },
    /* 157 */
    { { 0xec1f138a,0x15cb61f9,0x668f0c28,0x11c9a230,0xdf93f38f,0xac829729,
        0x4048848d,0xcef25698,0x2bba8fbf,0x3f686da0,0x111c619a,0xed5fea78 },
      { 0xd6d1c833,0x9b4f73bc,0x86e7bf80,0x50951606,0x042b1d51,0xa2a73508,
        0x5fb89ec2,0x9ef6ea49,0x5ef8b892,0xf1008ce9,0x9ae8568b,0x78a7e684 } },
    /* 158 */
    { { 0x10470cd8,0x3fe83a7c,0xf86df000,0x92734682,0xda9409b5,0xb5dac06b,
        0x94939c5f,0x1e7a9660,0x5cc116dc,0xdec6c150,0x66bac8cc,0x1a52b408 },
      { 0x6e864045,0x5303a365,0x9139efc1,0x45eae72a,0x6f31d54f,0x83bec646,
        0x6e958a6d,0x2fb4a86f,0x4ff44030,0x6760718e,0xe91ae0df,0x008117e3 } },
    /* 159 */
    { { 0x384310a2,0x5d5833ba,0x1fd6c9fc,0xbdfb4edc,0x849c4fb8,0xb9a4f102,
        0x581c1e1f,0xe5fb239a,0xd0a9746d,0xba44b2e7,0x3bd942b9,0x78f7b768 },
      { 0xc87607ae,0x076c8ca1,0xd5caaa7e,0x82b23c2e,0x2763e461,0x6a581f39,
        0x3886df11,0xca8a5e4a,0x264e7f22,0xc87e90cf,0x215cfcfc,0x04f74870 } },
    /* 160 */
    { { 0x141d161c,0x5285d116,0x93c4ed17,0x67cd2e0e,0x7c36187e,0x12c62a64,
        0xed2584ca,0xf5329539,0x42fbbd69,0xc4c777c4,0x1bdfc50a,0x107de776 },
      { 0xe96beebd,0x9976dcc5,0xa865a151,0xbe2aff95,0x9d8872af,0x0e0a9da1,
        0xa63c17cc,0x5e357a3d,0xe15cc67c,0xd31fdfd8,0x7970c6d8,0xc44bbefd } },
    /* 161 */
    { { 0x4c0c62f1,0x703f83e2,0x4e195572,0x9b1e28ee,0xfe26cced,0x6a82858b,
        0xc43638fa,0xd381c84b,0xa5ba43d8,0x94f72867,0x10b82743,0x3b4a783d },
      { 0x7576451e,0xee1ad7b5,0x14b6b5c8,0xc3d0b597,0xfcacc1b8,0x3dc30954,
        0x472c9d7b,0x55df110e,0x02f8a328,0x97c86ed7,0x88dc098f,0xd0433413 } },
    /* 162 */
    { { 0x2ca8f2fe,0x1a60d152,0x491bd41f,0x61640948,0x58dfe035,0x6dae29a5,
        0x278e4863,0x9a615bea,0x9ad7c8e5,0xbbdb4477,0x2ceac2fc,0x1c706630 },
      { 0x99699b4b,0x5e2b54c6,0x239e17e8,0xb509ca6d,0xea063a82,0x728165fe,
        0xb6a22e02,0x6b5e609d,0xb26ee1df,0x12813905,0x439491fa,0x07b9f722 } },
    /* 163 */
    { { 0x48ff4e49,0x1592ec14,0x6d644129,0x3e4e9f17,0x1156acc0,0x7acf8288,
        0xbb092b0b,0x5aa34ba8,0x7d38393d,0xcd0f9022,0xea4f8187,0x416724dd },
      { 0xc0139e73,0x3c4e641c,0x91e4d87d,0xe0fe46cf,0xcab61f8a,0xedb3c792,
        0xd3868753,0x4cb46de4,0x20f1098a,0xe449c21d,0xf5b8ea6e,0x5e5fd059 } },
    /* 164 */
    { { 0x75856031,0x7fcadd46,0xeaf2fbd0,0x89c7a4cd,0x7a87c480,0x1af523ce,
        0x61d9ae90,0xe5fc1095,0xbcdb95f5,0x3fb5864f,0xbb5b2c7d,0xbeb5188e },
      { 0x3ae65825,0x3d1563c3,0x0e57d641,0x116854c4,0x1942ebd3,0x11f73d34,
        0xc06955b3,0x24dc5904,0x995a0a62,0x8a0d4c83,0x5d577b7d,0xfb26b86d } },
    /* 165 */
    { { 0xc686ae17,0xc53108e7,0xd1c1da56,0x9090d739,0x9aec50ae,0x4583b013,
        0xa49a6ab2,0xdd9a088b,0xf382f850,0x28192eea,0xf5fe910e,0xcc8df756 },
      { 0x9cab7630,0x877823a3,0xfb8e7fc1,0x64984a9a,0x364bfc16,0x5448ef9c,
        0xc44e2a9a,0xbbb4f871,0x435c95e9,0x901a41ab,0xaaa50a06,0xc6c23e5f } },
    /* 166 */
    { { 0x9034d8dd,0xb78016c1,0x0b13e79b,0x856bb44b,0xb3241a05,0x85c6409a,
        0x2d78ed21,0x8d2fe19a,0x726eddf2,0xdcc7c26d,0x25104f04,0x3ccaff5f },
      { 0x6b21f843,0x397d7edc,0xe975de4c,0xda88e4dd,0x4f5ab69e,0x5273d396,
        0x9aae6cc0,0x537680e3,0x3e6f9461,0xf749cce5,0x957bffd3,0x021ddbd9 } },
    /* 167 */
    { { 0x777233cf,0x7b64585f,0x0942a6f0,0xfe6771f6,0xdfe6eef0,0x636aba7a,
        0x86038029,0x63bbeb56,0xde8fcf36,0xacee5842,0xd4a20524,0x48d9aa99 },
      { 0x0da5e57a,0xcff7a74c,0xe549d6c9,0xc232593c,0xf0f2287b,0x68504bcc,
        0xbc8360b5,0x6d7d098d,0x5b402f41,0xeac5f149,0xb87d1bf1,0x61936f11 } },
    /* 168 */
    { { 0xb8153a9d,0xaa9da167,0x9e83ecf0,0xa49fe3ac,0x1b661384,0x14c18f8e,
        0x38434de1,0x61c24dab,0x283dae96,0x3d973c3a,0x82754fc9,0xc99baa01 },
      { 0x4c26b1e3,0x477d198f,0xa7516202,0x12e8e186,0x362addfa,0x386e52f6,
        0xc3962853,0x31e8f695,0x6aaedb60,0xdec2af13,0x29cf74ac,0xfcfdb4c6 } },
    /* 169 */
    { { 0xcca40298,0x6b3ee958,0xf2f5d195,0xc3878153,0xed2eae5b,0x0c565630,
        0x3a697cf2,0xd089b37e,0xad5029ea,0xc2ed2ac7,0x0f0dda6a,0x7e5cdfad },
      { 0xd9b86202,0xf98426df,0x4335e054,0xed1960b1,0x3f14639e,0x1fdb0246,
        0x0db6c670,0x17f709c3,0x773421e1,0xbfc687ae,0x26c1a8ac,0x13fefc4a } },
    /* 170 */
    { { 0x7ffa0a5f,0xe361a198,0xc63fe109,0xf4b26102,0x6c74e111,0x264acbc5,
        0x77abebaf,0x4af445fa,0x24cddb75,0x448c4fdd,0x44506eea,0x0b13157d },
      { 0x72e9993d,0x22a6b159,0x85e5ecbe,0x2c3c57e4,0xfd83e1a1,0xa673560b,
        0xc3b8c83b,0x6be23f82,0x40bbe38e,0x40b13a96,0xad17399b,0x66eea033 } },
    /* 171 */
    { { 0xb4c6c693,0x49fc6e95,0x36af7d38,0xefc735de,0x35fe42fc,0xe053343d,
        0x6a9ab7c3,0xf0aa427c,0x4a0fcb24,0xc79f0436,0x93ebbc50,0x16287243 },
      { 0x16927e1e,0x5c3d6bd0,0x673b984c,0x40158ed2,0x4cd48b9a,0xa7f86fc8,
        0x60ea282d,0x1643eda6,0xe2a1beed,0x45b393ea,0x19571a94,0x664c839e } },
    /* 172 */
    { { 0x27eeaf94,0x57745750,0xea99e1e7,0x2875c925,0x5086adea,0xc127e7ba,
        0x86fe424f,0x765252a0,0x2b6c0281,0x1143cc6c,0xd671312d,0xc9bb2989 },
      { 0x51acb0a5,0x880c337c,0xd3c60f78,0xa3710915,0x9262b6ed,0x496113c0,
        0x9ce48182,0x5d25d9f8,0xb3813586,0x53b6ad72,0x4c0e159c,0x0ea3bebc } },
    /* 173 */
    { { 0xc5e49bea,0xcaba450a,0x7c05da59,0x684e5415,0xde7ac36c,0xa2e9cab9,
        0x2e6f957b,0x4ca79b5f,0x09b817b1,0xef7b0247,0x7d89df0f,0xeb304990 },
      { 0x46fe5096,0x508f7307,0x2e04eaaf,0x695810e8,0x3512f76c,0x88ef1bd9,
        0x3ebca06b,0x77661351,0xccf158b7,0xf7d4863a,0x94ee57da,0xb2a81e44 } },
    /* 174 */
    { { 0x6d53e6ba,0xff288e5b,0x14484ea2,0xa90de1a9,0xed33c8ec,0x2fadb60c,
        0x28b66a40,0x579d6ef3,0xec24372d,0x4f2dd6dd,0x1d66ec7d,0xe9e33fc9 },
      { 0x039eab6e,0x110899d2,0x3e97bb5e,0xa31a667a,0xcfdce68e,0x6200166d,
        0x5137d54b,0xbe83ebae,0x4800acdf,0x085f7d87,0x0c6f8c86,0xcf4ab133 } },
    /* 175 */
    { { 0x931e08fb,0x03f65845,0x1506e2c0,0x6438551e,0x9c36961f,0x5791f0dc,
        0xe3dcc916,0x68107b29,0xf495d2ca,0x83242374,0x6ee5895b,0xd8cfb663 },
      { 0xa0349b1b,0x525e0f16,0x4a0fab86,0x33cd2c6c,0x2af8dda9,0x46c12ee8,
        0x71e97ad3,0x7cc424ba,0x37621eb0,0x69766ddf,0xa5f0d390,0x95565f56 } },
    /* 176 */
    { { 0x1a0f5e94,0xe0e7bbf2,0x1d82d327,0xf771e115,0xceb111fa,0x10033e3d,
        0xd3426638,0xd269744d,0x00d01ef6,0xbdf2d9da,0xa049ceaf,0x1cb80c71 },
      { 0x9e21c677,0x17f18328,0x19c8f98b,0x6452af05,0x80b67997,0x35b9c5f7,
        0x40f8f3d4,0x5c2e1cbe,0x66d667ca,0x43f91656,0xcf9d6e79,0x9faaa059 } },
    /* 177 */
    { { 0x0a078fe6,0x8ad24618,0x464fd1dd,0xf6cc73e6,0xc3e37448,0x4d2ce34d,
        0xe3271b5f,0x624950c5,0xefc5af72,0x62910f5e,0xaa132bc6,0x8b585bf8 },
      { 0xa839327f,0x11723985,0x4aac252f,0x34e2d27d,0x6296cc4e,0x402f59ef,
        0x47053de9,0x00ae055c,0x28b4f09b,0xfc22a972,0xfa0c180e,0xa9e86264 } },
    /* 178 */
    { { 0xbc310ecc,0x0b7b6224,0x67fa14ed,0x8a1a74f1,0x7214395c,0x87dd0960,
        0xf5c91128,0xdf1b3d09,0x86b264a8,0x39ff23c6,0x3e58d4c5,0xdc2d49d0 },
      { 0xa9d6f501,0x2152b7d3,0xc04094f7,0xf4c32e24,0xd938990f,0xc6366596,
        0x94fb207f,0x084d078f,0x328594cb,0xfd99f1d7,0xcb2d96b3,0x36defa64 } },
    /* 179 */
    { { 0x13ed7cbe,0x4619b781,0x9784bd0e,0x95e50015,0x2c7705fe,0x2a32251c,
        0x5f0dd083,0xa376af99,0x0361a45b,0x55425c6c,0x1f291e7b,0x812d2cef },
      { 0x5fd94972,0xccf581a0,0xe56dc383,0x26e20e39,0x63dbfbf0,0x0093685d,
        0x36b8c575,0x1fc164cc,0x390ef5e7,0xb9c5ab81,0x26908c66,0x40086beb } },
    /* 180 */
    { { 0x37e3c115,0xe5e54f79,0xc1445a8a,0x69b8ee8c,0xb7659709,0x79aedff2,
        0x1b46fbe6,0xe288e163,0xd18d7bb7,0xdb4844f0,0x48aa6424,0xe0ea23d0 },
      { 0xf3d80a73,0x714c0e4e,0x3bd64f98,0x87a0aa9e,0x2ec63080,0x8844b8a8,
        0x255d81a3,0xe0ac9c30,0x455397fc,0x86151237,0x2f820155,0x0b979464 } },
    /* 181 */
    { { 0x4ae03080,0x127a255a,0x580a89fb,0x232306b4,0x6416f539,0x04e8cd6a,
        0x13b02a0e,0xaeb70dee,0x4c09684a,0xa3038cf8,0x28e433ee,0xa710ec3c },
      { 0x681b1f7d,0x77a72567,0x2fc28170,0x86fbce95,0xf5735ac8,0xd3408683,
        0x6bd68e93,0x3a324e2a,0xc027d155,0x7ec74353,0xd4427177,0xab60354c } },
    /* 182 */
    { { 0xef4c209d,0x32a5342a,0x08d62704,0x2ba75274,0xc825d5fe,0x4bb4af6f,
        0xd28e7ff1,0x1c3919ce,0xde0340f6,0x1dfc2fdc,0x29f33ba9,0xc6580baf },
      { 0x41d442cb,0xae121e75,0x3a4724e4,0x4c7727fd,0x524f3474,0xe556d6a4,
        0x785642a2,0x87e13cc7,0xa17845fd,0x182efbb1,0x4e144857,0xdcec0cf1 } },
    /* 183 */
    { { 0xe9539819,0x1cb89541,0x9d94dbf1,0xc8cb3b4f,0x417da578,0x1d353f63,
        0x8053a09e,0xb7a697fb,0xc35d8b78,0x8d841731,0xb656a7a9,0x85748d6f },
      { 0xc1859c5d,0x1fd03947,0x535d22a2,0x6ce965c1,0x0ca3aadc,0x1966a13e,
        0x4fb14eff,0x9802e41d,0x76dd3fcd,0xa9048cbb,0xe9455bba,0x89b182b5 } },
    /* 184 */
    { { 0x43360710,0xd777ad6a,0x55e9936b,0x841287ef,0x04a21b24,0xbaf5c670,
        0x35ad86f1,0xf2c0725f,0xc707e72e,0x338fa650,0xd8883e52,0x2bf8ed2e },
      { 0xb56e0d6a,0xb0212cf4,0x6843290c,0x50537e12,0x98b3dc6f,0xd8b184a1,
        0x0210b722,0xd2be9a35,0x559781ee,0x407406db,0x0bc18534,0x5a78d591 } },
    /* 185 */
    { { 0xd748b02c,0x4d57aa2a,0xa12b3b95,0xbe5b3451,0x64711258,0xadca7a45,
        0x322153db,0x597e091a,0x32eb1eab,0xf3271006,0x2873f301,0xbd9adcba },
      { 0x38543f7f,0xd1dc79d1,0x921b1fef,0x00022092,0x1e5df8ed,0x86db3ef5,
        0x9e6b944a,0x888cae04,0x791a32b4,0x71bd29ec,0xa6d1c13e,0xd3516206 } },
    /* 186 */
    { { 0x55924f43,0x2ef6b952,0x4f9de8d5,0xd2f401ae,0xadc68042,0xfc73e8d7,
        0x0d9d1bb4,0x627ea70c,0xbbf35679,0xc3bb3e3e,0xd882dee4,0x7e8a254a },
      { 0xb5924407,0x08906f50,0xa1ad444a,0xf14a0e61,0x65f3738e,0xaa0efa21,
        0xae71f161,0xd60c7dd6,0xf175894d,0x9e8390fa,0x149f4c00,0xd115cd20 } },
    /* 187 */
    { { 0xa52abf77,0x2f2e2c1d,0x54232568,0xc2a0dca5,0x54966dcc,0xed423ea2,
        0xcd0dd039,0xe48c93c7,0x176405c7,0x1e54a225,0x70d58f2e,0x1efb5b16 },
      { 0x94fb1471,0xa751f9d9,0x67d2941d,0xfdb31e1f,0x53733698,0xa6c74eb2,
        0x89a0f64a,0xd3155d11,0xa4b8d2b6,0x4414cfe4,0xf7a8e9e3,0x8d5a4be8 } },
    /* 188 */
    { { 0x52669e98,0x5c96b4d4,0x8fd42a03,0x4547f922,0xd285174e,0xcf5c1319,
        0x064bffa0,0x805cd1ae,0x246d27e7,0x50e8bc4f,0xd5781e11,0xf89ef98f },
      { 0xdee0b63f,0xb4ff95f6,0x222663a4,0xad850047,0x4d23ce9c,0x02691860,
        0x50019f59,0x3e5309ce,0x69a508ae,0x27e6f722,0x267ba52c,0xe9376652 } },
    /* 189 */
    { { 0xc0368708,0xa04d289c,0x5e306e1d,0xc458872f,0x33112fea,0x76fa23de,
        0x6efde42e,0x718e3974,0x1d206091,0xf0c98cdc,0x14a71987,0x5fa3ca62 },
      { 0xdcaa9f2a,0xeee8188b,0x589a860d,0x312cc732,0xc63aeb1f,0xf9808dd6,
        0x4ea62b53,0x70fd43db,0x890b6e97,0x2c2bfe34,0xfa426aa6,0x105f863c } },
    /* 190 */
    { { 0xb38059ad,0x0b29795d,0x90647ea0,0x5686b77e,0xdb473a3e,0xeff0470e,
        0xf9b6d1e2,0x278d2340,0xbd594ec7,0xebbff95b,0xd3a7f23d,0xf4b72334 },
      { 0xa5a83f0b,0x2a285980,0x9716a8b3,0x0786c41a,0x22511812,0x138901bd,
        0xe2fede6e,0xd1b55221,0xdf4eb590,0x0806e264,0x762e462e,0x6c4c897e } },
    /* 191 */
    { { 0xb4b41d9d,0xd10b905f,0x4523a65b,0x826ca466,0xb699fa37,0x535bbd13,
        0x73bc8f90,0x5b9933d7,0xcd2118ad,0x9332d61f,0xd4a65fd0,0x158c693e },
      { 0xe6806e63,0x4ddfb2a8,0xb5de651b,0xe31ed3ec,0x819bc69a,0xf9460e51,
        0x2c76b1f8,0x6229c0d6,0x901970a3,0xbb78f231,0x9cee72b8,0x31f3820f } },
    /* 192 */
    { { 0xc09e1c72,0xe931caf2,0x12990cf4,0x0715f298,0x943262d8,0x33aad81d,
        0x73048d3f,0x5d292b7a,0xdc7415f6,0xb152aaa4,0x0fd19587,0xc3d10fd9 },
      { 0x75ddadd0,0xf76b35c5,0x1e7b694c,0x9f5f4a51,0xc0663025,0x2f1ab7eb,
        0x920260b0,0x01c9cc87,0x05d39da6,0xc4b1f61a,0xeb4a9c4e,0x6dcd76c4 } },
    /* 193 */
    { { 0xfdc83f01,0x0ba0916f,0x9553e4f9,0x354c8b44,0xffc5e622,0xa6cc511a,
        0xe95be787,0xb954726a,0x75b41a62,0xcb048115,0xebfde989,0xfa2ae6cd },
      { 0x0f24659a,0x6376bbc7,0x4c289c43,0x13a999fd,0xec9abd8b,0xc7134184,
        0xa789ab04,0x28c02bf6,0xd3e526ec,0xff841ebc,0x640893a8,0x442b191e } },
    /* 194 */
    { { 0xfa2b6e20,0x4cac6c62,0xf6d69861,0x97f29e9b,0xbc96d12d,0x228ab1db,
        0x5e8e108d,0x6eb91327,0x40771245,0xd4b3d4d1,0xca8a803a,0x61b20623 },
      { 0xa6a560b1,0x2c2f3b41,0x3859fcf4,0x879e1d40,0x024dbfc3,0x7cdb5145,
        0x3bfa5315,0x55d08f15,0xaa93823a,0x2f57d773,0xc6a2c9a2,0xa97f259c } },
    /* 195 */
    { { 0xe58edbbb,0xc306317b,0x79dfdf13,0x25ade51c,0x16d83dd6,0x6b5beaf1,
        0x1dd8f925,0xe8038a44,0xb2a87b6b,0x7f00143c,0xf5b438de,0xa885d00d },
      { 0xcf9e48bd,0xe9f76790,0xa5162768,0xf0bdf9f0,0xad7b57cb,0x0436709f,
        0xf7c15db7,0x7e151c12,0x5d90ee3b,0x3514f022,0x2c361a8d,0x2e84e803 } },
    /* 196 */
    { { 0x563ec8d8,0x2277607d,0xe3934cb7,0xa661811f,0xf58fd5de,0x3ca72e7a,
        0x62294c6a,0x7989da04,0xf6bbefe9,0x88b3708b,0x53ed7c82,0x0d524cf7 },
      { 0x2f30c073,0x69f699ca,0x9dc1dcf3,0xf0fa264b,0x05f0aaf6,0x44ca4568,
        0xd19b9baf,0x0f5b23c7,0xeabd1107,0x39193f41,0x2a7c9b83,0x9e3e10ad } },
    /* 197 */
    { { 0xd4ae972f,0xa90824f0,0xc6e846e7,0x43eef02b,0x29d2160a,0x7e460612,
        0xfe604e91,0x29a178ac,0x4eb184b2,0x23056f04,0xeb54cdf4,0x4fcad55f },
      { 0xae728d15,0xa0ff96f3,0xc6a00331,0x8a2680c6,0x7ee52556,0x5f84cae0,
        0xc5a65dad,0x5e462c3a,0xe2d23f4f,0x5d2b81df,0xc5b1eb07,0x6e47301b } },
    /* 198 */
    { { 0xaf8219b9,0x77411d68,0x51b1907a,0xcb883ce6,0x101383b5,0x25c87e57,
        0x982f970d,0x9c7d9859,0x118305d2,0xaa6abca5,0x9013a5db,0x725fed2f },
      { 0xababd109,0x487cdbaf,0x87586528,0xc0f8cf56,0x8ad58254,0xa02591e6,
        0xdebbd526,0xc071b1d1,0x961e7e31,0x927dfe8b,0x9263dfe1,0x55f895f9 } },
    /* 199 */
    { { 0xb175645b,0xf899b00d,0xb65b4b92,0x51f3a627,0xb67399ef,0xa2f3ac8d,
        0xe400bc20,0xe717867f,0x1967b952,0x42cc9020,0x3ecd1de1,0x3d596751 },
      { 0xdb979775,0xd41ebcde,0x6a2e7e88,0x99ba61bc,0x321504f2,0x039149a5,
        0x27ba2fad,0xe7dc2314,0xb57d8368,0x9f556308,0x57da80a7,0x2b6d16c9 } },
    /* 200 */
    { { 0x279ad982,0x84af5e76,0x9c8b81a6,0x9bb4c92d,0x0e698e67,0xd79ad44e,
        0x265fc167,0xe8be9048,0x0c3a4ccc,0xf135f7e6,0xb8863a33,0xa0a10d38 },
      { 0xd386efd9,0xe197247c,0xb52346c2,0x0eefd3f9,0x78607bc8,0xc22415f9,
        0x508674ce,0xa2a8f862,0xc8c9d607,0xa72ad09e,0x50fa764f,0xcd9f0ede } },
    /* 201 */
    { { 0xd1a46d4d,0x063391c7,0x9eb01693,0x2df51c11,0x849e83de,0xc5849800,
        0x8ad08382,0x48fd09aa,0xaa742736,0xa405d873,0xe1f9600c,0xee49e61e },
      { 0x48c76f73,0xd76676be,0x01274b2a,0xd9c100f6,0x83f8718d,0x110bb67c,
        0x02fc0d73,0xec85a420,0x744656ad,0xc0449e1e,0x37d9939b,0x28ce7376 } },
    /* 202 */
    { { 0x44544ac7,0x97e9af72,0xba010426,0xf2c658d5,0xfb3adfbd,0x732dec39,
        0xa2df0b07,0xd12faf91,0x2171e208,0x8ac26725,0x5b24fa54,0xf820cdc8 },
      { 0x94f4cf77,0x307a6eea,0x944a33c6,0x18c783d2,0x0b741ac5,0x4b939d4c,
        0x3ffbb6e4,0x1d7acd15,0x7a255e44,0x06a24858,0xce336d50,0x14fbc494 } },
    /* 203 */
    { { 0x51584e3c,0x9b920c0c,0xf7e54027,0xc7733c59,0x88422bbe,0xe24ce139,
        0x523bd6ab,0x11ada812,0xb88e6def,0xde068800,0xfe8c582d,0x7b872671 },
      { 0x7de53510,0x4e746f28,0xf7971968,0x492f8b99,0x7d928ac2,0x1ec80bc7,
        0x432eb1b5,0xb3913e48,0x32028f6e,0xad084866,0x8fc2f38b,0x122bb835 } },
    /* 204 */
    { { 0x3b0b29c3,0x0a9f3b1e,0x4fa44151,0x837b6432,0x17b28ea7,0xb9905c92,
        0x98451750,0xf39bc937,0xce8b6da1,0xcd383c24,0x010620b2,0x299f57db },
      { 0x58afdce3,0x7b6ac396,0x3d05ef47,0xa15206b3,0xb9bb02ff,0xa0ae37e2,
        0x9db3964c,0x107760ab,0x67954bea,0xe29de9a0,0x431c3f82,0x446a1ad8 } },
    /* 205 */
    { { 0x5c6b8195,0xc6fecea0,0xf49e71b9,0xd744a7c5,0x177a7ae7,0xa8e96acc,
        0x358773a7,0x1a05746c,0x37567369,0xa4162146,0x87d1c971,0xaa0217f7 },
      { 0x77fd3226,0x61e9d158,0xe4f600be,0x0f6f2304,0x7a6dff07,0xa9c4cebc,
        0x09f12a24,0xd15afa01,0x8c863ee9,0x2bbadb22,0xe5eb8c78,0xa28290e4 } },
    /* 206 */
    { { 0x3e9de330,0x55b87fa0,0x195c145b,0x12b26066,0xa920bef0,0xe08536e0,
        0x4d195adc,0x7bff6f2c,0x945f4187,0x7f319e9d,0xf892ce47,0xf9848863 },
      { 0x4fe37657,0xd0efc1d3,0x5cf0e45a,0x3c58de82,0x8b0ccbbe,0x626ad21a,
        0xaf952fc5,0xd2a31208,0xeb437357,0x81791995,0x98e95d4f,0x5f19d30f } },
    /* 207 */
    { { 0x0e6865bb,0x72e83d9a,0xf63456a6,0x22f5af3b,0x463c8d9e,0x409e9c73,
        0xdfe6970e,0x40e9e578,0x711b91ca,0x876b6efa,0x942625a3,0x895512cf },
      { 0xcb4e462b,0x84c8eda8,0x4412e7c8,0x84c0154a,0xceb7b71f,0x04325db1,
        0x66f70877,0x1537dde3,0x1992b9ac,0xf3a09399,0xd498ae77,0xa7316606 } },
    /* 208 */
    { { 0xcad260f5,0x13990d2f,0xeec0e8c0,0x76c3be29,0x0f7bd7d5,0x7dc5bee0,
        0xefebda4b,0x9be167d2,0x9122b87e,0xcce3dde6,0x82b5415c,0x75a28b09 },
      { 0xe84607a6,0xf6810bcd,0x6f4dbf0d,0xc6d58128,0x1b4dafeb,0xfead577d,
        0x066b28eb,0x9bc440b2,0x8b17e84b,0x53f1da97,0xcda9a575,0x0459504b } },
    /* 209 */
    { { 0x329e5836,0x13e39a02,0xf717269d,0x2c9e7d51,0xf26c963b,0xc5ac58d6,
        0x79967bf5,0x3b0c6c43,0x55908d9d,0x60bbea3f,0xf07c9ad1,0xd84811e7 },
      { 0x5bd20e4a,0xfe7609a7,0x0a70baa8,0xe4325dd2,0xb3600386,0x3711f370,
        0xd0924302,0x97f9562f,0x4acc4436,0x040dc0c3,0xde79cdd4,0xfd6d725c } },
    /* 210 */
    { { 0xcf13eafb,0xb3efd0e3,0x5aa0ae5f,0x21009cbb,0x79022279,0xe480c553,
        0xb2fc9a6d,0x755cf334,0x07096ae7,0x8564a5bf,0xbd238139,0xddd649d0 },
      { 0x8a045041,0xd0de10b1,0xc957d572,0x6e05b413,0x4e0fb25c,0x5c5ff806,
        0x641162fb,0xd933179b,0xe57439f9,0x42d48485,0x8a8d72aa,0x70c5bd0a } },
    /* 211 */
    { { 0x97bdf646,0xa7671738,0xab329f7c,0xaa1485b4,0xf8f25fdf,0xce3e11d6,
        0xc6221824,0x76a3fc7e,0xf3924740,0x045f281f,0x96d13a9a,0x24557d4e },
      { 0xdd4c27cd,0x875c804b,0x0f5c7fea,0x11c5f0f4,0xdc55ff7e,0xac8c880b,
        0x1103f101,0x2acddec5,0xf99faa89,0x38341a21,0xce9d6b57,0xc7b67a2c } },
    /* 212 */
    { { 0x8e357586,0x9a0d724f,0xdf648da0,0x1d7f4ff5,0xfdee62a5,0x9c3e6c9b,
        0x0389b372,0x0499cef0,0x98eab879,0xe904050d,0x6c051617,0xe8eef1b6 },
      { 0xc37e3ca9,0xebf5bfeb,0xa4e0b91d,0x7c5e946d,0x2c4bea28,0x79097314,
        0xee67b2b7,0x81f6c109,0xdafc5ede,0xaf237d9b,0x2abb04c7,0xd2e60201 } },
    /* 213 */
    { { 0x8a4f57bf,0x6156060c,0xff11182a,0xf9758696,0x6296ef00,0x8336773c,
        0xff666899,0x9c054bce,0x719cd11c,0xd6a11611,0xdbe1acfa,0x9824a641 },
      { 0xba89fd01,0x0b7b7a5f,0x889f79d8,0xf8d3b809,0xf578285c,0xc5e1ea08,
        0xae6d8288,0x7ac74536,0x7521ef5f,0x5d37a200,0xb260a25d,0x5ecc4184 } },
    /* 214 */
    { { 0xa708c8d3,0xddcebb19,0xc63f81ec,0xe63ed04f,0x11873f95,0xd045f5a0,
        0x79f276d5,0x3b5ad544,0x425ae5b3,0x81272a3d,0x10ce1605,0x8bfeb501 },
      { 0x888228bf,0x4233809c,0xb2aff7df,0x4bd82acf,0x0cbd4a7f,0x9c68f180,
        0x6b44323d,0xfcd77124,0x891db957,0x60c0fcf6,0x04da8f7f,0xcfbb4d89 } },
    /* 215 */
    { { 0x3b26139a,0x9a6a5df9,0xb2cc7eb8,0x3e076a83,0x5a964bcd,0x47a8e82d,
        0xb9278d6b,0x8a4e2a39,0xe4443549,0x93506c98,0xf1e0d566,0x06497a8f },
      { 0x2b1efa05,0x3dee8d99,0x45393e33,0x2da63ca8,0xcf0579ad,0xa4af7277,
        0x3236d8ea,0xaf4b4639,0x32b617f5,0x6ccad95b,0xb88bb124,0xce76d8b8 } },
    /* 216 */
    { { 0x083843dc,0x63d2537a,0x1e4153b4,0x89eb3514,0xea9afc94,0x5175ebc4,
        0x8ed1aed7,0x7a652580,0xd85e8297,0x67295611,0xb584b73d,0x8dd2d68b },
      { 0x0133c3a4,0x237139e6,0x4bd278ea,0x9de838ab,0xc062fcd9,0xe829b072,
        0x63ba8706,0x70730d4f,0xd3cd05ec,0x6080483f,0x0c85f84d,0x872ab5b8 } },
    /* 217 */
    { { 0x999d4d49,0xfc0776d3,0xec3f45e7,0xa3eb59de,0x0dae1fc1,0xbc990e44,
        0xa15371ff,0x33596b1e,0x9bc7ab25,0xd447dcb2,0x35979582,0xcd5b63e9 },
      { 0x77d1ff11,0xae3366fa,0xedee6903,0x59f28f05,0xa4433bf2,0x6f43fed1,
        0xdf9ce00e,0x15409c9b,0xaca9c5dc,0x21b5cded,0x82d7bdb4,0xf9f33595 } },
    /* 218 */
    { { 0x9422c792,0x95944378,0xc958b8bf,0x239ea923,0xdf076541,0x4b61a247,
        0xbb9fc544,0x4d29ce85,0x0b424559,0x9a692a67,0x0e486900,0x6e0ca5a0 },
      { 0x85b3bece,0x6b79a782,0xc61f9892,0x41f35e39,0xae747f82,0xff82099a,
        0xd0ca59d6,0x58c8ae3f,0x99406b5f,0x4ac930e2,0x9df24243,0x2ce04eb9 } },
    /* 219 */
    { { 0x1ac37b82,0x4366b994,0x25b04d83,0xff0c728d,0x19c47b7c,0x1f551361,
        0xbeff13e7,0xdbf2d5ed,0xe12a683d,0xf78efd51,0x989cf9c4,0x82cd85b9 },
      { 0xe0cb5d37,0xe23c6db6,0x72ee1a15,0x818aeebd,0x28771b14,0x8212aafd,
        0x1def817d,0x7bc221d9,0x9445c51f,0xdac403a2,0x12c3746b,0x711b0517 } },
    /* 220 */
    { { 0x5ea99ecc,0x0ed9ed48,0xb8cab5e1,0xf799500d,0xb570cbdc,0xa8ec87dc,
        0xd35dfaec,0x52cfb2c2,0x6e4d80a4,0x8d31fae2,0xdcdeabe5,0xe6a37dc9 },
      { 0x1deca452,0x5d365a34,0x0d68b44e,0x09a5f8a5,0xa60744b1,0x59238ea5,
        0xbb4249e9,0xf2fedc0d,0xa909b2e3,0xe395c74e,0x39388250,0xe156d1a5 } },
    /* 221 */
    { { 0x47181ae9,0xd796b3d0,0x44197808,0xbaf44ba8,0x34cf3fac,0xe6933094,
        0xc3bd5c46,0x41aa6ade,0xeed947c6,0x4fda75d8,0x9ea5a525,0xacd9d412 },
      { 0xd430301b,0x65cc55a3,0x7b52ea49,0x3c9a5bcf,0x159507f0,0x22d319cf,
        0xde74a8dd,0x2ee0b9b5,0x877ac2b6,0x20c26a1e,0x92e7c314,0x387d73da } },
    /* 222 */
    { { 0x8cd3fdac,0x13c4833e,0x332e5b8e,0x76fcd473,0xe2fe1fd3,0xff671b4b,
        0x5d98d8ec,0x4d734e8b,0x514bbc11,0xb1ead3c6,0x7b390494,0xd14ca858 },
      { 0x5d2d37e9,0x95a443af,0x00464622,0x73c6ea73,0x15755044,0xa44aeb4b,
        0xfab58fee,0xba3f8575,0xdc680a6f,0x9779dbc9,0x7b37ddfc,0xe1ee5f5a } },
    /* 223 */
    { { 0x12d29f46,0xcd0b4648,0x0ed53137,0x93295b0b,0x80bef6c9,0xbfe26094,
        0x54248b00,0xa6565788,0x80e7f9c4,0x69c43fca,0xbe141ea1,0x2190837b },
      { 0xa1b26cfb,0x875e159a,0x7affe852,0x90ca9f87,0x92ca598e,0x15e6550d,
        0x1938ad11,0xe3e0945d,0x366ef937,0xef7636bb,0xb39869e5,0xb6034d0b } },
    /* 224 */
    { { 0x26d8356e,0x4d255e30,0xd314626f,0xf83666ed,0xd0c8ed64,0x421ddf61,
        0x26677b61,0x96e473c5,0x9e9b18b3,0xdad4af7e,0xa9393f75,0xfceffd4a },
      { 0x11c731d5,0x843138a1,0xb2f141d9,0x05bcb3a1,0x617b7671,0x20e1fa95,
        0x88ccec7b,0xbefce812,0x90f1b568,0x582073dc,0x1f055cb7,0xf572261a } },
    /* 225 */
    { { 0x36973088,0xf3148277,0x86a9f980,0xc008e708,0xe046c261,0x1b795947,
        0xca76bca0,0xdf1e6a7d,0x71acddf0,0xabafd886,0x1364d8f4,0xff7054d9 },
      { 0xe2260594,0x2cf63547,0xd73b277e,0x468a5372,0xef9bd35e,0xc7419e24,
        0x24043cc3,0x2b4a1c20,0x890b39cd,0xa28f047a,0x46f9a2e3,0xdca2cea1 } },
    /* 226 */
    { { 0x53277538,0xab788736,0xcf697738,0xa734e225,0x6b22e2c1,0x66ee1d1e,
        0xebe1d212,0x2c615389,0x02bb0766,0xf36cad40,0x3e64f207,0x120885c3 },
      { 0x90fbfec2,0x59e77d56,0xd7a574ae,0xf9e781aa,0x5d045e53,0x801410b0,
        0xa91b5f0e,0xd3b5f0aa,0x7fbb3521,0xb3d1df00,0xc72bee9a,0x11c4b33e } },
    /* 227 */
    { { 0x83c3a7f3,0xd32b9832,0x88d8a354,0x8083abcf,0x50f4ec5a,0xdeb16404,
        0x641e2907,0x18d747f0,0xf1bbf03e,0x4e8978ae,0x88a0cd89,0x932447dc },
      { 0xcf3d5897,0x561e0feb,0x13600e6d,0xfc3a682f,0xd16a6b73,0xc78b9d73,
        0xd29bf580,0xe713fede,0x08d69e5c,0x0a225223,0x1ff7fda4,0x3a924a57 } },
    /* 228 */
    { { 0xb4093bee,0xfb64554c,0xa58c6ec0,0xa6d65a25,0x43d0ed37,0x4126994d,
        0x55152d44,0xa5689a51,0x284caa8d,0xb8e5ea8c,0xd1f25538,0x33f05d4f },
      { 0x1b615d6e,0xe0fdfe09,0x705507da,0x2ded7e8f,0x17bbcc80,0xdd5631e5,
        0x267fd11f,0x4f87453e,0xff89d62d,0xc6da723f,0xe3cda21d,0x55cbcae2 } },
    /* 229 */
    { { 0x6b4e84f3,0x336bc94e,0x4ef72c35,0x72863031,0xeeb57f99,0x6d85fdee,
        0xa42ece1b,0x7f4e3272,0x36f0320a,0x7f86cbb5,0x923331e6,0xf09b6a2b },
      { 0x56778435,0x21d3ecf1,0x8323b2d2,0x2977ba99,0x1704bc0f,0x6a1b57fb,
        0x389f048a,0xd777cf8b,0xac6b42cd,0x9ce2174f,0x09e6c55a,0x404e2bff } },
    /* 230 */
    { { 0x204c5ddb,0x9b9b135e,0x3eff550e,0x9dbfe044,0xec3be0f6,0x35eab4bf,
        0x0a43e56f,0x8b4c3f0d,0x0e73f9b3,0x4c1c6673,0x2c78c905,0x92ed38bd },
      { 0xa386e27c,0xc7003f6a,0xaced8507,0xb9c4f46f,0x59df5464,0xea024ec8,
        0x429572ea,0x4af96152,0xe1fc1194,0x279cd5e2,0x281e358c,0xaa376a03 } },
    /* 231 */
    { { 0x3cdbc95c,0x07859223,0xef2e337a,0xaae1aa6a,0x472a8544,0xc040108d,
        0x8d037b7d,0x80c853e6,0x8c7eee24,0xd221315c,0x8ee47752,0x195d3856 },
      { 0xdacd7fbe,0xd4b1ba03,0xd3e0c52b,0x4b5ac61e,0x6aab7b52,0x68d3c052,
        0x660e3fea,0xf0d7248c,0x3145efb4,0xafdb3f89,0x8f40936d,0xa73fd9a3 } },
    /* 232 */
    { { 0xbb1b17ce,0x891b9ef3,0xc6127f31,0x14023667,0x305521fd,0x12b2e58d,
        0xe3508088,0x3a47e449,0xff751507,0xe49fc84b,0x5310d16e,0x4023f722 },
      { 0xb73399fa,0xa608e5ed,0xd532aa3e,0xf12632d8,0x845e8415,0x13a2758e,
        0x1fc2d861,0xae4b6f85,0x339d02f2,0x3879f5b1,0x80d99ebd,0x446d22a6 } },
    /* 233 */
    { { 0x4be164f1,0x0f502302,0x88b81920,0x8d09d2d6,0x984aceff,0x514056f1,
        0x75e9e80d,0xa5c4ddf0,0xdf496a93,0x38cb47e6,0x38df6bf7,0x899e1d6b },
      { 0xb59eb2a6,0x69e87e88,0x9b47f38b,0x280d9d63,0x3654e955,0x599411ea,
        0x969aa581,0xcf8dd4fd,0x530742a7,0xff5c2baf,0x1a373085,0xa4391536 } },
    /* 234 */
    { { 0xa8a4bdd2,0x6ace72a3,0xb68ef702,0xc656cdd1,0x90c4dad8,0xd4a33e7e,
        0x9d951c50,0x4aece08a,0x085d68e6,0xea8005ae,0x6f7502b8,0xfdd7a7d7 },
      { 0x98d6fa45,0xce6fb0a6,0x1104eb8c,0x228f8672,0xda09d7dc,0xd23d8787,
        0x2ae93065,0x5521428b,0xea56c366,0x95faba3d,0x0a88aca5,0xedbe5039 } },
    /* 235 */
    { { 0xbfb26c82,0xd64da0ad,0x952c2f9c,0xe5d70b3c,0xf7e77f68,0xf5e8f365,
        0x08f2d695,0x7234e002,0xd12e7be6,0xfaf900ee,0x4acf734e,0x27dc6934 },
      { 0xc260a46a,0x80e4ff5e,0x2dc31c28,0x7da5ebce,0xca69f552,0x485c5d73,
        0x69cc84c2,0xcdfb6b29,0xed6d4eca,0x031c5afe,0x22247637,0xc7bbf4c8 } },
    /* 236 */
    { { 0x49fe01b2,0x9d5b72c7,0x793a91b8,0x34785186,0xcf460438,0xa3ba3c54,
        0x3ab21b6f,0x73e8e43d,0xbe57b8ab,0x50cde8e0,0xdd204264,0x6488b3a7 },
      { 0xdddc4582,0xa9e398b3,0x5bec46fe,0x1698c1a9,0x156d3843,0x7f1446ef,
        0x770329a2,0x3fd25dd8,0x2c710668,0x05b1221a,0xa72ee6cf,0x65b2dc2a } },
    /* 237 */
    { { 0xcd021d63,0x21a885f7,0xfea61f08,0x3f344b15,0xc5cf73e6,0xad5ba6dd,
        0x227a8b23,0x154d0d8f,0xdc559311,0x9b74373c,0x98620fa1,0x4feab715 },
      { 0x7d9ec924,0x5098938e,0x6d47e550,0x84d54a5e,0x1b617506,0x1a2d1bdc,
        0x615868a4,0x99fe1782,0x3005a924,0x171da780,0x7d8f79b6,0xa70bf5ed } },
    /* 238 */
    { { 0xfe2216c5,0x0bc1250d,0x7601b351,0x2c37e250,0xd6f06b7e,0xb6300175,
        0x8bfeb9b7,0x4dde8ca1,0xb82f843d,0x4f210432,0xb1ac0afd,0x8d70e2f9 },
      { 0xaae91abb,0x25c73b78,0x863028f2,0x0230dca3,0xe5cf30b7,0x8b923ecf,
        0x5506f265,0xed754ec2,0x729a5e39,0x8e41b88c,0xbabf889b,0xee67cec2 } },
    /* 239 */
    { { 0x1be46c65,0xe183acf5,0xe7565d7a,0x9789538f,0xd9627b4e,0x87873391,
        0x9f1d9187,0xbf4ac4c1,0x4691f5c8,0x5db99f63,0x74a1fb98,0xa68df803 },
      { 0xbf92b5fa,0x3c448ed1,0x3e0bdc32,0xa098c841,0x79bf016c,0x8e74cd55,
        0x115e244d,0x5df0d09c,0x3410b66e,0x9418ad01,0x17a02130,0x8b6124cb } },
    /* 240 */
    { { 0xc26e3392,0x425ec3af,0xa1722e00,0xc07f8470,0xe2356b43,0xdcc28190,
        0xb1ef59a6,0x4ed97dff,0xc63028c1,0xc22b3ad1,0x68c18988,0x070723c2 },
      { 0x4cf49e7d,0x70da302f,0x3f12a522,0xc5e87c93,0x18594148,0x74acdd1d,
        0xca74124c,0xad5f73ab,0xd69fd478,0xe72e4a3e,0x7b117cc3,0x61593868 } },
    /* 241 */
    { { 0xa9aa0486,0x7b7b9577,0xa063d557,0x6e41fb35,0xda9047d7,0xb017d5c7,
        0x68a87ba9,0x8c748280,0xdf08ad93,0xab45fa5c,0x4c288a28,0xcd9fb217 },
      { 0x5747843d,0x59544642,0xa56111e3,0x34d64c6c,0x4bfce8d5,0x12e47ea1,
        0x6169267f,0x17740e05,0xeed03fb5,0x5c49438e,0x4fc3f513,0x9da30add } },
    /* 242 */
    { { 0xccfa5200,0xc4e85282,0x6a19b13d,0x2707608f,0xf5726e2f,0xdcb9a53d,
        0xe9427de5,0x612407c9,0xd54d582a,0x3e5a17e1,0x655ae118,0xb99877de },
      { 0x015254de,0x6f0e972b,0xf0a6f7c5,0x92a56db1,0xa656f8b2,0xd297e4e1,
        0xad981983,0x99fe0052,0x07cfed84,0xd3652d2f,0x843c1738,0xc784352e } },
    /* 243 */
    { { 0x7e9b2d8a,0x6ee90af0,0x57cf1964,0xac8d7018,0x71f28efc,0xf6ed9031,
        0x6812b20e,0x7f70d5a9,0xf1c61eee,0x27b557f4,0xc6263758,0xf1c9bd57 },
      { 0x2a1a6194,0x5cf7d014,0x1890ab84,0xdd614e0b,0x0e93c2a6,0x3ef9de10,
        0xe0cd91c5,0xf98cf575,0x14befc32,0x504ec0c6,0x6279d68c,0xd0513a66 } },
    /* 244 */
    { { 0xa859fb6a,0xa8eadbad,0xdb283666,0xcf8346e7,0x3e22e355,0x7b35e61a,
        0x99639c6b,0x293ece2c,0x56f241c8,0xfa0162e2,0xbf7a1dda,0xd2e6c7b9 },
      { 0x40075e63,0xd0de6253,0xf9ec8286,0x2405aa61,0x8fe45494,0x2237830a,
        0x364e9c8c,0x4fd01ac7,0x904ba750,0x4d9c3d21,0xaf1b520b,0xd589be14 } },
    /* 245 */
    { { 0x4662e53b,0x13576a4f,0xf9077676,0x35ec2f51,0x97c0af97,0x66297d13,
        0x9e598b58,0xed3201fe,0x5e70f604,0x49bc752a,0xbb12d951,0xb54af535 },
      { 0x212c1c76,0x36ea4c2b,0xeb250dfd,0x18f5bbc7,0x9a0a1a46,0xa0d466cc,
        0xdac2d917,0x52564da4,0x8e95fab5,0x206559f4,0x9ca67a33,0x7487c190 } },
    /* 246 */
    { { 0xdde98e9c,0x75abfe37,0x2a411199,0x99b90b26,0xdcdb1f7c,0x1b410996,
        0x8b3b5675,0xab346f11,0xf1f8ae1e,0x04852193,0x6b8b98c1,0x1ec4d227 },
      { 0x45452baa,0xba3bc926,0xacc4a572,0x387d1858,0xe51f171e,0x9478eff6,
        0x931e1c00,0xf357077d,0xe54c8ca8,0xffee77cd,0x551dc9a4,0xfb4892ff } },
    /* 247 */
    { { 0x2db8dff8,0x5b1bdad0,0x5a2285a2,0xd462f4fd,0xda00b461,0x1d6aad8e,
        0x41306d1b,0x43fbefcf,0x6a13fe19,0x428e86f3,0x17f89404,0xc8b2f118 },
      { 0xf0d51afb,0x762528aa,0x549b1d06,0xa3e2fea4,0xea3ddf66,0x86fad8f2,
        0x4fbdd206,0x0d9ccc4b,0xc189ff5a,0xcde97d4c,0x199f19a6,0xc36793d6 } },
    /* 248 */
    { { 0x51b85197,0xea38909b,0xb4c92895,0xffb17dd0,0x1ddb3f3f,0x0eb0878b,
        0xc57cf0f2,0xb05d28ff,0x1abd57e2,0xd8bde2e7,0xc40c1b20,0x7f2be28d },
      { 0x299a2d48,0x6554dca2,0x8377982d,0x5130ba2e,0x1071971a,0x8863205f,
        0x7cf2825d,0x15ee6282,0x03748f2b,0xd4b6c57f,0x430385a0,0xa9e3f4da } },
    /* 249 */
    { { 0x83fbc9c6,0x33eb7cec,0x4541777e,0x24a311c7,0x4f0767fc,0xc81377f7,
        0x4ab702da,0x12adae36,0x2a779696,0xb7fcb6db,0x01cea6ad,0x4a6fb284 },
      { 0xcdfc73de,0x5e8b1d2a,0x1b02fd32,0xd0efae8d,0xd81d8519,0x3f99c190,
        0xfc808971,0x3c18f7fa,0x51b7ae7b,0x41f713e7,0xf07fc3f8,0x0a4b3435 } },
    /* 250 */
    { { 0x019b7d2e,0x7dda3c4c,0xd4dc4b89,0x631c8d1a,0x1cdb313c,0x5489cd6e,
        0x4c07bb06,0xd44aed10,0x75f000d1,0x8f97e13a,0xdda5df4d,0x0e9ee64f },
      { 0x3e346910,0xeaa99f3b,0xfa294ad7,0x622f6921,0x0d0b2fe9,0x22aaa20d,
        0x1e5881ba,0x4fed2f99,0xc1571802,0x9af3b2d6,0xdc7ee17c,0x919e67a8 } },
    /* 251 */
    { { 0x76250533,0xc724fe4c,0x7d817ef8,0x8a2080e5,0x172c9751,0xa2afb0f4,
        0x17c0702e,0x9b10cdeb,0xc9b7e3e9,0xbf3975e3,0x1cd0cdc5,0x206117df },
      { 0xbe05ebd5,0xfb049e61,0x16c782c0,0xeb0bb55c,0xab7fed09,0x13a331b8,
        0x632863f0,0xf6c58b1d,0x4d3b6195,0x6264ef6e,0x9a53f116,0x92c51b63 } },
    /* 252 */
    { { 0x288b364d,0xa57c7bc8,0x7b41e5c4,0x4a562e08,0x698a9a11,0x699d21c6,
        0xf3f849b9,0xa4ed9581,0x9eb726ba,0xa223eef3,0xcc2884f9,0x13159c23 },
      { 0x3a3f4963,0x73931e58,0x0ada6a81,0x96500389,0x5ab2950b,0x3ee8a1c6,
        0x775fab52,0xeedf4949,0x4f2671b6,0x63d652e1,0x3c4e2f55,0xfed4491c } },
    /* 253 */
    { { 0xf4eb453e,0x335eadc3,0xcadd1a5b,0x5ff74b63,0x5d84a91a,0x6933d0d7,
        0xb49ba337,0x9ca3eeb9,0xc04c15b8,0x1f6facce,0xdc09a7e4,0x4ef19326 },
      { 0x3dca3233,0x53d2d324,0xa2259d4b,0x0ee40590,0x5546f002,0x18c22edb,
        0x09ea6b71,0x92429801,0xb0e91e61,0xaada0add,0x99963c50,0x5fe53ef4 } },
    /* 254 */
    { { 0x90c28c65,0x372dd06b,0x119ce47d,0x1765242c,0x6b22fc82,0xc041fb80,
        0xb0a7ccc1,0x667edf07,0x1261bece,0xc79599e7,0x19cff22a,0xbc69d9ba },
      { 0x13c06819,0x009d77cd,0xe282b79d,0x635a66ae,0x225b1be8,0x4edac4a6,
        0x524008f9,0x57d4f4e4,0xb056af84,0xee299ac5,0x3a0bc386,0xcc38444c } },
    /* 255 */
    { { 0xcd4c2356,0x490643b1,0x750547be,0x740a4851,0xd4944c04,0x643eaf29,
        0x299a98a0,0xba572479,0xee05fdf9,0x48b29f16,0x089b2d7b,0x33fb4f61 },
      { 0xa950f955,0x86704902,0xfedc3ddf,0x97e1034d,0x05fbb6a2,0x211320b6,
        0x432299bb,0x23d7b93f,0x8590e4a3,0x1fe1a057,0xf58c0ce6,0x8e1d0586 } },
};

/* Multiply the base point of P384 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Stripe implementation.
 * Pre-generated: 2^0, 2^48, ...
 * Pre-generated: products of all combinations of above.
 * 8 doubles and adds (with qz=1)
 *
 * r     Resulting point.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_384_ecc_mulmod_base_12(sp_point_384* r, const sp_digit* k,
        int map, int ct, void* heap)
{
    return sp_384_ecc_mulmod_stripe_12(r, &p384_base, p384_table,
                                      k, map, ct, heap);
}

#endif

/* Multiply the base point of P384 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * km    Scalar to multiply by.
 * r     Resulting point.
 * map   Indicates whether to convert result to affine.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_384* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_384  point[1];
    sp_digit k[12];
#endif
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
                                         DYNAMIC_TYPE_ECC);
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
                               DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        sp_384_from_mp(k, 12, km);

            err = sp_384_ecc_mulmod_base_12(point, k, map, 1, heap);
    }
    if (err == MP_OKAY) {
        err = sp_384_point_to_ecc_point_12(point, r);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Multiply the base point of P384 by the scalar, add point a and return
 * the result. If map is true then convert result to affine coordinates.
 *
 * km      Scalar to multiply by.
 * am      Point to add to scalar multiply result.
 * inMont  Point to add is in montgomery form.
 * r       Resulting point.
 * map     Indicates whether to convert result to affine.
 * heap    Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
        int inMont, ecc_point* r, int map, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_384* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_384 point[2];
    sp_digit k[12 + 12 * 2 * 6];
#endif
    sp_point_384* addP = NULL;
    sp_digit* tmp = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
                                         DYNAMIC_TYPE_ECC);
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(
            sizeof(sp_digit) * (12 + 12 * 2 * 6),
            heap, DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        addP = point + 1;
        tmp = k + 12;

        sp_384_from_mp(k, 12, km);
        sp_384_point_from_ecc_point_12(addP, am);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_384_mod_mul_norm_12(addP->x, addP->x, p384_mod);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_384_mod_mul_norm_12(addP->y, addP->y, p384_mod);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_384_mod_mul_norm_12(addP->z, addP->z, p384_mod);
    }
    if (err == MP_OKAY) {
            err = sp_384_ecc_mulmod_base_12(point, k, 0, 0, heap);
    }
    if (err == MP_OKAY) {
            sp_384_proj_point_add_12(point, point, addP, tmp);

        if (map) {
                sp_384_map_12(point, point, tmp);
        }

        err = sp_384_point_to_ecc_point_12(point, r);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \
                                                        defined(HAVE_ECC_VERIFY)
#endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */
/* Add 1 to a. (a = a + 1)
 *
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_384_add_one_12(sp_digit* a_p)
#else
static void sp_384_add_one_12(sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r1, r2, r3, r4}\n\t"
        "ADDS	r1, r1, #0x1\n\t"
        "ADCS	r2, r2, #0x0\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "STM	%[a]!, {r1, r2, r3, r4}\n\t"
        "LDM	%[a], {r1, r2, r3, r4}\n\t"
        "ADCS	r1, r1, #0x0\n\t"
        "ADCS	r2, r2, #0x0\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "STM	%[a]!, {r1, r2, r3, r4}\n\t"
        "LDM	%[a], {r1, r2, r3, r4}\n\t"
        "ADCS	r1, r1, #0x0\n\t"
        "ADCS	r2, r2, #0x0\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "STM	%[a]!, {r1, r2, r3, r4}\n\t"
        : [a] "+r" (a)
        :
        : "memory", "r1", "r2", "r3", "r4", "cc"
    );
}

/* Read big endian unsigned byte array into r.
 *
 * r  A single precision integer.
 * size  Maximum number of bytes to convert
 * a  Byte array.
 * n  Number of bytes in array to read.
 */
static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
{
    int i;
    int j;
    byte* d;

    for (i = n - 1,j = 0; i >= 3; i -= 4) {
        r[j]  = ((sp_digit)a[i - 0] <<  0) |
                ((sp_digit)a[i - 1] <<  8) |
                ((sp_digit)a[i - 2] << 16) |
                ((sp_digit)a[i - 3] << 24);
        j++;
    }

    if (i >= 0) {
        r[j] = 0;

        d = (byte*)r;
        switch (i) {
            case 2: d[n - 1 - 2] = a[2]; //fallthrough
            case 1: d[n - 1 - 1] = a[1]; //fallthrough
            case 0: d[n - 1 - 0] = a[0]; //fallthrough
        }
        j++;
    }

    for (; j < size; j++) {
        r[j] = 0;
    }
}

/* Generates a scalar that is in the range 1..order-1.
 *
 * rng  Random number generator.
 * k    Scalar value.
 * returns RNG failures, MEMORY_E when memory allocation fails and
 * MP_OKAY on success.
 */
static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k)
{
    int err;
    byte buf[48];

    do {
        err = wc_RNG_GenerateBlock(rng, buf, sizeof(buf));
        if (err == 0) {
            sp_384_from_bin(k, 12, buf, (int)sizeof(buf));
            if (sp_384_cmp_12(k, p384_order2) <= 0) {
                sp_384_add_one_12(k);
                break;
            }
        }
    }
    while (err == 0);

    return err;
}

/* Makes a random EC key pair.
 *
 * rng   Random number generator.
 * priv  Generated private value.
 * pub   Generated public point.
 * heap  Heap to use for allocation.
 * returns ECC_INF_E when the point does not have the correct order, RNG
 * failures, MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_384* point = NULL;
    sp_digit* k = NULL;
#else
    #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    sp_point_384 point[2];
    #else
    sp_point_384 point[1];
    #endif
    sp_digit k[12];
#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    sp_point_384* infinity = NULL;
#endif
    int err = MP_OKAY;


    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, DYNAMIC_TYPE_ECC);
    #else
    point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC);
    #endif
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
                               DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
    #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
        infinity = point + 1;
    #endif

        err = sp_384_ecc_gen_k_12(rng, k);
    }
    if (err == MP_OKAY) {
            err = sp_384_ecc_mulmod_base_12(point, k, 1, 1, NULL);
    }

#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    if (err == MP_OKAY) {
            err = sp_384_ecc_mulmod_12(infinity, point, p384_order, 1, 1, NULL);
    }
    if (err == MP_OKAY) {
        if (sp_384_iszero_12(point->x) || sp_384_iszero_12(point->y)) {
            err = ECC_INF_E;
        }
    }
#endif

    if (err == MP_OKAY) {
        err = sp_384_to_mp(k, priv);
    }
    if (err == MP_OKAY) {
        err = sp_384_point_to_ecc_point_12(point, pub);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL) {
        /* point is not sensitive, so no need to zeroize */
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
    }
#endif

    return err;
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_ecc_key_gen_384_ctx {
    int state;
    sp_384_ecc_mulmod_12_ctx mulmod_ctx;
    sp_digit k[12];
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    sp_point_384  point[2];
#else
    sp_point_384 point[1];
#endif /* WOLFSSL_VALIDATE_ECC_KEYGEN */
} sp_ecc_key_gen_384_ctx;

int sp_ecc_make_key_384_nb(sp_ecc_ctx_t* sp_ctx, WC_RNG* rng, mp_int* priv,
    ecc_point* pub, void* heap)
{
    int err = FP_WOULDBLOCK;
    sp_ecc_key_gen_384_ctx* ctx = (sp_ecc_key_gen_384_ctx*)sp_ctx->data;
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    sp_point_384* infinity = ctx->point + 1;
#endif /* WOLFSSL_VALIDATE_ECC_KEYGEN */

    typedef char ctx_size_test[sizeof(sp_ecc_key_gen_384_ctx)
                               >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
        case 0:
            err = sp_384_ecc_gen_k_12(rng, ctx->k);
            if (err == MP_OKAY) {
                err = FP_WOULDBLOCK;
                ctx->state = 1;
            }
            break;
        case 1:
            err = sp_384_ecc_mulmod_base_12_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx,
                      ctx->point, ctx->k, 1, 1, heap);
            if (err == MP_OKAY) {
                err = FP_WOULDBLOCK;
            #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
                XMEMSET(&ctx->mulmod_ctx, 0, sizeof(ctx->mulmod_ctx));
                ctx->state = 2;
            #else
                ctx->state = 3;
            #endif
            }
            break;
    #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
        case 2:
            err = sp_384_ecc_mulmod_12_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx,
                      infinity, ctx->point, p384_order, 1, 1);
            if (err == MP_OKAY) {
                if (sp_384_iszero_12(ctx->point->x) ||
                    sp_384_iszero_12(ctx->point->y)) {
                    err = ECC_INF_E;
                }
                else {
                    err = FP_WOULDBLOCK;
                    ctx->state = 3;
                }
            }
            break;
    #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN */
        case 3:
            err = sp_384_to_mp(ctx->k, priv);
            if (err == MP_OKAY) {
                err = sp_384_point_to_ecc_point_12(ctx->point, pub);
            }
            break;
    }

    if (err != FP_WOULDBLOCK) {
        XMEMSET(ctx, 0, sizeof(sp_ecc_key_gen_384_ctx));
    }

    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */

#ifdef HAVE_ECC_DHE
/* Write r as big endian to byte array.
 * Fixed length number of bytes written: 48
 *
 * r  A single precision integer.
 * a  Byte array.
 */
static void sp_384_to_bin_12(sp_digit* r, byte* a)
{
    int i;
    int j = 0;

    for (i = 11; i >= 0; i--) {
        a[j++] = r[i] >> 24;
        a[j++] = r[i] >> 16;
        a[j++] = r[i] >> 8;
        a[j++] = r[i] >> 0;
    }
}

/* Multiply the point by the scalar and serialize the X ordinate.
 * The number is 0 padded to maximum size on output.
 *
 * priv    Scalar to multiply the point by.
 * pub     Point to multiply.
 * out     Buffer to hold X ordinate.
 * outLen  On entry, size of the buffer in bytes.
 *         On exit, length of data in buffer in bytes.
 * heap    Heap to use for allocation.
 * returns BUFFER_E if the buffer is to small for output size,
 * MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
                          word32* outLen, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_384* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_384 point[1];
    sp_digit k[12];
#endif
    int err = MP_OKAY;

    if (*outLen < 48U) {
        err = BUFFER_E;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
                                         DYNAMIC_TYPE_ECC);
        if (point == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
                               DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        sp_384_from_mp(k, 12, priv);
        sp_384_point_from_ecc_point_12(point, pub);
            err = sp_384_ecc_mulmod_12(point, point, k, 1, 1, heap);
    }
    if (err == MP_OKAY) {
        sp_384_to_bin_12(point->x, out);
        *outLen = 48;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_ecc_sec_gen_384_ctx {
    int state;
    union {
        sp_384_ecc_mulmod_12_ctx mulmod_ctx;
    };
    sp_digit k[12];
    sp_point_384 point;
} sp_ecc_sec_gen_384_ctx;

int sp_ecc_secret_gen_384_nb(sp_ecc_ctx_t* sp_ctx, const mp_int* priv,
    const ecc_point* pub, byte* out, word32* outLen, void* heap)
{
    int err = FP_WOULDBLOCK;
    sp_ecc_sec_gen_384_ctx* ctx = (sp_ecc_sec_gen_384_ctx*)sp_ctx->data;

    typedef char ctx_size_test[sizeof(sp_ecc_sec_gen_384_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    if (*outLen < 32U) {
        err = BUFFER_E;
    }

    switch (ctx->state) {
        case 0:
            sp_384_from_mp(ctx->k, 12, priv);
            sp_384_point_from_ecc_point_12(&ctx->point, pub);
            ctx->state = 1;
            break;
        case 1:
            err = sp_384_ecc_mulmod_12_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx,
                      &ctx->point, &ctx->point, ctx->k, 1, 1, heap);
            if (err == MP_OKAY) {
                sp_384_to_bin_12(ctx->point.x, out);
                *outLen = 48;
            }
            break;
    }

    if (err == MP_OKAY && ctx->state != 1) {
        err = FP_WOULDBLOCK;
    }
    if (err != FP_WOULDBLOCK) {
        XMEMSET(ctx, 0, sizeof(sp_ecc_sec_gen_384_ctx));
    }

    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */
#endif /* HAVE_ECC_DHE */

#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r10, #0x0\n\t"
        "ADD	r11, %[a], #0x30\n\t"
        "\n"
    "L_sp_384_sub_in_pkace_12_word:\n\t"
        "RSBS	r10, r10, #0x0\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	r10, r10, r10\n\t"
        "CMP	%[a], r11\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_384_sub_in_pkace_12_word\n\t"
#else
        "BNE.N	L_sp_384_sub_in_pkace_12_word\n\t"
#endif
        "MOV	%[a], r10\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
    );
    return (uint32_t)(size_t)a;
}

#else
/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer and result.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SUBS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	%[a], r9, r9\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)a;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDR	r8, [%[a]]\n\t"
        "UMULL	r5, r3, %[b], r8\n\t"
        "MOV	r4, #0x0\n\t"
        "STR	r5, [%[r]]\n\t"
        "MOV	r5, #0x0\n\t"
        "MOV	r9, #0x4\n\t"
        "\n"
    "L_sp_384_mul_d_12_word:\n\t"
        /* A[i] * B */
        "LDR	r8, [%[a], r9]\n\t"
        "UMULL	r6, r7, %[b], r8\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], r9]\n\t"
        "MOV	r3, r4\n\t"
        "MOV	r4, r5\n\t"
        "MOV	r5, #0x0\n\t"
        "ADD	r9, r9, #0x4\n\t"
        "CMP	r9, #0x30\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_384_mul_d_12_word\n\t"
#else
        "BLT.N	L_sp_384_mul_d_12_word\n\t"
#endif
        "STR	r3, [%[r], #48]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
}

#else
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMULL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[1] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[2] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[3] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[4] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[5] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[6] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[7] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[8] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[9] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[10] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[11] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "STR	r3, [%[r]]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_USE_UDIV
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r8, %[div], #16\n\t"
        "ADD	r5, r8, #0x1\n\t"
        "UDIV	r6, %[d1], r5\n\t"
        "LSL	r7, %[div], #16\n\t"
        "LSL	r6, r6, #16\n\t"
        "UMULL	r3, r4, %[div], r6\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "SUBS	r3, %[d1], r5\n\t"
        "SBC	r9, r9, r9\n\t"
        "ADD	r9, r9, #0x1\n\t"
        "RSB	r10, r9, #0x0\n\t"
        "LSL	r9, r9, #16\n\t"
        "AND	r7, r7, r10\n\t"
        "AND	r8, r8, r10\n\t"
        "SUBS	%[d0], %[d0], r7\n\t"
        "ADD	r6, r6, r9\n\t"
        "SBC	%[d1], %[d1], r8\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "UMULL	r3, r4, %[div], r3\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "MUL	r3, %[div], r3\n\t"
        "SUB	%[d0], %[d0], r3\n\t"
        "UDIV	r3, %[d0], %[div]\n\t"
        "ADD	%[d1], r6, r3\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#else
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r5, %[div], #1\n\t"
        "ADD	r5, r5, #0x1\n\t"
        "MOV	r6, %[d0]\n\t"
        "MOV	r7, %[d1]\n\t"
        /* Do top 32 */
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "MOV	r3, #0x0\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        /* Next 30 bits */
        "MOV	r4, #0x1d\n\t"
        "\n"
    "L_div_384_word_12_bit:\n\t"
        "LSLS	r6, r6, #1\n\t"
        "ADC	r7, r7, r7\n\t"
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "ADD	r3, r3, r3\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        "SUBS	r4, r4, #0x1\n\t"
        "bpl	L_div_384_word_12_bit\n\t"
        "ADD	r3, r3, r3\n\t"
        "ADD	r3, r3, #0x1\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "SUBS	r8, %[div], r9\n\t"
        "SBC	r8, r8, r8\n\t"
        "SUB	%[d1], r3, r8\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#endif
/* AND m into each word of a and store in r.
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * m  Mask to AND against each digit.
 */
static void sp_384_mask_12(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
    int i;

    for (i=0; i<12; i++) {
        r[i] = a[i] & m;
    }
#else
    r[0] = a[0] & m;
    r[1] = a[1] & m;
    r[2] = a[2] & m;
    r[3] = a[3] & m;
    r[4] = a[4] & m;
    r[5] = a[5] & m;
    r[6] = a[6] & m;
    r[7] = a[7] & m;
    r[8] = a[8] & m;
    r[9] = a[9] & m;
    r[10] = a[10] & m;
    r[11] = a[11] & m;
#endif
}

/* Divide d in a and put remainder into r (m*d + r = a)
 * m is not calculated as it is not needed at this time.
 *
 * a  Number to be divided.
 * d  Number to divide with.
 * m  Multiplier result.
 * r  Remainder from the division.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_384_div_12(const sp_digit* a, const sp_digit* d,
        sp_digit* m, sp_digit* r)
{
    sp_digit t1[24], t2[13];
    sp_digit div, r1;
    int i;

    (void)m;

    div = d[11];
    XMEMCPY(t1, a, sizeof(*t1) * 2 * 12);
    r1 = sp_384_cmp_12(&t1[12], d) >= 0;
    sp_384_cond_sub_12(&t1[12], &t1[12], d, (sp_digit)0 - r1);
    for (i = 11; i >= 0; i--) {
        volatile sp_digit mask = (sp_digit)0 - (t1[12 + i] == div);
        sp_digit hi = t1[12 + i] + mask;
        r1 = div_384_word_12(hi, t1[12 + i - 1], div);
        r1 |= mask;

        sp_384_mul_d_12(t2, d, r1);
        t1[12 + i] += sp_384_sub_in_place_12(&t1[i], t2);
        t1[12 + i] -= t2[12];
        sp_384_mask_12(t2, d, t1[12 + i]);
        t1[12 + i] += sp_384_add_12(&t1[i], &t1[i], t2);
        sp_384_mask_12(t2, d, t1[12 + i]);
        t1[12 + i] += sp_384_add_12(&t1[i], &t1[i], t2);
    }

    r1 = sp_384_cmp_12(t1, d) >= 0;
    sp_384_cond_sub_12(r, t1, d, (sp_digit)0 - r1);

    return MP_OKAY;
}

/* Reduce a modulo m into r. (r = a mod m)
 *
 * r  A single precision number that is the reduced result.
 * a  A single precision number that is to be reduced.
 * m  A single precision number that is the modulus to reduce with.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_384_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    return sp_384_div_12(a, m, NULL, r);
}

#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
/* Multiply two number mod the order of P384 curve. (r = a * b mod order)
 *
 * r  Result of the multiplication.
 * a  First operand of the multiplication.
 * b  Second operand of the multiplication.
 */
static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
{
    sp_384_mul_12(r, a, b);
    sp_384_mont_reduce_order_12(r, p384_order, p384_mp_order);
}

#if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
#ifdef WOLFSSL_SP_SMALL
/* Order-2 for the P384 curve. */
static const uint32_t p384_order_minus_2[12] = {
    0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U,
    0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
};
#else
/* The low half of the order-2 of the P384 curve. */
static const uint32_t p384_order_low[6] = {
    0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U
};
#endif /* WOLFSSL_SP_SMALL */

/* Square number mod the order of P384 curve. (r = a * a mod order)
 *
 * r  Result of the squaring.
 * a  Number to square.
 */
static void sp_384_mont_sqr_order_12(sp_digit* r, const sp_digit* a)
{
    sp_384_sqr_12(r, a);
    sp_384_mont_reduce_order_12(r, p384_order, p384_mp_order);
}

#ifndef WOLFSSL_SP_SMALL
/* Square number mod the order of P384 curve a number of times.
 * (r = a ^ n mod order)
 *
 * r  Result of the squaring.
 * a  Number to square.
 */
static void sp_384_mont_sqr_n_order_12(sp_digit* r, const sp_digit* a, int n)
{
    int i;

    sp_384_mont_sqr_order_12(r, a);
    for (i=1; i<n; i++) {
        sp_384_mont_sqr_order_12(r, r);
    }
}
#endif /* !WOLFSSL_SP_SMALL */

/* Invert the number, in Montgomery form, modulo the order of the P384 curve.
 * (r = 1 / a mod order)
 *
 * r   Inverse result.
 * a   Number to invert.
 * td  Temporary data.
 */

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_384_mont_inv_order_12_ctx {
    int state;
    int i;
} sp_384_mont_inv_order_12_ctx;
static int sp_384_mont_inv_order_12_nb(sp_ecc_ctx_t* sp_ctx, sp_digit* r, const sp_digit* a,
        sp_digit* t)
{
    int err = FP_WOULDBLOCK;
    sp_384_mont_inv_order_12_ctx* ctx = (sp_384_mont_inv_order_12_ctx*)sp_ctx;

    typedef char ctx_size_test[sizeof(sp_384_mont_inv_order_12_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0:
        XMEMCPY(t, a, sizeof(sp_digit) * 12);
        ctx->i = 382;
        ctx->state = 1;
        break;
    case 1:
        sp_384_mont_sqr_order_12(t, t);
        ctx->state = 2;
        break;
    case 2:
        if ((p384_order_minus_2[ctx->i / 32] & ((sp_int_digit)1 << (ctx->i % 32))) != 0) {
            sp_384_mont_mul_order_12(t, t, a);
        }
        ctx->i--;
        ctx->state = (ctx->i == 0) ? 3 : 1;
        break;
    case 3:
        XMEMCPY(r, t, sizeof(sp_digit) * 12U);
        err = MP_OKAY;
        break;
    }
    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */

static void sp_384_mont_inv_order_12(sp_digit* r, const sp_digit* a,
        sp_digit* td)
{
#ifdef WOLFSSL_SP_SMALL
    sp_digit* t = td;
    int i;

    XMEMCPY(t, a, sizeof(sp_digit) * 12);
    for (i=382; i>=0; i--) {
        sp_384_mont_sqr_order_12(t, t);
        if ((p384_order_minus_2[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
            sp_384_mont_mul_order_12(t, t, a);
        }
    }
    XMEMCPY(r, t, sizeof(sp_digit) * 12U);
#else
    sp_digit* t = td;
    sp_digit* t2 = td + 2 * 12;
    sp_digit* t3 = td + 4 * 12;
    int i;

    /* t = a^2 */
    sp_384_mont_sqr_order_12(t, a);
    /* t = a^3 = t * a */
    sp_384_mont_mul_order_12(t, t, a);
    /* t2= a^c = t ^ 2 ^ 2 */
    sp_384_mont_sqr_n_order_12(t2, t, 2);
    /* t = a^f = t2 * t */
    sp_384_mont_mul_order_12(t, t2, t);
    /* t2= a^f0 = t ^ 2 ^ 4 */
    sp_384_mont_sqr_n_order_12(t2, t, 4);
    /* t = a^ff = t2 * t */
    sp_384_mont_mul_order_12(t, t2, t);
    /* t2= a^ff00 = t ^ 2 ^ 8 */
    sp_384_mont_sqr_n_order_12(t2, t, 8);
    /* t3= a^ffff = t2 * t */
    sp_384_mont_mul_order_12(t3, t2, t);
    /* t2= a^ffff0000 = t3 ^ 2 ^ 16 */
    sp_384_mont_sqr_n_order_12(t2, t3, 16);
    /* t = a^ffffffff = t2 * t3 */
    sp_384_mont_mul_order_12(t, t2, t3);
    /* t2= a^ffffffff0000 = t ^ 2 ^ 16  */
    sp_384_mont_sqr_n_order_12(t2, t, 16);
    /* t = a^ffffffffffff = t2 * t3 */
    sp_384_mont_mul_order_12(t, t2, t3);
    /* t2= a^ffffffffffff000000000000 = t ^ 2 ^ 48  */
    sp_384_mont_sqr_n_order_12(t2, t, 48);
    /* t= a^fffffffffffffffffffffffff = t2 * t */
    sp_384_mont_mul_order_12(t, t2, t);
    /* t2= a^ffffffffffffffffffffffff000000000000000000000000 */
    sp_384_mont_sqr_n_order_12(t2, t, 96);
    /* t2= a^ffffffffffffffffffffffffffffffffffffffffffffffff = t2 * t */
    sp_384_mont_mul_order_12(t2, t2, t);
    for (i=191; i>=1; i--) {
        sp_384_mont_sqr_order_12(t2, t2);
        if ((p384_order_low[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
            sp_384_mont_mul_order_12(t2, t2, a);
        }
    }
    sp_384_mont_sqr_order_12(t2, t2);
    sp_384_mont_mul_order_12(r, t2, a);
#endif /* WOLFSSL_SP_SMALL */
}

#endif /* HAVE_ECC_SIGN || (HAVE_ECC_VERIFY && WOLFSSL_SP_SMALL) */
#endif /* HAVE_ECC_SIGN | HAVE_ECC_VERIFY */
#ifdef HAVE_ECC_SIGN
#ifndef SP_ECC_MAX_SIG_GEN
#define SP_ECC_MAX_SIG_GEN  64
#endif

/* Calculate second signature value S from R, k and private value.
 *
 * s = (r * x + e) / k
 *
 * s    Signature value.
 * r    First signature value.
 * k    Ephemeral private key.
 * x    Private key as a number.
 * e    Hash of message as a number.
 * tmp  Temporary storage for intermediate numbers.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_384_calc_s_12(sp_digit* s, const sp_digit* r, sp_digit* k,
    sp_digit* x, const sp_digit* e, sp_digit* tmp)
{
    int err;
    sp_digit carry;
    sp_int32 c;
    sp_digit* kInv = k;

    /* Conv k to Montgomery form (mod order) */
        sp_384_mul_12(k, k, p384_norm_order);
    err = sp_384_mod_12(k, k, p384_order);
    if (err == MP_OKAY) {
        sp_384_norm_12(k);

        /* kInv = 1/k mod order */
            sp_384_mont_inv_order_12(kInv, k, tmp);
        sp_384_norm_12(kInv);

        /* s = r * x + e */
            sp_384_mul_12(x, x, r);
        err = sp_384_mod_12(x, x, p384_order);
    }
    if (err == MP_OKAY) {
        sp_384_norm_12(x);
        carry = sp_384_add_12(s, e, x);
        sp_384_cond_sub_12(s, s, p384_order, 0 - carry);
        sp_384_norm_12(s);
        c = sp_384_cmp_12(s, p384_order);
        sp_384_cond_sub_12(s, s, p384_order,
            (sp_digit)0 - (sp_digit)(c >= 0));
        sp_384_norm_12(s);

        /* s = s * k^-1 mod order */
            sp_384_mont_mul_order_12(s, s, kInv);
        sp_384_norm_12(s);
    }

    return err;
}

/* Sign the hash using the private key.
 *   e = [hash, 384 bits] from binary
 *   r = (k.G)->x mod order
 *   s = (r * x + e) / k mod order
 * The hash is truncated to the first 384 bits.
 *
 * hash     Hash to sign.
 * hashLen  Length of the hash data.
 * rng      Random number generator.
 * priv     Private part of key - scalar.
 * rm       First part of result as an mp_int.
 * sm       Sirst part of result as an mp_int.
 * heap     Heap to use for allocation.
 * returns RNG failures, MEMORY_E when memory allocation fails and
 * MP_OKAY on success.
 */
int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
    const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* e = NULL;
    sp_point_384* point = NULL;
#else
    sp_digit e[7 * 2 * 12];
    sp_point_384 point[1];
#endif
    sp_digit* x = NULL;
    sp_digit* k = NULL;
    sp_digit* r = NULL;
    sp_digit* tmp = NULL;
    sp_digit* s = NULL;
    sp_int32 c;
    int err = MP_OKAY;
    int i;

    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
                                             DYNAMIC_TYPE_ECC);
        if (point == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 12, heap,
                               DYNAMIC_TYPE_ECC);
        if (e == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        x = e + 2 * 12;
        k = e + 4 * 12;
        r = e + 6 * 12;
        tmp = e + 8 * 12;
        s = e;

        if (hashLen > 48U) {
            hashLen = 48U;
        }
    }

    for (i = SP_ECC_MAX_SIG_GEN; err == MP_OKAY && i > 0; i--) {
        /* New random point. */
        if (km == NULL || mp_iszero(km)) {
            err = sp_384_ecc_gen_k_12(rng, k);
        }
        else {
            sp_384_from_mp(k, 12, km);
            mp_zero(km);
        }
        if (err == MP_OKAY) {
                err = sp_384_ecc_mulmod_base_12(point, k, 1, 1, heap);
        }

        if (err == MP_OKAY) {
            /* r = point->x mod order */
            XMEMCPY(r, point->x, sizeof(sp_digit) * 12U);
            sp_384_norm_12(r);
            c = sp_384_cmp_12(r, p384_order);
            sp_384_cond_sub_12(r, r, p384_order,
                (sp_digit)0 - (sp_digit)(c >= 0));
            sp_384_norm_12(r);

            if (!sp_384_iszero_12(r)) {
                /* x is modified in calculation of s. */
                sp_384_from_mp(x, 12, priv);
                /* s ptr == e ptr, e is modified in calculation of s. */
                sp_384_from_bin(e, 12, hash, (int)hashLen);

                err = sp_384_calc_s_12(s, r, k, x, e, tmp);

                /* Check that signature is usable. */
                if ((err == MP_OKAY) && (!sp_384_iszero_12(s))) {
                    break;
                }
            }
        }
#ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
        i = 1;
#endif
    }

    if (i == 0) {
        err = RNG_FAILURE_E;
    }

    if (err == MP_OKAY) {
        err = sp_384_to_mp(r, rm);
    }
    if (err == MP_OKAY) {
        err = sp_384_to_mp(s, sm);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (e != NULL)
#endif
    {
        ForceZero(e, sizeof(sp_digit) * 7 * 2 * 12);
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(e, heap, DYNAMIC_TYPE_ECC);
    #endif
    }
#ifdef WOLFSSL_SP_SMALL_STACK
    if (point != NULL)
#endif
    {
        ForceZero(point, sizeof(sp_point_384));
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
    #endif
    }

    return err;
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_ecc_sign_384_ctx {
    int state;
    union {
        sp_384_ecc_mulmod_12_ctx mulmod_ctx;
        sp_384_mont_inv_order_12_ctx mont_inv_order_ctx;
    };
    sp_digit e[2*12];
    sp_digit x[2*12];
    sp_digit k[2*12];
    sp_digit r[2*12];
    sp_digit tmp[3 * 2*12];
    sp_point_384 point;
    sp_digit* s;
    sp_digit* kInv;
    int i;
} sp_ecc_sign_384_ctx;

int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, WC_RNG* rng,
    mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
    int err = FP_WOULDBLOCK;
    sp_ecc_sign_384_ctx* ctx = (sp_ecc_sign_384_ctx*)sp_ctx->data;

    typedef char ctx_size_test[sizeof(sp_ecc_sign_384_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0: /* INIT */
        ctx->s = ctx->e;
        ctx->kInv = ctx->k;

        ctx->i = SP_ECC_MAX_SIG_GEN;
        ctx->state = 1;
        break;
    case 1: /* GEN */
        /* New random point. */
        if (km == NULL || mp_iszero(km)) {
            err = sp_384_ecc_gen_k_12(rng, ctx->k);
        }
        else {
            sp_384_from_mp(ctx->k, 12, km);
            mp_zero(km);
        }
        XMEMSET(&ctx->mulmod_ctx, 0, sizeof(ctx->mulmod_ctx));
        ctx->state = 2;
        break;
    case 2: /* MULMOD */
        err = sp_384_ecc_mulmod_12_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx,
            &ctx->point, &p384_base, ctx->k, 1, 1, heap);
        if (err == MP_OKAY) {
            ctx->state = 3;
        }
        break;
    case 3: /* MODORDER */
    {
        sp_int32 c;
        /* r = point->x mod order */
        XMEMCPY(ctx->r, ctx->point.x, sizeof(sp_digit) * 12U);
        sp_384_norm_12(ctx->r);
        c = sp_384_cmp_12(ctx->r, p384_order);
        sp_384_cond_sub_12(ctx->r, ctx->r, p384_order,
            (sp_digit)0 - (sp_digit)(c >= 0));
        sp_384_norm_12(ctx->r);

        if (hashLen > 48U) {
            hashLen = 48U;
        }
        sp_384_from_mp(ctx->x, 12, priv);
        sp_384_from_bin(ctx->e, 12, hash, (int)hashLen);
        ctx->state = 4;
        break;
    }
    case 4: /* KMODORDER */
        /* Conv k to Montgomery form (mod order) */
        sp_384_mul_12(ctx->k, ctx->k, p384_norm_order);
        err = sp_384_mod_12(ctx->k, ctx->k, p384_order);
        if (err == MP_OKAY) {
            sp_384_norm_12(ctx->k);
            XMEMSET(&ctx->mont_inv_order_ctx, 0, sizeof(ctx->mont_inv_order_ctx));
            ctx->state = 5;
        }
        break;
    case 5: /* KINV */
        /* kInv = 1/k mod order */
        err = sp_384_mont_inv_order_12_nb((sp_ecc_ctx_t*)&ctx->mont_inv_order_ctx, ctx->kInv, ctx->k, ctx->tmp);
        if (err == MP_OKAY) {
            XMEMSET(&ctx->mont_inv_order_ctx, 0, sizeof(ctx->mont_inv_order_ctx));
            ctx->state = 6;
        }
        break;
    case 6: /* KINVNORM */
        sp_384_norm_12(ctx->kInv);
        ctx->state = 7;
        break;
    case 7: /* R */
        /* s = r * x + e */
        sp_384_mul_12(ctx->x, ctx->x, ctx->r);
        ctx->state = 8;
        break;
    case 8: /* S1 */
        err = sp_384_mod_12(ctx->x, ctx->x, p384_order);
        if (err == MP_OKAY)
            ctx->state = 9;
        break;
    case 9: /* S2 */
    {
        sp_digit carry;
        sp_int32 c;
        sp_384_norm_12(ctx->x);
        carry = sp_384_add_12(ctx->s, ctx->e, ctx->x);
        sp_384_cond_sub_12(ctx->s, ctx->s,
            p384_order, 0 - carry);
        sp_384_norm_12(ctx->s);
        c = sp_384_cmp_12(ctx->s, p384_order);
        sp_384_cond_sub_12(ctx->s, ctx->s, p384_order,
            (sp_digit)0 - (sp_digit)(c >= 0));
        sp_384_norm_12(ctx->s);

        /* s = s * k^-1 mod order */
        sp_384_mont_mul_order_12(ctx->s, ctx->s, ctx->kInv);
        sp_384_norm_12(ctx->s);

        /* Check that signature is usable. */
        if (sp_384_iszero_12(ctx->s) == 0) {
            ctx->state = 10;
            break;
        }
    #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
        ctx->i = 1;
    #endif

        /* not usable gen, try again */
        ctx->i--;
        if (ctx->i == 0) {
            err = RNG_FAILURE_E;
        }
        ctx->state = 1;
        break;
    }
    case 10: /* RES */
        err = sp_384_to_mp(ctx->r, rm);
        if (err == MP_OKAY) {
            err = sp_384_to_mp(ctx->s, sm);
        }
        break;
    }

    if (err == MP_OKAY && ctx->state != 10) {
        err = FP_WOULDBLOCK;
    }
    if (err != FP_WOULDBLOCK) {
        XMEMSET(ctx->e, 0, sizeof(sp_digit) * 2U * 12U);
        XMEMSET(ctx->x, 0, sizeof(sp_digit) * 2U * 12U);
        XMEMSET(ctx->k, 0, sizeof(sp_digit) * 2U * 12U);
        XMEMSET(ctx->r, 0, sizeof(sp_digit) * 2U * 12U);
        XMEMSET(ctx->tmp, 0, sizeof(sp_digit) * 3U * 2U * 12U);
    }

    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */
#endif /* HAVE_ECC_SIGN */

#ifndef WOLFSSL_SP_SMALL
/* Divide the number by 2 mod the modulus. (r = a / 2 % m)
 *
 * r  Result of division by 2.
 * a  Number to divide.
 * m  Modulus.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
#else
static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r2") = (const sp_digit*)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r4}\n\t"
        "ANDS	r3, r4, #0x1\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_384_div2_mod_12_even\n\t"
#else
        "BEQ.N	L_sp_384_div2_mod_12_even\n\t"
#endif
        "MOV	r12, #0x0\n\t"
        "LDM	%[a]!, {r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "ADC	r3, r12, r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_384_div2_mod_12_div2\n\t"
#else
        "B.N	L_sp_384_div2_mod_12_div2\n\t"
#endif
        "\n"
    "L_sp_384_div2_mod_12_even:\n\t"
        "LDM	%[a]!, {r5, r6, r7}\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "\n"
    "L_sp_384_div2_mod_12_div2:\n\t"
        "SUB	%[r], %[r], #0x30\n\t"
        "LDRD	r8, r9, [%[r]]\n\t"
        "LSR	r8, r8, #1\n\t"
        "ORR	r8, r8, r9, lsl #31\n\t"
        "LSR	r9, r9, #1\n\t"
        "LDR	r10, [%[r], #8]\n\t"
        "STR	r8, [%[r]]\n\t"
        "ORR	r9, r9, r10, lsl #31\n\t"
        "LSR	r10, r10, #1\n\t"
        "LDR	r8, [%[r], #12]\n\t"
        "STR	r9, [%[r], #4]\n\t"
        "ORR	r10, r10, r8, lsl #31\n\t"
        "LSR	r8, r8, #1\n\t"
        "LDR	r9, [%[r], #16]\n\t"
        "STR	r10, [%[r], #8]\n\t"
        "ORR	r8, r8, r9, lsl #31\n\t"
        "LSR	r9, r9, #1\n\t"
        "LDR	r10, [%[r], #20]\n\t"
        "STR	r8, [%[r], #12]\n\t"
        "ORR	r9, r9, r10, lsl #31\n\t"
        "LSR	r10, r10, #1\n\t"
        "LDR	r8, [%[r], #24]\n\t"
        "STR	r9, [%[r], #16]\n\t"
        "ORR	r10, r10, r8, lsl #31\n\t"
        "LSR	r8, r8, #1\n\t"
        "LDR	r9, [%[r], #28]\n\t"
        "STR	r10, [%[r], #20]\n\t"
        "ORR	r8, r8, r9, lsl #31\n\t"
        "LSR	r9, r9, #1\n\t"
        "LDR	r10, [%[r], #32]\n\t"
        "STR	r8, [%[r], #24]\n\t"
        "ORR	r9, r9, r10, lsl #31\n\t"
        "LSR	r10, r10, #1\n\t"
        "LDR	r8, [%[r], #36]\n\t"
        "STR	r9, [%[r], #28]\n\t"
        "ORR	r10, r10, r8, lsl #31\n\t"
        "LSR	r8, r8, #1\n\t"
        "LDR	r9, [%[r], #40]\n\t"
        "STR	r10, [%[r], #32]\n\t"
        "ORR	r8, r8, r9, lsl #31\n\t"
        "LSR	r9, r9, #1\n\t"
        "LDR	r10, [%[r], #44]\n\t"
        "STR	r8, [%[r], #36]\n\t"
        "ORR	r9, r9, r10, lsl #31\n\t"
        "LSR	r10, r10, #1\n\t"
        "ORR	r10, r10, r3, lsl #31\n\t"
        "STR	r9, [%[r], #40]\n\t"
        "STR	r10, [%[r], #44]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
    );
}

#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static int sp_384_num_bits_12(const sp_digit* a_p)
#else
static int sp_384_num_bits_12(const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register const sp_digit* a __asm__ ("r0") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	r1, [%[a], #44]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_384_num_bits_12_11\n\t"
#else
        "BEQ.N	L_sp_384_num_bits_12_11\n\t"
#endif
        "MOV	r2, #0x180\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_384_num_bits_12_13\n\t"
#else
        "B.N	L_sp_384_num_bits_12_13\n\t"
#endif
        "\n"
    "L_sp_384_num_bits_12_11:\n\t"
        "LDR	r1, [%[a], #40]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_384_num_bits_12_10\n\t"
#else
        "BEQ.N	L_sp_384_num_bits_12_10\n\t"
#endif
        "MOV	r2, #0x160\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_384_num_bits_12_13\n\t"
#else
        "B.N	L_sp_384_num_bits_12_13\n\t"
#endif
        "\n"
    "L_sp_384_num_bits_12_10:\n\t"
        "LDR	r1, [%[a], #36]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_384_num_bits_12_9\n\t"
#else
        "BEQ.N	L_sp_384_num_bits_12_9\n\t"
#endif
        "MOV	r2, #0x140\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_384_num_bits_12_13\n\t"
#else
        "B.N	L_sp_384_num_bits_12_13\n\t"
#endif
        "\n"
    "L_sp_384_num_bits_12_9:\n\t"
        "LDR	r1, [%[a], #32]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_384_num_bits_12_8\n\t"
#else
        "BEQ.N	L_sp_384_num_bits_12_8\n\t"
#endif
        "MOV	r2, #0x120\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_384_num_bits_12_13\n\t"
#else
        "B.N	L_sp_384_num_bits_12_13\n\t"
#endif
        "\n"
    "L_sp_384_num_bits_12_8:\n\t"
        "LDR	r1, [%[a], #28]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_384_num_bits_12_7\n\t"
#else
        "BEQ.N	L_sp_384_num_bits_12_7\n\t"
#endif
        "MOV	r2, #0x100\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_384_num_bits_12_13\n\t"
#else
        "B.N	L_sp_384_num_bits_12_13\n\t"
#endif
        "\n"
    "L_sp_384_num_bits_12_7:\n\t"
        "LDR	r1, [%[a], #24]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_384_num_bits_12_6\n\t"
#else
        "BEQ.N	L_sp_384_num_bits_12_6\n\t"
#endif
        "MOV	r2, #0xe0\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_384_num_bits_12_13\n\t"
#else
        "B.N	L_sp_384_num_bits_12_13\n\t"
#endif
        "\n"
    "L_sp_384_num_bits_12_6:\n\t"
        "LDR	r1, [%[a], #20]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_384_num_bits_12_5\n\t"
#else
        "BEQ.N	L_sp_384_num_bits_12_5\n\t"
#endif
        "MOV	r2, #0xc0\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_384_num_bits_12_13\n\t"
#else
        "B.N	L_sp_384_num_bits_12_13\n\t"
#endif
        "\n"
    "L_sp_384_num_bits_12_5:\n\t"
        "LDR	r1, [%[a], #16]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_384_num_bits_12_4\n\t"
#else
        "BEQ.N	L_sp_384_num_bits_12_4\n\t"
#endif
        "MOV	r2, #0xa0\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_384_num_bits_12_13\n\t"
#else
        "B.N	L_sp_384_num_bits_12_13\n\t"
#endif
        "\n"
    "L_sp_384_num_bits_12_4:\n\t"
        "LDR	r1, [%[a], #12]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_384_num_bits_12_3\n\t"
#else
        "BEQ.N	L_sp_384_num_bits_12_3\n\t"
#endif
        "MOV	r2, #0x80\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_384_num_bits_12_13\n\t"
#else
        "B.N	L_sp_384_num_bits_12_13\n\t"
#endif
        "\n"
    "L_sp_384_num_bits_12_3:\n\t"
        "LDR	r1, [%[a], #8]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_384_num_bits_12_2\n\t"
#else
        "BEQ.N	L_sp_384_num_bits_12_2\n\t"
#endif
        "MOV	r2, #0x60\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_384_num_bits_12_13\n\t"
#else
        "B.N	L_sp_384_num_bits_12_13\n\t"
#endif
        "\n"
    "L_sp_384_num_bits_12_2:\n\t"
        "LDR	r1, [%[a], #4]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_384_num_bits_12_1\n\t"
#else
        "BEQ.N	L_sp_384_num_bits_12_1\n\t"
#endif
        "MOV	r2, #0x40\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_384_num_bits_12_13\n\t"
#else
        "B.N	L_sp_384_num_bits_12_13\n\t"
#endif
        "\n"
    "L_sp_384_num_bits_12_1:\n\t"
        "LDR	r1, [%[a]]\n\t"
        "MOV	r2, #0x20\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
        "\n"
    "L_sp_384_num_bits_12_13:\n\t"
        "MOV	%[a], r4\n\t"
        : [a] "+r" (a)
        :
        : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Non-constant time modular inversion.
 *
 * @param  [out]  r   Resulting number.
 * @param  [in]   a   Number to invert.
 * @param  [in]   m   Modulus.
 * @return  MP_OKAY on success.
 */
static int sp_384_mod_inv_12(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    sp_digit u[12];
    sp_digit v[12];
    sp_digit b[12];
    sp_digit d[12];
    int ut, vt;
    sp_digit o;


    XMEMCPY(u, m, sizeof(u));
    XMEMCPY(v, a, sizeof(v));

    ut = sp_384_num_bits_12(u);
    vt = sp_384_num_bits_12(v);

    XMEMSET(b, 0, sizeof(b));
    if ((v[0] & 1) == 0) {
        sp_384_rshift1_12(v, v);
        XMEMCPY(d, m, sizeof(u));
        d[0] += 1;
        sp_384_rshift1_12(d, d);
        vt--;

        while ((v[0] & 1) == 0) {
            sp_384_rshift1_12(v, v);
            sp_384_div2_mod_12(d, d, m);
            vt--;
        }
    }
    else {
        XMEMSET(d+1, 0, sizeof(d)-sizeof(sp_digit));
        d[0] = 1;
    }

    while (ut > 1 && vt > 1) {
        if ((ut > vt) || ((ut == vt) && (sp_384_cmp_12(u, v) >= 0))) {
            sp_384_sub_12(u, u, v);
            o = sp_384_sub_12(b, b, d);
            if (o != 0)
                sp_384_add_12(b, b, m);
            ut = sp_384_num_bits_12(u);

            do {
                sp_384_rshift1_12(u, u);
                sp_384_div2_mod_12(b, b, m);
                ut--;
            }
            while (ut > 0 && (u[0] & 1) == 0);
        }
        else {
            sp_384_sub_12(v, v, u);
            o = sp_384_sub_12(d, d, b);
            if (o != 0)
                sp_384_add_12(d, d, m);
            vt = sp_384_num_bits_12(v);

            do {
                sp_384_rshift1_12(v, v);
                sp_384_div2_mod_12(d, d, m);
                vt--;
            }
            while (vt > 0 && (v[0] & 1) == 0);
        }
    }

    if (ut == 1)
        XMEMCPY(r, b, sizeof(b));
    else
        XMEMCPY(r, d, sizeof(d));


    return MP_OKAY;
}

#endif /* WOLFSSL_SP_SMALL */

/* Add point p1 into point p2. Handles p1 == p2 and result at infinity.
 *
 * p1   First point to add and holds result.
 * p2   Second point to add.
 * tmp  Temporary storage for intermediate numbers.
 */
static void sp_384_add_points_12(sp_point_384* p1, const sp_point_384* p2,
    sp_digit* tmp)
{

        sp_384_proj_point_add_12(p1, p1, p2, tmp);
    if (sp_384_iszero_12(p1->z)) {
        if (sp_384_iszero_12(p1->x) && sp_384_iszero_12(p1->y)) {
                sp_384_proj_point_dbl_12(p1, p2, tmp);
        }
        else {
            /* Y ordinate is not used from here - don't set. */
            p1->x[0] = 0;
            p1->x[1] = 0;
            p1->x[2] = 0;
            p1->x[3] = 0;
            p1->x[4] = 0;
            p1->x[5] = 0;
            p1->x[6] = 0;
            p1->x[7] = 0;
            p1->x[8] = 0;
            p1->x[9] = 0;
            p1->x[10] = 0;
            p1->x[11] = 0;
            XMEMCPY(p1->z, p384_norm_mod, sizeof(p384_norm_mod));
        }
    }
}

/* Calculate the verification point: [e/s]G + [r/s]Q
 *
 * p1    Calculated point.
 * p2    Public point and temporary.
 * s     Second part of signature as a number.
 * u1    Temporary number.
 * u2    Temporary number.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_384_calc_vfy_point_12(sp_point_384* p1, sp_point_384* p2,
    sp_digit* s, sp_digit* u1, sp_digit* u2, sp_digit* tmp, void* heap)
{
    int err;

#ifndef WOLFSSL_SP_SMALL
    err = sp_384_mod_inv_12(s, s, p384_order);
    if (err == MP_OKAY)
#endif /* !WOLFSSL_SP_SMALL */
    {
        sp_384_mul_12(s, s, p384_norm_order);
        err = sp_384_mod_12(s, s, p384_order);
    }
    if (err == MP_OKAY) {
        sp_384_norm_12(s);
#ifdef WOLFSSL_SP_SMALL
        {
            sp_384_mont_inv_order_12(s, s, tmp);
            sp_384_mont_mul_order_12(u1, u1, s);
            sp_384_mont_mul_order_12(u2, u2, s);
        }
#else
        {
            sp_384_mont_mul_order_12(u1, u1, s);
            sp_384_mont_mul_order_12(u2, u2, s);
        }
#endif /* WOLFSSL_SP_SMALL */
        {
            err = sp_384_ecc_mulmod_base_12(p1, u1, 0, 0, heap);
        }
    }
    if ((err == MP_OKAY) && sp_384_iszero_12(p1->z)) {
        p1->infinity = 1;
    }
    if (err == MP_OKAY) {
            err = sp_384_ecc_mulmod_12(p2, p2, u2, 0, 0, heap);
    }
    if ((err == MP_OKAY) && sp_384_iszero_12(p2->z)) {
        p2->infinity = 1;
    }

    if (err == MP_OKAY) {
        sp_384_add_points_12(p1, p2, tmp);
    }

    return err;
}

#ifdef HAVE_ECC_VERIFY
/* Verify the signature values with the hash and public key.
 *   e = Truncate(hash, 384)
 *   u1 = e/s mod order
 *   u2 = r/s mod order
 *   r == (u1.G + u2.Q)->x mod order
 * Optimization: Leave point in projective form.
 *   (x, y, 1) == (x' / z'*z', y' / z'*z'*z', z' / z')
 *   (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x'
 * The hash is truncated to the first 384 bits.
 *
 * hash     Hash to sign.
 * hashLen  Length of the hash data.
 * rng      Random number generator.
 * priv     Private part of key - scalar.
 * rm       First part of result as an mp_int.
 * sm       Sirst part of result as an mp_int.
 * heap     Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
    const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
    int* res, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* u1 = NULL;
    sp_point_384* p1 = NULL;
#else
    sp_digit  u1[18 * 12];
    sp_point_384 p1[2];
#endif
    sp_digit* u2 = NULL;
    sp_digit* s = NULL;
    sp_digit* tmp = NULL;
    sp_point_384* p2 = NULL;
    sp_digit carry;
    sp_int32 c = 0;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        p1 = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
                                             DYNAMIC_TYPE_ECC);
        if (p1 == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 12, heap,
                                                              DYNAMIC_TYPE_ECC);
        if (u1 == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        u2  = u1 + 2 * 12;
        s   = u1 + 4 * 12;
        tmp = u1 + 6 * 12;
        p2 = p1 + 1;

        if (hashLen > 48U) {
            hashLen = 48U;
        }

        sp_384_from_bin(u1, 12, hash, (int)hashLen);
        sp_384_from_mp(u2, 12, rm);
        sp_384_from_mp(s, 12, sm);
        sp_384_from_mp(p2->x, 12, pX);
        sp_384_from_mp(p2->y, 12, pY);
        sp_384_from_mp(p2->z, 12, pZ);

        err = sp_384_calc_vfy_point_12(p1, p2, s, u1, u2, tmp, heap);
    }
    if (err == MP_OKAY) {
        /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
        /* Reload r and convert to Montgomery form. */
        sp_384_from_mp(u2, 12, rm);
        err = sp_384_mod_mul_norm_12(u2, u2, p384_mod);
    }

    if (err == MP_OKAY) {
        /* u1 = r.z'.z' mod prime */
            sp_384_mont_sqr_12(p1->z, p1->z, p384_mod, p384_mp_mod);
            sp_384_mont_mul_12(u1, u2, p1->z, p384_mod, p384_mp_mod);
        *res = (int)(sp_384_cmp_12(p1->x, u1) == 0);
        if (*res == 0) {
            /* Reload r and add order. */
            sp_384_from_mp(u2, 12, rm);
            carry = sp_384_add_12(u2, u2, p384_order);
            /* Carry means result is greater than mod and is not valid. */
            if (carry == 0) {
                sp_384_norm_12(u2);

                /* Compare with mod and if greater or equal then not valid. */
                c = sp_384_cmp_12(u2, p384_mod);
            }
        }
        if ((*res == 0) && (c < 0)) {
            /* Convert to Montogomery form */
            err = sp_384_mod_mul_norm_12(u2, u2, p384_mod);
            if (err == MP_OKAY) {
                /* u1 = (r + 1*order).z'.z' mod prime */
                {
                    sp_384_mont_mul_12(u1, u2, p1->z, p384_mod, p384_mp_mod);
                }
                *res = (sp_384_cmp_12(p1->x, u1) == 0);
            }
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (u1 != NULL)
        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
    if (p1 != NULL)
        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_ecc_verify_384_ctx {
    int state;
    union {
        sp_384_ecc_mulmod_12_ctx mulmod_ctx;
        sp_384_mont_inv_order_12_ctx mont_inv_order_ctx;
        sp_384_proj_point_dbl_12_ctx dbl_ctx;
        sp_384_proj_point_add_12_ctx add_ctx;
    };
    sp_digit u1[2*12];
    sp_digit u2[2*12];
    sp_digit s[2*12];
    sp_digit tmp[2*12 * 6];
    sp_point_384 p1;
    sp_point_384 p2;
} sp_ecc_verify_384_ctx;

int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
    word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
    const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
    int err = FP_WOULDBLOCK;
    sp_ecc_verify_384_ctx* ctx = (sp_ecc_verify_384_ctx*)sp_ctx->data;

    typedef char ctx_size_test[sizeof(sp_ecc_verify_384_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0: /* INIT */
        if (hashLen > 48U) {
            hashLen = 48U;
        }

        sp_384_from_bin(ctx->u1, 12, hash, (int)hashLen);
        sp_384_from_mp(ctx->u2, 12, rm);
        sp_384_from_mp(ctx->s, 12, sm);
        sp_384_from_mp(ctx->p2.x, 12, pX);
        sp_384_from_mp(ctx->p2.y, 12, pY);
        sp_384_from_mp(ctx->p2.z, 12, pZ);
        ctx->state = 1;
        break;
    case 1: /* NORMS0 */
        sp_384_mul_12(ctx->s, ctx->s, p384_norm_order);
        err = sp_384_mod_12(ctx->s, ctx->s, p384_order);
        if (err == MP_OKAY)
            ctx->state = 2;
        break;
    case 2: /* NORMS1 */
        sp_384_norm_12(ctx->s);
        XMEMSET(&ctx->mont_inv_order_ctx, 0, sizeof(ctx->mont_inv_order_ctx));
        ctx->state = 3;
        break;
    case 3: /* NORMS2 */
        err = sp_384_mont_inv_order_12_nb((sp_ecc_ctx_t*)&ctx->mont_inv_order_ctx, ctx->s, ctx->s, ctx->tmp);
        if (err == MP_OKAY) {
            ctx->state = 4;
        }
        break;
    case 4: /* NORMS3 */
        sp_384_mont_mul_order_12(ctx->u1, ctx->u1, ctx->s);
        ctx->state = 5;
        break;
    case 5: /* NORMS4 */
        sp_384_mont_mul_order_12(ctx->u2, ctx->u2, ctx->s);
        XMEMSET(&ctx->mulmod_ctx, 0, sizeof(ctx->mulmod_ctx));
        ctx->state = 6;
        break;
    case 6: /* MULBASE */
        err = sp_384_ecc_mulmod_12_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx, &ctx->p1, &p384_base, ctx->u1, 0, 0, heap);
        if (err == MP_OKAY) {
            if (sp_384_iszero_12(ctx->p1.z)) {
                ctx->p1.infinity = 1;
            }
            XMEMSET(&ctx->mulmod_ctx, 0, sizeof(ctx->mulmod_ctx));
            ctx->state = 7;
        }
        break;
    case 7: /* MULMOD */
        err = sp_384_ecc_mulmod_12_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx, &ctx->p2, &ctx->p2, ctx->u2, 0, 0, heap);
        if (err == MP_OKAY) {
            if (sp_384_iszero_12(ctx->p2.z)) {
                ctx->p2.infinity = 1;
            }
            XMEMSET(&ctx->add_ctx, 0, sizeof(ctx->add_ctx));
            ctx->state = 8;
        }
        break;
    case 8: /* ADD */
        err = sp_384_proj_point_add_12_nb((sp_ecc_ctx_t*)&ctx->add_ctx, &ctx->p1, &ctx->p1, &ctx->p2, ctx->tmp);
        if (err == MP_OKAY)
            ctx->state = 9;
        break;
    case 9: /* MONT */
        /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
        /* Reload r and convert to Montgomery form. */
        sp_384_from_mp(ctx->u2, 12, rm);
        err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod);
        if (err == MP_OKAY)
            ctx->state = 10;
        break;
    case 10: /* SQR */
        /* u1 = r.z'.z' mod prime */
        sp_384_mont_sqr_12(ctx->p1.z, ctx->p1.z, p384_mod, p384_mp_mod);
        ctx->state = 11;
        break;
    case 11: /* MUL */
        sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, p384_mp_mod);
        ctx->state = 12;
        break;
    case 12: /* RES */
    {
        sp_int32 c = 0;
        err = MP_OKAY; /* math okay, now check result */
        *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0);
        if (*res == 0) {
            sp_digit carry;

            /* Reload r and add order. */
            sp_384_from_mp(ctx->u2, 12, rm);
            carry = sp_384_add_12(ctx->u2, ctx->u2, p384_order);
            /* Carry means result is greater than mod and is not valid. */
            if (carry == 0) {
                sp_384_norm_12(ctx->u2);

                /* Compare with mod and if greater or equal then not valid. */
                c = sp_384_cmp_12(ctx->u2, p384_mod);
            }
        }
        if ((*res == 0) && (c < 0)) {
            /* Convert to Montogomery form */
            err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod);
            if (err == MP_OKAY) {
                /* u1 = (r + 1*order).z'.z' mod prime */
                sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod,
                                                            p384_mp_mod);
                *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0);
            }
        }
        break;
    }
    } /* switch */

    if (err == MP_OKAY && ctx->state != 12) {
        err = FP_WOULDBLOCK;
    }

    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */
#endif /* HAVE_ECC_VERIFY */

#ifdef HAVE_ECC_CHECK_KEY
/* Check that the x and y ordinates are a valid point on the curve.
 *
 * point  EC point.
 * heap   Heap to use if dynamically allocating.
 * returns MEMORY_E if dynamic memory allocation fails, MP_VAL if the point is
 * not on the curve and MP_OKAY otherwise.
 */
static int sp_384_ecc_is_point_12(const sp_point_384* point,
    void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* t1 = NULL;
#else
    sp_digit t1[12 * 4];
#endif
    sp_digit* t2 = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12 * 4, heap, DYNAMIC_TYPE_ECC);
    if (t1 == NULL)
        err = MEMORY_E;
#endif
    (void)heap;

    if (err == MP_OKAY) {
        t2 = t1 + 2 * 12;

        /* y^2 - x^3 - a.x = b */
        sp_384_sqr_12(t1, point->y);
        (void)sp_384_mod_12(t1, t1, p384_mod);
        sp_384_sqr_12(t2, point->x);
        (void)sp_384_mod_12(t2, t2, p384_mod);
        sp_384_mul_12(t2, t2, point->x);
        (void)sp_384_mod_12(t2, t2, p384_mod);
        sp_384_mont_sub_12(t1, t1, t2, p384_mod);

        /* y^2 - x^3 + 3.x = b, when a = -3  */
        sp_384_mont_add_12(t1, t1, point->x, p384_mod);
        sp_384_mont_add_12(t1, t1, point->x, p384_mod);
        sp_384_mont_add_12(t1, t1, point->x, p384_mod);


        if (sp_384_cmp_12(t1, p384_b) != 0) {
            err = MP_VAL;
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t1 != NULL)
        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Check that the x and y ordinates are a valid point on the curve.
 *
 * pX  X ordinate of EC point.
 * pY  Y ordinate of EC point.
 * returns MEMORY_E if dynamic memory allocation fails, MP_VAL if the point is
 * not on the curve and MP_OKAY otherwise.
 */
int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_384* pub = NULL;
#else
    sp_point_384 pub[1];
#endif
    const byte one[1] = { 1 };
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
                                       DYNAMIC_TYPE_ECC);
    if (pub == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {
        sp_384_from_mp(pub->x, 12, pX);
        sp_384_from_mp(pub->y, 12, pY);
        sp_384_from_bin(pub->z, 12, one, (int)sizeof(one));

        err = sp_384_ecc_is_point_12(pub, NULL);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (pub != NULL)
        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Check that the private scalar generates the EC point (px, py), the point is
 * on the curve and the point has the correct order.
 *
 * pX     X ordinate of EC point.
 * pY     Y ordinate of EC point.
 * privm  Private scalar that generates EC point.
 * returns MEMORY_E if dynamic memory allocation fails, MP_VAL if the point is
 * not on the curve, ECC_INF_E if the point does not have the correct order,
 * ECC_PRIV_KEY_E when the private scalar doesn't generate the EC point and
 * MP_OKAY otherwise.
 */
int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
    const mp_int* privm, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* priv = NULL;
    sp_point_384* pub = NULL;
#else
    sp_digit priv[12];
    sp_point_384 pub[2];
#endif
    sp_point_384* p = NULL;
    const byte one[1] = { 1 };
    int err = MP_OKAY;


    /* Quick check the lengs of public key ordinates and private key are in
     * range. Proper check later.
     */
    if (((mp_count_bits(pX) > 384) ||
        (mp_count_bits(pY) > 384) ||
        ((privm != NULL) && (mp_count_bits(privm) > 384)))) {
        err = ECC_OUT_OF_RANGE_E;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
                                           DYNAMIC_TYPE_ECC);
        if (pub == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY && privm) {
        priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
                                  DYNAMIC_TYPE_ECC);
        if (priv == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        p = pub + 1;

        sp_384_from_mp(pub->x, 12, pX);
        sp_384_from_mp(pub->y, 12, pY);
        sp_384_from_bin(pub->z, 12, one, (int)sizeof(one));
        if (privm)
            sp_384_from_mp(priv, 12, privm);

        /* Check point at infinitiy. */
        if ((sp_384_iszero_12(pub->x) != 0) &&
            (sp_384_iszero_12(pub->y) != 0)) {
            err = ECC_INF_E;
        }
    }

    /* Check range of X and Y */
    if ((err == MP_OKAY) &&
            ((sp_384_cmp_12(pub->x, p384_mod) >= 0) ||
             (sp_384_cmp_12(pub->y, p384_mod) >= 0))) {
        err = ECC_OUT_OF_RANGE_E;
    }

    if (err == MP_OKAY) {
        /* Check point is on curve */
        err = sp_384_ecc_is_point_12(pub, heap);
    }

    if (err == MP_OKAY) {
        /* Point * order = infinity */
            err = sp_384_ecc_mulmod_12(p, pub, p384_order, 1, 1, heap);
    }
    /* Check result is infinity */
    if ((err == MP_OKAY) && ((sp_384_iszero_12(p->x) == 0) ||
                             (sp_384_iszero_12(p->y) == 0))) {
        err = ECC_INF_E;
    }

    if (privm) {
        if (err == MP_OKAY) {
            /* Base * private = point */
                err = sp_384_ecc_mulmod_base_12(p, priv, 1, 1, heap);
        }
        /* Check result is public key */
        if ((err == MP_OKAY) &&
                ((sp_384_cmp_12(p->x, pub->x) != 0) ||
                 (sp_384_cmp_12(p->y, pub->y) != 0))) {
            err = ECC_PRIV_KEY_E;
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (pub != NULL)
        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
    if (priv != NULL)
        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}
#endif
#ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL
/* Add two projective EC points together.
 * (pX, pY, pZ) + (qX, qY, qZ) = (rX, rY, rZ)
 *
 * pX   First EC point's X ordinate.
 * pY   First EC point's Y ordinate.
 * pZ   First EC point's Z ordinate.
 * qX   Second EC point's X ordinate.
 * qY   Second EC point's Y ordinate.
 * qZ   Second EC point's Z ordinate.
 * rX   Resultant EC point's X ordinate.
 * rY   Resultant EC point's Y ordinate.
 * rZ   Resultant EC point's Z ordinate.
 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
 */
int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
                              mp_int* qX, mp_int* qY, mp_int* qZ,
                              mp_int* rX, mp_int* rY, mp_int* rZ)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp = NULL;
    sp_point_384* p = NULL;
#else
    sp_digit tmp[2 * 12 * 6];
    sp_point_384 p[2];
#endif
    sp_point_384* q = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        p = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, NULL,
                                         DYNAMIC_TYPE_ECC);
        if (p == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, NULL,
                                 DYNAMIC_TYPE_ECC);
        if (tmp == NULL) {
            err = MEMORY_E;
        }
    }
#endif

    if (err == MP_OKAY) {
        q = p + 1;

        sp_384_from_mp(p->x, 12, pX);
        sp_384_from_mp(p->y, 12, pY);
        sp_384_from_mp(p->z, 12, pZ);
        sp_384_from_mp(q->x, 12, qX);
        sp_384_from_mp(q->y, 12, qY);
        sp_384_from_mp(q->z, 12, qZ);
        p->infinity = sp_384_iszero_12(p->x) &
                      sp_384_iszero_12(p->y);
        q->infinity = sp_384_iszero_12(q->x) &
                      sp_384_iszero_12(q->y);

            sp_384_proj_point_add_12(p, p, q, tmp);
    }

    if (err == MP_OKAY) {
        err = sp_384_to_mp(p->x, rX);
    }
    if (err == MP_OKAY) {
        err = sp_384_to_mp(p->y, rY);
    }
    if (err == MP_OKAY) {
        err = sp_384_to_mp(p->z, rZ);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (tmp != NULL)
        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
    if (p != NULL)
        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Double a projective EC point.
 * (pX, pY, pZ) + (pX, pY, pZ) = (rX, rY, rZ)
 *
 * pX   EC point's X ordinate.
 * pY   EC point's Y ordinate.
 * pZ   EC point's Z ordinate.
 * rX   Resultant EC point's X ordinate.
 * rY   Resultant EC point's Y ordinate.
 * rZ   Resultant EC point's Z ordinate.
 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
 */
int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
                              mp_int* rX, mp_int* rY, mp_int* rZ)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp = NULL;
    sp_point_384* p = NULL;
#else
    sp_digit tmp[2 * 12 * 2];
    sp_point_384 p[1];
#endif
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
                                         DYNAMIC_TYPE_ECC);
        if (p == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 2, NULL,
                                 DYNAMIC_TYPE_ECC);
        if (tmp == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        sp_384_from_mp(p->x, 12, pX);
        sp_384_from_mp(p->y, 12, pY);
        sp_384_from_mp(p->z, 12, pZ);
        p->infinity = sp_384_iszero_12(p->x) &
                      sp_384_iszero_12(p->y);

            sp_384_proj_point_dbl_12(p, p, tmp);
    }

    if (err == MP_OKAY) {
        err = sp_384_to_mp(p->x, rX);
    }
    if (err == MP_OKAY) {
        err = sp_384_to_mp(p->y, rY);
    }
    if (err == MP_OKAY) {
        err = sp_384_to_mp(p->z, rZ);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (tmp != NULL)
        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
    if (p != NULL)
        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Map a projective EC point to affine in place.
 * pZ will be one.
 *
 * pX   EC point's X ordinate.
 * pY   EC point's Y ordinate.
 * pZ   EC point's Z ordinate.
 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
 */
int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp = NULL;
    sp_point_384* p = NULL;
#else
    sp_digit tmp[2 * 12 * 6];
    sp_point_384 p[1];
#endif
    int err = MP_OKAY;


#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
                                         DYNAMIC_TYPE_ECC);
        if (p == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, NULL,
                                 DYNAMIC_TYPE_ECC);
        if (tmp == NULL)
            err = MEMORY_E;
    }
#endif
    if (err == MP_OKAY) {
        sp_384_from_mp(p->x, 12, pX);
        sp_384_from_mp(p->y, 12, pY);
        sp_384_from_mp(p->z, 12, pZ);
        p->infinity = sp_384_iszero_12(p->x) &
                      sp_384_iszero_12(p->y);

            sp_384_map_12(p, p, tmp);
    }

    if (err == MP_OKAY) {
        err = sp_384_to_mp(p->x, pX);
    }
    if (err == MP_OKAY) {
        err = sp_384_to_mp(p->y, pY);
    }
    if (err == MP_OKAY) {
        err = sp_384_to_mp(p->z, pZ);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (tmp != NULL)
        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
    if (p != NULL)
        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}
#endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
#ifdef HAVE_COMP_KEY
/* Find the square root of a number mod the prime of the curve.
 *
 * y  The number to operate on and the result.
 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
 */
static int sp_384_mont_sqrt_12(sp_digit* y)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* t1 = NULL;
#else
    sp_digit t1[5 * 2 * 12];
#endif
    sp_digit* t2 = NULL;
    sp_digit* t3 = NULL;
    sp_digit* t4 = NULL;
    sp_digit* t5 = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 12, NULL, DYNAMIC_TYPE_ECC);
    if (t1 == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {
        t2 = t1 + 2 * 12;
        t3 = t1 + 4 * 12;
        t4 = t1 + 6 * 12;
        t5 = t1 + 8 * 12;

        {
            /* t2 = y ^ 0x2 */
            sp_384_mont_sqr_12(t2, y, p384_mod, p384_mp_mod);
            /* t1 = y ^ 0x3 */
            sp_384_mont_mul_12(t1, t2, y, p384_mod, p384_mp_mod);
            /* t5 = y ^ 0xc */
            sp_384_mont_sqr_n_12(t5, t1, 2, p384_mod, p384_mp_mod);
            /* t1 = y ^ 0xf */
            sp_384_mont_mul_12(t1, t1, t5, p384_mod, p384_mp_mod);
            /* t2 = y ^ 0x1e */
            sp_384_mont_sqr_12(t2, t1, p384_mod, p384_mp_mod);
            /* t3 = y ^ 0x1f */
            sp_384_mont_mul_12(t3, t2, y, p384_mod, p384_mp_mod);
            /* t2 = y ^ 0x3e0 */
            sp_384_mont_sqr_n_12(t2, t3, 5, p384_mod, p384_mp_mod);
            /* t1 = y ^ 0x3ff */
            sp_384_mont_mul_12(t1, t3, t2, p384_mod, p384_mp_mod);
            /* t2 = y ^ 0x7fe0 */
            sp_384_mont_sqr_n_12(t2, t1, 5, p384_mod, p384_mp_mod);
            /* t3 = y ^ 0x7fff */
            sp_384_mont_mul_12(t3, t3, t2, p384_mod, p384_mp_mod);
            /* t2 = y ^ 0x3fff800 */
            sp_384_mont_sqr_n_12(t2, t3, 15, p384_mod, p384_mp_mod);
            /* t4 = y ^ 0x3ffffff */
            sp_384_mont_mul_12(t4, t3, t2, p384_mod, p384_mp_mod);
            /* t2 = y ^ 0xffffffc000000 */
            sp_384_mont_sqr_n_12(t2, t4, 30, p384_mod, p384_mp_mod);
            /* t1 = y ^ 0xfffffffffffff */
            sp_384_mont_mul_12(t1, t4, t2, p384_mod, p384_mp_mod);
            /* t2 = y ^ 0xfffffffffffffff000000000000000 */
            sp_384_mont_sqr_n_12(t2, t1, 60, p384_mod, p384_mp_mod);
            /* t1 = y ^ 0xffffffffffffffffffffffffffffff */
            sp_384_mont_mul_12(t1, t1, t2, p384_mod, p384_mp_mod);
            /* t2 = y ^ 0xffffffffffffffffffffffffffffff000000000000000000000000000000 */
            sp_384_mont_sqr_n_12(t2, t1, 120, p384_mod, p384_mp_mod);
            /* t1 = y ^ 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff */
            sp_384_mont_mul_12(t1, t1, t2, p384_mod, p384_mp_mod);
            /* t2 = y ^ 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff8000 */
            sp_384_mont_sqr_n_12(t2, t1, 15, p384_mod, p384_mp_mod);
            /* t1 = y ^ 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff */
            sp_384_mont_mul_12(t1, t3, t2, p384_mod, p384_mp_mod);
            /* t2 = y ^ 0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff80000000 */
            sp_384_mont_sqr_n_12(t2, t1, 31, p384_mod, p384_mp_mod);
            /* t1 = y ^ 0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffbfffffff */
            sp_384_mont_mul_12(t1, t4, t2, p384_mod, p384_mp_mod);
            /* t2 = y ^ 0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffbfffffff0 */
            sp_384_mont_sqr_n_12(t2, t1, 4, p384_mod, p384_mp_mod);
            /* t1 = y ^ 0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffbfffffffc */
            sp_384_mont_mul_12(t1, t5, t2, p384_mod, p384_mp_mod);
            /* t2 = y ^ 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000 */
            sp_384_mont_sqr_n_12(t2, t1, 62, p384_mod, p384_mp_mod);
            /* t1 = y ^ 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000001 */
            sp_384_mont_mul_12(t1, y, t2, p384_mod, p384_mp_mod);
            /* t2 = y ^ 0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffbfffffffc00000000000000040000000 */
            sp_384_mont_sqr_n_12(y, t1, 30, p384_mod, p384_mp_mod);
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t1 != NULL)
        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}


/* Uncompress the point given the X ordinate.
 *
 * xm    X ordinate.
 * odd   Whether the Y ordinate is odd.
 * ym    Calculated Y ordinate.
 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
 */
int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* x = NULL;
#else
    sp_digit x[4 * 12];
#endif
    sp_digit* y = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 12, NULL, DYNAMIC_TYPE_ECC);
    if (x == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {
        y = x + 2 * 12;

        sp_384_from_mp(x, 12, xm);
        err = sp_384_mod_mul_norm_12(x, x, p384_mod);
    }
    if (err == MP_OKAY) {
        /* y = x^3 */
        {
            sp_384_mont_sqr_12(y, x, p384_mod, p384_mp_mod);
            sp_384_mont_mul_12(y, y, x, p384_mod, p384_mp_mod);
        }
        /* y = x^3 - 3x */
        sp_384_mont_sub_12(y, y, x, p384_mod);
        sp_384_mont_sub_12(y, y, x, p384_mod);
        sp_384_mont_sub_12(y, y, x, p384_mod);
        /* y = x^3 - 3x + b */
        err = sp_384_mod_mul_norm_12(x, p384_b, p384_mod);
    }
    if (err == MP_OKAY) {
        sp_384_mont_add_12(y, y, x, p384_mod);
        /* y = sqrt(x^3 - 3x + b) */
        err = sp_384_mont_sqrt_12(y);
    }
    if (err == MP_OKAY) {
        XMEMSET(y + 12, 0, 12U * sizeof(sp_digit));
        sp_384_mont_reduce_12(y, p384_mod, p384_mp_mod);
        if ((((word32)y[0] ^ (word32)odd) & 1U) != 0U) {
            sp_384_mont_sub_12(y, p384_mod, y, p384_mod);
        }

        err = sp_384_to_mp(y, ym);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (x != NULL)
        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}
#endif
#endif /* WOLFSSL_SP_384 */
#ifdef WOLFSSL_SP_521

/* Point structure to use. */
typedef struct sp_point_521 {
    /* X ordinate of point. */
    sp_digit x[2 * 17];
    /* Y ordinate of point. */
    sp_digit y[2 * 17];
    /* Z ordinate of point. */
    sp_digit z[2 * 17];
    /* Indicates point is at infinity. */
    int infinity;
} sp_point_521;

/* The modulus (prime) of the curve P521. */
static const sp_digit p521_mod[17] = {
    0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,
    0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,
    0xffffffff,0xffffffff,0xffffffff,0xffffffff,0x000001ff
};
/* The Montgomery normalizer for modulus of the curve P521. */
static const sp_digit p521_norm_mod[17] = {
    0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
    0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
    0x00000000,0x00000000,0x00000000,0x00000000,0x00000000
};
/* The Montgomery multiplier for modulus of the curve P521. */
static sp_digit p521_mp_mod = 0x00000001;
#if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \
                                            defined(HAVE_ECC_VERIFY)
/* The order of the curve P521. */
static const sp_digit p521_order[17] = {
    0x91386409,0xbb6fb71e,0x899c47ae,0x3bb5c9b8,0xf709a5d0,0x7fcc0148,
    0xbf2f966b,0x51868783,0xfffffffa,0xffffffff,0xffffffff,0xffffffff,
    0xffffffff,0xffffffff,0xffffffff,0xffffffff,0x000001ff
};
#endif
/* The order of the curve P521 minus 2. */
static const sp_digit p521_order2[17] = {
    0x91386407,0xbb6fb71e,0x899c47ae,0x3bb5c9b8,0xf709a5d0,0x7fcc0148,
    0xbf2f966b,0x51868783,0xfffffffa,0xffffffff,0xffffffff,0xffffffff,
    0xffffffff,0xffffffff,0xffffffff,0xffffffff,0x000001ff
};
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
/* The Montgomery normalizer for order of the curve P521. */
static const sp_digit p521_norm_order[17] = {
    0x6ec79bf7,0x449048e1,0x7663b851,0xc44a3647,0x08f65a2f,0x8033feb7,
    0x40d06994,0xae79787c,0x00000005,0x00000000,0x00000000,0x00000000,
    0x00000000,0x00000000,0x00000000,0x00000000,0x00000000
};
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
/* The Montgomery multiplier for order of the curve P521. */
static sp_digit p521_mp_order = 0x79a995c7;
#endif
/* The base point of curve P521. */
static const sp_point_521 p521_base = {
    /* X ordinate */
    {
        0xc2e5bd66,0xf97e7e31,0x856a429b,0x3348b3c1,0xa2ffa8de,0xfe1dc127,
        0xefe75928,0xa14b5e77,0x6b4d3dba,0xf828af60,0x053fb521,0x9c648139,
        0x2395b442,0x9e3ecb66,0x0404e9cd,0x858e06b7,0x000000c6,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0
    },
    /* Y ordinate */
    {
        0x9fd16650,0x88be9476,0xa272c240,0x353c7086,0x3fad0761,0xc550b901,
        0x5ef42640,0x97ee7299,0x273e662c,0x17afbd17,0x579b4468,0x98f54449,
        0x2c7d1bd9,0x5c8a5fb4,0x9a3bc004,0x39296a78,0x00000118,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0
    },
    /* Z ordinate */
    {
        0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
        0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
        0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0
    },
    /* infinity */
    0
};
#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY)
static const sp_digit p521_b[17] = {
    0x6b503f00,0xef451fd4,0x3d2c34f1,0x3573df88,0x3bb1bf07,0x1652c0bd,
    0xec7e937b,0x56193951,0x8ef109e1,0xb8b48991,0x99b315f3,0xa2da725b,
    0xb68540ee,0x929a21a0,0x8e1c9a1f,0x953eb961,0x00000051
};
#endif

#ifdef WOLFSSL_SP_SMALL
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x88\n\t"
        "LDR	lr, [%[a]]\n\t"
        "LDR	r11, [%[b]]\n\t"
        "UMULL	r8, r6, lr, r11\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_521_mul_17_outer:\n\t"
        "SUBS	r3, r5, #0x40\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_521_mul_17_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "LDR	lr, [%[a], r4]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_521_mul_17_inner_done\n\t"
#else
        "BGT.N	L_sp_521_mul_17_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_521_mul_17_inner\n\t"
#else
        "BLT.N	L_sp_521_mul_17_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_521_mul_17_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x7c\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_521_mul_17_outer\n\t"
#else
        "BLE.N	L_sp_521_mul_17_outer\n\t"
#endif
        "LDR	lr, [%[a], #64]\n\t"
        "LDR	r11, [%[b], #64]\n\t"
        "UMLAL	r6, r7, lr, r11\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "LDM	sp!, {r6, r7}\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "SUB	r5, r5, #0x8\n\t"
        "\n"
    "L_sp_521_mul_17_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_521_mul_17_store\n\t"
#else
        "BGT.N	L_sp_521_mul_17_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

#else
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x44\n\t"
        /* A[0] * B[0] */
        "LDR	r11, [%[a]]\n\t"
        "LDR	r12, [%[b]]\n\t"
        "UMULL	r3, r4, r11, r12\n\t"
        "MOV	r5, #0x0\n\t"
        "STR	r3, [sp]\n\t"
        /* A[0] * B[1] */
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[0] */
        "LDR	r8, [%[a], #4]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #4]\n\t"
        /* A[2] * B[0] */
        "LDR	r8, [%[a], #8]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[1] */
        "LDR	r11, [%[a], #4]\n\t"
        "LDR	r12, [%[b], #4]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[0] * B[2] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #8]\n\t"
        /* A[0] * B[3] */
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[2] */
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[1] */
        "LDR	r8, [%[a], #8]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[0] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [sp, #12]\n\t"
        /* A[4] * B[0] */
        "LDR	r8, [%[a], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[1] */
        "LDR	r8, [%[a], #12]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[2] * B[2] */
        "LDR	r11, [%[a], #8]\n\t"
        "LDR	r12, [%[b], #8]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[3] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[0] * B[4] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #16]\n\t"
        /* A[0] * B[5] */
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[4] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[2] * B[3] */
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[2] */
        "LDR	r8, [%[a], #12]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[1] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[0] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #20]\n\t"
        /* A[6] * B[0] */
        "LDR	r8, [%[a], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[1] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[4] * B[2] */
        "LDR	r8, [%[a], #16]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[3] */
        "LDR	r11, [%[a], #12]\n\t"
        "LDR	r12, [%[b], #12]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[4] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[5] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[0] * B[6] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [sp, #24]\n\t"
        /* A[0] * B[7] */
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[6] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[2] * B[5] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[4] */
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[4] * B[3] */
        "LDR	r8, [%[a], #16]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[2] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[1] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[0] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #28]\n\t"
        /* A[8] * B[0] */
        "LDR	r8, [%[a], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[1] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[6] * B[2] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[3] */
        "LDR	r8, [%[a], #20]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[4] */
        "LDR	r11, [%[a], #16]\n\t"
        "LDR	r12, [%[b], #16]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[5] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[2] * B[6] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[7] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[0] * B[8] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #32]\n\t"
        /* A[0] * B[9] */
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[8] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[7] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[6] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[4] * B[5] */
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[4] */
        "LDR	r8, [%[a], #20]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[6] * B[3] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[2] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[1] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[0] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [sp, #36]\n\t"
        /* A[10] * B[0] */
        "LDR	r8, [%[a], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[1] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[8] * B[2] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[3] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[4] */
        "LDR	r8, [%[a], #24]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[5] */
        "LDR	r11, [%[a], #20]\n\t"
        "LDR	r12, [%[b], #20]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[4] * B[6] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[7] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[2] * B[8] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[9] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[0] * B[10] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #40]\n\t"
        /* A[0] * B[11] */
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[10] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[2] * B[9] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[8] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[7] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[6] */
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[6] * B[5] */
        "LDR	r8, [%[a], #24]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[4] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * B[3] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[2] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[1] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[11] * B[0] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #44]\n\t"
        /* A[12] * B[0] */
        "LDR	r8, [%[a], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[11] * B[1] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[10] * B[2] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[3] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[4] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[5] */
        "LDR	r8, [%[a], #28]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[6] * B[6] */
        "LDR	r11, [%[a], #24]\n\t"
        "LDR	r12, [%[b], #24]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[7] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[4] * B[8] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[9] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[10] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[11] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[0] * B[12] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [sp, #48]\n\t"
        /* A[0] * B[13] */
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[12] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[2] * B[11] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[10] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[4] * B[9] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[8] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[7] */
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[6] */
        "LDR	r8, [%[a], #28]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[8] * B[5] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[4] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * B[3] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[11] * B[2] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[12] * B[1] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[13] * B[0] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #52]\n\t"
        /* A[14] * B[0] */
        "LDR	r8, [%[a], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[13] * B[1] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[12] * B[2] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[11] * B[3] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[4] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[5] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * B[6] */
        "LDR	r8, [%[a], #32]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[7] */
        "LDR	r11, [%[a], #28]\n\t"
        "LDR	r12, [%[b], #28]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[6] * B[8] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[9] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[10] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[11] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[2] * B[12] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[13] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[0] * B[14] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #56]\n\t"
        /* A[0] * B[15] */
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[14] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[13] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[12] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[4] * B[11] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[10] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[6] * B[9] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[8] */
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[7] */
        "LDR	r8, [%[a], #32]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[6] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[10] * B[5] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[11] * B[4] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[12] * B[3] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[13] * B[2] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[14] * B[1] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[15] * B[0] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [sp, #60]\n\t"
        /* A[16] * B[0] */
        "LDR	r8, [%[a], #64]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[15] * B[1] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[14] * B[2] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[13] * B[3] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[12] * B[4] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[11] * B[5] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * B[6] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[7] */
        "LDR	r8, [%[a], #36]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[8] * B[8] */
        "LDR	r11, [%[a], #32]\n\t"
        "LDR	r12, [%[b], #32]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[9] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[10] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[11] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[4] * B[12] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[13] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[2] * B[14] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[15] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[0] * B[16] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #64]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #64]\n\t"
        /* A[1] * B[16] */
        "LDR	r8, [%[a], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[2] * B[15] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[14] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[13] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[12] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[6] * B[11] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[10] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * B[9] */
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[8] */
        "LDR	r8, [%[a], #36]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[7] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[11] * B[6] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[12] * B[5] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[13] * B[4] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[14] * B[3] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[15] * B[2] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[16] * B[1] */
        "LDR	r8, [%[a], #64]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [%[r], #68]\n\t"
        /* A[16] * B[2] */
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[15] * B[3] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[14] * B[4] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[13] * B[5] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[12] * B[6] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[11] * B[7] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[10] * B[8] */
        "LDR	r8, [%[a], #40]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[9] */
        "LDR	r11, [%[a], #36]\n\t"
        "LDR	r12, [%[b], #36]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[10] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[11] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[6] * B[12] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[13] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[4] * B[14] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[15] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[16] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #64]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #72]\n\t"
        /* A[3] * B[16] */
        "LDR	r8, [%[a], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[4] * B[15] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[14] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[13] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[12] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[8] * B[11] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[10] */
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * B[9] */
        "LDR	r8, [%[a], #40]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[11] * B[8] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[12] * B[7] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[13] * B[6] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[14] * B[5] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[15] * B[4] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[16] * B[3] */
        "LDR	r8, [%[a], #64]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #76]\n\t"
        /* A[16] * B[4] */
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[15] * B[5] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[14] * B[6] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[13] * B[7] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[12] * B[8] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[11] * B[9] */
        "LDR	r8, [%[a], #44]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[10] */
        "LDR	r11, [%[a], #40]\n\t"
        "LDR	r12, [%[b], #40]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[11] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * B[12] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[13] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[6] * B[14] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[15] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[16] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #64]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [%[r], #80]\n\t"
        /* A[5] * B[16] */
        "LDR	r8, [%[a], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[6] * B[15] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[14] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[13] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[12] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[10] * B[11] */
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[11] * B[10] */
        "LDR	r8, [%[a], #44]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[12] * B[9] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[13] * B[8] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[14] * B[7] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[15] * B[6] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[16] * B[5] */
        "LDR	r8, [%[a], #64]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #84]\n\t"
        /* A[16] * B[6] */
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[15] * B[7] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[14] * B[8] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[13] * B[9] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[12] * B[10] */
        "LDR	r8, [%[a], #48]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[11] * B[11] */
        "LDR	r11, [%[a], #44]\n\t"
        "LDR	r12, [%[b], #44]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * B[12] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[13] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[8] * B[14] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[15] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[16] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #64]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #88]\n\t"
        /* A[7] * B[16] */
        "LDR	r8, [%[a], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * B[15] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[14] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[13] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[11] * B[12] */
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[12] * B[11] */
        "LDR	r8, [%[a], #48]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[13] * B[10] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[14] * B[9] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[15] * B[8] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[16] * B[7] */
        "LDR	r8, [%[a], #64]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [%[r], #92]\n\t"
        /* A[16] * B[8] */
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[15] * B[9] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[14] * B[10] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[13] * B[11] */
        "LDR	r8, [%[a], #52]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[12] * B[12] */
        "LDR	r11, [%[a], #48]\n\t"
        "LDR	r12, [%[b], #48]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[11] * B[13] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[10] * B[14] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[15] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[16] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #64]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #96]\n\t"
        /* A[9] * B[16] */
        "LDR	r8, [%[a], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * B[15] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[11] * B[14] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[12] * B[13] */
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[13] * B[12] */
        "LDR	r8, [%[a], #52]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[14] * B[11] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[15] * B[10] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[16] * B[9] */
        "LDR	r8, [%[a], #64]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #100]\n\t"
        /* A[16] * B[10] */
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[15] * B[11] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[14] * B[12] */
        "LDR	r8, [%[a], #56]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[13] * B[13] */
        "LDR	r11, [%[a], #52]\n\t"
        "LDR	r12, [%[b], #52]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[12] * B[14] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[11] * B[15] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[16] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #64]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [%[r], #104]\n\t"
        /* A[11] * B[16] */
        "LDR	r8, [%[a], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[12] * B[15] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[13] * B[14] */
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[14] * B[13] */
        "LDR	r8, [%[a], #56]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[15] * B[12] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[16] * B[11] */
        "LDR	r8, [%[a], #64]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #108]\n\t"
        /* A[16] * B[12] */
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[15] * B[13] */
        "LDR	r8, [%[a], #60]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[14] * B[14] */
        "LDR	r11, [%[a], #56]\n\t"
        "LDR	r12, [%[b], #56]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[13] * B[15] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[12] * B[16] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #64]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #112]\n\t"
        /* A[13] * B[16] */
        "LDR	r8, [%[a], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[14] * B[15] */
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[15] * B[14] */
        "LDR	r8, [%[a], #60]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[16] * B[13] */
        "LDR	r8, [%[a], #64]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [%[r], #116]\n\t"
        /* A[16] * B[14] */
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[15] * B[15] */
        "LDR	r11, [%[a], #60]\n\t"
        "LDR	r12, [%[b], #60]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[14] * B[16] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #64]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #120]\n\t"
        /* A[15] * B[16] */
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[16] * B[15] */
        "LDR	r8, [%[a], #64]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #124]\n\t"
        /* A[16] * B[16] */
        "UMLAL	r5, r3, r8, r9\n\t"
        "STR	r5, [%[r], #128]\n\t"
        "STR	r3, [%[r], #132]\n\t"
        "LDM	sp!, {r3, r4, r5, r6}\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	sp!, {r3, r4, r5, r6}\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	sp!, {r3, r4, r5, r6}\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	sp!, {r3, r4, r5, r6}\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	sp!, {r3}\n\t"
        "STM	%[r]!, {r3}\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_521_sqr_17(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x88\n\t"
        "LDR	lr, [%[a]]\n\t"
        "UMULL	r8, r6, lr, lr\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_521_sqr_17_outer:\n\t"
        "SUBS	r3, r5, #0x40\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_521_sqr_17_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[a], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_521_sqr_17_inner_done\n\t"
#else
        "BGT.N	L_sp_521_sqr_17_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_521_sqr_17_inner\n\t"
#else
        "BLT.N	L_sp_521_sqr_17_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "UMULL	r9, r10, lr, lr\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_521_sqr_17_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x7c\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_521_sqr_17_outer\n\t"
#else
        "BLE.N	L_sp_521_sqr_17_outer\n\t"
#endif
        "LDR	lr, [%[a], #64]\n\t"
        "UMLAL	r6, r7, lr, lr\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "LDM	sp!, {r6, r7}\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "SUB	r5, r5, #0x8\n\t"
        "\n"
    "L_sp_521_sqr_17_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_521_sqr_17_store\n\t"
#else
        "BGT.N	L_sp_521_sqr_17_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

#else
/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_521_sqr_17(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x44\n\t"
        /* A[0] * A[0] */
        "LDR	r10, [%[a]]\n\t"
        "UMULL	r8, r3, r10, r10\n\t"
        "MOV	r4, #0x0\n\t"
        "STR	r8, [sp]\n\t"
        /* A[0] * A[1] */
        "LDR	r10, [%[a], #4]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "STR	r3, [sp, #4]\n\t"
        /* A[0] * A[2] */
        "LDR	r10, [%[a], #8]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * A[1] */
        "LDR	r10, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #8]\n\t"
        /* A[0] * A[3] */
        "LDR	r10, [%[a], #12]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * A[2] */
        "LDR	r10, [%[a], #8]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r2, [sp, #12]\n\t"
        /* A[0] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        /* A[1] * A[3] */
        "LDR	r10, [%[a], #12]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        /* A[2] * A[2] */
        "LDR	r10, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "STR	r3, [sp, #16]\n\t"
        /* A[0] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[3] */
        "LDR	r10, [%[a], #12]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [sp, #20]\n\t"
        /* A[0] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[3] */
        "LDR	r10, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [sp, #24]\n\t"
        /* A[0] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [sp, #28]\n\t"
        /* A[0] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [sp, #32]\n\t"
        /* A[0] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [sp, #36]\n\t"
        /* A[0] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [sp, #40]\n\t"
        /* A[0] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [sp, #44]\n\t"
        /* A[0] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [sp, #48]\n\t"
        /* A[0] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [sp, #52]\n\t"
        /* A[0] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [sp, #56]\n\t"
        /* A[0] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [sp, #60]\n\t"
        /* A[0] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [sp, #64]\n\t"
        /* A[1] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[2] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [%[r], #68]\n\t"
        /* A[2] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[3] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[9] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [%[r], #72]\n\t"
        /* A[3] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[4] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[9] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [%[r], #76]\n\t"
        /* A[4] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[5] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[9] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[10] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [%[r], #80]\n\t"
        /* A[5] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[6] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[9] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[10] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [%[r], #84]\n\t"
        /* A[6] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[7] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[9] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[10] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[11] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [%[r], #88]\n\t"
        /* A[7] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[8] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[9] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[10] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[11] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [%[r], #92]\n\t"
        /* A[8] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[9] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[10] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[11] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[12] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [%[r], #96]\n\t"
        /* A[9] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[10] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[11] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[12] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #48]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [%[r], #100]\n\t"
        /* A[10] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[11] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[12] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #48]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[13] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [%[r], #104]\n\t"
        /* A[11] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[12] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #48]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[13] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #52]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [%[r], #108]\n\t"
        /* A[12] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "LDR	r12, [%[a], #48]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        /* A[13] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #52]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        /* A[14] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "STR	r3, [%[r], #112]\n\t"
        /* A[13] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "LDR	r12, [%[a], #52]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[14] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #56]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #116]\n\t"
        /* A[14] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "LDR	r12, [%[a], #56]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[15] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r2, [%[r], #120]\n\t"
        /* A[15] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "LDR	r12, [%[a], #60]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "STR	r3, [%[r], #124]\n\t"
        /* A[16] * A[16] */
        "LDR	r10, [%[a], #64]\n\t"
        "UMLAL	r4, r2, r10, r10\n\t"
        "STR	r4, [%[r], #128]\n\t"
        "STR	r2, [%[r], #132]\n\t"
        "LDM	sp!, {r2, r3, r4, r8}\n\t"
        "STM	%[r]!, {r2, r3, r4, r8}\n\t"
        "LDM	sp!, {r2, r3, r4, r8}\n\t"
        "STM	%[r]!, {r2, r3, r4, r8}\n\t"
        "LDM	sp!, {r2, r3, r4, r8}\n\t"
        "STM	%[r]!, {r2, r3, r4, r8}\n\t"
        "LDM	sp!, {r2, r3, r4, r8}\n\t"
        "STM	%[r]!, {r2, r3, r4, r8}\n\t"
        "LDM	sp!, {r2}\n\t"
        "STM	%[r]!, {r2}\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r3, #0x0\n\t"
        "ADD	r12, %[a], #0x40\n\t"
        "\n"
    "L_sp_521_add_17_word:\n\t"
        "ADDS	r3, r3, #0xffffffff\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r3, r4, #0x0\n\t"
        "CMP	%[a], r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_521_add_17_word\n\t"
#else
        "BNE.N	L_sp_521_add_17_word\n\t"
#endif
        "ADDS	r3, r3, #0xffffffff\n\t"
        "LDM	%[a], {r4}\n\t"
        "LDM	%[b], {r8}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	%[r], r4, #0x0\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADDS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3}\n\t"
        "LDM	%[b]!, {r7}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	%[r], #0x0\n\t"
        "ADC	%[r], %[r], #0x0\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
/* Multiply a number by Montgomery normalizer mod modulus (prime).
 *
 * r  The resulting Montgomery form number.
 * a  The number to convert.
 * m  The modulus (prime).
 * returns MEMORY_E when memory allocation fails and MP_OKAY otherwise.
 */
static int sp_521_mod_mul_norm_17(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    (void)m;

    if (r != a) {
        XMEMCPY(r, a, 17 * sizeof(sp_digit));
    }

    return MP_OKAY;
}

/* Convert an mp_int to an array of sp_digit.
 *
 * r  A single precision integer.
 * size  Maximum number of bytes to convert
 * a  A multi-precision integer.
 */
static void sp_521_from_mp(sp_digit* r, int size, const mp_int* a)
{
#if DIGIT_BIT == 32
    int i;
    sp_digit j = (sp_digit)0 - (sp_digit)a->used;
    int o = 0;

    for (i = 0; i < size; i++) {
        sp_digit mask = (sp_digit)0 - (j >> 31);
        r[i] = a->dp[o] & mask;
        j++;
        o += (int)(j >> 31);
    }
#elif DIGIT_BIT > 32
    unsigned int i;
    int j = 0;
    word32 s = 0;

    r[0] = 0;
    for (i = 0; i < (unsigned int)a->used && j < size; i++) {
        r[j] |= ((sp_digit)a->dp[i] << s);
        r[j] &= 0xffffffff;
        s = 32U - s;
        if (j + 1 >= size) {
            break;
        }
        /* lint allow cast of mismatch word32 and mp_digit */
        r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
        while ((s + 32U) <= (word32)DIGIT_BIT) {
            s += 32U;
            r[j] &= 0xffffffff;
            if (j + 1 >= size) {
                break;
            }
            if (s < (word32)DIGIT_BIT) {
                /* lint allow cast of mismatch word32 and mp_digit */
                r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
            }
            else {
                r[++j] = (sp_digit)0;
            }
        }
        s = (word32)DIGIT_BIT - s;
    }

    for (j++; j < size; j++) {
        r[j] = 0;
    }
#else
    unsigned int i;
    int j = 0;
    int s = 0;

    r[0] = 0;
    for (i = 0; i < (unsigned int)a->used && j < size; i++) {
        r[j] |= ((sp_digit)a->dp[i]) << s;
        if (s + DIGIT_BIT >= 32) {
            r[j] &= 0xffffffff;
            if (j + 1 >= size) {
                break;
            }
            s = 32 - s;
            if (s == DIGIT_BIT) {
                r[++j] = 0;
                s = 0;
            }
            else {
                r[++j] = a->dp[i] >> s;
                s = DIGIT_BIT - s;
            }
        }
        else {
            s += DIGIT_BIT;
        }
    }

    for (j++; j < size; j++) {
        r[j] = 0;
    }
#endif
}

/* Convert a point of type ecc_point to type sp_point_521.
 *
 * p   Point of type sp_point_521 (result).
 * pm  Point of type ecc_point.
 */
static void sp_521_point_from_ecc_point_17(sp_point_521* p,
        const ecc_point* pm)
{
    XMEMSET(p->x, 0, sizeof(p->x));
    XMEMSET(p->y, 0, sizeof(p->y));
    XMEMSET(p->z, 0, sizeof(p->z));
    sp_521_from_mp(p->x, 17, pm->x);
    sp_521_from_mp(p->y, 17, pm->y);
    sp_521_from_mp(p->z, 17, pm->z);
    p->infinity = 0;
}

/* Convert an array of sp_digit to an mp_int.
 *
 * a  A single precision integer.
 * r  A multi-precision integer.
 */
static int sp_521_to_mp(const sp_digit* a, mp_int* r)
{
    int err;

    err = mp_grow(r, (521 + DIGIT_BIT - 1) / DIGIT_BIT);
    if (err == MP_OKAY) { /*lint !e774 case where err is always MP_OKAY*/
#if DIGIT_BIT == 32
        XMEMCPY(r->dp, a, sizeof(sp_digit) * 17);
        r->used = 17;
        mp_clamp(r);
#elif DIGIT_BIT < 32
        int i;
        int j = 0;
        int s = 0;

        r->dp[0] = 0;
        for (i = 0; i < 17; i++) {
            r->dp[j] |= (mp_digit)(a[i] << s);
            r->dp[j] &= ((sp_digit)1 << DIGIT_BIT) - 1;
            s = DIGIT_BIT - s;
            r->dp[++j] = (mp_digit)(a[i] >> s);
            while (s + DIGIT_BIT <= 32) {
                s += DIGIT_BIT;
                r->dp[j++] &= ((sp_digit)1 << DIGIT_BIT) - 1;
                if (s == SP_WORD_SIZE) {
                    r->dp[j] = 0;
                }
                else {
                    r->dp[j] = (mp_digit)(a[i] >> s);
                }
            }
            s = 32 - s;
        }
        r->used = (521 + DIGIT_BIT - 1) / DIGIT_BIT;
        mp_clamp(r);
#else
        int i;
        int j = 0;
        int s = 0;

        r->dp[0] = 0;
        for (i = 0; i < 17; i++) {
            r->dp[j] |= ((mp_digit)a[i]) << s;
            if (s + 32 >= DIGIT_BIT) {
    #if DIGIT_BIT != 32 && DIGIT_BIT != 64
                r->dp[j] &= ((sp_digit)1 << DIGIT_BIT) - 1;
    #endif
                s = DIGIT_BIT - s;
                r->dp[++j] = a[i] >> s;
                s = 32 - s;
            }
            else {
                s += 32;
            }
        }
        r->used = (521 + DIGIT_BIT - 1) / DIGIT_BIT;
        mp_clamp(r);
#endif
    }

    return err;
}

/* Convert a point of type sp_point_521 to type ecc_point.
 *
 * p   Point of type sp_point_521.
 * pm  Point of type ecc_point (result).
 * returns MEMORY_E when allocation of memory in ecc_point fails otherwise
 * MP_OKAY.
 */
static int sp_521_point_to_ecc_point_17(const sp_point_521* p, ecc_point* pm)
{
    int err;

    err = sp_521_to_mp(p->x, pm->x);
    if (err == MP_OKAY) {
        err = sp_521_to_mp(p->y, pm->y);
    }
    if (err == MP_OKAY) {
        err = sp_521_to_mp(p->z, pm->z);
    }

    return err;
}

#ifdef WOLFSSL_SP_SMALL
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r8, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "\n"
    "L_sp_521_cond_sub_17_words:\n\t"
        "SUBS	r4, r8, r4\n\t"
        "LDR	r6, [%[a], r5]\n\t"
        "LDR	r7, [%[b], r5]\n\t"
        "AND	r7, r7, %[m]\n\t"
        "SBCS	r6, r6, r7\n\t"
        "SBC	r4, r8, r8\n\t"
        "STR	r6, [%[r], r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x44\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_521_cond_sub_17_words\n\t"
#else
        "BLT.N	L_sp_521_cond_sub_17_words\n\t"
#endif
        "MOV	%[r], r4\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r5, #0x0\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SUBS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDR	r6, [%[a]]\n\t"
        "LDR	r8, [%[b]]\n\t"
        "AND	r8, r8, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "STR	r6, [%[r]]\n\t"
        "SBC	%[r], r5, r5\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
/* Reduce the number back to 521 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_521_mont_reduce_17(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x44\n\t"
        "MOV	r12, sp\n\t"
        /* Shift top down by 9 bits */
        "ADD	lr, %[a], #0x40\n\t"
        /*  0-7 */
        "LDM	lr!, {r1, r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
        "LSR	r1, r1, #9\n\t"
        "ORR	r1, r1, r2, LSL #23\n\t"
        "LSR	r2, r2, #9\n\t"
        "ORR	r2, r2, r3, LSL #23\n\t"
        "LSR	r3, r3, #9\n\t"
        "ORR	r3, r3, r4, LSL #23\n\t"
        "LSR	r4, r4, #9\n\t"
        "ORR	r4, r4, r5, LSL #23\n\t"
        "LSR	r5, r5, #9\n\t"
        "ORR	r5, r5, r6, LSL #23\n\t"
        "LSR	r6, r6, #9\n\t"
        "ORR	r6, r6, r7, LSL #23\n\t"
        "LSR	r7, r7, #9\n\t"
        "ORR	r7, r7, r8, LSL #23\n\t"
        "LSR	r8, r8, #9\n\t"
        "ORR	r8, r8, r9, LSL #23\n\t"
        "STM	r12!, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
        "MOV	r1, r9\n\t"
        /*  8-16 */
        "LDM	lr!, {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
        "LSR	r1, r1, #9\n\t"
        "ORR	r1, r1, r2, LSL #23\n\t"
        "LSR	r2, r2, #9\n\t"
        "ORR	r2, r2, r3, LSL #23\n\t"
        "LSR	r3, r3, #9\n\t"
        "ORR	r3, r3, r4, LSL #23\n\t"
        "LSR	r4, r4, #9\n\t"
        "ORR	r4, r4, r5, LSL #23\n\t"
        "LSR	r5, r5, #9\n\t"
        "ORR	r5, r5, r6, LSL #23\n\t"
        "LSR	r6, r6, #9\n\t"
        "ORR	r6, r6, r7, LSL #23\n\t"
        "LSR	r7, r7, #9\n\t"
        "ORR	r7, r7, r8, LSL #23\n\t"
        "LSR	r8, r8, #9\n\t"
        "ORR	r8, r8, r9, LSL #23\n\t"
        "LSR	r9, r9, #9\n\t"
        "STM	r12!, {r1, r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
        /* Add top to bottom */
        /*  0-5 */
        "LDM	%[a], {r1, r2, r3, r4, r5, r6}\n\t"
        "LDM	sp!, {r7, r8, r9, r10, r11, r12}\n\t"
        "ADDS	r1, r1, r7\n\t"
        "ADCS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADCS	r4, r4, r10\n\t"
        "ADCS	r5, r5, r11\n\t"
        "ADCS	r6, r6, r12\n\t"
        "STM	%[a]!, {r1, r2, r3, r4, r5, r6}\n\t"
        /*  6-11 */
        "LDM	%[a], {r1, r2, r3, r4, r5, r6}\n\t"
        "LDM	sp!, {r7, r8, r9, r10, r11, r12}\n\t"
        "ADCS	r1, r1, r7\n\t"
        "ADCS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADCS	r4, r4, r10\n\t"
        "ADCS	r5, r5, r11\n\t"
        "ADCS	r6, r6, r12\n\t"
        "STM	%[a]!, {r1, r2, r3, r4, r5, r6}\n\t"
        /*  12-16 */
        "LDM	%[a], {r1, r2, r3, r4, r5}\n\t"
        "LDM	sp!, {r7, r8, r9, r10, r11}\n\t"
        "MOV	lr, #0x1ff\n\t"
        "AND	r5, r5, lr\n\t"
        "ADCS	r1, r1, r7\n\t"
        "ADCS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADCS	r4, r4, r10\n\t"
        "ADCS	r5, r5, r11\n\t"
        "LSR	r12, r5, #9\n\t"
        "AND	r5, r5, lr\n\t"
        "STM	%[a]!, {r1, r2, r3, r4, r5}\n\t"
        "SUB	%[a], %[a], #0x44\n\t"
        /* Add overflow */
        /*  0-8 */
        "LDM	%[a], {r1, r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
        "ADDS	r1, r1, r12\n\t"
        "ADCS	r2, r2, #0x0\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "ADCS	r5, r5, #0x0\n\t"
        "ADCS	r6, r6, #0x0\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADCS	r8, r8, #0x0\n\t"
        "ADCS	r9, r9, #0x0\n\t"
        "STM	%[a]!, {r1, r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
        /*  9-16 */
        "LDM	%[a], {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
        "ADCS	r1, r1, #0x0\n\t"
        "ADCS	r2, r2, #0x0\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "ADCS	r5, r5, #0x0\n\t"
        "ADCS	r6, r6, #0x0\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADCS	r8, r8, #0x0\n\t"
        "STM	%[a]!, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
        : [a] "+r" (a)
        :
        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)m_p;
#else
    (void)m;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)mp_p;
#else
    (void)mp;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
}

#ifdef WOLFSSL_SP_NO_UMAAL
/* Reduce the number back to 521 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	lr, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r11, #0x0\n\t"
        "MOV	r3, #0x0\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[a], #4]\n\t"
        "\n"
    "L_sp_521_mont_reduce_order_17_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	r10, %[mp], r4\n\t"
        "CMP	r11, #0x40\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_521_mont_reduce_order_17_nomask\n\t"
#else
        "BNE.N	L_sp_521_mont_reduce_order_17_nomask\n\t"
#endif
        "MOV	r9, #0x1ff\n\t"
        "AND	r10, r10, r9\n\t"
        "\n"
    "L_sp_521_mont_reduce_order_17_nomask:\n\t"
        /* a[i+0] += m[0] * mu */
        "MOV	r7, #0x0\n\t"
        "UMLAL	r4, r7, r10, lr\n\t"
        "STR	r4, [%[a]]\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r9, [%[m], #4]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r5, r6, r10, r9\n\t"
        "MOV	r4, r5\n\t"
        "ADDS	r4, r4, r7\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r9, [%[m], #8]\n\t"
        "LDR	r5, [%[a], #8]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r5, r7, r10, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r9, [%[m], #12]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #12]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r9, [%[m], #16]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #16]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r9, [%[m], #20]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #20]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r9, [%[m], #24]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #24]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r9, [%[m], #28]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #28]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+8] += m[8] * mu */
        "LDR	r9, [%[m], #32]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #32]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+9] += m[9] * mu */
        "LDR	r9, [%[m], #36]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #36]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+10] += m[10] * mu */
        "LDR	r9, [%[m], #40]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #40]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+11] += m[11] * mu */
        "LDR	r9, [%[m], #44]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #44]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+12] += m[12] * mu */
        "LDR	r9, [%[m], #48]\n\t"
        "LDR	r12, [%[a], #48]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #48]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+13] += m[13] * mu */
        "LDR	r9, [%[m], #52]\n\t"
        "LDR	r12, [%[a], #52]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #52]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+14] += m[14] * mu */
        "LDR	r9, [%[m], #56]\n\t"
        "LDR	r12, [%[a], #56]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #56]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+15] += m[15] * mu */
        "LDR	r9, [%[m], #60]\n\t"
        "LDR	r12, [%[a], #60]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #60]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+16] += m[16] * mu */
        "LDR	r9, [%[m], #64]\n\t"
        "LDR	r12, [%[a], #64]\n\t"
        "UMULL	r8, r9, r10, r9\n\t"
        "ADDS	r6, r6, r8\n\t"
        "ADCS	r7, r9, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, r3\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #64]\n\t"
        "LDR	r12, [%[a], #68]\n\t"
        "ADCS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #68]\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* i += 1 */
        "ADD	r11, r11, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r11, #0x44\n\t"
#ifdef __GNUC__
        "BLT	L_sp_521_mont_reduce_order_17_word\n\t"
#else
        "BLT.W	L_sp_521_mont_reduce_order_17_word\n\t"
#endif
        /* Loop Done */
        "STR	r4, [%[a]]\n\t"
        "STR	r5, [%[a], #4]\n\t"
        "SUB	%[a], %[a], #0x4\n\t"
        "LDR	r6, [%[a]]\n\t"
        "LDR	r7, [%[a], #4]\n\t"
        "LSR	r6, r6, #9\n\t"
        "ORR	r6, r6, r7, LSL #23\n\t"
        "STR	r6, [%[a], #4]\n\t"
        "LDR	r6, [%[a], #8]\n\t"
        "LSR	r7, r7, #9\n\t"
        "ORR	r7, r7, r6, LSL #23\n\t"
        "STR	r7, [%[a], #8]\n\t"
        "LDR	r7, [%[a], #12]\n\t"
        "LSR	r6, r6, #9\n\t"
        "ORR	r6, r6, r7, LSL #23\n\t"
        "STR	r6, [%[a], #12]\n\t"
        "LDR	r6, [%[a], #16]\n\t"
        "LSR	r7, r7, #9\n\t"
        "ORR	r7, r7, r6, LSL #23\n\t"
        "STR	r7, [%[a], #16]\n\t"
        "LDR	r7, [%[a], #20]\n\t"
        "LSR	r6, r6, #9\n\t"
        "ORR	r6, r6, r7, LSL #23\n\t"
        "STR	r6, [%[a], #20]\n\t"
        "LDR	r6, [%[a], #24]\n\t"
        "LSR	r7, r7, #9\n\t"
        "ORR	r7, r7, r6, LSL #23\n\t"
        "STR	r7, [%[a], #24]\n\t"
        "LDR	r7, [%[a], #28]\n\t"
        "LSR	r6, r6, #9\n\t"
        "ORR	r6, r6, r7, LSL #23\n\t"
        "STR	r6, [%[a], #28]\n\t"
        "LDR	r6, [%[a], #32]\n\t"
        "LSR	r7, r7, #9\n\t"
        "ORR	r7, r7, r6, LSL #23\n\t"
        "STR	r7, [%[a], #32]\n\t"
        "LDR	r7, [%[a], #36]\n\t"
        "LSR	r6, r6, #9\n\t"
        "ORR	r6, r6, r7, LSL #23\n\t"
        "STR	r6, [%[a], #36]\n\t"
        "LDR	r6, [%[a], #40]\n\t"
        "LSR	r7, r7, #9\n\t"
        "ORR	r7, r7, r6, LSL #23\n\t"
        "STR	r7, [%[a], #40]\n\t"
        "LDR	r7, [%[a], #44]\n\t"
        "LSR	r6, r6, #9\n\t"
        "ORR	r6, r6, r7, LSL #23\n\t"
        "STR	r6, [%[a], #44]\n\t"
        "LDR	r6, [%[a], #48]\n\t"
        "LSR	r7, r7, #9\n\t"
        "ORR	r7, r7, r6, LSL #23\n\t"
        "STR	r7, [%[a], #48]\n\t"
        "LDR	r7, [%[a], #52]\n\t"
        "LSR	r6, r6, #9\n\t"
        "ORR	r6, r6, r7, LSL #23\n\t"
        "STR	r6, [%[a], #52]\n\t"
        "LDR	r6, [%[a], #56]\n\t"
        "LSR	r7, r7, #9\n\t"
        "ORR	r7, r7, r6, LSL #23\n\t"
        "STR	r7, [%[a], #56]\n\t"
        "LDR	r7, [%[a], #60]\n\t"
        "LSR	r6, r6, #9\n\t"
        "ORR	r6, r6, r7, LSL #23\n\t"
        "STR	r6, [%[a], #60]\n\t"
        "LDR	r6, [%[a], #64]\n\t"
        "LSR	r7, r7, #9\n\t"
        "ORR	r7, r7, r6, LSL #23\n\t"
        "STR	r7, [%[a], #64]\n\t"
        "LSR	r6, r6, #9\n\t"
        "STR	r6, [%[a], #68]\n\t"
        "LSR	r3, r6, #9\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp);
}

#else
/* Reduce the number back to 521 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* i = 0 */
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "LDR	r6, [%[a]]\n\t"
        "LDR	r7, [%[a], #4]\n\t"
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[a], #12]\n\t"
        "LDR	r10, [%[a], #16]\n\t"
        "\n"
    "L_sp_521_mont_reduce_order_17_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	lr, %[mp], r6\n\t"
        "CMP	r4, #0x40\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_521_mont_reduce_order_17_nomask\n\t"
#else
        "BNE.N	L_sp_521_mont_reduce_order_17_nomask\n\t"
#endif
        "MOV	r12, #0x1ff\n\t"
        "AND	lr, lr, r12\n\t"
        "\n"
    "L_sp_521_mont_reduce_order_17_nomask:\n\t"
        /* a[i+0] += m[0] * mu */
        "LDR	r12, [%[m]]\n\t"
        "MOV	r3, #0x0\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        "STR	r6, [%[a]]\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r12, [%[m], #4]\n\t"
        "MOV	r6, r7\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r12, [%[m], #8]\n\t"
        "MOV	r7, r8\n\t"
        "UMAAL	r7, r3, lr, r12\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r12, [%[m], #12]\n\t"
        "MOV	r8, r9\n\t"
        "UMAAL	r8, r3, lr, r12\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r12, [%[m], #16]\n\t"
        "MOV	r9, r10\n\t"
        "UMAAL	r9, r3, lr, r12\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r12, [%[m], #20]\n\t"
        "LDR	r10, [%[a], #20]\n\t"
        "UMAAL	r10, r3, lr, r12\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r12, [%[m], #24]\n\t"
        "LDR	r11, [%[a], #24]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #24]\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r12, [%[m], #28]\n\t"
        "LDR	r11, [%[a], #28]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #28]\n\t"
        /* a[i+8] += m[8] * mu */
        "LDR	r12, [%[m], #32]\n\t"
        "LDR	r11, [%[a], #32]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #32]\n\t"
        /* a[i+9] += m[9] * mu */
        "LDR	r12, [%[m], #36]\n\t"
        "LDR	r11, [%[a], #36]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #36]\n\t"
        /* a[i+10] += m[10] * mu */
        "LDR	r12, [%[m], #40]\n\t"
        "LDR	r11, [%[a], #40]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #40]\n\t"
        /* a[i+11] += m[11] * mu */
        "LDR	r12, [%[m], #44]\n\t"
        "LDR	r11, [%[a], #44]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #44]\n\t"
        /* a[i+12] += m[12] * mu */
        "LDR	r12, [%[m], #48]\n\t"
        "LDR	r11, [%[a], #48]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #48]\n\t"
        /* a[i+13] += m[13] * mu */
        "LDR	r12, [%[m], #52]\n\t"
        "LDR	r11, [%[a], #52]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #52]\n\t"
        /* a[i+14] += m[14] * mu */
        "LDR	r12, [%[m], #56]\n\t"
        "LDR	r11, [%[a], #56]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #56]\n\t"
        /* a[i+15] += m[15] * mu */
        "LDR	r12, [%[m], #60]\n\t"
        "LDR	r11, [%[a], #60]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #60]\n\t"
        /* a[i+16] += m[16] * mu */
        "LDR	r12, [%[m], #64]\n\t"
        "LDR	r11, [%[a], #64]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "LDR	lr, [%[a], #68]\n\t"
        "MOV	r12, #0x0\n\t"
        "UMAAL	r3, lr, r12, r12\n\t"
        "STR	r11, [%[a], #64]\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADC	r5, lr, #0x0\n\t"
        "STR	r3, [%[a], #68]\n\t"
        /* i += 1 */
        "ADD	r4, r4, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r4, #0x44\n\t"
#ifdef __GNUC__
        "BLT	L_sp_521_mont_reduce_order_17_word\n\t"
#else
        "BLT.W	L_sp_521_mont_reduce_order_17_word\n\t"
#endif
        /* Loop Done */
        "STR	r6, [%[a]]\n\t"
        "STR	r7, [%[a], #4]\n\t"
        "STR	r8, [%[a], #8]\n\t"
        "STR	r9, [%[a], #12]\n\t"
        "STR	r10, [%[a], #16]\n\t"
        "SUB	%[a], %[a], #0x4\n\t"
        "LDR	r12, [%[a]]\n\t"
        "LDR	r3, [%[a], #4]\n\t"
        "LSR	r12, r12, #9\n\t"
        "ORR	r12, r12, r3, LSL #23\n\t"
        "STR	r12, [%[a], #4]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "LSR	r3, r3, #9\n\t"
        "ORR	r3, r3, r12, LSL #23\n\t"
        "STR	r3, [%[a], #8]\n\t"
        "LDR	r3, [%[a], #12]\n\t"
        "LSR	r12, r12, #9\n\t"
        "ORR	r12, r12, r3, LSL #23\n\t"
        "STR	r12, [%[a], #12]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "LSR	r3, r3, #9\n\t"
        "ORR	r3, r3, r12, LSL #23\n\t"
        "STR	r3, [%[a], #16]\n\t"
        "LDR	r3, [%[a], #20]\n\t"
        "LSR	r12, r12, #9\n\t"
        "ORR	r12, r12, r3, LSL #23\n\t"
        "STR	r12, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "LSR	r3, r3, #9\n\t"
        "ORR	r3, r3, r12, LSL #23\n\t"
        "STR	r3, [%[a], #24]\n\t"
        "LDR	r3, [%[a], #28]\n\t"
        "LSR	r12, r12, #9\n\t"
        "ORR	r12, r12, r3, LSL #23\n\t"
        "STR	r12, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "LSR	r3, r3, #9\n\t"
        "ORR	r3, r3, r12, LSL #23\n\t"
        "STR	r3, [%[a], #32]\n\t"
        "LDR	r3, [%[a], #36]\n\t"
        "LSR	r12, r12, #9\n\t"
        "ORR	r12, r12, r3, LSL #23\n\t"
        "STR	r12, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "LSR	r3, r3, #9\n\t"
        "ORR	r3, r3, r12, LSL #23\n\t"
        "STR	r3, [%[a], #40]\n\t"
        "LDR	r3, [%[a], #44]\n\t"
        "LSR	r12, r12, #9\n\t"
        "ORR	r12, r12, r3, LSL #23\n\t"
        "STR	r12, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #48]\n\t"
        "LSR	r3, r3, #9\n\t"
        "ORR	r3, r3, r12, LSL #23\n\t"
        "STR	r3, [%[a], #48]\n\t"
        "LDR	r3, [%[a], #52]\n\t"
        "LSR	r12, r12, #9\n\t"
        "ORR	r12, r12, r3, LSL #23\n\t"
        "STR	r12, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #56]\n\t"
        "LSR	r3, r3, #9\n\t"
        "ORR	r3, r3, r12, LSL #23\n\t"
        "STR	r3, [%[a], #56]\n\t"
        "LDR	r3, [%[a], #60]\n\t"
        "LSR	r12, r12, #9\n\t"
        "ORR	r12, r12, r3, LSL #23\n\t"
        "STR	r12, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #64]\n\t"
        "LSR	r3, r3, #9\n\t"
        "ORR	r3, r3, r12, LSL #23\n\t"
        "STR	r3, [%[a], #64]\n\t"
        "LSR	r12, r12, #9\n\t"
        "STR	r12, [%[a], #68]\n\t"
        "LSR	r5, r12, #9\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "MOV	%[mp], r5\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp);
}

#endif
/* Multiply two Montgomery form numbers mod the modulus (prime).
 * (r = a * b mod m)
 *
 * r   Result of multiplication.
 * a   First number to multiply in Montgomery form.
 * b   Second number to multiply in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_521_mont_mul_17(sp_digit* r, const sp_digit* a,
        const sp_digit* b, const sp_digit* m, sp_digit mp)
{
    sp_521_mul_17(r, a, b);
    sp_521_mont_reduce_17(r, m, mp);
}

/* Square the Montgomery form number. (r = a * a mod m)
 *
 * r   Result of squaring.
 * a   Number to square in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_521_mont_sqr_17(sp_digit* r, const sp_digit* a,
        const sp_digit* m, sp_digit mp)
{
    sp_521_sqr_17(r, a);
    sp_521_mont_reduce_17(r, m, mp);
}

#ifndef WOLFSSL_SP_SMALL
/* Square the Montgomery form number a number of times. (r = a ^ n mod m)
 *
 * r   Result of squaring.
 * a   Number to square in Montgomery form.
 * n   Number of times to square.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r,
    const sp_digit* a, int n, const sp_digit* m, sp_digit mp)
{
    sp_521_mont_sqr_17(r, a, m, mp);
    for (; n > 1; n--) {
        sp_521_mont_sqr_17(r, r, m, mp);
    }
}

#endif /* !WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Mod-2 for the P521 curve. */
static const uint32_t p521_mod_minus_2[17] = {
    0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
    0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
    0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
};
#endif /* !WOLFSSL_SP_SMALL */

/* Invert the number, in Montgomery form, modulo the modulus (prime) of the
 * P521 curve. (r = 1 / a mod m)
 *
 * r   Inverse result.
 * a   Number to invert.
 * td  Temporary data.
 */
static void sp_521_mont_inv_17(sp_digit* r, const sp_digit* a, sp_digit* td)
{
#ifdef WOLFSSL_SP_SMALL
    sp_digit* t = td;
    int i;

    XMEMCPY(t, a, sizeof(sp_digit) * 17);
    for (i=519; i>=0; i--) {
        sp_521_mont_sqr_17(t, t, p521_mod, p521_mp_mod);
        if (p521_mod_minus_2[i / 32] & ((sp_digit)1 << (i % 32)))
            sp_521_mont_mul_17(t, t, a, p521_mod, p521_mp_mod);
    }
    XMEMCPY(r, t, sizeof(sp_digit) * 17);
#else
    sp_digit* t1 = td;
    sp_digit* t2 = td + 2 * 17;
    sp_digit* t3 = td + 4 * 17;

    /* 0x2 */
    sp_521_mont_sqr_17(t1, a, p521_mod, p521_mp_mod);
    /* 0x3 */
    sp_521_mont_mul_17(t2, t1, a, p521_mod, p521_mp_mod);
    /* 0x6 */
    sp_521_mont_sqr_17(t1, t2, p521_mod, p521_mp_mod);
    /* 0x7 */
    sp_521_mont_mul_17(t3, t1, a, p521_mod, p521_mp_mod);
    /* 0xc */
    sp_521_mont_sqr_n_17(t1, t2, 2, p521_mod, p521_mp_mod);
    /* 0xf */
    sp_521_mont_mul_17(t2, t2, t1, p521_mod, p521_mp_mod);
    /* 0x78 */
    sp_521_mont_sqr_n_17(t1, t2, 3, p521_mod, p521_mp_mod);
    /* 0x7f */
    sp_521_mont_mul_17(t3, t3, t1, p521_mod, p521_mp_mod);
    /* 0xf0 */
    sp_521_mont_sqr_n_17(t1, t2, 4, p521_mod, p521_mp_mod);
    /* 0xff */
    sp_521_mont_mul_17(t2, t2, t1, p521_mod, p521_mp_mod);
    /* 0xff00 */
    sp_521_mont_sqr_n_17(t1, t2, 8, p521_mod, p521_mp_mod);
    /* 0xffff */
    sp_521_mont_mul_17(t2, t2, t1, p521_mod, p521_mp_mod);
    /* 0xffff0000 */
    sp_521_mont_sqr_n_17(t1, t2, 16, p521_mod, p521_mp_mod);
    /* 0xffffffff */
    sp_521_mont_mul_17(t2, t2, t1, p521_mod, p521_mp_mod);
    /* 0xffffffff00000000 */
    sp_521_mont_sqr_n_17(t1, t2, 32, p521_mod, p521_mp_mod);
    /* 0xffffffffffffffff */
    sp_521_mont_mul_17(t2, t2, t1, p521_mod, p521_mp_mod);
    /* 0xffffffffffffffff0000000000000000 */
    sp_521_mont_sqr_n_17(t1, t2, 64, p521_mod, p521_mp_mod);
    /* 0xffffffffffffffffffffffffffffffff */
    sp_521_mont_mul_17(t2, t2, t1, p521_mod, p521_mp_mod);
    /* 0xffffffffffffffffffffffffffffffff00000000000000000000000000000000 */
    sp_521_mont_sqr_n_17(t1, t2, 128, p521_mod, p521_mp_mod);
    /* 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff */
    sp_521_mont_mul_17(t2, t2, t1, p521_mod, p521_mp_mod);
    /* 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000 */
    sp_521_mont_sqr_n_17(t1, t2, 256, p521_mod, p521_mp_mod);
    /* 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff */
    sp_521_mont_mul_17(t2, t2, t1, p521_mod, p521_mp_mod);
    /* 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff80 */
    sp_521_mont_sqr_n_17(t1, t2, 7, p521_mod, p521_mp_mod);
    /* 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff */
    sp_521_mont_mul_17(t2, t3, t1, p521_mod, p521_mp_mod);
    /* 0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc */
    sp_521_mont_sqr_n_17(t1, t2, 2, p521_mod, p521_mp_mod);
    /* 0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd */
    sp_521_mont_mul_17(r, t1, a, p521_mod, p521_mp_mod);

#endif /* WOLFSSL_SP_SMALL */
}

/* Compare a with b in constant time.
 *
 * a  A single precision integer.
 * b  A single precision integer.
 * return -ve, 0 or +ve if a is less than, equal to or greater than b
 * respectively.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_int32 sp_521_cmp_17(const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register const sp_digit* a __asm__ ("r0") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r2, #0xffffffff\n\t"
        "MOV	r8, #0x1\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r3, #0xffffffff\n\t"
#ifdef WOLFSSL_SP_SMALL
        "MOV	r6, #0x40\n\t"
        "\n"
    "L_sp_521_cmp_17_words:\n\t"
        "LDR	r4, [%[a], r6]\n\t"
        "LDR	r5, [%[b], r6]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "SUBS	r6, r6, #0x4\n\t"
        "bcs	L_sp_521_cmp_17_words\n\t"
        "EOR	r2, r2, r3\n\t"
#else
        "LDR	r4, [%[a], #64]\n\t"
        "LDR	r5, [%[b], #64]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #60]\n\t"
        "LDR	r5, [%[b], #60]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #56]\n\t"
        "LDR	r5, [%[b], #56]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #52]\n\t"
        "LDR	r5, [%[b], #52]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #48]\n\t"
        "LDR	r5, [%[b], #48]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #44]\n\t"
        "LDR	r5, [%[b], #44]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #40]\n\t"
        "LDR	r5, [%[b], #40]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #36]\n\t"
        "LDR	r5, [%[b], #36]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #32]\n\t"
        "LDR	r5, [%[b], #32]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #28]\n\t"
        "LDR	r5, [%[b], #28]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #24]\n\t"
        "LDR	r5, [%[b], #24]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #20]\n\t"
        "LDR	r5, [%[b], #20]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #16]\n\t"
        "LDR	r5, [%[b], #16]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #12]\n\t"
        "LDR	r5, [%[b], #12]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #8]\n\t"
        "LDR	r5, [%[b], #8]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #4]\n\t"
        "LDR	r5, [%[b], #4]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[b]]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "EOR	r2, r2, r3\n\t"
#endif /*WOLFSSL_SP_SMALL */
        "MOV	%[a], r2\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Normalize the values in each word to 32.
 *
 * a  Array of sp_digit to normalize.
 */
#define sp_521_norm_17(a)

/* Map the Montgomery form projective coordinate point to an affine point.
 *
 * r  Resulting affine coordinate point.
 * p  Montgomery form projective coordinate point.
 * t  Temporary ordinate data.
 */
static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
    sp_digit* t)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t + 2*17;
    sp_int32 n;

    sp_521_mont_inv_17(t1, p->z, t + 2*17);

    sp_521_mont_sqr_17(t2, t1, p521_mod, p521_mp_mod);
    sp_521_mont_mul_17(t1, t2, t1, p521_mod, p521_mp_mod);

    /* x /= z^2 */
    sp_521_mont_mul_17(r->x, p->x, t2, p521_mod, p521_mp_mod);
    XMEMSET(r->x + 17, 0, sizeof(sp_digit) * 17U);
    sp_521_mont_reduce_17(r->x, p521_mod, p521_mp_mod);
    /* Reduce x to less than modulus */
    n = sp_521_cmp_17(r->x, p521_mod);
    sp_521_cond_sub_17(r->x, r->x, p521_mod, ~(n >> 31));
    sp_521_norm_17(r->x);

    /* y /= z^3 */
    sp_521_mont_mul_17(r->y, p->y, t1, p521_mod, p521_mp_mod);
    XMEMSET(r->y + 17, 0, sizeof(sp_digit) * 17U);
    sp_521_mont_reduce_17(r->y, p521_mod, p521_mp_mod);
    /* Reduce y to less than modulus */
    n = sp_521_cmp_17(r->y, p521_mod);
    sp_521_cond_sub_17(r->y, r->y, p521_mod, ~(n >> 31));
    sp_521_norm_17(r->y);

    XMEMSET(r->z, 0, sizeof(r->z) / 2);
    r->z[0] = 1;
}

/* Add two Montgomery form numbers (r = a + b % m).
 *
 * r   Result of addition.
 * a   First number to add in Montgomery form.
 * b   Second number to add in Montgomery form.
 * m   Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_521_mont_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r3, #0x0\n\t"
        "LDM	%[a]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[b]!, {r4, r5, r6, r7}\n\t"
        "ADDS	r8, r8, r4\n\t"
        "ADCS	r9, r9, r5\n\t"
        "ADCS	r10, r10, r6\n\t"
        "ADCS	r11, r11, r7\n\t"
        "STM	%[r]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[b]!, {r4, r5, r6, r7}\n\t"
        "ADCS	r8, r8, r4\n\t"
        "ADCS	r9, r9, r5\n\t"
        "ADCS	r10, r10, r6\n\t"
        "ADCS	r11, r11, r7\n\t"
        "STM	%[r]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[b]!, {r4, r5, r6, r7}\n\t"
        "ADCS	r8, r8, r4\n\t"
        "ADCS	r9, r9, r5\n\t"
        "ADCS	r10, r10, r6\n\t"
        "ADCS	r11, r11, r7\n\t"
        "STM	%[r]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[b]!, {r4, r5, r6, r7}\n\t"
        "ADCS	r8, r8, r4\n\t"
        "ADCS	r9, r9, r5\n\t"
        "ADCS	r10, r10, r6\n\t"
        "ADCS	r11, r11, r7\n\t"
        "STM	%[r]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r8}\n\t"
        "LDM	%[b]!, {r4}\n\t"
        "ADCS	r8, r8, r4\n\t"
        "MOV	r12, #0x1ff\n\t"
        "LSR	r3, r8, #9\n\t"
        "AND	r8, r8, r12\n\t"
        "STM	%[r]!, {r8}\n\t"
        "SUB	%[r], %[r], #0x44\n\t"
        "LDM	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADDS	r4, r4, r3\n\t"
        "ADCS	r5, r5, #0x0\n\t"
        "ADCS	r6, r6, #0x0\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADCS	r8, r8, #0x0\n\t"
        "ADCS	r9, r9, #0x0\n\t"
        "ADCS	r10, r10, #0x0\n\t"
        "ADCS	r11, r11, #0x0\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "ADCS	r5, r5, #0x0\n\t"
        "ADCS	r6, r6, #0x0\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADCS	r8, r8, #0x0\n\t"
        "ADCS	r9, r9, #0x0\n\t"
        "ADCS	r10, r10, #0x0\n\t"
        "ADCS	r11, r11, #0x0\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[r], {r4}\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "STM	%[r]!, {r4}\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
    );
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)m_p;
#else
    (void)m;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
}

/* Double a Montgomery form number (r = a + a % m).
 *
 * r   Result of doubling.
 * a   Number to double in Montgomery form.
 * m   Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_521_mont_dbl_17(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r2, #0x0\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADDS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "ADCS	r11, r11, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "ADCS	r11, r11, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4}\n\t"
        "ADCS	r4, r4, r4\n\t"
        "MOV	r3, #0x1ff\n\t"
        "LSR	r2, r4, #9\n\t"
        "AND	r4, r4, r3\n\t"
        "STM	%[r]!, {r4}\n\t"
        "SUB	%[r], %[r], #0x44\n\t"
        "LDM	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADDS	r4, r4, r2\n\t"
        "ADCS	r5, r5, #0x0\n\t"
        "ADCS	r6, r6, #0x0\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADCS	r8, r8, #0x0\n\t"
        "ADCS	r9, r9, #0x0\n\t"
        "ADCS	r10, r10, #0x0\n\t"
        "ADCS	r11, r11, #0x0\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "ADCS	r5, r5, #0x0\n\t"
        "ADCS	r6, r6, #0x0\n\t"
        "ADCS	r7, r7, #0x0\n\t"
        "ADCS	r8, r8, #0x0\n\t"
        "ADCS	r9, r9, #0x0\n\t"
        "ADCS	r10, r10, #0x0\n\t"
        "ADCS	r11, r11, #0x0\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[r], {r4}\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "STM	%[r]!, {r4}\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "cc"
    );
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)m_p;
#else
    (void)m;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
}

/* Triple a Montgomery form number (r = a + a + a % m).
 *
 * r   Result of Tripling.
 * a   Number to triple in Montgomery form.
 * m   Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_521_mont_tpl_17(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r2, #0x0\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADDS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "ADCS	r11, r11, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "ADCS	r11, r11, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4}\n\t"
        "ADCS	r4, r4, r4\n\t"
        "STM	%[r]!, {r4}\n\t"
        "SUB	%[r], %[r], #0x44\n\t"
        "SUB	%[a], %[a], #0x44\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r8, r9, r10, r11}\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4}\n\t"
        "LDM	%[a]!, {r8}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "MOV	r3, #0x1ff\n\t"
        "LSR	r2, r4, #9\n\t"
        "AND	r4, r4, r3\n\t"
        "STM	%[r]!, {r4}\n\t"
        "SUB	%[r], %[r], #0x44\n\t"
        "LDM	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADDS	r4, r4, r2\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[r], {r4}\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "STM	%[r]!, {r4}\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "cc"
    );
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)m_p;
#else
    (void)m;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
}

/* Subtract two Montgomery form numbers (r = a - b % m).
 *
 * r   Result of subtration.
 * a   Number to subtract from in Montgomery form.
 * b   Number to subtract with in Montgomery form.
 * m   Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_521_mont_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r3, #0x0\n\t"
        "LDM	%[a]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[b]!, {r4, r5, r6, r7}\n\t"
        "SUBS	r8, r8, r4\n\t"
        "SBCS	r9, r9, r5\n\t"
        "SBCS	r10, r10, r6\n\t"
        "SBCS	r11, r11, r7\n\t"
        "STM	%[r]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[b]!, {r4, r5, r6, r7}\n\t"
        "SBCS	r8, r8, r4\n\t"
        "SBCS	r9, r9, r5\n\t"
        "SBCS	r10, r10, r6\n\t"
        "SBCS	r11, r11, r7\n\t"
        "STM	%[r]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[b]!, {r4, r5, r6, r7}\n\t"
        "SBCS	r8, r8, r4\n\t"
        "SBCS	r9, r9, r5\n\t"
        "SBCS	r10, r10, r6\n\t"
        "SBCS	r11, r11, r7\n\t"
        "STM	%[r]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[b]!, {r4, r5, r6, r7}\n\t"
        "SBCS	r8, r8, r4\n\t"
        "SBCS	r9, r9, r5\n\t"
        "SBCS	r10, r10, r6\n\t"
        "SBCS	r11, r11, r7\n\t"
        "STM	%[r]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r8}\n\t"
        "LDM	%[b]!, {r4}\n\t"
        "SBCS	r8, r8, r4\n\t"
        "MOV	r12, #0x1ff\n\t"
        "ASR	r3, r8, #9\n\t"
        "AND	r8, r8, r12\n\t"
        "neg	r3, r3\n\t"
        "STM	%[r]!, {r8}\n\t"
        "SUB	%[r], %[r], #0x44\n\t"
        "LDM	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r4, r4, r3\n\t"
        "SBCS	r5, r5, #0x0\n\t"
        "SBCS	r6, r6, #0x0\n\t"
        "SBCS	r7, r7, #0x0\n\t"
        "SBCS	r8, r8, #0x0\n\t"
        "SBCS	r9, r9, #0x0\n\t"
        "SBCS	r10, r10, #0x0\n\t"
        "SBCS	r11, r11, #0x0\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "SBCS	r4, r4, #0x0\n\t"
        "SBCS	r5, r5, #0x0\n\t"
        "SBCS	r6, r6, #0x0\n\t"
        "SBCS	r7, r7, #0x0\n\t"
        "SBCS	r8, r8, #0x0\n\t"
        "SBCS	r9, r9, #0x0\n\t"
        "SBCS	r10, r10, #0x0\n\t"
        "SBCS	r11, r11, #0x0\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[r], {r4}\n\t"
        "SBCS	r4, r4, #0x0\n\t"
        "STM	%[r]!, {r4}\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
    );
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    (void)m_p;
#else
    (void)m;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
}

#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_521_rshift1_17(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_521_rshift1_17(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r2, r3}\n\t"
        "LSR	r2, r2, #1\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #8]\n\t"
        "STR	r2, [%[r]]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #12]\n\t"
        "STR	r3, [%[r], #4]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #16]\n\t"
        "STR	r4, [%[r], #8]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #20]\n\t"
        "STR	r2, [%[r], #12]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #24]\n\t"
        "STR	r3, [%[r], #16]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #28]\n\t"
        "STR	r4, [%[r], #20]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #32]\n\t"
        "STR	r2, [%[r], #24]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #36]\n\t"
        "STR	r3, [%[r], #28]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #40]\n\t"
        "STR	r4, [%[r], #32]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #44]\n\t"
        "STR	r2, [%[r], #36]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #48]\n\t"
        "STR	r3, [%[r], #40]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #52]\n\t"
        "STR	r4, [%[r], #44]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #56]\n\t"
        "STR	r2, [%[r], #48]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #60]\n\t"
        "STR	r3, [%[r], #52]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #64]\n\t"
        "STR	r4, [%[r], #56]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "STR	r2, [%[r], #60]\n\t"
        "STR	r3, [%[r], #64]\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r2", "r3", "r4", "cc"
    );
}

/* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m)
 *
 * r  Result of division by 2.
 * a  Number to divide.
 * m  Modulus (prime).
 */
static void sp_521_mont_div2_17(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    sp_digit o = a[0] & 1;

    (void)m;

    sp_521_rshift1_17(r, r);
    r[16] |= o << 8;
}

/* Double the Montgomery form projective point p.
 *
 * r  Result of doubling point.
 * p  Point to double.
 * t  Temporary ordinate data.
 */
static void sp_521_proj_point_dbl_17(sp_point_521* r, const sp_point_521* p,
    sp_digit* t)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t + 2*17;
    sp_digit* x;
    sp_digit* y;
    sp_digit* z;

    x = r->x;
    y = r->y;
    z = r->z;
    /* Put infinity into result. */
    if (r != p) {
        r->infinity = p->infinity;
    }

    /* T1 = Z * Z */
    sp_521_mont_sqr_17(t1, p->z, p521_mod, p521_mp_mod);
    /* Z = Y * Z */
    sp_521_mont_mul_17(z, p->y, p->z, p521_mod, p521_mp_mod);
    /* Z = 2Z */
    sp_521_mont_dbl_17(z, z, p521_mod);
    /* T2 = X - T1 */
    sp_521_mont_sub_17(t2, p->x, t1, p521_mod);
    /* T1 = X + T1 */
    sp_521_mont_add_17(t1, p->x, t1, p521_mod);
    /* T2 = T1 * T2 */
    sp_521_mont_mul_17(t2, t1, t2, p521_mod, p521_mp_mod);
    /* T1 = 3T2 */
    sp_521_mont_tpl_17(t1, t2, p521_mod);
    /* Y = 2Y */
    sp_521_mont_dbl_17(y, p->y, p521_mod);
    /* Y = Y * Y */
    sp_521_mont_sqr_17(y, y, p521_mod, p521_mp_mod);
    /* T2 = Y * Y */
    sp_521_mont_sqr_17(t2, y, p521_mod, p521_mp_mod);
    /* T2 = T2/2 */
    sp_521_mont_div2_17(t2, t2, p521_mod);
    /* Y = Y * X */
    sp_521_mont_mul_17(y, y, p->x, p521_mod, p521_mp_mod);
    /* X = T1 * T1 */
    sp_521_mont_sqr_17(x, t1, p521_mod, p521_mp_mod);
    /* X = X - Y */
    sp_521_mont_sub_17(x, x, y, p521_mod);
    /* X = X - Y */
    sp_521_mont_sub_17(x, x, y, p521_mod);
    /* Y = Y - X */
    sp_521_mont_sub_17(y, y, x, p521_mod);
    /* Y = Y * T1 */
    sp_521_mont_mul_17(y, y, t1, p521_mod, p521_mp_mod);
    /* Y = Y - T2 */
    sp_521_mont_sub_17(y, y, t2, p521_mod);
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_521_proj_point_dbl_17_ctx {
    int state;
    sp_digit* t1;
    sp_digit* t2;
    sp_digit* x;
    sp_digit* y;
    sp_digit* z;
} sp_521_proj_point_dbl_17_ctx;

/* Double the Montgomery form projective point p.
 *
 * r  Result of doubling point.
 * p  Point to double.
 * t  Temporary ordinate data.
 */
static int sp_521_proj_point_dbl_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
        const sp_point_521* p, sp_digit* t)
{
    int err = FP_WOULDBLOCK;
    sp_521_proj_point_dbl_17_ctx* ctx = (sp_521_proj_point_dbl_17_ctx*)sp_ctx->data;

    typedef char ctx_size_test[sizeof(sp_521_proj_point_dbl_17_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0:
        ctx->t1 = t;
        ctx->t2 = t + 2*17;
        ctx->x = r->x;
        ctx->y = r->y;
        ctx->z = r->z;

        /* Put infinity into result. */
        if (r != p) {
            r->infinity = p->infinity;
        }
        ctx->state = 1;
        break;
    case 1:
        /* T1 = Z * Z */
        sp_521_mont_sqr_17(ctx->t1, p->z, p521_mod, p521_mp_mod);
        ctx->state = 2;
        break;
    case 2:
        /* Z = Y * Z */
        sp_521_mont_mul_17(ctx->z, p->y, p->z, p521_mod, p521_mp_mod);
        ctx->state = 3;
        break;
    case 3:
        /* Z = 2Z */
        sp_521_mont_dbl_17(ctx->z, ctx->z, p521_mod);
        ctx->state = 4;
        break;
    case 4:
        /* T2 = X - T1 */
        sp_521_mont_sub_17(ctx->t2, p->x, ctx->t1, p521_mod);
        ctx->state = 5;
        break;
    case 5:
        /* T1 = X + T1 */
        sp_521_mont_add_17(ctx->t1, p->x, ctx->t1, p521_mod);
        ctx->state = 6;
        break;
    case 6:
        /* T2 = T1 * T2 */
        sp_521_mont_mul_17(ctx->t2, ctx->t1, ctx->t2, p521_mod, p521_mp_mod);
        ctx->state = 7;
        break;
    case 7:
        /* T1 = 3T2 */
        sp_521_mont_tpl_17(ctx->t1, ctx->t2, p521_mod);
        ctx->state = 8;
        break;
    case 8:
        /* Y = 2Y */
        sp_521_mont_dbl_17(ctx->y, p->y, p521_mod);
        ctx->state = 9;
        break;
    case 9:
        /* Y = Y * Y */
        sp_521_mont_sqr_17(ctx->y, ctx->y, p521_mod, p521_mp_mod);
        ctx->state = 10;
        break;
    case 10:
        /* T2 = Y * Y */
        sp_521_mont_sqr_17(ctx->t2, ctx->y, p521_mod, p521_mp_mod);
        ctx->state = 11;
        break;
    case 11:
        /* T2 = T2/2 */
        sp_521_mont_div2_17(ctx->t2, ctx->t2, p521_mod);
        ctx->state = 12;
        break;
    case 12:
        /* Y = Y * X */
        sp_521_mont_mul_17(ctx->y, ctx->y, p->x, p521_mod, p521_mp_mod);
        ctx->state = 13;
        break;
    case 13:
        /* X = T1 * T1 */
        sp_521_mont_sqr_17(ctx->x, ctx->t1, p521_mod, p521_mp_mod);
        ctx->state = 14;
        break;
    case 14:
        /* X = X - Y */
        sp_521_mont_sub_17(ctx->x, ctx->x, ctx->y, p521_mod);
        ctx->state = 15;
        break;
    case 15:
        /* X = X - Y */
        sp_521_mont_sub_17(ctx->x, ctx->x, ctx->y, p521_mod);
        ctx->state = 16;
        break;
    case 16:
        /* Y = Y - X */
        sp_521_mont_sub_17(ctx->y, ctx->y, ctx->x, p521_mod);
        ctx->state = 17;
        break;
    case 17:
        /* Y = Y * T1 */
        sp_521_mont_mul_17(ctx->y, ctx->y, ctx->t1, p521_mod, p521_mp_mod);
        ctx->state = 18;
        break;
    case 18:
        /* Y = Y - T2 */
        sp_521_mont_sub_17(ctx->y, ctx->y, ctx->t2, p521_mod);
        ctx->state = 19;
        /* fall-through */
    case 19:
        err = MP_OKAY;
        break;
    }

    if (err == MP_OKAY && ctx->state != 19) {
        err = FP_WOULDBLOCK;
    }

    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */
/* Compare two numbers to determine if they are equal.
 * Constant time implementation.
 *
 * a  First number to compare.
 * b  Second number to compare.
 * returns 1 when equal and 0 otherwise.
 */
static int sp_521_cmp_equal_17(const sp_digit* a, const sp_digit* b)
{
    return ((a[0] ^ b[0]) | (a[1] ^ b[1]) | (a[2] ^ b[2]) |
            (a[3] ^ b[3]) | (a[4] ^ b[4]) | (a[5] ^ b[5]) |
            (a[6] ^ b[6]) | (a[7] ^ b[7]) | (a[8] ^ b[8]) |
            (a[9] ^ b[9]) | (a[10] ^ b[10]) | (a[11] ^ b[11]) |
            (a[12] ^ b[12]) | (a[13] ^ b[13]) | (a[14] ^ b[14]) |
            (a[15] ^ b[15]) | (a[16] ^ b[16])) == 0;
}

/* Returns 1 if the number of zero.
 * Implementation is constant time.
 *
 * a  Number to check.
 * returns 1 if the number is zero and 0 otherwise.
 */
static int sp_521_iszero_17(const sp_digit* a)
{
    return (a[0] | a[1] | a[2] | a[3] | a[4] | a[5] | a[6] | a[7] |
            a[8] | a[9] | a[10] | a[11] | a[12] | a[13] | a[14] | a[15] |
            a[16]) == 0;
}


/* Add two Montgomery form projective points.
 *
 * r  Result of addition.
 * p  First point to add.
 * q  Second point to add.
 * t  Temporary ordinate data.
 */
static void sp_521_proj_point_add_17(sp_point_521* r,
        const sp_point_521* p, const sp_point_521* q, sp_digit* t)
{
    sp_digit* t6 = t;
    sp_digit* t1 = t + 2*17;
    sp_digit* t2 = t + 4*17;
    sp_digit* t3 = t + 6*17;
    sp_digit* t4 = t + 8*17;
    sp_digit* t5 = t + 10*17;

    /* U1 = X1*Z2^2 */
    sp_521_mont_sqr_17(t1, q->z, p521_mod, p521_mp_mod);
    sp_521_mont_mul_17(t3, t1, q->z, p521_mod, p521_mp_mod);
    sp_521_mont_mul_17(t1, t1, p->x, p521_mod, p521_mp_mod);
    /* U2 = X2*Z1^2 */
    sp_521_mont_sqr_17(t2, p->z, p521_mod, p521_mp_mod);
    sp_521_mont_mul_17(t4, t2, p->z, p521_mod, p521_mp_mod);
    sp_521_mont_mul_17(t2, t2, q->x, p521_mod, p521_mp_mod);
    /* S1 = Y1*Z2^3 */
    sp_521_mont_mul_17(t3, t3, p->y, p521_mod, p521_mp_mod);
    /* S2 = Y2*Z1^3 */
    sp_521_mont_mul_17(t4, t4, q->y, p521_mod, p521_mp_mod);

    /* Check double */
    if ((~p->infinity) & (~q->infinity) &
            sp_521_cmp_equal_17(t2, t1) &
            sp_521_cmp_equal_17(t4, t3)) {
        sp_521_proj_point_dbl_17(r, p, t);
    }
    else {
        sp_digit* x = t6;
        sp_digit* y = t1;
        sp_digit* z = t2;

        /* H = U2 - U1 */
        sp_521_mont_sub_17(t2, t2, t1, p521_mod);
        /* R = S2 - S1 */
        sp_521_mont_sub_17(t4, t4, t3, p521_mod);
        /* X3 = R^2 - H^3 - 2*U1*H^2 */
        sp_521_mont_sqr_17(t5, t2, p521_mod, p521_mp_mod);
        sp_521_mont_mul_17(y, t1, t5, p521_mod, p521_mp_mod);
        sp_521_mont_mul_17(t5, t5, t2, p521_mod, p521_mp_mod);
        /* Z3 = H*Z1*Z2 */
        sp_521_mont_mul_17(z, p->z, t2, p521_mod, p521_mp_mod);
        sp_521_mont_mul_17(z, z, q->z, p521_mod, p521_mp_mod);
        sp_521_mont_sqr_17(x, t4, p521_mod, p521_mp_mod);
        sp_521_mont_sub_17(x, x, t5, p521_mod);
        sp_521_mont_mul_17(t5, t5, t3, p521_mod, p521_mp_mod);
        sp_521_mont_dbl_17(t3, y, p521_mod);
        sp_521_mont_sub_17(x, x, t3, p521_mod);
        /* Y3 = R*(U1*H^2 - X3) - S1*H^3 */
        sp_521_mont_sub_17(y, y, x, p521_mod);
        sp_521_mont_mul_17(y, y, t4, p521_mod, p521_mp_mod);
        sp_521_mont_sub_17(y, y, t5, p521_mod);
        {
            int i;
            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
            sp_digit maskt = ~(maskp | maskq);
            sp_digit inf = (sp_digit)(p->infinity & q->infinity);

            for (i = 0; i < 17; i++) {
                r->x[i] = (p->x[i] & maskp) | (q->x[i] & maskq) |
                          (x[i] & maskt);
            }
            for (i = 0; i < 17; i++) {
                r->y[i] = (p->y[i] & maskp) | (q->y[i] & maskq) |
                          (y[i] & maskt);
            }
            for (i = 0; i < 17; i++) {
                r->z[i] = (p->z[i] & maskp) | (q->z[i] & maskq) |
                          (z[i] & maskt);
            }
            r->z[0] |= inf;
            r->infinity = (word32)inf;
        }
    }
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_521_proj_point_add_17_ctx {
    int state;
    sp_521_proj_point_dbl_17_ctx dbl_ctx;
    const sp_point_521* ap[2];
    sp_point_521* rp[2];
    sp_digit* t1;
    sp_digit* t2;
    sp_digit* t3;
    sp_digit* t4;
    sp_digit* t5;
    sp_digit* t6;
    sp_digit* x;
    sp_digit* y;
    sp_digit* z;
} sp_521_proj_point_add_17_ctx;

/* Add two Montgomery form projective points.
 *
 * r  Result of addition.
 * p  First point to add.
 * q  Second point to add.
 * t  Temporary ordinate data.
 */
static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
    const sp_point_521* p, const sp_point_521* q, sp_digit* t)
{
    int err = FP_WOULDBLOCK;
    sp_521_proj_point_add_17_ctx* ctx = (sp_521_proj_point_add_17_ctx*)sp_ctx->data;

    /* Ensure only the first point is the same as the result. */
    if (q == r) {
        const sp_point_521* a = p;
        p = q;
        q = a;
    }

    typedef char ctx_size_test[sizeof(sp_521_proj_point_add_17_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0: /* INIT */
        ctx->t6 = t;
        ctx->t1 = t + 2*17;
        ctx->t2 = t + 4*17;
        ctx->t3 = t + 6*17;
        ctx->t4 = t + 8*17;
        ctx->t5 = t + 10*17;
        ctx->x = ctx->t6;
        ctx->y = ctx->t1;
        ctx->z = ctx->t2;

        ctx->state = 1;
        break;
    case 1:
        /* U1 = X1*Z2^2 */
        sp_521_mont_sqr_17(ctx->t1, q->z, p521_mod, p521_mp_mod);
        ctx->state = 2;
        break;
    case 2:
        sp_521_mont_mul_17(ctx->t3, ctx->t1, q->z, p521_mod, p521_mp_mod);
        ctx->state = 3;
        break;
    case 3:
        sp_521_mont_mul_17(ctx->t1, ctx->t1, p->x, p521_mod, p521_mp_mod);
        ctx->state = 4;
        break;
    case 4:
        /* U2 = X2*Z1^2 */
        sp_521_mont_sqr_17(ctx->t2, p->z, p521_mod, p521_mp_mod);
        ctx->state = 5;
        break;
    case 5:
        sp_521_mont_mul_17(ctx->t4, ctx->t2, p->z, p521_mod, p521_mp_mod);
        ctx->state = 6;
        break;
    case 6:
        sp_521_mont_mul_17(ctx->t2, ctx->t2, q->x, p521_mod, p521_mp_mod);
        ctx->state = 7;
        break;
    case 7:
        /* S1 = Y1*Z2^3 */
        sp_521_mont_mul_17(ctx->t3, ctx->t3, p->y, p521_mod, p521_mp_mod);
        ctx->state = 8;
        break;
    case 8:
        /* S2 = Y2*Z1^3 */
        sp_521_mont_mul_17(ctx->t4, ctx->t4, q->y, p521_mod, p521_mp_mod);
        ctx->state = 9;
        break;
    case 9:
        /* Check double */
        if ((~p->infinity) & (~q->infinity) &
                sp_521_cmp_equal_17(ctx->t2, ctx->t1) &
                sp_521_cmp_equal_17(ctx->t4, ctx->t3)) {
            XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
            sp_521_proj_point_dbl_17(r, p, t);
            ctx->state = 25;
        }
        else {
            ctx->state = 10;
        }
        break;
    case 10:
        /* H = U2 - U1 */
        sp_521_mont_sub_17(ctx->t2, ctx->t2, ctx->t1, p521_mod);
        ctx->state = 11;
        break;
    case 11:
        /* R = S2 - S1 */
        sp_521_mont_sub_17(ctx->t4, ctx->t4, ctx->t3, p521_mod);
        ctx->state = 12;
        break;
    case 12:
        /* X3 = R^2 - H^3 - 2*U1*H^2 */
        sp_521_mont_sqr_17(ctx->t5, ctx->t2, p521_mod, p521_mp_mod);
        ctx->state = 13;
        break;
    case 13:
        sp_521_mont_mul_17(ctx->y, ctx->t1, ctx->t5, p521_mod, p521_mp_mod);
        ctx->state = 14;
        break;
    case 14:
        sp_521_mont_mul_17(ctx->t5, ctx->t5, ctx->t2, p521_mod, p521_mp_mod);
        ctx->state = 15;
        break;
    case 15:
        /* Z3 = H*Z1*Z2 */
        sp_521_mont_mul_17(ctx->z, p->z, ctx->t2, p521_mod, p521_mp_mod);
        ctx->state = 16;
        break;
    case 16:
        sp_521_mont_mul_17(ctx->z, ctx->z, q->z, p521_mod, p521_mp_mod);
        ctx->state = 17;
        break;
    case 17:
        sp_521_mont_sqr_17(ctx->x, ctx->t4, p521_mod, p521_mp_mod);
        ctx->state = 18;
        break;
    case 18:
        sp_521_mont_sub_17(ctx->x, ctx->x, ctx->t5, p521_mod);
        ctx->state = 19;
        break;
    case 19:
        sp_521_mont_mul_17(ctx->t5, ctx->t5, ctx->t3, p521_mod, p521_mp_mod);
        ctx->state = 20;
        break;
    case 20:
        sp_521_mont_dbl_17(ctx->t3, ctx->y, p521_mod);
        sp_521_mont_sub_17(ctx->x, ctx->x, ctx->t3, p521_mod);
        ctx->state = 21;
        break;
    case 21:
        /* Y3 = R*(U1*H^2 - X3) - S1*H^3 */
        sp_521_mont_sub_17(ctx->y, ctx->y, ctx->x, p521_mod);
        ctx->state = 22;
        break;
    case 22:
        sp_521_mont_mul_17(ctx->y, ctx->y, ctx->t4, p521_mod, p521_mp_mod);
        ctx->state = 23;
        break;
    case 23:
        sp_521_mont_sub_17(ctx->y, ctx->y, ctx->t5, p521_mod);
        ctx->state = 24;
        break;
    case 24:
    {
        {
            int i;
            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
            sp_digit maskt = ~(maskp | maskq);
            sp_digit inf = (sp_digit)(p->infinity & q->infinity);

            for (i = 0; i < 17; i++) {
                r->x[i] = (p->x[i] & maskp) | (q->x[i] & maskq) |
                          (ctx->x[i] & maskt);
            }
            for (i = 0; i < 17; i++) {
                r->y[i] = (p->y[i] & maskp) | (q->y[i] & maskq) |
                          (ctx->y[i] & maskt);
            }
            for (i = 0; i < 17; i++) {
                r->z[i] = (p->z[i] & maskp) | (q->z[i] & maskq) |
                          (ctx->z[i] & maskt);
            }
            r->z[0] |= inf;
            r->infinity = (word32)inf;
        }
        ctx->state = 25;
        break;
    }
    case 25:
        err = MP_OKAY;
        break;
    }

    if (err == MP_OKAY && ctx->state != 25) {
        err = FP_WOULDBLOCK;
    }
    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */

#ifndef WC_NO_CACHE_RESISTANT
/* Touch each possible point that could be being copied.
 *
 * r      Point to copy into.
 * table  Table - start of the entries to access
 * idx    Index of entry to retrieve.
 */
static void sp_521_get_point_16_17(sp_point_521* r, const sp_point_521* table,
    int idx)
{
    int i;
    sp_digit mask;

    r->x[0] = 0;
    r->x[1] = 0;
    r->x[2] = 0;
    r->x[3] = 0;
    r->x[4] = 0;
    r->x[5] = 0;
    r->x[6] = 0;
    r->x[7] = 0;
    r->x[8] = 0;
    r->x[9] = 0;
    r->x[10] = 0;
    r->x[11] = 0;
    r->x[12] = 0;
    r->x[13] = 0;
    r->x[14] = 0;
    r->x[15] = 0;
    r->x[16] = 0;
    r->y[0] = 0;
    r->y[1] = 0;
    r->y[2] = 0;
    r->y[3] = 0;
    r->y[4] = 0;
    r->y[5] = 0;
    r->y[6] = 0;
    r->y[7] = 0;
    r->y[8] = 0;
    r->y[9] = 0;
    r->y[10] = 0;
    r->y[11] = 0;
    r->y[12] = 0;
    r->y[13] = 0;
    r->y[14] = 0;
    r->y[15] = 0;
    r->y[16] = 0;
    r->z[0] = 0;
    r->z[1] = 0;
    r->z[2] = 0;
    r->z[3] = 0;
    r->z[4] = 0;
    r->z[5] = 0;
    r->z[6] = 0;
    r->z[7] = 0;
    r->z[8] = 0;
    r->z[9] = 0;
    r->z[10] = 0;
    r->z[11] = 0;
    r->z[12] = 0;
    r->z[13] = 0;
    r->z[14] = 0;
    r->z[15] = 0;
    r->z[16] = 0;
    for (i = 1; i < 16; i++) {
        mask = 0 - (i == idx);
        r->x[0] |= mask & table[i].x[0];
        r->x[1] |= mask & table[i].x[1];
        r->x[2] |= mask & table[i].x[2];
        r->x[3] |= mask & table[i].x[3];
        r->x[4] |= mask & table[i].x[4];
        r->x[5] |= mask & table[i].x[5];
        r->x[6] |= mask & table[i].x[6];
        r->x[7] |= mask & table[i].x[7];
        r->x[8] |= mask & table[i].x[8];
        r->x[9] |= mask & table[i].x[9];
        r->x[10] |= mask & table[i].x[10];
        r->x[11] |= mask & table[i].x[11];
        r->x[12] |= mask & table[i].x[12];
        r->x[13] |= mask & table[i].x[13];
        r->x[14] |= mask & table[i].x[14];
        r->x[15] |= mask & table[i].x[15];
        r->x[16] |= mask & table[i].x[16];
        r->y[0] |= mask & table[i].y[0];
        r->y[1] |= mask & table[i].y[1];
        r->y[2] |= mask & table[i].y[2];
        r->y[3] |= mask & table[i].y[3];
        r->y[4] |= mask & table[i].y[4];
        r->y[5] |= mask & table[i].y[5];
        r->y[6] |= mask & table[i].y[6];
        r->y[7] |= mask & table[i].y[7];
        r->y[8] |= mask & table[i].y[8];
        r->y[9] |= mask & table[i].y[9];
        r->y[10] |= mask & table[i].y[10];
        r->y[11] |= mask & table[i].y[11];
        r->y[12] |= mask & table[i].y[12];
        r->y[13] |= mask & table[i].y[13];
        r->y[14] |= mask & table[i].y[14];
        r->y[15] |= mask & table[i].y[15];
        r->y[16] |= mask & table[i].y[16];
        r->z[0] |= mask & table[i].z[0];
        r->z[1] |= mask & table[i].z[1];
        r->z[2] |= mask & table[i].z[2];
        r->z[3] |= mask & table[i].z[3];
        r->z[4] |= mask & table[i].z[4];
        r->z[5] |= mask & table[i].z[5];
        r->z[6] |= mask & table[i].z[6];
        r->z[7] |= mask & table[i].z[7];
        r->z[8] |= mask & table[i].z[8];
        r->z[9] |= mask & table[i].z[9];
        r->z[10] |= mask & table[i].z[10];
        r->z[11] |= mask & table[i].z[11];
        r->z[12] |= mask & table[i].z[12];
        r->z[13] |= mask & table[i].z[13];
        r->z[14] |= mask & table[i].z[14];
        r->z[15] |= mask & table[i].z[15];
        r->z[16] |= mask & table[i].z[16];
    }
}
#endif /* !WC_NO_CACHE_RESISTANT */
/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Fast implementation that generates a pre-computation table.
 * 4 bits of window (no sliding!).
 * Uses add and double for calculating table.
 * 521 doubles.
 * 143 adds.
 *
 * r     Resulting point.
 * g     Point to multiply.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_521_ecc_mulmod_fast_17(sp_point_521* r, const sp_point_521* g, const sp_digit* k,
        int map, int ct, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_521* t = NULL;
    sp_digit* tmp = NULL;
#else
    sp_point_521 t[16 + 1];
    sp_digit tmp[2 * 17 * 6];
#endif
    sp_point_521* rt = NULL;
#ifndef WC_NO_CACHE_RESISTANT
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_521* p = NULL;
#else
    sp_point_521 p[1];
#endif
#endif /* !WC_NO_CACHE_RESISTANT */
    sp_digit n;
    int i;
    int c;
    int y;
    int err = MP_OKAY;

    /* Constant time used for cache attack resistance implementation. */
    (void)ct;
    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    t = (sp_point_521*)XMALLOC(sizeof(sp_point_521) * (16 + 1),
        heap, DYNAMIC_TYPE_ECC);
    if (t == NULL)
        err = MEMORY_E;
    #ifndef WC_NO_CACHE_RESISTANT
    if (err == MP_OKAY) {
        p = (sp_point_521*)XMALLOC(sizeof(sp_point_521),
            heap, DYNAMIC_TYPE_ECC);
        if (p == NULL)
            err = MEMORY_E;
    }
    #endif
    if (err == MP_OKAY) {
        tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 17 * 6, heap,
                                DYNAMIC_TYPE_ECC);
        if (tmp == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        rt = t + 16;

        /* t[0] = {0, 0, 1} * norm */
        XMEMSET(&t[0], 0, sizeof(t[0]));
        t[0].infinity = 1;
        /* t[1] = {g->x, g->y, g->z} * norm */
        (void)sp_521_mod_mul_norm_17(t[1].x, g->x, p521_mod);
        (void)sp_521_mod_mul_norm_17(t[1].y, g->y, p521_mod);
        (void)sp_521_mod_mul_norm_17(t[1].z, g->z, p521_mod);
        t[1].infinity = 0;
        sp_521_proj_point_dbl_17(&t[ 2], &t[ 1], tmp);
        t[ 2].infinity = 0;
        sp_521_proj_point_add_17(&t[ 3], &t[ 2], &t[ 1], tmp);
        t[ 3].infinity = 0;
        sp_521_proj_point_dbl_17(&t[ 4], &t[ 2], tmp);
        t[ 4].infinity = 0;
        sp_521_proj_point_add_17(&t[ 5], &t[ 3], &t[ 2], tmp);
        t[ 5].infinity = 0;
        sp_521_proj_point_dbl_17(&t[ 6], &t[ 3], tmp);
        t[ 6].infinity = 0;
        sp_521_proj_point_add_17(&t[ 7], &t[ 4], &t[ 3], tmp);
        t[ 7].infinity = 0;
        sp_521_proj_point_dbl_17(&t[ 8], &t[ 4], tmp);
        t[ 8].infinity = 0;
        sp_521_proj_point_add_17(&t[ 9], &t[ 5], &t[ 4], tmp);
        t[ 9].infinity = 0;
        sp_521_proj_point_dbl_17(&t[10], &t[ 5], tmp);
        t[10].infinity = 0;
        sp_521_proj_point_add_17(&t[11], &t[ 6], &t[ 5], tmp);
        t[11].infinity = 0;
        sp_521_proj_point_dbl_17(&t[12], &t[ 6], tmp);
        t[12].infinity = 0;
        sp_521_proj_point_add_17(&t[13], &t[ 7], &t[ 6], tmp);
        t[13].infinity = 0;
        sp_521_proj_point_dbl_17(&t[14], &t[ 7], tmp);
        t[14].infinity = 0;
        sp_521_proj_point_add_17(&t[15], &t[ 8], &t[ 7], tmp);
        t[15].infinity = 0;

        i = 15;
        n = k[i+1] << 0;
        c = 5;
        y = (int)(n >> 5);
    #ifndef WC_NO_CACHE_RESISTANT
        if (ct) {
            sp_521_get_point_16_17(rt, t, y);
            rt->infinity = !y;
        }
        else
    #endif
        {
            XMEMCPY(rt, &t[y], sizeof(sp_point_521));
        }
        n <<= 27;
        for (; i>=0 || c>=4; ) {
            if (c < 4) {
                n = (k[i+1] << 31) | (k[i] >> 1);
                i--;
                c += 32;
            }
            y = (n >> 28) & 0xf;
            n <<= 4;
            c -= 4;

            sp_521_proj_point_dbl_17(rt, rt, tmp);
            sp_521_proj_point_dbl_17(rt, rt, tmp);
            sp_521_proj_point_dbl_17(rt, rt, tmp);
            sp_521_proj_point_dbl_17(rt, rt, tmp);

    #ifndef WC_NO_CACHE_RESISTANT
            if (ct) {
                sp_521_get_point_16_17(p, t, y);
                p->infinity = !y;
                sp_521_proj_point_add_17(rt, rt, p, tmp);
            }
            else
    #endif
            {
                sp_521_proj_point_add_17(rt, rt, &t[y], tmp);
            }
        }
        y = k[0] & 0x1;
        sp_521_proj_point_dbl_17(rt, rt, tmp);
        sp_521_proj_point_add_17(rt, rt, &t[y], tmp);

        if (map != 0) {
            sp_521_map_17(r, rt, tmp);
        }
        else {
            XMEMCPY(r, rt, sizeof(sp_point_521));
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (tmp != NULL)
#endif
    {
        ForceZero(tmp, sizeof(sp_digit) * 2 * 17 * 6);
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
    #endif
    }
#ifndef WC_NO_CACHE_RESISTANT
    #ifdef WOLFSSL_SP_SMALL_STACK
    if (p != NULL)
    #endif
        {
            ForceZero(p, sizeof(sp_point_521));
        #ifdef WOLFSSL_SP_SMALL_STACK
            XFREE(p, heap, DYNAMIC_TYPE_ECC);
        #endif
        }
#endif /* !WC_NO_CACHE_RESISTANT */
#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
#endif
    {
        ForceZero(t, sizeof(sp_point_521) * 17);
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
    #endif
    }

    return err;
}

#ifdef FP_ECC
/* Double the Montgomery form projective point p a number of times.
 *
 * r  Result of repeated doubling of point.
 * p  Point to double.
 * n  Number of times to double
 * t  Temporary ordinate data.
 */
static void sp_521_proj_point_dbl_n_17(sp_point_521* p, int i,
    sp_digit* t)
{
    sp_digit* w = t;
    sp_digit* a = t + 2*17;
    sp_digit* b = t + 4*17;
    sp_digit* t1 = t + 6*17;
    sp_digit* t2 = t + 8*17;
    sp_digit* x;
    sp_digit* y;
    sp_digit* z;
    volatile int n = i;

    x = p->x;
    y = p->y;
    z = p->z;

    /* Y = 2*Y */
    sp_521_mont_dbl_17(y, y, p521_mod);
    /* W = Z^4 */
    sp_521_mont_sqr_17(w, z, p521_mod, p521_mp_mod);
    sp_521_mont_sqr_17(w, w, p521_mod, p521_mp_mod);
#ifndef WOLFSSL_SP_SMALL
    while (--n > 0)
#else
    while (--n >= 0)
#endif
    {
        /* A = 3*(X^2 - W) */
        sp_521_mont_sqr_17(t1, x, p521_mod, p521_mp_mod);
        sp_521_mont_sub_17(t1, t1, w, p521_mod);
        sp_521_mont_tpl_17(a, t1, p521_mod);
        /* B = X*Y^2 */
        sp_521_mont_sqr_17(t1, y, p521_mod, p521_mp_mod);
        sp_521_mont_mul_17(b, t1, x, p521_mod, p521_mp_mod);
        /* X = A^2 - 2B */
        sp_521_mont_sqr_17(x, a, p521_mod, p521_mp_mod);
        sp_521_mont_dbl_17(t2, b, p521_mod);
        sp_521_mont_sub_17(x, x, t2, p521_mod);
        /* B = 2.(B - X) */
        sp_521_mont_sub_17(t2, b, x, p521_mod);
        sp_521_mont_dbl_17(b, t2, p521_mod);
        /* Z = Z*Y */
        sp_521_mont_mul_17(z, z, y, p521_mod, p521_mp_mod);
        /* t1 = Y^4 */
        sp_521_mont_sqr_17(t1, t1, p521_mod, p521_mp_mod);
#ifdef WOLFSSL_SP_SMALL
        if (n != 0)
#endif
        {
            /* W = W*Y^4 */
            sp_521_mont_mul_17(w, w, t1, p521_mod, p521_mp_mod);
        }
        /* y = 2*A*(B - X) - Y^4 */
        sp_521_mont_mul_17(y, b, a, p521_mod, p521_mp_mod);
        sp_521_mont_sub_17(y, y, t1, p521_mod);
    }
#ifndef WOLFSSL_SP_SMALL
    /* A = 3*(X^2 - W) */
    sp_521_mont_sqr_17(t1, x, p521_mod, p521_mp_mod);
    sp_521_mont_sub_17(t1, t1, w, p521_mod);
    sp_521_mont_tpl_17(a, t1, p521_mod);
    /* B = X*Y^2 */
    sp_521_mont_sqr_17(t1, y, p521_mod, p521_mp_mod);
    sp_521_mont_mul_17(b, t1, x, p521_mod, p521_mp_mod);
    /* X = A^2 - 2B */
    sp_521_mont_sqr_17(x, a, p521_mod, p521_mp_mod);
    sp_521_mont_dbl_17(t2, b, p521_mod);
    sp_521_mont_sub_17(x, x, t2, p521_mod);
    /* B = 2.(B - X) */
    sp_521_mont_sub_17(t2, b, x, p521_mod);
    sp_521_mont_dbl_17(b, t2, p521_mod);
    /* Z = Z*Y */
    sp_521_mont_mul_17(z, z, y, p521_mod, p521_mp_mod);
    /* t1 = Y^4 */
    sp_521_mont_sqr_17(t1, t1, p521_mod, p521_mp_mod);
    /* y = 2*A*(B - X) - Y^4 */
    sp_521_mont_mul_17(y, b, a, p521_mod, p521_mp_mod);
    sp_521_mont_sub_17(y, y, t1, p521_mod);
#endif /* WOLFSSL_SP_SMALL */
    /* Y = Y/2 */
    sp_521_mont_div2_17(y, y, p521_mod);
}

/* Convert the projective point to affine.
 * Ordinates are in Montgomery form.
 *
 * a  Point to convert.
 * t  Temporary data.
 */
static void sp_521_proj_to_affine_17(sp_point_521* a, sp_digit* t)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t + 2 * 17;
    sp_digit* tmp = t + 4 * 17;

    sp_521_mont_inv_17(t1, a->z, tmp);

    sp_521_mont_sqr_17(t2, t1, p521_mod, p521_mp_mod);
    sp_521_mont_mul_17(t1, t2, t1, p521_mod, p521_mp_mod);

    sp_521_mont_mul_17(a->x, a->x, t2, p521_mod, p521_mp_mod);
    sp_521_mont_mul_17(a->y, a->y, t1, p521_mod, p521_mp_mod);
    XMEMCPY(a->z, p521_norm_mod, sizeof(p521_norm_mod));
}

#endif /* FP_ECC */
/* A table entry for pre-computed points. */
typedef struct sp_table_entry_521 {
    sp_digit x[17];
    sp_digit y[17];
} sp_table_entry_521;

#ifdef FP_ECC
#endif /* FP_ECC */
/* Add two Montgomery form projective points. The second point has a q value of
 * one.
 * Only the first point can be the same pointer as the result point.
 *
 * r  Result of addition.
 * p  First point to add.
 * q  Second point to add.
 * t  Temporary ordinate data.
 */
static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
    const sp_point_521* p, const sp_point_521* q, sp_digit* t)
{
    sp_digit* t2 = t;
    sp_digit* t3 = t + 2*17;
    sp_digit* t6 = t + 4*17;
    sp_digit* t1 = t + 6*17;
    sp_digit* t4 = t + 8*17;
    sp_digit* t5 = t + 10*17;

    /* Calculate values to subtract from P->x and P->y. */
    /* U2 = X2*Z1^2 */
    sp_521_mont_sqr_17(t2, p->z, p521_mod, p521_mp_mod);
    sp_521_mont_mul_17(t4, t2, p->z, p521_mod, p521_mp_mod);
    sp_521_mont_mul_17(t2, t2, q->x, p521_mod, p521_mp_mod);
    /* S2 = Y2*Z1^3 */
    sp_521_mont_mul_17(t4, t4, q->y, p521_mod, p521_mp_mod);

    if ((~p->infinity) & (~q->infinity) &
            sp_521_cmp_equal_17(p->x, t2) &
            sp_521_cmp_equal_17(p->y, t4)) {
        sp_521_proj_point_dbl_17(r, p, t);
    }
    else {
        sp_digit* x = t2;
        sp_digit* y = t3;
        sp_digit* z = t6;

        /* H = U2 - X1 */
        sp_521_mont_sub_17(t2, t2, p->x, p521_mod);
        /* R = S2 - Y1 */
        sp_521_mont_sub_17(t4, t4, p->y, p521_mod);
        /* Z3 = H*Z1 */
        sp_521_mont_mul_17(z, p->z, t2, p521_mod, p521_mp_mod);
        /* X3 = R^2 - H^3 - 2*X1*H^2 */
        sp_521_mont_sqr_17(t1, t2, p521_mod, p521_mp_mod);
        sp_521_mont_mul_17(t3, p->x, t1, p521_mod, p521_mp_mod);
        sp_521_mont_mul_17(t1, t1, t2, p521_mod, p521_mp_mod);
        sp_521_mont_sqr_17(t2, t4, p521_mod, p521_mp_mod);
        sp_521_mont_sub_17(t2, t2, t1, p521_mod);
        sp_521_mont_dbl_17(t5, t3, p521_mod);
        sp_521_mont_sub_17(x, t2, t5, p521_mod);
        /* Y3 = R*(X1*H^2 - X3) - Y1*H^3 */
        sp_521_mont_sub_17(t3, t3, x, p521_mod);
        sp_521_mont_mul_17(t3, t3, t4, p521_mod, p521_mp_mod);
        sp_521_mont_mul_17(t1, t1, p->y, p521_mod, p521_mp_mod);
        sp_521_mont_sub_17(y, t3, t1, p521_mod);
        {
            int i;
            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
            sp_digit maskt = ~(maskp | maskq);
            sp_digit inf = (sp_digit)(p->infinity & q->infinity);

            for (i = 0; i < 17; i++) {
                r->x[i] = (p->x[i] & maskp) | (q->x[i] & maskq) |
                          (x[i] & maskt);
            }
            for (i = 0; i < 17; i++) {
                r->y[i] = (p->y[i] & maskp) | (q->y[i] & maskq) |
                          (y[i] & maskt);
            }
            for (i = 0; i < 17; i++) {
                r->z[i] = (p->z[i] & maskp) | (q->z[i] & maskq) |
                          (z[i] & maskt);
            }
            r->z[0] |= inf;
            r->infinity = (word32)inf;
        }
    }
}

#ifdef WOLFSSL_SP_SMALL
#ifdef FP_ECC
/* Generate the pre-computed table of points for the base point.
 *
 * width = 4
 * 16 entries
 * 130 bits between
 *
 * a      The base point.
 * table  Place to store generated point data.
 * tmp    Temporary data.
 * heap  Heap to use for allocation.
 */
static int sp_521_gen_stripe_table_17(const sp_point_521* a,
        sp_table_entry_521* table, sp_digit* tmp, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_521* t = NULL;
#else
    sp_point_521 t[3];
#endif
    sp_point_521* s1 = NULL;
    sp_point_521* s2 = NULL;
    int i;
    int j;
    int err = MP_OKAY;

    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    t = (sp_point_521*)XMALLOC(sizeof(sp_point_521) * 3, heap,
                                     DYNAMIC_TYPE_ECC);
    if (t == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {
        s1 = t + 1;
        s2 = t + 2;

        err = sp_521_mod_mul_norm_17(t->x, a->x, p521_mod);
    }
    if (err == MP_OKAY) {
        err = sp_521_mod_mul_norm_17(t->y, a->y, p521_mod);
    }
    if (err == MP_OKAY) {
        err = sp_521_mod_mul_norm_17(t->z, a->z, p521_mod);
    }
    if (err == MP_OKAY) {
        t->infinity = 0;
        sp_521_proj_to_affine_17(t, tmp);

        XMEMCPY(s1->z, p521_norm_mod, sizeof(p521_norm_mod));
        s1->infinity = 0;
        XMEMCPY(s2->z, p521_norm_mod, sizeof(p521_norm_mod));
        s2->infinity = 0;

        /* table[0] = {0, 0, infinity} */
        XMEMSET(&table[0], 0, sizeof(sp_table_entry_521));
        /* table[1] = Affine version of 'a' in Montgomery form */
        XMEMCPY(table[1].x, t->x, sizeof(table->x));
        XMEMCPY(table[1].y, t->y, sizeof(table->y));

        for (i=1; i<4; i++) {
            sp_521_proj_point_dbl_n_17(t, 131, tmp);
            sp_521_proj_to_affine_17(t, tmp);
            XMEMCPY(table[1<<i].x, t->x, sizeof(table->x));
            XMEMCPY(table[1<<i].y, t->y, sizeof(table->y));
        }

        for (i=1; i<4; i++) {
            XMEMCPY(s1->x, table[1<<i].x, sizeof(table->x));
            XMEMCPY(s1->y, table[1<<i].y, sizeof(table->y));
            for (j=(1<<i)+1; j<(1<<(i+1)); j++) {
                XMEMCPY(s2->x, table[j-(1<<i)].x, sizeof(table->x));
                XMEMCPY(s2->y, table[j-(1<<i)].y, sizeof(table->y));
                sp_521_proj_point_add_qz1_17(t, s1, s2, tmp);
                sp_521_proj_to_affine_17(t, tmp);
                XMEMCPY(table[j].x, t->x, sizeof(table->x));
                XMEMCPY(table[j].y, t->y, sizeof(table->y));
            }
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#endif /* FP_ECC */
#ifndef WC_NO_CACHE_RESISTANT
/* Touch each possible entry that could be being copied.
 *
 * r      Point to copy into.
 * table  Table - start of the entries to access
 * idx    Index of entry to retrieve.
 */
static void sp_521_get_entry_16_17(sp_point_521* r,
    const sp_table_entry_521* table, int idx)
{
    int i;
    sp_digit mask;

    r->x[0] = 0;
    r->x[1] = 0;
    r->x[2] = 0;
    r->x[3] = 0;
    r->x[4] = 0;
    r->x[5] = 0;
    r->x[6] = 0;
    r->x[7] = 0;
    r->x[8] = 0;
    r->x[9] = 0;
    r->x[10] = 0;
    r->x[11] = 0;
    r->x[12] = 0;
    r->x[13] = 0;
    r->x[14] = 0;
    r->x[15] = 0;
    r->x[16] = 0;
    r->y[0] = 0;
    r->y[1] = 0;
    r->y[2] = 0;
    r->y[3] = 0;
    r->y[4] = 0;
    r->y[5] = 0;
    r->y[6] = 0;
    r->y[7] = 0;
    r->y[8] = 0;
    r->y[9] = 0;
    r->y[10] = 0;
    r->y[11] = 0;
    r->y[12] = 0;
    r->y[13] = 0;
    r->y[14] = 0;
    r->y[15] = 0;
    r->y[16] = 0;
    for (i = 1; i < 16; i++) {
        mask = 0 - (i == idx);
        r->x[0] |= mask & table[i].x[0];
        r->x[1] |= mask & table[i].x[1];
        r->x[2] |= mask & table[i].x[2];
        r->x[3] |= mask & table[i].x[3];
        r->x[4] |= mask & table[i].x[4];
        r->x[5] |= mask & table[i].x[5];
        r->x[6] |= mask & table[i].x[6];
        r->x[7] |= mask & table[i].x[7];
        r->x[8] |= mask & table[i].x[8];
        r->x[9] |= mask & table[i].x[9];
        r->x[10] |= mask & table[i].x[10];
        r->x[11] |= mask & table[i].x[11];
        r->x[12] |= mask & table[i].x[12];
        r->x[13] |= mask & table[i].x[13];
        r->x[14] |= mask & table[i].x[14];
        r->x[15] |= mask & table[i].x[15];
        r->x[16] |= mask & table[i].x[16];
        r->y[0] |= mask & table[i].y[0];
        r->y[1] |= mask & table[i].y[1];
        r->y[2] |= mask & table[i].y[2];
        r->y[3] |= mask & table[i].y[3];
        r->y[4] |= mask & table[i].y[4];
        r->y[5] |= mask & table[i].y[5];
        r->y[6] |= mask & table[i].y[6];
        r->y[7] |= mask & table[i].y[7];
        r->y[8] |= mask & table[i].y[8];
        r->y[9] |= mask & table[i].y[9];
        r->y[10] |= mask & table[i].y[10];
        r->y[11] |= mask & table[i].y[11];
        r->y[12] |= mask & table[i].y[12];
        r->y[13] |= mask & table[i].y[13];
        r->y[14] |= mask & table[i].y[14];
        r->y[15] |= mask & table[i].y[15];
        r->y[16] |= mask & table[i].y[16];
    }
}
#endif /* !WC_NO_CACHE_RESISTANT */
/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Stripe implementation.
 * Pre-generated: 2^0, 2^130, ...
 * Pre-generated: products of all combinations of above.
 * 4 doubles and adds (with qz=1)
 *
 * r      Resulting point.
 * k      Scalar to multiply by.
 * table  Pre-computed table.
 * map    Indicates whether to convert result to affine.
 * ct     Constant time required.
 * heap   Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g,
        const sp_table_entry_521* table, const sp_digit* k, int map,
        int ct, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_521* rt = NULL;
    sp_digit* t = NULL;
#else
    sp_point_521 rt[2];
    sp_digit t[2 * 17 * 6];
#endif
    sp_point_521* p = NULL;
    int i;
    int j;
    int y;
    int x;
    int err = MP_OKAY;

    (void)g;
    /* Constant time used for cache attack resistance implementation. */
    (void)ct;
    (void)heap;


#ifdef WOLFSSL_SP_SMALL_STACK
    rt = (sp_point_521*)XMALLOC(sizeof(sp_point_521) * 2, heap,
                                      DYNAMIC_TYPE_ECC);
    if (rt == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 17 * 6, heap,
                               DYNAMIC_TYPE_ECC);
        if (t == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        p = rt + 1;

        XMEMCPY(p->z, p521_norm_mod, sizeof(p521_norm_mod));
        XMEMCPY(rt->z, p521_norm_mod, sizeof(p521_norm_mod));

        y = 0;
        x = 130;
        for (j=0; j<4 && x<521; j++) {
            y |= (int)(((k[x / 32] >> (x % 32)) & 1) << j);
            x += 131;
        }
    #ifndef WC_NO_CACHE_RESISTANT
        if (ct) {
            sp_521_get_entry_16_17(rt, table, y);
        } else
    #endif
        {
            XMEMCPY(rt->x, table[y].x, sizeof(table[y].x));
            XMEMCPY(rt->y, table[y].y, sizeof(table[y].y));
        }
        rt->infinity = !y;
        for (i=129; i>=0; i--) {
            y = 0;
            x = i;
            for (j=0; j<4 && x<521; j++) {
                y |= (int)(((k[x / 32] >> (x % 32)) & 1) << j);
                x += 131;
            }

            sp_521_proj_point_dbl_17(rt, rt, t);
        #ifndef WC_NO_CACHE_RESISTANT
            if (ct) {
                sp_521_get_entry_16_17(p, table, y);
            }
            else
        #endif
            {
                XMEMCPY(p->x, table[y].x, sizeof(table[y].x));
                XMEMCPY(p->y, table[y].y, sizeof(table[y].y));
            }
            p->infinity = !y;
            sp_521_proj_point_add_qz1_17(rt, rt, p, t);
        }

        if (map != 0) {
            sp_521_map_17(r, rt, t);
        }
        else {
            XMEMCPY(r, rt, sizeof(sp_point_521));
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
    if (rt != NULL)
        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef FP_ECC
#ifndef FP_ENTRIES
    #define FP_ENTRIES 16
#endif

/* Cache entry - holds precomputation tables for a point. */
typedef struct sp_cache_521_t {
    /* X ordinate of point that table was generated from. */
    sp_digit x[17];
    /* Y ordinate of point that table was generated from. */
    sp_digit y[17];
    /* Precomputation table for point. */
    sp_table_entry_521 table[16];
    /* Count of entries in table. */
    uint32_t cnt;
    /* Point and table set in entry. */
    int set;
} sp_cache_521_t;

/* Cache of tables. */
static THREAD_LS_T sp_cache_521_t sp_cache_521[FP_ENTRIES];
/* Index of last entry in cache. */
static THREAD_LS_T int sp_cache_521_last = -1;
/* Cache has been initialized. */
static THREAD_LS_T int sp_cache_521_inited = 0;

#ifndef HAVE_THREAD_LS
    static volatile int initCacheMutex_521 = 0;
    static wolfSSL_Mutex sp_cache_521_lock;
#endif

/* Get the cache entry for the point.
 *
 * g      [in]   Point scalar multiplying.
 * cache  [out]  Cache table to use.
 */
static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
{
    int i;
    int j;
    uint32_t least;

    if (sp_cache_521_inited == 0) {
        for (i=0; i<FP_ENTRIES; i++) {
            sp_cache_521[i].set = 0;
        }
        sp_cache_521_inited = 1;
    }

    /* Compare point with those in cache. */
    for (i=0; i<FP_ENTRIES; i++) {
        if (!sp_cache_521[i].set)
            continue;

        if (sp_521_cmp_equal_17(g->x, sp_cache_521[i].x) &
                           sp_521_cmp_equal_17(g->y, sp_cache_521[i].y)) {
            sp_cache_521[i].cnt++;
            break;
        }
    }

    /* No match. */
    if (i == FP_ENTRIES) {
        /* Find empty entry. */
        i = (sp_cache_521_last + 1) % FP_ENTRIES;
        for (; i != sp_cache_521_last; i=(i+1)%FP_ENTRIES) {
            if (!sp_cache_521[i].set) {
                break;
            }
        }

        /* Evict least used. */
        if (i == sp_cache_521_last) {
            least = sp_cache_521[0].cnt;
            for (j=1; j<FP_ENTRIES; j++) {
                if (sp_cache_521[j].cnt < least) {
                    i = j;
                    least = sp_cache_521[i].cnt;
                }
            }
        }

        XMEMCPY(sp_cache_521[i].x, g->x, sizeof(sp_cache_521[i].x));
        XMEMCPY(sp_cache_521[i].y, g->y, sizeof(sp_cache_521[i].y));
        sp_cache_521[i].set = 1;
        sp_cache_521[i].cnt = 1;
    }

    *cache = &sp_cache_521[i];
    sp_cache_521_last = i;
}
#endif /* FP_ECC */

/* Multiply the base point of P521 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * r     Resulting point.
 * g     Point to multiply.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
        const sp_digit* k, int map, int ct, void* heap)
{
#ifndef FP_ECC
    return sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap);
#else
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp;
#else
    sp_digit tmp[2 * 17 * 6];
#endif
    sp_cache_521_t* cache;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 17 * 6, heap, DYNAMIC_TYPE_ECC);
    if (tmp == NULL) {
        err = MEMORY_E;
    }
#endif
#ifndef HAVE_THREAD_LS
    if (err == MP_OKAY) {
        if (initCacheMutex_521 == 0) {
            wc_InitMutex(&sp_cache_521_lock);
            initCacheMutex_521 = 1;
        }
        if (wc_LockMutex(&sp_cache_521_lock) != 0) {
            err = BAD_MUTEX_E;
        }
    }
#endif /* HAVE_THREAD_LS */

    if (err == MP_OKAY) {
        sp_ecc_get_cache_521(g, &cache);
        if (cache->cnt == 2)
            sp_521_gen_stripe_table_17(g, cache->table, tmp, heap);

#ifndef HAVE_THREAD_LS
        wc_UnLockMutex(&sp_cache_521_lock);
#endif /* HAVE_THREAD_LS */

        if (cache->cnt < 2) {
            err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap);
        }
        else {
            err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k,
                    map, ct, heap);
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
    return err;
#endif
}

#else
#ifdef FP_ECC
/* Generate the pre-computed table of points for the base point.
 *
 * width = 8
 * 256 entries
 * 65 bits between
 *
 * a      The base point.
 * table  Place to store generated point data.
 * tmp    Temporary data.
 * heap  Heap to use for allocation.
 */
static int sp_521_gen_stripe_table_17(const sp_point_521* a,
        sp_table_entry_521* table, sp_digit* tmp, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_521* t = NULL;
#else
    sp_point_521 t[3];
#endif
    sp_point_521* s1 = NULL;
    sp_point_521* s2 = NULL;
    int i;
    int j;
    int err = MP_OKAY;

    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    t = (sp_point_521*)XMALLOC(sizeof(sp_point_521) * 3, heap,
                                     DYNAMIC_TYPE_ECC);
    if (t == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {
        s1 = t + 1;
        s2 = t + 2;

        err = sp_521_mod_mul_norm_17(t->x, a->x, p521_mod);
    }
    if (err == MP_OKAY) {
        err = sp_521_mod_mul_norm_17(t->y, a->y, p521_mod);
    }
    if (err == MP_OKAY) {
        err = sp_521_mod_mul_norm_17(t->z, a->z, p521_mod);
    }
    if (err == MP_OKAY) {
        t->infinity = 0;
        sp_521_proj_to_affine_17(t, tmp);

        XMEMCPY(s1->z, p521_norm_mod, sizeof(p521_norm_mod));
        s1->infinity = 0;
        XMEMCPY(s2->z, p521_norm_mod, sizeof(p521_norm_mod));
        s2->infinity = 0;

        /* table[0] = {0, 0, infinity} */
        XMEMSET(&table[0], 0, sizeof(sp_table_entry_521));
        /* table[1] = Affine version of 'a' in Montgomery form */
        XMEMCPY(table[1].x, t->x, sizeof(table->x));
        XMEMCPY(table[1].y, t->y, sizeof(table->y));

        for (i=1; i<8; i++) {
            sp_521_proj_point_dbl_n_17(t, 66, tmp);
            sp_521_proj_to_affine_17(t, tmp);
            XMEMCPY(table[1<<i].x, t->x, sizeof(table->x));
            XMEMCPY(table[1<<i].y, t->y, sizeof(table->y));
        }

        for (i=1; i<8; i++) {
            XMEMCPY(s1->x, table[1<<i].x, sizeof(table->x));
            XMEMCPY(s1->y, table[1<<i].y, sizeof(table->y));
            for (j=(1<<i)+1; j<(1<<(i+1)); j++) {
                XMEMCPY(s2->x, table[j-(1<<i)].x, sizeof(table->x));
                XMEMCPY(s2->y, table[j-(1<<i)].y, sizeof(table->y));
                sp_521_proj_point_add_qz1_17(t, s1, s2, tmp);
                sp_521_proj_to_affine_17(t, tmp);
                XMEMCPY(table[j].x, t->x, sizeof(table->x));
                XMEMCPY(table[j].y, t->y, sizeof(table->y));
            }
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#endif /* FP_ECC */
#ifndef WC_NO_CACHE_RESISTANT
/* Touch each possible entry that could be being copied.
 *
 * r      Point to copy into.
 * table  Table - start of the entries to access
 * idx    Index of entry to retrieve.
 */
static void sp_521_get_entry_256_17(sp_point_521* r,
    const sp_table_entry_521* table, int idx)
{
    int i;
    sp_digit mask;

    r->x[0] = 0;
    r->x[1] = 0;
    r->x[2] = 0;
    r->x[3] = 0;
    r->x[4] = 0;
    r->x[5] = 0;
    r->x[6] = 0;
    r->x[7] = 0;
    r->x[8] = 0;
    r->x[9] = 0;
    r->x[10] = 0;
    r->x[11] = 0;
    r->x[12] = 0;
    r->x[13] = 0;
    r->x[14] = 0;
    r->x[15] = 0;
    r->x[16] = 0;
    r->y[0] = 0;
    r->y[1] = 0;
    r->y[2] = 0;
    r->y[3] = 0;
    r->y[4] = 0;
    r->y[5] = 0;
    r->y[6] = 0;
    r->y[7] = 0;
    r->y[8] = 0;
    r->y[9] = 0;
    r->y[10] = 0;
    r->y[11] = 0;
    r->y[12] = 0;
    r->y[13] = 0;
    r->y[14] = 0;
    r->y[15] = 0;
    r->y[16] = 0;
    for (i = 1; i < 256; i++) {
        mask = 0 - (i == idx);
        r->x[0] |= mask & table[i].x[0];
        r->x[1] |= mask & table[i].x[1];
        r->x[2] |= mask & table[i].x[2];
        r->x[3] |= mask & table[i].x[3];
        r->x[4] |= mask & table[i].x[4];
        r->x[5] |= mask & table[i].x[5];
        r->x[6] |= mask & table[i].x[6];
        r->x[7] |= mask & table[i].x[7];
        r->x[8] |= mask & table[i].x[8];
        r->x[9] |= mask & table[i].x[9];
        r->x[10] |= mask & table[i].x[10];
        r->x[11] |= mask & table[i].x[11];
        r->x[12] |= mask & table[i].x[12];
        r->x[13] |= mask & table[i].x[13];
        r->x[14] |= mask & table[i].x[14];
        r->x[15] |= mask & table[i].x[15];
        r->x[16] |= mask & table[i].x[16];
        r->y[0] |= mask & table[i].y[0];
        r->y[1] |= mask & table[i].y[1];
        r->y[2] |= mask & table[i].y[2];
        r->y[3] |= mask & table[i].y[3];
        r->y[4] |= mask & table[i].y[4];
        r->y[5] |= mask & table[i].y[5];
        r->y[6] |= mask & table[i].y[6];
        r->y[7] |= mask & table[i].y[7];
        r->y[8] |= mask & table[i].y[8];
        r->y[9] |= mask & table[i].y[9];
        r->y[10] |= mask & table[i].y[10];
        r->y[11] |= mask & table[i].y[11];
        r->y[12] |= mask & table[i].y[12];
        r->y[13] |= mask & table[i].y[13];
        r->y[14] |= mask & table[i].y[14];
        r->y[15] |= mask & table[i].y[15];
        r->y[16] |= mask & table[i].y[16];
    }
}
#endif /* !WC_NO_CACHE_RESISTANT */
/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Stripe implementation.
 * Pre-generated: 2^0, 2^65, ...
 * Pre-generated: products of all combinations of above.
 * 8 doubles and adds (with qz=1)
 *
 * r      Resulting point.
 * k      Scalar to multiply by.
 * table  Pre-computed table.
 * map    Indicates whether to convert result to affine.
 * ct     Constant time required.
 * heap   Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g,
        const sp_table_entry_521* table, const sp_digit* k, int map,
        int ct, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_521* rt = NULL;
    sp_digit* t = NULL;
#else
    sp_point_521 rt[2];
    sp_digit t[2 * 17 * 6];
#endif
    sp_point_521* p = NULL;
    int i;
    int j;
    int y;
    int x;
    int err = MP_OKAY;

    (void)g;
    /* Constant time used for cache attack resistance implementation. */
    (void)ct;
    (void)heap;


#ifdef WOLFSSL_SP_SMALL_STACK
    rt = (sp_point_521*)XMALLOC(sizeof(sp_point_521) * 2, heap,
                                      DYNAMIC_TYPE_ECC);
    if (rt == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 17 * 6, heap,
                               DYNAMIC_TYPE_ECC);
        if (t == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        p = rt + 1;

        XMEMCPY(p->z, p521_norm_mod, sizeof(p521_norm_mod));
        XMEMCPY(rt->z, p521_norm_mod, sizeof(p521_norm_mod));

        y = 0;
        x = 65;
        for (j=0; j<8 && x<521; j++) {
            y |= (int)(((k[x / 32] >> (x % 32)) & 1) << j);
            x += 66;
        }
    #ifndef WC_NO_CACHE_RESISTANT
        if (ct) {
            sp_521_get_entry_256_17(rt, table, y);
        } else
    #endif
        {
            XMEMCPY(rt->x, table[y].x, sizeof(table[y].x));
            XMEMCPY(rt->y, table[y].y, sizeof(table[y].y));
        }
        rt->infinity = !y;
        for (i=64; i>=0; i--) {
            y = 0;
            x = i;
            for (j=0; j<8 && x<521; j++) {
                y |= (int)(((k[x / 32] >> (x % 32)) & 1) << j);
                x += 66;
            }

            sp_521_proj_point_dbl_17(rt, rt, t);
        #ifndef WC_NO_CACHE_RESISTANT
            if (ct) {
                sp_521_get_entry_256_17(p, table, y);
            }
            else
        #endif
            {
                XMEMCPY(p->x, table[y].x, sizeof(table[y].x));
                XMEMCPY(p->y, table[y].y, sizeof(table[y].y));
            }
            p->infinity = !y;
            sp_521_proj_point_add_qz1_17(rt, rt, p, t);
        }

        if (map != 0) {
            sp_521_map_17(r, rt, t);
        }
        else {
            XMEMCPY(r, rt, sizeof(sp_point_521));
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
    if (rt != NULL)
        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef FP_ECC
#ifndef FP_ENTRIES
    #define FP_ENTRIES 16
#endif

/* Cache entry - holds precomputation tables for a point. */
typedef struct sp_cache_521_t {
    /* X ordinate of point that table was generated from. */
    sp_digit x[17];
    /* Y ordinate of point that table was generated from. */
    sp_digit y[17];
    /* Precomputation table for point. */
    sp_table_entry_521 table[256];
    /* Count of entries in table. */
    uint32_t cnt;
    /* Point and table set in entry. */
    int set;
} sp_cache_521_t;

/* Cache of tables. */
static THREAD_LS_T sp_cache_521_t sp_cache_521[FP_ENTRIES];
/* Index of last entry in cache. */
static THREAD_LS_T int sp_cache_521_last = -1;
/* Cache has been initialized. */
static THREAD_LS_T int sp_cache_521_inited = 0;

#ifndef HAVE_THREAD_LS
    static volatile int initCacheMutex_521 = 0;
    static wolfSSL_Mutex sp_cache_521_lock;
#endif

/* Get the cache entry for the point.
 *
 * g      [in]   Point scalar multiplying.
 * cache  [out]  Cache table to use.
 */
static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
{
    int i;
    int j;
    uint32_t least;

    if (sp_cache_521_inited == 0) {
        for (i=0; i<FP_ENTRIES; i++) {
            sp_cache_521[i].set = 0;
        }
        sp_cache_521_inited = 1;
    }

    /* Compare point with those in cache. */
    for (i=0; i<FP_ENTRIES; i++) {
        if (!sp_cache_521[i].set)
            continue;

        if (sp_521_cmp_equal_17(g->x, sp_cache_521[i].x) &
                           sp_521_cmp_equal_17(g->y, sp_cache_521[i].y)) {
            sp_cache_521[i].cnt++;
            break;
        }
    }

    /* No match. */
    if (i == FP_ENTRIES) {
        /* Find empty entry. */
        i = (sp_cache_521_last + 1) % FP_ENTRIES;
        for (; i != sp_cache_521_last; i=(i+1)%FP_ENTRIES) {
            if (!sp_cache_521[i].set) {
                break;
            }
        }

        /* Evict least used. */
        if (i == sp_cache_521_last) {
            least = sp_cache_521[0].cnt;
            for (j=1; j<FP_ENTRIES; j++) {
                if (sp_cache_521[j].cnt < least) {
                    i = j;
                    least = sp_cache_521[i].cnt;
                }
            }
        }

        XMEMCPY(sp_cache_521[i].x, g->x, sizeof(sp_cache_521[i].x));
        XMEMCPY(sp_cache_521[i].y, g->y, sizeof(sp_cache_521[i].y));
        sp_cache_521[i].set = 1;
        sp_cache_521[i].cnt = 1;
    }

    *cache = &sp_cache_521[i];
    sp_cache_521_last = i;
}
#endif /* FP_ECC */

/* Multiply the base point of P521 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * r     Resulting point.
 * g     Point to multiply.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
        const sp_digit* k, int map, int ct, void* heap)
{
#ifndef FP_ECC
    return sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap);
#else
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp;
#else
    sp_digit tmp[2 * 17 * 6];
#endif
    sp_cache_521_t* cache;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 17 * 6, heap, DYNAMIC_TYPE_ECC);
    if (tmp == NULL) {
        err = MEMORY_E;
    }
#endif
#ifndef HAVE_THREAD_LS
    if (err == MP_OKAY) {
        if (initCacheMutex_521 == 0) {
            wc_InitMutex(&sp_cache_521_lock);
            initCacheMutex_521 = 1;
        }
        if (wc_LockMutex(&sp_cache_521_lock) != 0) {
            err = BAD_MUTEX_E;
        }
    }
#endif /* HAVE_THREAD_LS */

    if (err == MP_OKAY) {
        sp_ecc_get_cache_521(g, &cache);
        if (cache->cnt == 2)
            sp_521_gen_stripe_table_17(g, cache->table, tmp, heap);

#ifndef HAVE_THREAD_LS
        wc_UnLockMutex(&sp_cache_521_lock);
#endif /* HAVE_THREAD_LS */

        if (cache->cnt < 2) {
            err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap);
        }
        else {
            err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k,
                    map, ct, heap);
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
    return err;
#endif
}

#endif /* WOLFSSL_SP_SMALL */
/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * km    Scalar to multiply by.
 * p     Point to multiply.
 * r     Resulting point.
 * map   Indicates whether to convert result to affine.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
        int map, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_521* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_521 point[1];
    sp_digit k[17];
#endif
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    point = (sp_point_521*)XMALLOC(sizeof(sp_point_521), heap,
                                         DYNAMIC_TYPE_ECC);
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 17, heap,
                               DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        sp_521_from_mp(k, 17, km);
        sp_521_point_from_ecc_point_17(point, gm);

            err = sp_521_ecc_mulmod_17(point, point, k, map, 1, heap);
    }
    if (err == MP_OKAY) {
        err = sp_521_point_to_ecc_point_17(point, r);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Multiply the point by the scalar, add point a and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * km      Scalar to multiply by.
 * p       Point to multiply.
 * am      Point to add to scalar multiply result.
 * inMont  Point to add is in montgomery form.
 * r       Resulting point.
 * map     Indicates whether to convert result to affine.
 * heap    Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
    const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_521* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_521 point[2];
    sp_digit k[17 + 17 * 2 * 6];
#endif
    sp_point_521* addP = NULL;
    sp_digit* tmp = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    point = (sp_point_521*)XMALLOC(sizeof(sp_point_521) * 2, heap,
                                         DYNAMIC_TYPE_ECC);
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(
            sizeof(sp_digit) * (17 + 17 * 2 * 6), heap,
            DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        addP = point + 1;
        tmp = k + 17;

        sp_521_from_mp(k, 17, km);
        sp_521_point_from_ecc_point_17(point, gm);
        sp_521_point_from_ecc_point_17(addP, am);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_521_mod_mul_norm_17(addP->x, addP->x, p521_mod);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_521_mod_mul_norm_17(addP->y, addP->y, p521_mod);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_521_mod_mul_norm_17(addP->z, addP->z, p521_mod);
    }
    if (err == MP_OKAY) {
            err = sp_521_ecc_mulmod_17(point, point, k, 0, 0, heap);
    }
    if (err == MP_OKAY) {
            sp_521_proj_point_add_17(point, point, addP, tmp);

        if (map) {
                sp_521_map_17(point, point, tmp);
        }

        err = sp_521_point_to_ecc_point_17(point, r);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef WOLFSSL_SP_SMALL
/* Striping precomputation table.
 * 4 points combined into a table of 16 points.
 * Distance of 131 between points.
 */
static const sp_table_entry_521 p521_table[16] = {
    /* 0 */
    { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00 },
      { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00 } },
    /* 1 */
    { { 0xc2e5bd66,0xf97e7e31,0x856a429b,0x3348b3c1,0xa2ffa8de,0xfe1dc127,
        0xefe75928,0xa14b5e77,0x6b4d3dba,0xf828af60,0x053fb521,0x9c648139,
        0x2395b442,0x9e3ecb66,0x0404e9cd,0x858e06b7,0x000000c6 },
      { 0x9fd16650,0x88be9476,0xa272c240,0x353c7086,0x3fad0761,0xc550b901,
        0x5ef42640,0x97ee7299,0x273e662c,0x17afbd17,0x579b4468,0x98f54449,
        0x2c7d1bd9,0x5c8a5fb4,0x9a3bc004,0x39296a78,0x00000118 } },
    /* 2 */
    { { 0x66fd07ca,0x1036eb9b,0x6b7fb490,0x6ca52cc1,0xd3e0c270,0x512e973e,
        0x73d92d11,0x889980bf,0xa4005eea,0x38b4cfe4,0x8ceb4313,0xb6f992cc,
        0x6daf7c23,0xd0ac2f8d,0xe32a93cb,0x1ccfbf17,0x000000c2 },
      { 0x2f508cca,0x7bd9d6f1,0x595a72af,0xe82d7171,0x97512873,0x25d02976,
        0x8cf39fbc,0xefc1de8b,0x9a1237f4,0x25e6b77f,0xd4d98b5d,0x9f3b73e7,
        0xeccb07fe,0xe1fda62b,0x625350cf,0xdb813b03,0x00000014 } },
    /* 3 */
    { { 0x9b27bd61,0x415a1c9b,0x606854d6,0x74522753,0x92e73538,0x9e331ef4,
        0x817e7a6d,0x0b3dba85,0x49ac273b,0x55c4bd53,0xfcb5417f,0xad42c78d,
        0x92e08d38,0x528998b9,0xcc1914cc,0x14c2fff6,0x000000c1 },
      { 0x767e9645,0x35b26fb0,0xc5e5a659,0x162b512f,0xcc47fbb8,0xa6e03696,
        0x0a29a69b,0x732db065,0xd56bdf5d,0x058a74ed,0x25c858d9,0x4b7b60a0,
        0xbd43373d,0x17f8a6d4,0xedf610b4,0x7b968f51,0x0000011f } },
    /* 4 */
    { { 0x1bc0fa77,0x5f56b5a4,0x64fd36f5,0x6cdd6bb5,0x8a5b7c7f,0xd0ac68b5,
        0x09919ef9,0x4a92d9bf,0x71c3c520,0xc305e12b,0xdb699aee,0x554a9d1c,
        0x61f54643,0x7fde0077,0x479115ce,0x99c13124,0x00000039 },
      { 0xc271ac2d,0x25f890e1,0x94b370ac,0x1353ccd3,0x744d4011,0xc7b5adf6,
        0xbe378127,0x9ccd7687,0x06c4e3cd,0xa8489b5c,0x305505f9,0x1945580a,
        0x4ab3b12b,0x07190a20,0x1534ea4d,0x0ff53eb1,0x00000159 } },
    /* 5 */
    { { 0x91798548,0x877d4edd,0x031d657a,0xc43c7b25,0xfab18a04,0x47603671,
        0xf670b476,0x7e39e7f2,0xb02fcc03,0xf7b76431,0x877f46f5,0x7c5662f3,
        0x1c8b0c61,0x5bf8327e,0x4a8be322,0xe9cdb353,0x000001ae },
      { 0x9d264420,0xa2d7092e,0x533ff3db,0x1f970352,0x99b5b52e,0x31dd232b,
        0x850f45e9,0x8a9ce16b,0xc3011849,0x01c99023,0xc8e9301e,0x4bc30989,
        0xcd95f64c,0x77a4de70,0x1026f289,0xbc8797bb,0x000000d7 } },
    /* 6 */
    { { 0x2be9edf8,0x98ea0934,0xfcb98199,0x6c2f3132,0xfaf83aeb,0xf579893d,
        0xc73fda0f,0x858e87bb,0x7a0b9d1c,0xd3c0b3fb,0x71ee68b1,0x21fe6305,
        0x66aa6f16,0x5bf8f01f,0xbca825ed,0x30934c99,0x000000d1 },
      { 0x913022f2,0xe4309850,0xde5b80ce,0xfdc336c9,0x8b6130ef,0xb716d689,
        0xa758d2f4,0x8a58b405,0xaa5cbc1c,0x98879df8,0xc12ce0bb,0x847cfd06,
        0x8c02ff3c,0xa1006360,0x3438695b,0x836e906a,0x00000136 } },
    /* 7 */
    { { 0x259ce02d,0xac8fe351,0xdae5e0f7,0xa506da0c,0xf043421d,0x77b56e98,
        0xa1647490,0xe0d041c7,0x9cb90101,0xe41f0789,0xda3e72e6,0x29bbf572,
        0x04a14df0,0x6b635c47,0xe81ef5d3,0x56873f58,0x000001dd },
      { 0x5cf9e33f,0x77abe79e,0x0a1117fd,0x91aab581,0xcbac2fe1,0x11edf3b1,
        0xd72113b7,0xef43e017,0x06b74002,0xf9ad685c,0x8fbd3b1a,0x7e6370ce,
        0x42f73a82,0x550dd50b,0xc5e64a9b,0x8f2146be,0x000001f2 } },
    /* 8 */
    { { 0x2934ed82,0x05a704cc,0x989edd8c,0x647089fb,0x0ce7c62d,0xe0b239d4,
        0x105a5eff,0x4c892ea6,0xd5ed6b04,0xa519395f,0x509ed794,0x806c7003,
        0xe70ce5c4,0x882e9886,0xff01f6a9,0x50730ca1,0x00000088 },
      { 0xdbcc5484,0x90a78a16,0xfd454b50,0xc1ab078c,0xcb09e525,0x6f488252,
        0xe19b2ed7,0xdd663f53,0xa67bf59c,0x16b10da1,0x36bb770a,0xb47f6b95,
        0x777b2bce,0x6bdc8428,0x561553f8,0xcd02ae3d,0x00000017 } },
    /* 9 */
    { { 0x1579d15a,0x1e3633a0,0x3e98cd1f,0x574f0c23,0xc60f4f99,0x45969dca,
        0x49fb9f24,0x10062c93,0xd378f640,0xd29a29d7,0xd7d48c2f,0xec941760,
        0x31fbea5c,0xf0591c59,0xb40f9ebf,0xd6173e6b,0x00000063 },
      { 0x5a984a72,0x220f4f39,0x32510f26,0x9a3f82ce,0x8c069a1d,0xf3d04c76,
        0x69a21e57,0xf1d6d891,0xdc4db601,0x6b96b30b,0x64dcf3e0,0x71eeb728,
        0xc7caaff3,0x6f80c483,0x571b66e4,0x45533092,0x000000b0 } },
    /* 10 */
    { { 0x87140dad,0x49ae4521,0x57e2803e,0xda73032b,0x026ea20a,0x13f5e5eb,
        0x6e00afb9,0x2d54c4b0,0x7a150474,0x4393b92b,0x13f1a7da,0xb5b41bf8,
        0x02b5867a,0x6d786907,0xaf2ea4d1,0x5193a9ac,0x000001b3 },
      { 0xa6b186cb,0x2a1563f7,0xe28e57b6,0x73a70a44,0x78fc8a1d,0xd7c4fc6d,
        0xdf3d6d99,0x4c9b4581,0x1e373aab,0x544f5249,0xe913498e,0xe99434a2,
        0xc4700f4c,0x30159749,0xe5142766,0xb8ef02cc,0x000001d0 } },
    /* 11 */
    { { 0xb9e6ffc9,0xe99805a6,0xf74d977b,0x1a357f05,0x5c9941bc,0xc8ddef31,
        0xcbe842e7,0x4b6d66ca,0xa20dc12d,0x84e1f75f,0x5f0c02fc,0x8b1b2c50,
        0x037b493d,0x3fa1889e,0x95705046,0x720bd9e0,0x000001c2 },
      { 0x93ab9309,0x1a1f3378,0x226a8f94,0xe05a30a2,0x4045f1bd,0x2c01a52d,
        0xab5f5115,0xf42e8fd5,0x0c05fecf,0x954d1d09,0x8d0650d3,0x47e964d1,
        0x3c860801,0x6866fa5d,0x5abbb4af,0xac2fecbf,0x0000012c } },
    /* 12 */
    { { 0xe5537747,0x846dc3d2,0x1f5f9f46,0xe28e00df,0x3f31e42d,0x041af624,
        0x256af225,0x4948947f,0xff4f9550,0x3896c61a,0x34bb5a3e,0xcb40c773,
        0xeceafacc,0xb9becb07,0x4d45e83e,0xfe29f049,0x000001aa },
      { 0x6b5578db,0x83fb71b3,0x0a710526,0x3017f115,0x5f220d77,0x189ec946,
        0x48465e68,0xba87ae07,0x70e0cbea,0x1da474d5,0x2b2ba7c5,0xb92cb0a6,
        0x8b1fb7e2,0x35cb356d,0x2cc8cb18,0x1155296a,0x0000000f } },
    /* 13 */
    { { 0x6ed0f604,0x7f9c9d9b,0xcb49c6d7,0x765e43e9,0xae9be5ca,0x03c4dd67,
        0x405aed36,0x5480888b,0x920ccddb,0x3a69ebb2,0x03f0c7cc,0x44ec0573,
        0xce89b026,0x158e2437,0x4f179a17,0x86795029,0x0000003a },
      { 0x9f193dd9,0xf7854032,0xdcc158a9,0x531e4068,0x3642b1a5,0x774171bf,
        0xc1e53aa3,0x12b4920f,0xfd87478d,0xd1c5fb53,0xa7cba7ca,0x48958c58,
        0x3f66f2c7,0x375b2cb2,0x598899bd,0x1b510d0f,0x000001b8 } },
    /* 14 */
    { { 0x52007e41,0xfe96299d,0xcd708dcd,0x997140b5,0xf655f6fa,0xe9294eed,
        0xd58b839d,0x7701d45d,0xb6f77cdb,0x5dbdf5ad,0x95a572f0,0x265189f4,
        0xb3515e7b,0xc162794e,0x72655e0b,0xbfb571e0,0x00000168 },
      { 0xbda82a6b,0xf0d2b863,0x390a9cc7,0x3df5b283,0x700fcd7b,0xbab9995a,
        0xfa4e6c06,0xc01ef0af,0x76a392d4,0x10a98513,0x955392f0,0xa7e3fc72,
        0x1d7a8550,0x8e3c0128,0x361898a8,0xcbca551a,0x0000010f } },
    /* 15 */
    { { 0x3ab71115,0xc8a4cd40,0xbcb9b55b,0xb783170d,0xabd9b426,0x1be20f6a,
        0x5377b714,0x32d2ea64,0x6b358bbf,0xda342480,0x6e202211,0x782bc800,
        0xaa27c499,0xf80974c4,0x50341cde,0xc2e66fa9,0x0000004e },
      { 0x24ae60c3,0x082cb95b,0x83ad7484,0xd4b80af4,0x6205256b,0x84b739ce,
        0xae1fe063,0x616f505e,0x342f218f,0xef14ea68,0x64a01186,0x2b17d66c,
        0x50858bce,0x60e889ce,0xd5881005,0xdb046c59,0x000001e1 } },
};

/* Multiply the base point of P521 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Stripe implementation.
 * Pre-generated: 2^0, 2^130, ...
 * Pre-generated: products of all combinations of above.
 * 4 doubles and adds (with qz=1)
 *
 * r     Resulting point.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_521_ecc_mulmod_base_17(sp_point_521* r, const sp_digit* k,
        int map, int ct, void* heap)
{
    return sp_521_ecc_mulmod_stripe_17(r, &p521_base, p521_table,
                                      k, map, ct, heap);
}

#else
/* Striping precomputation table.
 * 8 points combined into a table of 256 points.
 * Distance of 66 between points.
 */
static const sp_table_entry_521 p521_table[256] = {
    /* 0 */
    { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00 },
      { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00 } },
    /* 1 */
    { { 0xc2e5bd66,0xf97e7e31,0x856a429b,0x3348b3c1,0xa2ffa8de,0xfe1dc127,
        0xefe75928,0xa14b5e77,0x6b4d3dba,0xf828af60,0x053fb521,0x9c648139,
        0x2395b442,0x9e3ecb66,0x0404e9cd,0x858e06b7,0x000000c6 },
      { 0x9fd16650,0x88be9476,0xa272c240,0x353c7086,0x3fad0761,0xc550b901,
        0x5ef42640,0x97ee7299,0x273e662c,0x17afbd17,0x579b4468,0x98f54449,
        0x2c7d1bd9,0x5c8a5fb4,0x9a3bc004,0x39296a78,0x00000118 } },
    /* 2 */
    { { 0x0f0ccb51,0x80398667,0x3654974a,0xb87e1d01,0xb2b29ed9,0x7f58cf21,
        0xa3add337,0x06c0e9aa,0xe9d08ffb,0xf13b35d0,0x96761627,0xdd8bf44c,
        0x758a3ef4,0xa4a18c14,0xa0043adb,0x96a576dd,0x0000013e },
      { 0x632d95a3,0x2bde24f8,0x4c524829,0x79f15ef1,0x9bdaba19,0xaadd863e,
        0xa962b707,0xdde053f4,0x14258d98,0xc598a2de,0x061c235c,0x9fa5a19d,
        0xe8ffd32c,0x0ed46510,0xef78ceac,0x2aea9dd1,0x00000185 } },
    /* 3 */
    { { 0xeaaf1fe3,0xd0a91dd8,0x4400b52b,0x0db38662,0x21abf0d2,0xff6a06a9,
        0xa768c940,0x9412879a,0x9a1eec37,0xf3791abc,0x2738343c,0xc913fbe6,
        0xe222abc1,0x728b42ab,0x2b9ef313,0x874c0a86,0x00000157 },
      { 0xe6f03d49,0x0ac8f184,0x1e48be03,0xa9c357e4,0x815cbdef,0x02ce5ef3,
        0x5fd8dc3c,0x7a41c7ab,0xfaeb109d,0x4bef67c9,0xa84f4d38,0x2f98cca1,
        0x672f0aae,0x7e03d47d,0x1d58968b,0x24b1ab58,0x00000007 } },
    /* 4 */
    { { 0xdf9314e0,0x904f2d4b,0xe7a00aac,0xdaae850d,0x582efb03,0x79231083,
        0xec7fe6d2,0x80f1c283,0x199d74a8,0x2d5b3996,0x395007e7,0x5f120b9b,
        0x4773f03e,0x30d23773,0x3b78b686,0xf4c19273,0x00000121 },
      { 0xfa8b51f0,0xf103ff6d,0x40e2bdf0,0xae7afb51,0x83254171,0x1130380e,
        0xcda10d95,0xe83501b8,0x4f3a8c01,0x1057771e,0xac807069,0x8f52196a,
        0xa5623821,0x3609b0aa,0x94a0a7f1,0x8c257906,0x000001db } },
    /* 5 */
    { { 0xb2c0958d,0x300370cc,0x69a7b387,0x89aef166,0x480c9b38,0x2792f3cf,
        0xfab3e149,0x0b2984f2,0x50748967,0x9751e436,0xad33db2a,0x9cab99d5,
        0xb44a4daa,0x4d945d32,0x16c77325,0xa26cca52,0x0000000a },
      { 0xf9e66d18,0xcdbe1d41,0xaa117e7a,0x80aeef96,0xddb0d24b,0x053214a2,
        0x5c98b7bf,0x6dcfb227,0xdfd3c848,0x613e7436,0x3ca4d52c,0x6e703fa1,
        0x18551e64,0x0c8e2977,0xbfa8527d,0xf5e90eac,0x000001c6 } },
    /* 6 */
    { { 0x4ab2d58f,0xa2c2f1e7,0x2a097802,0xc1bbf82c,0x770bb76a,0x6583eb24,
        0x5667f7bd,0x8e4ed9ed,0xfd96897e,0xd8c01d86,0x3fbe0f15,0x66395a13,
        0xd99cdcb1,0x51e4f39d,0x720deb25,0xde08424a,0x00000082 },
      { 0x60ea91af,0x97aa53b2,0x7a31dfdd,0xa4384af7,0x5cd09bbe,0xcd82f239,
        0xf30058e1,0x997c19da,0xe5c78e97,0x443b60c6,0x575b1845,0xfaae9b5f,
        0x08c2ce16,0x5ce86f33,0x4f63fa86,0x983ce58f,0x00000073 } },
    /* 7 */
    { { 0x8217609d,0xaee93131,0x2412fc00,0x7f8a9dd4,0x286c6329,0xe117e64c,
        0x7bf1c65e,0xcc3782d6,0x8d03eee5,0xe8c144db,0x9ab93799,0x01acacb2,
        0xb07784c7,0x215eb1b5,0x1affcd87,0x2c409fa8,0x000000f8 },
      { 0x378139a4,0x007d3766,0xb55bea93,0xc6d969eb,0x68c8bc9d,0xc7c60d6f,
        0x5f93f242,0x844e8461,0x741717d9,0x8461ca2a,0xf0bf120e,0x8e930e79,
        0x6b5699d7,0xe1554a02,0x6a4fb6de,0xe69c7702,0x0000007d } },
    /* 8 */
    { { 0x4bee80d7,0x61b51bb0,0x7692de69,0x0e1f6a1f,0xa0ebc3bd,0x8379e46c,
        0x930644f0,0x1c0bffa7,0x390db077,0x97c67b87,0xfada1ce9,0x095c33e1,
        0xac54b512,0x3c500add,0xd3118656,0xc231d360,0x000000b0 },
      { 0x39bcab2f,0x06289298,0x64dd220a,0xc0c06780,0x763dc2a0,0x062f6084,
        0x1938c3e3,0x88e9da73,0x52e46eb9,0x69be8f2d,0x6a5de0fd,0xe55c8d2d,
        0xdb2c0e26,0xf3a3fd63,0x1e4bff57,0x899c6d9f,0x0000014a } },
    /* 9 */
    { { 0xec05ce88,0x9ff6e3a1,0xb6afd202,0xf8fc2496,0x6fbeb007,0x0b9d2077,
        0xeebded40,0xb50ec0bd,0x693700f7,0xaef97742,0x3f7b030e,0x806e37a1,
        0x1b901f77,0x5cf17d17,0xca95ae0f,0x9036e5df,0x00000159 },
      { 0x000e8e0c,0x00af64b5,0x06fb4df9,0xd3f2ae04,0x449f23ba,0x5f61da67,
        0x255b25a9,0x0ca91842,0x8e33c650,0xfa6af3e6,0xc2c027c1,0x14373c00,
        0x972840a5,0x99f3cda1,0xd0e84240,0x98c62b79,0x000000e7 } },
    /* 10 */
    { { 0xae4d0f28,0xe8c7c4a8,0x566d006e,0x3a8a55ef,0x066e4023,0x37985f65,
        0x5d321b76,0x8deccab5,0xb8351b07,0x38b966d6,0x57d548ab,0x2e889e53,
        0xe631ab0b,0x7a9e8e2f,0xe75c537b,0x45c60f95,0x00000059 },
      { 0x7867d79c,0xbca27d34,0x81c81980,0x7f460b15,0x976b8c51,0x7ec2d9ab,
        0x61b91ed9,0xfcd04486,0xd9c1d15f,0x730a7a25,0xf94c9db9,0x8a2cf259,
        0x5dec5a3b,0x8e784b87,0x3e5131ee,0x06252607,0x00000004 } },
    /* 11 */
    { { 0xf1631bba,0xdee04e5c,0x156f4524,0x40e6c1df,0xe4c30990,0x06603f30,
        0x6b6abec7,0xdb649a43,0xf6b94f6e,0x354f509c,0x36b7e0b5,0x7fecf469,
        0xba1e6dd2,0xa7a7107e,0x689450ca,0x889edac5,0x00000022 },
      { 0xd05596f2,0x9012916e,0xb023cb8b,0xe3901dac,0xe7d4abe1,0x2501d3ec,
        0xa9c90313,0xb2815040,0xc6d146d0,0x9dbcd3f1,0x74ee1896,0x6fa1d5b1,
        0xa91226fb,0x49aea161,0xb8a80984,0x754ceedf,0x00000154 } },
    /* 12 */
    { { 0x4270b2f0,0xb64e27b0,0xbf4d74d7,0x84b34e48,0x0c2722ba,0xb186be8b,
        0x9ff9b71c,0xf54a589d,0x34fd6bc4,0x9887e4df,0x7412f49d,0xb7c669fd,
        0x77f89d16,0x4008d9bb,0xc902e074,0xafb9426b,0x000001cf },
      { 0x662935ca,0xcca4f2d1,0x997dcc46,0x2847c703,0x353c79f8,0xc089e9e5,
        0x5215f0f4,0x9ed8d989,0x80911b9d,0x59cf08bc,0x6de27aa3,0x4b03540e,
        0xf69e320d,0x52f4d63e,0x94ef193b,0xa0217fd6,0x000000e6 } },
    /* 13 */
    { { 0x74214780,0xb77de627,0x207459ea,0xca066817,0xe9c7fb01,0xf78579b7,
        0xd6d4b7c7,0xe55548c1,0xa66caa39,0x45756190,0x98505a4f,0xf8141b03,
        0x4c8864eb,0xa5ca0d7c,0x9e129d3f,0xbf8af950,0x00000053 },
      { 0x85285092,0xbc9b29d8,0x8eed5e5f,0x82f31daa,0xf618aab9,0x9c33690e,
        0xd2626ed1,0x0eee14f4,0x07ed8e09,0x4229570b,0x8736d040,0x1977920e,
        0xede7d01d,0x47ee25ff,0xbc7ab73b,0x3c921c3a,0x000001b9 } },
    /* 14 */
    { { 0xa08b2b14,0x0b6a07cc,0xbf174c7f,0xaa978deb,0xc40cb2a4,0x291cb828,
        0x90adc838,0x95c78272,0x8c1edde6,0x08da8b2a,0x90fbd220,0x741ceb2f,
        0x322db94e,0x5f89c9e5,0xb73c548e,0x18266085,0x0000007d },
      { 0x2defd012,0x69ebf82a,0x5a1537ef,0x01ecb094,0x3ef0811d,0x3c557535,
        0xb2bd4dea,0x59c882a7,0x7bf969c8,0x00a1f972,0x0b25ad1b,0x063adf5e,
        0xf2536005,0x4c1ff306,0x4112fe18,0x8e515bec,0x00000117 } },
    /* 15 */
    { { 0xefe3d3d5,0x9314787f,0x9d897227,0x29e76f65,0xe0b6acf5,0x15c77ed1,
        0x1c5e8dd9,0x9c2b7b20,0x5f5667af,0x788038f1,0xf3576ef4,0xf38c766f,
        0x0040154a,0x9f0623c8,0xde883b53,0x47d3c44b,0x00000096 },
      { 0xde1b21a4,0x32075638,0x571081c1,0xbb6399c1,0x75c03599,0x322e6067,
        0xade60cf5,0x5c7fde7f,0xefc19059,0x1b195440,0xdd7b3960,0x7e70ac8c,
        0x6a6fa73e,0x4aa5a83d,0x63080764,0x34f8cfac,0x00000042 } },
    /* 16 */
    { { 0x286492ad,0xee31e71a,0x65f86ac4,0x08f3de44,0xda713cb4,0xe89700d4,
        0xa86b7104,0x7ad0f5e9,0x2572c161,0xd9a62e4f,0x25cc1c99,0x77d223ef,
        0x3b962e0c,0xedff6961,0x81d8b205,0x818d28f3,0x0000008e },
      { 0x8cdf1f60,0x721231cf,0x6717760f,0x8b640f2b,0xe045a403,0xbe726f8c,
        0x0370689f,0x422285dc,0x72ea0dcb,0x7196bf8f,0xc8086623,0xa16f7855,
        0xc326fe48,0xd4e19fc7,0x8f68bf44,0xfdbc856e,0x0000013e } },
    /* 17 */
    { { 0xe6a3ace5,0xde34d04f,0x896191c1,0x0dbb603e,0xf75ed0f4,0xb4dc0007,
        0x95b259b5,0x15e0e6bc,0x2615f020,0xdfbcba66,0xd31ea3f8,0xb2ec5433,
        0x103ff824,0x42b0b0e4,0xc480332e,0x19315060,0x00000111 },
      { 0x045452f1,0x9997ea28,0x71f3f73b,0x80b678cf,0x41e9328e,0x4a52bddc,
        0xe6af1c23,0xb7f2656e,0xb44215e7,0xc43805b9,0xf0a4028b,0x3aa734f2,
        0x422476e2,0xe3c72479,0x68c60cf7,0x6dc2e8b0,0x000001f1 } },
    /* 18 */
    { { 0xfffc0de5,0xbcdfae6f,0xab4a5f24,0xa801814f,0xea2aa8dd,0x19013658,
        0xda4f0441,0xf3b1caf5,0x34100611,0xf24b9cdb,0x96e0cf88,0x48c324ed,
        0x23055c82,0x4b7ea334,0x89092e29,0x6e835b64,0x000001d3 },
      { 0x07372f27,0x7eb77ae7,0x83bae19a,0x4779b4fa,0x65429ebb,0xa175dae1,
        0xfc03ef3f,0x942ec266,0x6991c7c4,0x0e5fc6a9,0x56253d3c,0xa0f61e4f,
        0xde74e738,0x7a11ff58,0x624de919,0x60524cd4,0x00000002 } },
    /* 19 */
    { { 0x01342e08,0x45b5d0ca,0xb749f0af,0x509ed4f0,0x6529d804,0xeb5502d9,
        0x6d80359c,0x5eb087db,0x4c384800,0xeaa66a87,0xc75a8784,0xe972c7a0,
        0x6874317e,0x8c169e21,0xe5c9fbf4,0x81c556e0,0x0000014f },
      { 0xe120674d,0x26b0b12b,0x219f00ac,0xc6bf09b9,0xd658caa6,0x1e1e732d,
        0x8292d99e,0xc771c5af,0x25fdbf80,0x5d813529,0x3666c37d,0xe61bd798,
        0x1d0df680,0x8dac946a,0xc39f0983,0x58dcf684,0x0000009f } },
    /* 20 */
    { { 0x7b7dc837,0x14169102,0xb50eb1c4,0x2d719754,0xd7e6741b,0x04f4092a,
        0xbc824a38,0x1d0a7f1d,0xc8e20bcf,0x570b2056,0xda181db0,0x6732e3b9,
        0x0a7b508a,0x7880636e,0xc9f70492,0x11af502c,0x00000045 },
      { 0xc56f4ffa,0x0b820d94,0xc4f0c0fa,0x1c6205a2,0xa1a0606a,0x99f33d4e,
        0x79b316fb,0x1bab6466,0xe4f240fc,0x05aa0852,0x92d7dc43,0x22539b78,
        0x06e3c073,0x03657f12,0xcedb6633,0x28405280,0x00000059 } },
    /* 21 */
    { { 0x4397760c,0x90d08711,0x1c9fcd06,0xb9020b76,0x987e24f7,0xc7fec7fa,
        0x522335a0,0x0e33b8a0,0xae21ca10,0x73dbeafd,0x3b032220,0x458c060a,
        0xee145da6,0x9b9c73b8,0x27ff62ef,0x31c661e5,0x000000aa },
      { 0x81430b5e,0xaf518eb0,0x50ee0d69,0xb32f9cea,0xaa6ebe8b,0x0ecdb0b5,
        0x9fe1d689,0x1f15f7f2,0x1a59cc9a,0xce5d68f3,0x08ab2a63,0xf4d67994,
        0x4347ce54,0xe85b1cef,0x286d0776,0x8ff423c0,0x00000176 } },
    /* 22 */
    { { 0x33dcec23,0x8564104c,0xcdd07519,0xbaf0d61b,0x4c4f309a,0x486daf51,
        0xde488715,0xf01bc8f5,0xd3539ba3,0xddd6baf1,0x3a3be8ec,0xbb7e665d,
        0xcb5d865f,0xf919dac3,0xf12149a0,0xfe203da3,0x00000173 },
      { 0x78d4a3d1,0x043ae9a1,0x865316d8,0xa4d5cf58,0x41176463,0xeaf026c0,
        0xf84afa44,0x316c638f,0xffea422d,0x512f2397,0x6622b613,0x691eaa04,
        0x97e7068d,0x48856ea3,0xf4a1b33c,0x42d1b2e3,0x000001b5 } },
    /* 23 */
    { { 0x1f487402,0xf51b2d5e,0x7aaf1dd5,0xe36016e6,0x6da9c20a,0x1eb3f1f5,
        0xece45bfd,0x25b7d361,0x027a9e18,0x42db0633,0xe8411649,0xbf228777,
        0x458773d0,0xf5fce0c4,0x2dd7a5f0,0xb2b3151d,0x0000001f },
      { 0xfbaa096a,0x102773e8,0xe093a878,0x152726eb,0x2c7f1781,0x5c53cd07,
        0xab5dca76,0x38d3dfd0,0x87ef2d4a,0xbb4a7d85,0xb7eb11c2,0x5c9c2013,
        0x0b6da22f,0x5e353c34,0xa325ecad,0x846d50a5,0x00000039 } },
    /* 24 */
    { { 0x1677df58,0x76da7736,0x1cb50d6c,0x364bd567,0x0a080ff2,0x0443c7d7,
        0x86532430,0xa0a85429,0xc35101e7,0x82002dd2,0x48c5cd76,0xbebc6143,
        0xca6cf13f,0xff1591ae,0x98bf8dc0,0x91c7c2e6,0x000000fb },
      { 0x12de14d5,0x6a7c5cad,0x6561c822,0xbc448c5f,0x7cdbb3da,0x9f8de430,
        0xc76811d7,0x9c58f011,0x75462049,0x1e89806e,0xc9a74e49,0xe52ad0a2,
        0xb2be37c3,0x2034685c,0x0a0bc72d,0x7a863245,0x000000ec } },
    /* 25 */
    { { 0x8a86786e,0x33818c21,0x2137e2c8,0xed537f74,0xa7e6eb20,0x5d9690d1,
        0x5cdc4803,0x9790ec70,0x24f7bd75,0x469162c8,0x4e1f0f14,0x09e7ef9d,
        0xce9915ca,0xd30c128b,0x6c71226f,0x810145f6,0x0000002d },
      { 0xb71d87e5,0x312749f5,0x7b02ceda,0x25f3b141,0xe0baff16,0x02456d2e,
        0xfcae6627,0x97f7b3a9,0x37bd985f,0x0d6ebf8f,0x7fa6d0c1,0x20aa81b9,
        0x21f2f137,0xb29f1a01,0x5cc0ddb1,0xe326a2f8,0x0000003d } },
    /* 26 */
    { { 0x38c2ee78,0x26f3398b,0xa75a0bee,0x40c3d101,0x565a7f8e,0x35a31706,
        0x04019e5d,0xd12985e3,0xb8174b6e,0x21e2a642,0xaf80a52a,0x25a15ee8,
        0x8518d80e,0x5d1e0fe6,0x04f6ea9a,0x8cbbc138,0x00000084 },
      { 0xdfd45169,0x76828690,0x59d3e8d0,0x38d7e098,0xcdb8bfc2,0x23758811,
        0x162cf648,0x8499547a,0xb4d15b8c,0x494bab3b,0xc60499a6,0x822cbc57,
        0xa8a1cfed,0xac43224e,0x57c6598b,0x43563469,0x000000d9 } },
    /* 27 */
    { { 0x68271323,0x2b069253,0x49cd04d7,0x24d9e0a8,0x2b31cc7d,0xaae35fbf,
        0x57a3e361,0x44f64b4f,0x0294e856,0x14904686,0x43ced4ae,0xddc82ee7,
        0x7e2cda47,0xcb92a6a5,0xbfc1f968,0x989c42ef,0x0000013f },
      { 0xb8651600,0xbed98bdf,0x7a3cfaee,0x8c363434,0x35b1a226,0x93a12543,
        0xd5825507,0x558da7dd,0x852eb1e9,0xa5173b23,0x2295f545,0xdf5ae585,
        0x6646d101,0xe546e2ef,0x5d89f862,0xf7e16a2c,0x000001fa } },
    /* 28 */
    { { 0xc7ec136d,0x0d746c8e,0xcd11351b,0xf8e1d827,0xf187a116,0x764a3ad3,
        0x136e8465,0x2f1b968f,0x850983c2,0xd41aa294,0xbe717259,0x2123ecc4,
        0x763c149c,0xdcdcab52,0x1022b82d,0xa7f50b18,0x0000016d },
      { 0x0ca5e258,0xf99e532d,0x97b62a7b,0xa148ad17,0xc77fddef,0x8d0a242e,
        0x74f9b6c4,0x58518bcd,0x7fd122d4,0xc53b30b8,0xfb50b2d7,0xbb8cd193,
        0xbc01aae9,0x1a169aee,0x1de26e09,0x7e49b10a,0x000001c5 } },
    /* 29 */
    { { 0x21210716,0x2cabe675,0x07e02400,0x81a296a3,0x8c83795b,0x94afc11d,
        0xdd9efa6a,0x68f20334,0x677d686f,0x5be2f9eb,0xbf5ce275,0x6a13f277,
        0xb9757c5c,0xf7d92241,0xc74f4b8c,0x70c3d2f4,0x00000132 },
      { 0x8d209aa4,0xf9c8609c,0xdb2b5436,0x46f413a2,0x2992345d,0x96b72d1a,
        0x9487c34f,0x186f2aeb,0xb440a375,0x4fa72176,0x7da5358e,0x3a420936,
        0xff25b310,0xf11eade3,0x505d60b8,0x9a570153,0x000001a9 } },
    /* 30 */
    { { 0x6e7495bb,0xae151393,0x490879d1,0xebd2fd28,0x29fd76fc,0x9c232b0b,
        0xc60e721c,0xa1a0d49b,0x517a09e2,0x9f582b83,0x9d8badf8,0xac37809e,
        0x0ad48bb4,0x4aa4de9e,0xcb6cc487,0xfd041312,0x00000027 },
      { 0xead4fb6d,0xc05502ee,0x0a602cbe,0x760c25ed,0xbd7f4a07,0x58ba6841,
        0x54edce14,0xc28b6032,0x0397614c,0xb9d41e39,0x181eed93,0x4221b71d,
        0x332d4b0b,0xd010e3c2,0xdab0e419,0xdfe58a27,0x00000096 } },
    /* 31 */
    { { 0x7debd24e,0x4cd6fcd6,0x9ae2b075,0xbe3fca60,0xf217c26c,0xa7d8c22e,
        0xb9620e3f,0xd42d03e0,0xc7f9f87d,0x634bf216,0x8972ffee,0x22b1ec53,
        0xd60d3e77,0x83a957c1,0x0f6a537e,0xedfe5f86,0x00000162 },
      { 0xf0ea20b8,0x40a05400,0x1d796900,0x2872ac7e,0x0edb0cac,0x7765a5c9,
        0xb62939a7,0x9df5b930,0xaf2cb708,0xf78a676e,0x52febc12,0x030732bf,
        0xba190ad3,0x3a6640de,0x93e7e341,0x36eae15f,0x000000d5 } },
    /* 32 */
    { { 0xa1c88f3c,0x6c6119f6,0x2ec6944a,0x924e5fec,0x5742ff2a,0x4c8aac60,
        0xddb22c7c,0x60adde1e,0xfa5d25bb,0x9728938c,0xec117de0,0xfa5ac4f7,
        0x482929c1,0x41f35ab7,0x0afd95f5,0xd1c4e8f9,0x00000180 },
      { 0xa7cd8358,0x2fc4e73d,0xf2a1c920,0x39361a57,0xad94d288,0xf6f2f130,
        0x2b6a78e2,0xe37e2466,0x79c262cd,0x0babff8b,0x61b597b9,0x6cae01ef,
        0xa60d4e64,0x9c1e33f0,0xdd01f845,0x52a42280,0x0000000e } },
    /* 33 */
    { { 0x0f013755,0x72d640a4,0xfb8380e9,0x0b6dce77,0x7eb64b31,0x2789ce79,
        0x93ca5a36,0x8e704b0b,0x58bdffc9,0x18c360ff,0xb230c372,0x53b1f323,
        0x5a7385d1,0xd6b39088,0x56b93bf7,0x071130f5,0x0000004a },
      { 0xfeef3f88,0x29a2096b,0xb82b3945,0x22eba869,0x872664a7,0x7fe2184a,
        0x858ff942,0xa0dc0ba1,0x7490c9da,0x33799eb5,0x81588ce8,0x1d356f62,
        0xa7b2cee2,0x7dd9bc7f,0xa3cfaee9,0x1e61a4e8,0x000000d2 } },
    /* 34 */
    { { 0xe9068656,0xec5db629,0x9fede4df,0x623bd70c,0xfcd45546,0xc78ad5bd,
        0x6291a741,0xf7981dd2,0x761e688e,0x3ac53d92,0x55b9272f,0x6a96892a,
        0x06546fec,0x4217e7b8,0xab9e2f56,0x793c03cb,0x0000015e },
      { 0x6eff39be,0x08fd9543,0xdbff4f68,0x5a1af07e,0xb0241616,0x83d47abd,
        0xd4798029,0x37c5d2fd,0x60b2e6fb,0x9d86d978,0xce8db998,0xe3e3284e,
        0xd868b9bb,0x9f049eb5,0x9dad18b3,0x3b3e8a78,0x0000018e } },
    /* 35 */
    { { 0xe51e61f0,0x57026c56,0x307f2757,0xdddbcaa3,0xb1aeaf41,0x92a026eb,
        0xe2d7f5ba,0xa33e937c,0xbc5ead91,0x1f7cc01e,0x2e46807d,0x90ab665d,
        0x53419519,0xc2a44f55,0x79664049,0x099c1ca6,0x000000aa },
      { 0x8f97e387,0xb561a909,0x45e1dd69,0xf6051778,0x7ff1d6ab,0x1ffa512b,
        0xd09a9c89,0x42da55a4,0xd2282e2b,0x5e5a7c71,0xe74185ad,0xdfa5a203,
        0xea0baeff,0x19b1369d,0x1ecc0a16,0xa5eef914,0x000001a3 } },
    /* 36 */
    { { 0x7a573b81,0x2af20d0a,0x66194cef,0x7eac1ca8,0x0b711c34,0xef0d2d8d,
        0xba099d42,0x6aea016c,0x5067a8ca,0xa6609d28,0x7a1351ef,0x6a52c600,
        0xb11c2634,0xdab85818,0xbb1c033c,0xf17fa45d,0x00000121 },
      { 0xfc3279d6,0x9fb8b87a,0xc201f1e1,0xe30e76ab,0x806c21dd,0x02af6a83,
        0xc63f824f,0xeafd7e2b,0x46bd1a53,0x7b074e26,0xa2139164,0xcd6f4931,
        0xc172d9bf,0xab2cfd39,0x4db59cf1,0x62f3eb4b,0x0000010a } },
    /* 37 */
    { { 0xe0689a1b,0xe402de36,0x7dcafe72,0x9dccc9fd,0x255d0bfb,0xe4dead7e,
        0x4ada04d9,0xd7ee87ee,0xbfd2e774,0x5a85039e,0x770b2b9b,0x282c6657,
        0xba103bba,0xa7aca826,0xc7cd5071,0xac7028ba,0x0000011a },
      { 0x680c8f04,0x2e61d39c,0xb48b3b5e,0x2f09c4cc,0x95744f3c,0x131609bd,
        0xaaccb593,0x6d72e4b4,0x5adfb209,0xdb7060ca,0x1fd3eccf,0xc67d9e43,
        0xe1752a73,0x1487a26f,0x64d0857c,0x3d953663,0x000001e3 } },
    /* 38 */
    { { 0x4cec9e7f,0xe664506b,0x30aab98f,0xa44564b4,0x173fa284,0x5e1b501f,
        0x15c97472,0xe7b7bd7e,0x82dec033,0xd6cc67a8,0x0a63b762,0x1fe2e934,
        0x3f8e2fcd,0x3a084e1b,0x9ae6e752,0xccce4da8,0x000000fd },
      { 0xc12fd820,0x0797f8ee,0x96da4733,0x325f892a,0x55997bf4,0x597d241d,
        0x02b753cf,0x3aef35ac,0xf677ceba,0x8a73f95d,0xd1bbac6c,0x5b2892b7,
        0xcc5278b0,0x90751583,0xa47f45f6,0x2f5ed53f,0x0000001c } },
    /* 39 */
    { { 0xab40b79c,0x3914165e,0x25b489a8,0xbfb6eed8,0x8a6c107f,0xda136b7d,
        0x8e01f28b,0xd431db8b,0xa4d79907,0x84e5d0dd,0xa471e685,0x69a91472,
        0x98376ff8,0x58d06969,0xc46311fd,0xce369b74,0x00000006 },
      { 0x1add1452,0x6c0773d1,0xed8e9a2a,0x2e4e9c95,0xca15a40c,0xe8ff8e32,
        0xaf62f18f,0x3fcb7d36,0xeec9484b,0x2ca336ee,0x3b20405b,0xa4d6e7a9,
        0x956d8352,0x6d90d031,0xd9ca03e7,0xdd375603,0x000000e5 } },
    /* 40 */
    { { 0x8b481bf7,0xcc5f297d,0x2a13383c,0x06a2a3e4,0xdc40b96c,0x9e14528c,
        0x1189da3c,0x9a2bf35f,0x6cd57fa7,0xb8adb989,0x9357d32b,0xc1a4935c,
        0xc2d76fad,0x51fb2580,0x24f23de1,0x98721eb4,0x000001ba },
      { 0x52a4b397,0x8c02daaf,0x0d0b4e54,0xc3c5f4cc,0x7b7e79cd,0x29be4db3,
        0xb33970b6,0xf34336ec,0x92808c7f,0xed3dcb7c,0x02288db1,0xec290eff,
        0xe96ed59a,0x2a479d51,0x76d8fa5f,0x9d7ed870,0x00000092 } },
    /* 41 */
    { { 0xe660043c,0xd8edaf0b,0x016e074d,0x84aa2ccb,0xe2cc3b3d,0x9d2368e7,
        0x5c269fc4,0x47b50130,0x3de33e36,0xd0194ee1,0x789ca504,0xdb3361b9,
        0x984db11d,0x8cd51833,0xc8ec92f0,0xd5b801ec,0x000000c6 },
      { 0x47ab9887,0x33f91c15,0x6b5ab011,0x2f285e2a,0x133fc818,0x9b734e5a,
        0x38d8692c,0x5c435a74,0x43282e81,0x3c92b47c,0x9c7bcdaa,0x191231f5,
        0x4d158c86,0x3ae425c3,0xc5a23cca,0x7f568feb,0x00000011 } },
    /* 42 */
    { { 0xbf5caa87,0x8ccbd9d5,0x68dd8c9d,0x17bfc60f,0xc7d4dede,0x63eb4dbb,
        0x8270b5bf,0xbf6e5945,0xcc098fe7,0x887137a5,0x05d7b8f5,0xca5eb687,
        0x4b25a533,0x4b7deeee,0x4a700a6c,0x8e045c32,0x000000ef },
      { 0x70cf52bc,0x160c1c92,0x90cc6298,0x4bf3f63a,0xbf3028fb,0x5fff421c,
        0x523beff1,0x0a8102d7,0x8b9ce105,0xff3309a3,0x06621b1e,0x8e9da4d0,
        0xcc0a7807,0x9775f89f,0x00178612,0x59044865,0x000000eb } },
    /* 43 */
    { { 0xebbd33ec,0x8a6664fd,0xce5ad579,0x0cf9a660,0x50fb56ed,0xecd06c05,
        0x1d5aaa6e,0xb4ca5fad,0x948a7f07,0x36daee5b,0xefe1c11a,0xd2e37887,
        0x91d2544b,0x41f61ac4,0x2bffd8ea,0x49df7071,0x000000be },
      { 0x65acdb56,0x60e2f1f5,0x5e5e5bde,0xf2f13c84,0xe17a0412,0xb97fd354,
        0xd9c93bef,0x8a2867cf,0x25a957e4,0x9ca9d16b,0x4a18635f,0x1f55c19b,
        0x8d26ae71,0x9b3868f5,0x4c94541d,0xac448041,0x00000000 } },
    /* 44 */
    { { 0xd4ad38db,0x6c1bcf89,0x3d714511,0x1180f381,0xcb70243a,0x5b4c2759,
        0x163a716c,0x5dd64d63,0x13648bdb,0xbbd2efea,0xe4de9969,0xa47187f9,
        0xe2de8c45,0x65de6912,0x4bdad0a7,0xe075f29c,0x00000048 },
      { 0x5e4dd88d,0x00335474,0x80577afc,0x18283638,0x227288f7,0xe4b35c01,
        0xe68989de,0xd008fd91,0xcd3f71ba,0x42142315,0x3e4da1e2,0x5cb023ff,
        0xb5662bb1,0x7e6b9c35,0x7fb04fe5,0x143f4165,0x00000072 } },
    /* 45 */
    { { 0x26f40f2c,0xb06b046c,0x6cd7c31d,0xbd5d246c,0x1953a9b7,0xaaa56270,
        0x8f00436f,0x5ac929b8,0x21d0660d,0x1937392c,0x9bd6dbe6,0xd279ed15,
        0xd17c43f9,0x377c4d5a,0xb8fcd025,0x800eda50,0x00000179 },
      { 0x36132f31,0xb88ddc0b,0x2ade73a3,0x6f8f4f01,0x203de2b9,0x38859ec3,
        0x231b6533,0xedb03814,0xa14093ca,0xad08cd20,0x5c2be2f9,0xb9f86d44,
        0xf6ebc09f,0xfd3d9532,0x1aef478d,0x757b5899,0x0000013d } },
    /* 46 */
    { { 0x580f894b,0x7d9ad100,0xd925e46f,0xb612488a,0x2e5a6865,0x45497e14,
        0x17f9a813,0xc86e1053,0xf8a33541,0xd8aa820a,0x7a66d578,0xa6790660,
        0x5f758e23,0x47df60ae,0xa7f8ab5c,0xcadd4c90,0x00000107 },
      { 0x6764ad0e,0x356b044f,0x250189b3,0xf69fe0e1,0x5f14db6a,0x2deaca62,
        0x1bd77d54,0xe9f2779f,0x5cfa895c,0x979911f2,0xb6f19ac3,0xd4e94ced,
        0x01af44b1,0xc3533417,0x50c727f5,0xcac43fff,0x0000003b } },
    /* 47 */
    { { 0x83c1d4cf,0x1742951c,0xb245c34f,0xe03791d0,0x9c2dcc71,0xea8f8ef6,
        0x2a310767,0x2ea57a29,0xb12948bd,0x255b46bb,0x0feaeb83,0x2adc1e09,
        0x449abf59,0xa0d2d18c,0xc4a8a689,0x9e8c9ff5,0x00000019 },
      { 0xeb28171a,0xc9f7b9cd,0xd576987b,0xefd78403,0x22ff824c,0x58b4f3bf,
        0xbf333cc5,0xee09b393,0xb01ceb72,0xebff83a2,0x220299cd,0x5bb34c45,
        0x66ebf751,0xa3c3e8a0,0x49d05cf3,0x5dee07bb,0x000001a6 } },
    /* 48 */
    { { 0xb114257b,0x09a958d6,0xd4975e30,0x729afd41,0x3aae7b11,0x072879b5,
        0xedd1ac83,0x0791b093,0x1eb67975,0xcfefc7d1,0xe2675b4a,0x0e54bd37,
        0x8d69517f,0x89a62d7e,0x202109a3,0x96f805d8,0x0000006b },
      { 0x57b5f9f4,0x4815d517,0x405b44d1,0xe5c9e436,0xe4870160,0x3442dde0,
        0x1ef6b3f8,0x953fef95,0xf7497faf,0x919e4cf5,0x016ef0b7,0x24e3cc4d,
        0x2512eeed,0xfc5caa87,0xa3bd1703,0xf1ba4029,0x000001b6 } },
    /* 49 */
    { { 0x529252ac,0x2a668435,0x74e7b0d8,0x3da626c0,0xe0be86ab,0x55080cc1,
        0x4ed5dc53,0x534a53f7,0x0cd41fd0,0xa9eff140,0x5674891c,0x0e7c945c,
        0xec53b5ad,0xdea4b895,0x15150988,0xefc67bef,0x000001ff },
      { 0x306033fd,0x988dc109,0xf36875d9,0x1b287979,0xe3c335c5,0x4d39af26,
        0x124e29d6,0xa47259fd,0xc41dbdfc,0x5d60c570,0x0cc0d895,0x06224b61,
        0xeea8ff86,0xa041d4e5,0xae4d8707,0x2920e15c,0x000001fd } },
    /* 50 */
    { { 0xcd67da85,0x66d15f0c,0x5ac54a15,0xae98b6f4,0xf1ac71c3,0x2f05e021,
        0x47559224,0x1feb2226,0x66e856dc,0x2a2f1561,0x6fb4ba47,0x65eb1456,
        0xa29d920b,0x34688bd2,0xf9d4cb9b,0x943ce86e,0x00000061 },
      { 0xaac91174,0xb4696218,0x41dd9234,0x85b519ec,0x9f0763a4,0xb7efadf2,
        0x712c8b33,0x98517f27,0xb0538630,0xa02e7ec3,0x1ff3e3e4,0x46bc45bb,
        0x29496486,0x46ae896f,0xebd2b93f,0x2aeb1649,0x00000146 } },
    /* 51 */
    { { 0xe8e4d3c3,0x1f34f41f,0x5bb7e9db,0xc80d87ff,0xd910b579,0xf0216c0a,
        0xb87349ae,0x2a24b761,0x2b0a6cc0,0x054bc528,0xaf2d1957,0x3b4c7029,
        0xadbe6cdd,0x0e4b90e2,0x26060a34,0x8e774f81,0x000000cf },
      { 0x2e229950,0x3c7f9dbc,0xd9f82b70,0xab11f846,0xf10c05f3,0x2b7ad9a3,
        0x0f1820ca,0x203ead4f,0xccbfb332,0x51dbcbc8,0x066706f1,0x3bd9caf0,
        0x06059d5e,0x5a39be25,0xdcafe64e,0x984387c8,0x0000014c } },
    /* 52 */
    { { 0x8e011531,0x708a757f,0xc3dcd57c,0x7f45b172,0xc2d99e29,0xa8eac9fd,
        0xb93b6415,0x9d4ee81f,0xa5488e86,0xa5833b54,0x0bb7ab70,0xddd561c3,
        0xb3bdf3a9,0xb5bda384,0x1ddf332b,0xf909f8e0,0x00000124 },
      { 0xab41e782,0xc5b8aa84,0x851ddb87,0x1de20126,0x99482bd2,0xf49baa7d,
        0xf4b6413b,0x05963deb,0x7cd1e224,0xed369fbb,0x1bad60ee,0xdcf495dd,
        0x892e30ed,0xeb475693,0xaf0a212d,0xaaf11bd8,0x0000010b } },
    /* 53 */
    { { 0x16ec64e2,0x71460174,0x7d7c6ebe,0xbfd14acf,0x668b7176,0x1e3504a3,
        0x741b041c,0x72e3f3f3,0x2d3b67b0,0x651fa54a,0xe57d928d,0x623edca3,
        0x72c8f419,0x29b74e8b,0x327abaef,0x3d99cb47,0x00000038 },
      { 0xda342a3f,0x808dd0b3,0xdef4a954,0x12002462,0xeab5a860,0x1b1c642e,
        0x06e54b6d,0x5e1e2a05,0x10c6cf1a,0x9ba1710f,0x0f903cd0,0x334fc366,
        0x134166f5,0x969e0001,0x155c4353,0xfaa26074,0x000000fa } },
    /* 54 */
    { { 0x712de285,0xc85cd0e6,0x869f5dc5,0xcd2ff8b0,0xdf4ed389,0x372a2b92,
        0x55b99c84,0x63524d30,0xe07a0033,0x46fef5a2,0xd6e09493,0x0a2c82da,
        0x72a8952b,0xb3626621,0xaf217eb6,0x9afcb188,0x0000002c },
      { 0x9a64c5b5,0xd3b9d476,0x44c4cfe1,0xa0d8d5de,0x11c6dbff,0x560858ef,
        0x41c14aed,0xce1d978f,0x35efe854,0x251f9e72,0x0474575d,0xf9d0c14c,
        0xbda89c03,0x0d2c838e,0x36cc9dc0,0xa25f040b,0x0000016f } },
    /* 55 */
    { { 0x9cad682d,0xb23d9dea,0x46369391,0x87acb1b3,0x5c0f24d7,0x9f5c1988,
        0xd41883ce,0xdff62fc7,0x53555e46,0xd1ab29df,0x891cda05,0x569b1cb2,
        0x52c633ed,0xdb14dbc4,0x2a345428,0x1acbb86c,0x00000194 },
      { 0x24db8127,0xd86a70c8,0x41b7cf5b,0x84a6563f,0xb908d9b4,0x8d84dabe,
        0x899c260a,0xaaeaae63,0x44436957,0x13ed6b2b,0xd0a92c8d,0x3bc94f99,
        0xd04bcb97,0x978f2e2b,0x716a565f,0x56a388ef,0x00000074 } },
    /* 56 */
    { { 0x96fc1f77,0x6082dfe4,0x1347ad6a,0xb04c435f,0x25ebe457,0xf42694dc,
        0xb6f764aa,0x64a17069,0x04d83da1,0xe03873d5,0xe0c82330,0xb0b9db52,
        0xd4239b3e,0x9886b34e,0x598814da,0x76587f2a,0x0000016a },
      { 0xebc71a5d,0x6918f8e8,0x85405233,0x49141a42,0xc182cbcc,0xd63f09cc,
        0xe09057a7,0x4afe59d3,0xe239d8eb,0xe633db0d,0xfd9494b2,0xbac8582d,
        0x4704fd61,0x8b915a41,0xfceaefd9,0xe0866a9d,0x0000010e } },
    /* 57 */
    { { 0x52e07a4d,0x2b50c470,0xe5d745d0,0x7f6d38b8,0xe1af1226,0xb414c47c,
        0x39c505f7,0x03e4b44b,0x86f739be,0x59f3d795,0xe7c2f1bc,0xca19bca7,
        0xc063fad4,0x1c51c01e,0x7f428afb,0xda3937a5,0x00000080 },
      { 0x102369fa,0xe9d8ca9d,0x706c0e35,0xe009bffb,0x96b55d80,0x2e0a19a7,
        0xac0d094c,0xda0e42de,0x787c187a,0x6c1be2c5,0x9cfa04b6,0x6d4ae2cc,
        0x76577340,0x5b0cea60,0xc7c96285,0x2d525245,0x000000d8 } },
    /* 58 */
    { { 0xae93de69,0x6dcb238c,0x3bfdae9b,0x4963c833,0xe8b79836,0x33c81f4d,
        0xae8bf8ae,0xe13a2244,0x4c3ebacc,0x0bc6e786,0x555a5ad6,0xa837a53c,
        0xbc7e9459,0x875d8d35,0xf9f46fcd,0xb3705534,0x0000001f },
      { 0x7fb974a1,0x78e9270c,0xe9ed2481,0x23448fa0,0x64bffbd4,0x14166c3d,
        0xd79f4b3c,0xa05aa443,0x3b9f32a0,0xd855a4f1,0xac90235e,0x4bebcf8d,
        0x8db52b48,0x65849987,0xe48d09d1,0xaa4d59f1,0x00000183 } },
    /* 59 */
    { { 0xdbffad9f,0xee585d75,0xf419d8fc,0x64df6174,0xe6c69345,0x6f73bf59,
        0x83d59b0c,0xb80793d1,0x929c8950,0x6baf4fc3,0x29962bab,0xbd445a95,
        0xeaa91273,0x52b61945,0x3d1c785b,0x4fccdfff,0x000001be },
      { 0x7cb2857f,0x05c384d9,0x06b7abf4,0x4cf83058,0x43ace6b2,0xf528dd17,
        0xbc43d6b6,0x2c7b8fa2,0x14e564b9,0x8f0e28bf,0xd2b9f01a,0x1b69bc73,
        0x3dd383e6,0xab8beb40,0x9791946b,0xaccea0c5,0x000000ae } },
    /* 60 */
    { { 0x0163c2de,0x9a68baee,0xeb2768a4,0xc42d0b2b,0xffdae767,0x5686f124,
        0x0aaca943,0x926da5d5,0xe01091cf,0x699c34ce,0x5324becd,0x3d254540,
        0x4193a0a9,0x1b6b58f1,0xd611cc9d,0xf144925e,0x0000014f },
      { 0xc1ed9259,0x7f61a60c,0x2f1d5a7f,0x1be37aa3,0x07aef431,0x0384713d,
        0x4e6fa7ba,0x99f33d49,0x8bd3730c,0x43928c16,0x5b9557dc,0x73cf8ccf,
        0xd1a2bee5,0x0bc6d460,0x83b15610,0x27cd1943,0x00000145 } },
    /* 61 */
    { { 0x3427af4e,0x4be65135,0x310d937d,0x2e6c0bb1,0xcaa671c3,0xbd8ea76a,
        0xd3a9c376,0x9d7b3fd4,0x471709aa,0x124ce863,0x018051c0,0x225ce41d,
        0xf9e8ee1c,0x5489284f,0x535c4ec8,0x22d829c9,0x0000013d },
      { 0xa1b15e02,0x6b01ed9d,0x301e5868,0x1d092bac,0x5764135b,0xbfa7a183,
        0x6f7159a4,0xc0ee59b7,0x18090d0d,0x9171a051,0xb8052196,0x5c1531bb,
        0x20927904,0x740930fc,0x76337685,0x963b48cc,0x00000008 } },
    /* 62 */
    { { 0xf4aaaed5,0x0fe8b620,0xfe871ee8,0x1068de7d,0xfebfcb4b,0x2b22030f,
        0xc3a2155b,0xd4dfbee7,0x2769b805,0xa7a26a8c,0x6d39eaf0,0x377de770,
        0xf615f032,0xf1a92447,0x42d9b731,0xa1b81a84,0x0000012a },
      { 0xb1152e8f,0x299e67d0,0x92b5e14c,0x2e773d97,0xf1cb57a2,0xe0d81073,
        0xbf1da4a2,0x03af0a9c,0xc22b449a,0x169b160e,0xdd2d7d1d,0xb82c1ac8,
        0xbfc98ee4,0x7508aca6,0xe3cbea15,0x54992440,0x00000150 } },
    /* 63 */
    { { 0xa13a4602,0x70004a0a,0xd0d2c60e,0x505c71a3,0xa6d79bc5,0xa4fe2463,
        0xd54d9df4,0xe878eb3a,0x73d3c7b8,0x7ecca907,0x244ecfa5,0x5b3bb278,
        0xb124d179,0x8a30f61f,0x4f632af0,0x5b7e5001,0x00000115 },
      { 0x9ef0021a,0x62c42ecc,0xf856c9d4,0x58017fd7,0x2e6478bc,0x10e243b8,
        0x1505a4db,0xaf074669,0x4cd7eea5,0xd9bb0a1c,0xd52aed0a,0xe8ba39a2,
        0xb549f09d,0x0747449a,0x9e57fa64,0xd5c8f7bd,0x0000013f } },
    /* 64 */
    { { 0x5a53c22b,0x1bd8ce7b,0x7cab446a,0x78733fcd,0x48acb394,0xc44ca4e2,
        0xa38c790f,0xa9888b1e,0x15c34237,0x36afb6eb,0xfb702063,0xb913b8a8,
        0x917508fa,0x34b77cc5,0xf9e4732b,0xa931d7a7,0x00000050 },
      { 0x56d21d18,0xa90a4290,0x55b410a1,0x82666307,0x894a6b05,0xb4684a8b,
        0x828cf75c,0x8a1ade63,0x127702a3,0x4fb2f85a,0xadf7b709,0x83ff7d05,
        0xa68d1db6,0x1d3f5a92,0xc093cd5c,0x243ce1db,0x000000f5 } },
    /* 65 */
    { { 0xd37d7891,0x8fc183c3,0xfd865eca,0x17b50149,0x8f218441,0x0f6e43d6,
        0x5a07f658,0xaf51ec25,0xad303202,0x8fe5a6cb,0x10676ef5,0x95de68f3,
        0xca4e000c,0x7508e31f,0x77735254,0x783e5a95,0x00000159 },
      { 0x2e537ad9,0xbc1db571,0x35be9cf7,0x5e87112d,0xd57f9bcb,0xbb522b48,
        0xa8b3cbc7,0x1eff7890,0xe5ecdb5c,0x4f306e11,0x3387e7ed,0x30da8392,
        0x72321e3d,0x4d91fcf4,0xe412a67c,0x8487bb62,0x0000009f } },
    /* 66 */
    { { 0x8cb8e08e,0x86f5f80f,0x2496fed6,0x7cfd2c41,0x60b7dcdf,0x0061b743,
        0x57f4d05f,0x4dbaffdf,0x458061f2,0xb1993c2a,0x9de994c4,0x6c6ca8d0,
        0x2747e062,0xef70d24d,0xb9995cbc,0xd4e5d4e3,0x000000ff },
      { 0xc6f40077,0x3171e245,0x0723e506,0x1592e045,0x6a6bfd88,0x35c86f7e,
        0x6d9d9ce0,0xba0959d1,0x3eb5770c,0x2e7f8fe8,0xc40d63dd,0x58eb0881,
        0xeb9e4419,0x56333bda,0x3afd1f4d,0xfb0397df,0x00000034 } },
    /* 67 */
    { { 0xb358815c,0x7b84e05e,0xe41087d9,0x3abcb2d4,0x07f05d7a,0x87a75889,
        0x7a9d481c,0x350778d5,0x42d64cbd,0x9d34cff8,0xccf289fe,0x0859cd5a,
        0xdd2b2c6e,0x8372d591,0x18b40b62,0xc06d482e,0x0000006b },
      { 0xda4ed375,0xd10695a0,0x298daaea,0x51baf588,0xf4b7092c,0xb028a1b4,
        0x7a335b35,0x8ab87dae,0x0567efd8,0xa7359362,0x3320c374,0x7a49fc10,
        0xa3558b30,0x737acac4,0x4c0fce9b,0xd30696a3,0x0000001e } },
    /* 68 */
    { { 0xbd3902fe,0xd9550ab0,0x86a9d3b3,0x9bba4b4b,0x975cac37,0x3a59e0a9,
        0x333605dc,0x045e8731,0x1afc2c58,0xf2c598c2,0xeef9cbf1,0x81ff8d6f,
        0x9bf83c42,0x82bed5d0,0x528131d5,0x9d1d9d5b,0x00000157 },
      { 0x5519258e,0x687da305,0x027de2a8,0x73f539f9,0xd6a230d6,0x69fa9747,
        0x5f5d1684,0xab1aeb23,0x5f7e41f5,0x5bbfe947,0x16a7feb3,0xbd546abb,
        0xe16d5187,0x2afbd4e8,0xbcc953dd,0x7437be13,0x00000160 } },
    /* 69 */
    { { 0xee9755a3,0x55f165a9,0xb82c9ab1,0x0c8d5a1a,0xab6b97e6,0x65a1e45a,
        0xab05e271,0x3004cdb0,0x6db0830f,0x9e0c3b52,0x75acbdeb,0xaae1ec1a,
        0x761e8498,0x413d4484,0xb1b9c62e,0x589e09bb,0x000001e9 },
      { 0x9c72258d,0x67512081,0x5c1593d4,0x61dcd734,0x91c11fdb,0x6c627a7b,
        0x8857908e,0xd1d3e9bf,0x530bc68e,0x9aac06fe,0x6b5b44ff,0x125c16bb,
        0xdb90edd5,0x38860bb6,0xfbbedb5c,0x96fe8b08,0x000001aa } },
    /* 70 */
    { { 0xf257c0f8,0x323a5dd8,0xdd3a10d9,0x4884dc92,0xbbb8ce03,0x03f379ce,
        0xa47262a9,0x6217ad53,0x52e06c6d,0xa1df2017,0xc32428cd,0xf5b723e0,
        0x2c30c62c,0x1e5d3889,0x477f82cc,0xd9a90f1f,0x000001fd },
      { 0x1763ab59,0x830d27ba,0x723783e9,0xcf27d93e,0x945968aa,0x81558264,
        0x1700d5d5,0x63251a32,0x03146d9f,0xcf6bbe73,0xe65bf0f2,0x6cdcf455,
        0x632323fb,0x80aa00ce,0xd96a4744,0x6e49e62c,0x00000149 } },
    /* 71 */
    { { 0x40574c09,0xbeff0b7e,0x3fe80e96,0xb76f2643,0xeb237d91,0x0b3bd352,
        0x7edc3102,0x3c0c62b7,0x424a36dc,0xf989394b,0x7c6c435e,0xe9ea64c2,
        0xe388d076,0x2dfc21c4,0xa4e69e4b,0xcc3852f6,0x00000139 },
      { 0xbb096b91,0x5238a3ff,0x73d8d43e,0xee72c9e5,0x8c577558,0xc116db11,
        0xdc47d4b4,0x54ec89d2,0x42e1955f,0x2006dd35,0x7437475c,0x004aed6a,
        0x2bee9041,0xc1ddc32a,0xed9332c9,0x597417a2,0x000001fb } },
    /* 72 */
    { { 0x859bae66,0x3c0f1981,0x845d7c1b,0xab48e9b1,0x452a3c1e,0xc6ce9c03,
        0xff810339,0x2384a00c,0x5f98d6fe,0xcd7ede11,0x38a0dd5b,0xf7a00e3d,
        0x3c7e1c06,0x56dd948a,0x8e53a61f,0x9d21a7d1,0x000000d0 },
      { 0x880eb3fb,0xf9cfdbaf,0x5e83f7c9,0x64cfd297,0xa28a74b4,0x61ba7d6f,
        0xdfb13e03,0xb8200d5f,0x232a6128,0x03bc8f4b,0x81a8d86e,0xd1fb92c2,
        0x706d6ea7,0x68675fae,0xefab18c2,0x9b08608a,0x0000011d } },
    /* 73 */
    { { 0xbbd2f539,0x17cf6146,0x76e26ba2,0x96052fc0,0xd4be4a67,0x36821d18,
        0x9f3f39a8,0x8f823422,0x433f873a,0x68b846b9,0x716f4568,0x7a1d3f36,
        0x2fd47750,0xdf603e28,0x6975e226,0x77cb02c5,0x00000003 },
      { 0x8c01dd59,0xf275add3,0xb9c1a37a,0x9c213a9e,0x4dfc5403,0x690ad104,
        0x07ee0d86,0x202ee206,0x661fc40e,0x896ede95,0xd0b02f56,0x6b4d7398,
        0xe5af1a24,0xccb96991,0xc13f7125,0xd5c281af,0x0000009f } },
    /* 74 */
    { { 0xd7073a5a,0xc858c54b,0x861eac7d,0x87c81a5c,0xe720201a,0x51f84a39,
        0x40e003ce,0x952a9f8e,0x58f199de,0x76bdc4ab,0xd56cc02b,0x1cf12322,
        0x83f162f3,0xb6634e63,0x8f969e11,0x84c017ee,0x00000169 },
      { 0x5c89f1fa,0xf1f43362,0xb697b078,0x4a02a630,0x4b05b7f4,0x33311e5c,
        0x4fede4cc,0xa7ccae51,0x4b025aa4,0x0d26e874,0xf84db7ad,0x7d5b77bb,
        0xf571c1fe,0x39ef1aa8,0x418ccd20,0x65eba928,0x0000018d } },
    /* 75 */
    { { 0x8abb2537,0xa37866ab,0x65b3096f,0x14ac4cbb,0x2a428ad3,0x827fa7ed,
        0x10e9e196,0x95d19f62,0x89801b4e,0x31eb97a0,0xaae8b823,0xaae77a62,
        0x5f5c9642,0x9693d62a,0x3e368b84,0xff5bfe97,0x000000ad },
      { 0x492b0dee,0xa3efae21,0x9602c2ce,0x2143e9ee,0x6f3b99e5,0x21367c99,
        0xe93b8f59,0xdd78b2b0,0x1064c13e,0x8d541c38,0xf5738e7a,0xe6b970da,
        0x8373b1a4,0xaf6ecc16,0x74ae208f,0xdbfa3f4f,0x00000180 } },
    /* 76 */
    { { 0x907a6aa0,0xb024621a,0x407879f6,0xef56cb68,0x8168a934,0x44c38b68,
        0x9b9a9048,0x70d638d3,0x82541f20,0x6968caa0,0x1fc88b50,0x0c597053,
        0xaf635784,0x5564ded5,0xc4d494cf,0xe7e898c7,0x00000097 },
      { 0x6b6ebb2f,0xe1dc98d9,0x7aa9e126,0x292a17fc,0xfa2a2c68,0xb60f0fdb,
        0xb2e1851b,0x9c63270c,0x81ca4cfe,0x898db265,0xb11959d5,0x94082638,
        0xa54b8d19,0xe44f308e,0x44e63094,0x96399eb8,0x000000d6 } },
    /* 77 */
    { { 0xb83769ee,0xfa00f362,0x3efc4cb3,0x72d040ac,0x57abd687,0xc3933889,
        0x940a7128,0x62264425,0xec242a31,0x909c4c8f,0x65a1a551,0xd1e48f1e,
        0x049c2172,0x68bd70f1,0x709b7fd4,0xc8692d2b,0x00000041 },
      { 0xdf816784,0x4e388aa1,0x01be75ce,0x4a58c8a5,0x02a67812,0x9b49dffb,
        0xeda721e0,0xa73299e0,0xe67a65ec,0x8a0bd1f5,0x856c71b6,0xd81e91e8,
        0xc005aa30,0x37aee2f4,0x0595bbf2,0xd9400750,0x00000073 } },
    /* 78 */
    { { 0x010c0ef3,0xa912ac4a,0x4e81b1a0,0x0e654bd8,0x4f353509,0x8f0563dc,
        0xb47d189a,0x10dc41f3,0xf238c09c,0x122edd06,0xc41acf67,0x224c16af,
        0x83758520,0x1ccb9334,0x2275ae6f,0x1a4b5f29,0x00000127 },
      { 0x3ce688b5,0x792fd473,0xdca9c68b,0x14566d37,0x541711d0,0xfce9326e,
        0x3cc341a8,0xe3ba14ee,0x2122c11f,0x6b8ab4cc,0xf5d379b5,0xc0fa763b,
        0xf1522f91,0x95e2d2ae,0x31cf95a5,0xd4e21b3d,0x000000ac } },
    /* 79 */
    { { 0x1d8e061a,0x4013a779,0xacc84a30,0x62707e70,0xeb2f636a,0x6ac08266,
        0x77b25c9d,0xe917ea21,0x70ff35cf,0xddb78bbd,0x041898be,0x5008db2b,
        0xce0ae445,0x0f58a4fc,0x2257d0e7,0xed092397,0x00000043 },
      { 0xe2e129e6,0x2cad77b3,0x0f1be4d7,0xfb8c4a87,0x20056333,0xaee50dff,
        0x2a691543,0xbc2658c1,0xb8fe2640,0x95dc0cca,0x1965a0af,0x694eb584,
        0xedd1d99e,0x7d3baa53,0x8a1edc87,0x2df13b20,0x00000083 } },
    /* 80 */
    { { 0xd181c3f2,0xfead2247,0xf337b23f,0x915d35be,0x74890672,0xdb4cfcba,
        0xfda7a3a1,0xe4f70d8f,0x79275686,0x226b6419,0x6ff1f79e,0xe8040863,
        0xcf5fa4e8,0x98e84b39,0xd8a09f60,0x57aa0be9,0x000000da },
      { 0x4efcea66,0xd40cecf5,0xafc76fae,0x98df2aec,0xc91585a8,0x63f19a48,
        0x13f00aa5,0xb111bda7,0x44b5cb9f,0x6687afab,0x652620d1,0xc6d5fb12,
        0xbacb35ab,0xaf953f1b,0xff94c4d2,0x99709370,0x000000ed } },
    /* 81 */
    { { 0x68b54c89,0xac9f56e0,0xce737c22,0x08ecc17d,0xab089b53,0x208ee83f,
        0x543fbd1b,0xb0f3a129,0x844dd706,0x1b204cf8,0xdec2e40d,0x80975c89,
        0x9399914a,0x08b011ae,0x74674df7,0x6b4ba170,0x00000017 },
      { 0x8fdfc175,0x71216ea9,0x7e0f5b0c,0x77b7fc63,0xceb33a34,0x88d0285f,
        0x0223eab7,0xb679814f,0x51c6d922,0x9078720b,0x9c13f51d,0x5859d5a4,
        0xfaed60b5,0xe69f850b,0x6d0ccab2,0x2499a844,0x0000005c } },
    /* 82 */
    { { 0x73e7bcf1,0x41d581fb,0xdd3c17be,0x16dde61c,0xfa199fd9,0xc62997ec,
        0xc159db97,0x1a758873,0x64132830,0x4ed77896,0x2942a918,0x9672ce89,
        0x816ba4bb,0xf3ee4587,0xce54dd7f,0x4fb7a148,0x00000123 },
      { 0xf009be8c,0xf05d80af,0x78df1ba1,0x62e938d7,0x312de620,0xa7e22e84,
        0x6070c4b9,0x48d29e7f,0xa1b5da37,0x5cd9c3eb,0xa4717453,0x1e51bd2f,
        0x56ab9e67,0x94098ab0,0x49f7c6a1,0xbb584abc,0x00000049 } },
    /* 83 */
    { { 0x1ea470f7,0xa9f25530,0xe9254e30,0xa01bf808,0x71a0038d,0x098569ea,
        0x5913ca87,0x0d2b2ee1,0xb8281fdb,0xae17004b,0x118e5c2a,0xdb5c6eb0,
        0x1fa943ab,0xa56ac64c,0x1a92d501,0x1aaf6477,0x00000053 },
      { 0x06345730,0x9679ef49,0x846f37c2,0x946aaa4e,0x1a7c3aab,0xf81726b0,
        0x8166df4e,0xcb808da2,0x4e04dc3e,0xe9fb3fc2,0x76ec19b4,0x9e0b61db,
        0xeed6d13e,0x6e7f665e,0x86a75384,0x70ed8c07,0x000000e5 } },
    /* 84 */
    { { 0x108ce13f,0x66456e58,0x0e397813,0xb5bfc58d,0xea3949e9,0x04b6a84b,
        0x75af667d,0xea9b66bc,0xa891566b,0x7cb4d6dc,0xbf61595a,0x1b3cecf0,
        0x002e2520,0x4312c73d,0x6135a5fa,0x81d76898,0x0000014b },
      { 0x841078ec,0x4047bc25,0x179c454d,0x75aa9c96,0x4851f8fc,0x6a160609,
        0xce34091f,0x998d4e3e,0x88e54102,0x9a9f6704,0x5da8ac5e,0xbf280f88,
        0x8fec230c,0xc64caca0,0x5094b775,0x0ac864b0,0x0000002b } },
    /* 85 */
    { { 0x8f5daf7f,0x6b606e39,0x10927506,0x48385489,0x08c58a72,0xa2255c5c,
        0xc90f3ee3,0x2f362fd0,0x08795f02,0xc9633af4,0x0425f5aa,0x71710bd1,
        0xec06dbfb,0xc2017e05,0xc1b8bbcd,0xd9c7dc82,0x000001c8 },
      { 0x18b8bed9,0x7db41fdf,0xe3a23125,0xe9483308,0x7291c4bb,0xbcf91de7,
        0x41448aaf,0x9b0b972b,0xc44da462,0x95dfc633,0x01bf50a2,0x90b9c463,
        0x869e3131,0x18b66f77,0x121baad9,0xa8a4e2fa,0x000000f5 } },
    /* 86 */
    { { 0xca0251ea,0x8ca55109,0x27a6c9b0,0xf2aeed8b,0x5620f528,0x901a8beb,
        0xae13fc56,0x9a8421e8,0x85993c07,0x1349f1c4,0x0d1ab0d7,0x29e08359,
        0xaeb5d909,0x96e2929b,0xf599a66f,0x96c2f1f8,0x000000ce },
      { 0x12be8bd7,0xe4bc4b51,0x3c67e99b,0xf4846a0f,0x4d3a3864,0xd89cc7d3,
        0x73f43981,0x1f647112,0x26dce567,0xc32bc324,0xf02b096b,0xf7134ebf,
        0x0d0682b7,0x5604f00b,0xe3ce8b59,0xfd23d7ea,0x0000011c } },
    /* 87 */
    { { 0xa27689a6,0xf89646cc,0x5564172b,0xd6a7dc43,0xb57cbfcc,0x30bda48e,
        0x5b1adfe5,0x9b11fffb,0x711d8bf4,0x9f2d80db,0xb70e5a5b,0xe879fdf0,
        0x6bd18a1d,0x97534183,0x8cbfd504,0xc8c526bd,0x00000114 },
      { 0xef7388bd,0xd5fe725b,0xe7ffaea7,0xf1c3dbdf,0x7e6de2ac,0x78395b89,
        0x9ebf1bfb,0x81a72c9a,0x69785146,0x65265707,0xf52670af,0x3925ecd9,
        0x83d57d48,0x437bcdd2,0xc80ecb02,0xb5d732a7,0x000001ce } },
    /* 88 */
    { { 0xcfd376d7,0xa7f9fcce,0xa66b084d,0x6b4eab3e,0xd5b91bd8,0x6ac90d08,
        0x8aa304d8,0xaa3d5b7e,0x7f866a4f,0x27f3d42b,0xbb813ae1,0x95d19fa8,
        0xe34a9206,0xd38798d7,0xa32c1cdd,0xdf7c0a69,0x00000073 },
      { 0x38315b16,0xbe2c01bb,0x9e18c8f9,0x1daa7c89,0x08b6b853,0xa3d43fb4,
        0x68092a81,0xb159e48c,0x836faad4,0x77e93d9e,0xa4699730,0xd4ed6361,
        0x6297e476,0x569cb3f6,0xe7811fa6,0xb69d8183,0x00000185 } },
    /* 89 */
    { { 0xab9cb764,0x18f27eb3,0x8ebc1d6d,0xbbbefc21,0x0479aa79,0x47760ddb,
        0x09e542f5,0xb4d16d24,0xbc699b96,0xe35c38d1,0x8c8d8c8a,0x13b2ae25,
        0x67a3a45d,0x8579c152,0x6c554c04,0x773b7357,0x000000d9 },
      { 0x0218c299,0x9620a473,0x99f78a33,0x69be29b3,0x484f414f,0x4684a009,
        0x9a2ca4d4,0xb2c74937,0x68db7ab3,0x09c0773e,0x935c357f,0x6181f059,
        0x8b7de3f2,0x0931303d,0xe0fb6e08,0xf3effcd0,0x00000060 } },
    /* 90 */
    { { 0xb25d6530,0x723c14be,0x9a97d40f,0x5e015b39,0xfbf7f622,0x209c3c4b,
        0x14b4f0f1,0x83d8c59c,0x3f7e8ecf,0xcf002fde,0x1eb1ef0f,0x35d353c9,
        0x201f0c60,0x394c42a5,0x7be8ee34,0x787128ab,0x000001b5 },
      { 0xb70110cd,0xa0937d3a,0x477911b5,0xe0fa4efc,0xc53a4c19,0xc6acaf5b,
        0x38d509f2,0xbd3010f3,0xe54ac1c6,0x3ee2a82b,0xe4f2a3bf,0x31ea67c3,
        0xf089c7b9,0x7a4ca66e,0x34a2362f,0x5bda2c4f,0x000000b0 } },
    /* 91 */
    { { 0xd1f575cd,0xb424a071,0xa5237182,0x15693b01,0x9a2c9d40,0x14133602,
        0x9c914a60,0x50c4348b,0x095b31c1,0x9024573d,0x22fd4962,0x6f975fd2,
        0xe210b277,0xa1704886,0x6dba937b,0xac29b813,0x000001f6 },
      { 0x775da491,0x09edef55,0x2b6aad82,0x25953f9e,0x1bb40d5b,0x6696a106,
        0x4d5127d8,0xcfc45311,0x81ead062,0x2f21dca9,0xaf3b7123,0x3f3e4f07,
        0x9646f20d,0x12cd06b8,0x6910f5bb,0x24136369,0x0000015e } },
    /* 92 */
    { { 0x3ecfc44e,0x0c844fd0,0x5043b3d5,0x4095f2c8,0xc9bd059a,0x9a5fe7db,
        0xf65becdf,0x239328fa,0xa67961cd,0xe3102471,0xbbb5dfdd,0xea9e39bf,
        0x133dc5ba,0x8022b6d0,0x5f12c379,0xbed7aa9b,0x00000141 },
      { 0xfd94d941,0x096f0059,0x7d4ff018,0xfc6e9f00,0x779f05e3,0xe63af598,
        0x00483c99,0x4c40f0b3,0x72a19870,0x04d2feef,0x464a4a71,0xdb773b5b,
        0x49367f1e,0x00b6770f,0x2a9fbd2a,0x4f7e0301,0x00000169 } },
    /* 93 */
    { { 0x8a9095fd,0x0df5dd73,0xd3ce857a,0xc4b7a021,0xe5edc767,0x90aa796b,
        0x180a0808,0x56497eff,0x66f10aab,0xb9856e1f,0x39879766,0x31298824,
        0x3ba80601,0x61748cf7,0x555da929,0x07d9076c,0x00000012 },
      { 0x1c44394d,0x0b049a01,0x0ce49e45,0xf5f25ef7,0xb1694265,0x1e3a09f0,
        0x109b33f8,0x2c5bd9fe,0xa30932e4,0x07f2a43f,0xc6cf8af2,0x736abfca,
        0xf3366722,0xadf7fa04,0xfa9d26b0,0x2f1e92fb,0x000000e0 } },
    /* 94 */
    { { 0x63be4d4a,0x9524e4a6,0x66f3cc91,0x1fa57bed,0x7e7a7ccd,0xdd7c93fa,
        0x88c5d1d3,0x70e8cf6a,0x3f251f1e,0xb257997a,0xe3554cf5,0x0a5ec58e,
        0x065a7109,0x68d268d7,0x085089ea,0x7c23d4d2,0x0000004c },
      { 0xbd52d132,0x63ae575b,0x38c81cc5,0x0fb8daa7,0xe4e63b99,0x096a6e51,
        0xb239d387,0x51d6b366,0xa5d49fed,0xed5f8874,0x43a8c07a,0x025091d9,
        0xe4686ae2,0x100f845a,0x7eb4ef5a,0x1af59d74,0x000001c2 } },
    /* 95 */
    { { 0xdd441308,0x5f7bc01e,0x86308890,0x0dc34944,0x759611cd,0x2af38a74,
        0x4c23ce66,0x11a71261,0xf8bafed2,0x37f317b5,0x4c93e079,0x4efbb9ff,
        0x8ecc52cf,0x880f0edd,0xddc9d82a,0x480cdd2c,0x00000028 },
      { 0xc3f807ac,0xe8f1ca0d,0xbd070549,0x6a3e4fc2,0x91f8bb6c,0xad3d0a14,
        0x3d6dfacd,0xe3ee1cfd,0x5fb46ffb,0xee46b1b9,0x7dd5cfbc,0x5207b3ac,
        0xb1b8e8b7,0xd580c0d9,0xc7bdd11a,0x52c669f4,0x00000084 } },
    /* 96 */
    { { 0xc0ace6d5,0xa42b4747,0xbe7287ad,0xd5acb64b,0x89bc2614,0xf3304899,
        0xff05c71e,0x817fe836,0xd35ac450,0x772eb246,0x375a9c3c,0x7f5fc216,
        0xcbc0d6fd,0xfb6f9e1a,0x720e9733,0x7643c315,0x0000009a },
      { 0xf3845ccf,0x4b2216b4,0x90bc05bd,0x9c174e80,0xd6049037,0x7a550c74,
        0x6358c806,0xbd7220a1,0xaa677b6d,0x838f9c41,0x66e2e08e,0x37332c19,
        0x496f6da5,0xb032875e,0x9c30630d,0x52b274cf,0x0000000c } },
    /* 97 */
    { { 0x8ea58beb,0x6ec2e782,0x3665fa48,0x2b404c1d,0x20b40ff0,0x546d5fad,
        0x29d3e6a5,0xfb5df7b6,0x66c81991,0xf186846d,0x6e2cfe3e,0xbe690bde,
        0x1410d16b,0x97aeb9a0,0xbacc8e92,0x59d81548,0x000000cb },
      { 0xbaf66a23,0xd905d3ad,0x40dfb081,0xc3337387,0x4b00f432,0x6d5535de,
        0x07d3a03e,0xe17fe8e8,0x066bca80,0x29544ff7,0xbadffa55,0x60c2b96c,
        0x45a26ea4,0x9f018d94,0x24a34ffc,0xd5438167,0x0000011e } },
    /* 98 */
    { { 0xbd7f8a61,0x62a873fb,0xbbe580bb,0x5e18cd71,0x667f6980,0xfd5c9eb3,
        0x571d3dc0,0xab8d4f61,0x783f9bc8,0xe2e45215,0x24398b14,0x36c3774b,
        0x74d811b5,0x2db4a363,0x2debe3c3,0x9f7f1297,0x00000138 },
      { 0x798fefb2,0xbb97f21c,0x107baa72,0x9c76fcb5,0xfadbb568,0x12fbf760,
        0xd33ea6c5,0x1a648be7,0x236134a5,0x412a2993,0x8985893b,0x4a3d8169,
        0x3e66ada4,0x6144958f,0x7687b457,0xb4dfc79b,0x00000140 } },
    /* 99 */
    { { 0x7abe5bb9,0x83b14570,0xe51d81be,0xae0cbfd8,0xc9827aff,0x20dadf49,
        0xa687b554,0xc3a72548,0xeeb41733,0x080263fb,0xd3827c63,0x7014fdc3,
        0xb5e3b70e,0x7d018f84,0xfbcf7168,0x1d483e00,0x00000015 },
      { 0x6b578aa3,0x154e3c7c,0xd3043dae,0x511ce9b5,0xb6008101,0x55f89e9b,
        0xf405ac6f,0x4ec31112,0x2008ac7b,0x7e66a4d8,0x25c52fa6,0x73c00d39,
        0x8acac2eb,0xee1b9998,0x60b57453,0xdfa31d95,0x0000008f } },
    /* 100 */
    { { 0x251cf8d8,0xcc74a0e0,0x041f2bd2,0xd4d8949d,0x33ebce52,0x0b734a49,
        0x5c5bcdae,0xe1ac5f51,0x16200b93,0xd3ecdfcc,0xa793736e,0x2506a266,
        0xea6e6940,0x585a1c8b,0x9190f935,0x081cdd53,0x0000000e },
      { 0x53e28412,0x055f9956,0xdb27164b,0x0d1526f2,0x1df3adc7,0xcd5625eb,
        0xdd35dedd,0xd2c453ca,0xa838ffe2,0xed442849,0x5c0ce589,0xad20c137,
        0xbd99b609,0x2d5fba81,0x622efb07,0x5be41dcc,0x000001ad } },
    /* 101 */
    { { 0x8f850756,0x563af667,0x52f3b597,0x86d37aae,0x796842f5,0x10d38a53,
        0xf743f997,0xcdaaf99f,0x93f1a8ba,0x2fa755e5,0x409f7cd9,0x1af04e15,
        0xd6d0650b,0x63bf9a0a,0x55abfd9a,0x67b1cead,0x0000000e },
      { 0xb5f43178,0x3660a8e0,0x9cc35b33,0x56bd412d,0x880f6808,0x3d7bfa63,
        0x2e622c71,0x7f372d66,0x6ff82445,0xad7b7be7,0x8db04e51,0x0f2bde80,
        0x4bd15c8d,0xe1e781fe,0xb8e502f2,0x1f475bfb,0x00000194 } },
    /* 102 */
    { { 0xd63543ec,0x79482bf9,0xa117ef3e,0x985cb67c,0x160ccc63,0x8ac50638,
        0x729bdc1e,0x556cbed5,0xa22686df,0xd62ed97d,0xc81eb77c,0xb124cb5f,
        0x72fa2ed9,0x4d7b4f66,0x78335b96,0x60b29aa7,0x00000172 },
      { 0xa43df7c6,0x21bfc7b6,0xbc20706c,0x85acac23,0x345d9580,0xeb6f37bc,
        0xa32a08bc,0x9d8f20d2,0xd1953c5e,0xf08924f6,0xc4f680d0,0x7d25d7c6,
        0x2de9912c,0x64e6a237,0x52ce644c,0xda1c06c4,0x000000eb } },
    /* 103 */
    { { 0x411dd110,0x26677c5c,0x2c991c4a,0x0d6787aa,0xa45666d6,0x53be6a41,
        0xc15f9f15,0x73e716aa,0x0e0cc7b2,0xa93b863f,0x2a624ab0,0xa4057117,
        0x1a39c260,0xe5e7656e,0x2ef6f130,0xaf8d78b5,0x00000046 },
      { 0x70f38dff,0x796214b1,0x123a1105,0x3e35d828,0x957ed812,0x046a44d4,
        0x0da60161,0x618fa9ba,0x54f84413,0xe7cdd2a5,0x19ea95ab,0xf1c2563e,
        0xcb2a30b4,0xc4459e14,0x61ff9aa9,0xc748add6,0x00000183 } },
    /* 104 */
    { { 0x9de58caf,0x32981f39,0x8753ea64,0x05bb80fd,0x2d119486,0xc83f9f24,
        0x03eeb00a,0xf490cf06,0x7c73d79c,0x4037f251,0x724d461b,0x844209fd,
        0x272420cf,0x6b03f6d2,0xb3438fa2,0x6f4bd29e,0x00000152 },
      { 0xc389e51c,0x964d034a,0x6db7d98e,0xacda55e9,0xe913c583,0xb2ae97de,
        0xfeb03440,0x0793077b,0x9d461e29,0xaa16e378,0x043bf8be,0xb0a67533,
        0xba7d8c3f,0x9d749a42,0x6bb925dc,0x7c41e6d6,0x000000ec } },
    /* 105 */
    { { 0xc5da8398,0x2e9b345d,0xbb38c430,0xbc66841f,0x7c3bb47a,0xce3ac562,
        0x738d2cdd,0x8fbeb12b,0x68731185,0xd4bc2ad7,0xbbd4f4f4,0x9521db1c,
        0xfe4e1b0e,0x2a690cae,0x7bfebe3e,0x375215eb,0x00000194 },
      { 0x2edfd661,0x4cb234f1,0xed52c1f4,0x0149984e,0xd8f8f98c,0x32d27260,
        0x7be38590,0xfe76e4e4,0x95e8b672,0x5435873d,0xf2b00e82,0x916c397f,
        0xbad61eb8,0x3b9bf705,0xae131bbe,0x7ee90182,0x00000000 } },
    /* 106 */
    { { 0x93fbcb5c,0xd36fea9e,0x9fa8529b,0x382be583,0xfd611ba0,0x0b243125,
        0xcd8a2637,0xa59ae37f,0x3d8d4704,0xab78c60e,0x44c41b79,0x1bac243d,
        0xeda49cc5,0xc4001fea,0x83dc7e9f,0x988ea44a,0x000000f6 },
      { 0xf077f79e,0x4d90caa4,0xd9e2590d,0xf4d17601,0xd21b4b77,0x11debbb3,
        0x9037e1b6,0x031b3f60,0x135becf0,0xf113ed82,0xf2903dda,0xf6c01379,
        0xa6f19296,0x36bde7ca,0x9dbbad85,0x57d3b684,0x0000006c } },
    /* 107 */
    { { 0x9abfccb0,0x963fee38,0xb9676e63,0x6c6e2a24,0x84ba6d27,0xf8768f02,
        0x465853d1,0xc38ba3ba,0x1b8ab9b6,0x6e3ab36d,0x47a07331,0x01fc9742,
        0x25233f32,0xfdd41718,0xac61de7a,0x4dacfa81,0x00000021 },
      { 0xeaa3198c,0x365a9f37,0xfc8b99d5,0xcbe8a345,0xd4f5ecbc,0xa427f12a,
        0x0c237514,0xe841ff60,0x28a27b05,0x5d9e8c5a,0x62859ff3,0x2d377444,
        0xea8bde37,0x1c0460ff,0x29cf5bf8,0x0a0e49a1,0x00000181 } },
    /* 108 */
    { { 0x45843c3e,0x688203af,0xaabebae7,0x4601e303,0x624df62b,0x397b08f3,
        0xd21e5aa8,0x5687348a,0x9a242b0e,0x2cf12c73,0x32a76c6d,0xc848ed01,
        0xf52751a2,0xb72aa1c2,0x92c02d05,0xb63296c3,0x000000f3 },
      { 0xc6f3d1f0,0xce4b42ad,0x2f532b94,0x2f0dcc53,0x83443d9c,0x57813335,
        0xdc8dd9cb,0xb50118ee,0xee87192f,0x3039e1a5,0x557419c2,0x9977267d,
        0x30f96b0c,0x462efa4c,0x3cd3c35a,0x454fb796,0x000001f7 } },
    /* 109 */
    { { 0x9d153926,0x10f28194,0x82b57548,0x42e28c91,0x509e94c9,0x4b423b30,
        0xde9d6b57,0xc5acc52a,0x8b3ca314,0xaa746c39,0xc63d5bc5,0x0f4ea307,
        0xe1ccc989,0x425553a2,0xf76d9194,0x271198bf,0x0000008e },
      { 0x3c8e672b,0xc7900e46,0x3f2dfc27,0x703675cd,0xaf2163c9,0x704951f7,
        0x7aceaab0,0x74d69908,0x7e8d2369,0x482f21a9,0x813dc115,0xdcfbc1dc,
        0x04f6cd13,0x0ce2bc80,0x82bfaff2,0x2a54662c,0x0000003f } },
    /* 110 */
    { { 0x1588a8bc,0x0dcf41e6,0x210c52cb,0x6f48cd0e,0x758e7a45,0x338562bd,
        0x48b9b957,0x1600d54b,0xa6b89b9e,0x461df80b,0x098cc82f,0xf7fd4f17,
        0x14977147,0x167f01cd,0x6116c5f9,0xb1338511,0x00000048 },
      { 0x5d2617f0,0xdeb76333,0x6ecb8606,0x3f9a5772,0x1b91fce9,0xa93c032d,
        0x6c84b997,0xf7a4388b,0x823ca5be,0xbfe80225,0x35a32f6b,0x6f19c028,
        0xe3cb5c58,0xf26cd5ad,0x6d0c1dd9,0x7f5ddc77,0x000001e7 } },
    /* 111 */
    { { 0x6ee764c9,0x3c9feec8,0xb07c82cc,0xd1bec836,0xa005b142,0x6bf1b2e6,
        0x29e8a5ea,0x70ef51a3,0x3ffe241c,0x517d298e,0x72966c28,0xbb389e28,
        0x2c7acc76,0x3a2da8a9,0x732a21b5,0x902c9126,0x0000004a },
      { 0x8f7ce110,0x96c51b9c,0xaeb036f1,0xdcc33a87,0x0a6a59e2,0x82695098,
        0xe78db500,0xceaf26a7,0xc95bb030,0x82f3c384,0x24c42f42,0x6dd6e9f7,
        0x70ac4a0a,0x768dde29,0x03d22efc,0x4aedce4b,0x0000016f } },
    /* 112 */
    { { 0xeded03c0,0x077f032a,0x588ddd4d,0x2684a052,0x9a85be0f,0x6d09bc4f,
        0xe0b9b6bb,0xbdda0c7f,0xf2fb5887,0x19689c7e,0xec3cce7e,0xf8a96960,
        0x768d2ae5,0xb043d9d5,0xdb21219a,0x29c8081b,0x00000068 },
      { 0xde59f006,0x6bf872fa,0xcb97ef5a,0xc2b9ffc6,0x58ae7ef8,0x371915db,
        0xf4ccaa1f,0xc2e23ca1,0x89c27cc4,0x1af8c60e,0xc86bdcc6,0xeee5d7e7,
        0x9bd8de43,0x9225b47f,0x4b24f08b,0x53e7f463,0x000000b4 } },
    /* 113 */
    { { 0xe3048bda,0x54c496d0,0x43c3de4e,0xe2b67499,0x4c2d509e,0xac2049f7,
        0x543c5089,0xb01f691e,0x105a365b,0xcd9960a3,0x78b17049,0x34d93ffe,
        0xf82c9467,0x029f99b3,0x0161a755,0x785c5ea2,0x00000091 },
      { 0x953dbdb6,0xb455f978,0x97eca19f,0xea9e84d9,0x36d4d75a,0x473bd029,
        0xc15276fa,0xa9c17ca8,0x47c76356,0x9cf66133,0x039738d2,0x4a68360b,
        0x69733609,0xd3e430a8,0xe2b27f21,0x0ae532de,0x000001b4 } },
    /* 114 */
    { { 0x5164cb8b,0x68110e82,0x2552a67d,0x6979af4f,0x8d185527,0xe10d6d0e,
        0xfb64eac4,0xcf6c5787,0xac424592,0x8408163b,0xfce0d810,0x5d8fff37,
        0xda84c15c,0x8b284e49,0x32663ec9,0xed805567,0x00000010 },
      { 0x51f3ee9e,0x106f4030,0xb38adf1e,0x2e8e3ee9,0xa13d6449,0xd3c87a6e,
        0x80e1abb1,0x27b49f45,0x0bfd7298,0xc283d179,0xafc7a35f,0x8fe50fa5,
        0xade3ad4f,0x773da545,0xd9a21df2,0x78bfaae4,0x000001f8 } },
    /* 115 */
    { { 0xabad5678,0xae60d8e8,0xe600c25b,0x0afa72ce,0x4c288e21,0xb9d4e0b4,
        0xd254cf9f,0x64447f76,0x959e2ba5,0x1fb36bc4,0x2961132c,0x393c44d7,
        0xfc140f19,0xd7a8881f,0x8d096648,0x27a86128,0x00000091 },
      { 0x8a9e690c,0xb536c021,0xeab4fa15,0x85dcc521,0xb00ee54c,0x09af4423,
        0xaf3a8e48,0xb3793525,0xb7731d85,0xe1f36308,0x141cfb55,0xb5361d78,
        0xeffc4529,0xea41f29e,0x9f7d2634,0xcf5755b1,0x000000e8 } },
    /* 116 */
    { { 0xd212b398,0x01edb80d,0xd53dd373,0xd0396181,0x8a52fa95,0x0e086047,
        0xa7825e6d,0xad1e6432,0x330ece4f,0xe0185bc5,0xb078936f,0x508f7313,
        0x9e7f6ea3,0x1dc982fd,0xd5556b60,0xdbf3a602,0x000000e8 },
      { 0x279e05bc,0xc3763234,0xf44453d3,0x7f5f40ec,0x7fa30793,0x310c5f4d,
        0x108d7e22,0x5cffad36,0xc2a98bbc,0xf2f01ef3,0xd7d47f80,0x30ab1719,
        0xa9b22e1c,0x7bc9f918,0xe834df94,0xf53dc52a,0x000001f9 } },
    /* 117 */
    { { 0xc183f89b,0xf266b49e,0x5f5806d4,0xd3fb5f02,0x94ec3080,0xd30a42b5,
        0x371cd917,0x4b6b1940,0xb7f7e26d,0xf7541aab,0x2d5b7b64,0xe55269eb,
        0x7f8036c5,0x0e1a85c1,0xda5f2675,0xa0ff0f22,0x000001ce },
      { 0x3a8e11f8,0x602bd56a,0xf5f9ab54,0x29864021,0x0ccc92d7,0xc6742c5a,
        0x523f650b,0xd64569e6,0xf7fabfb4,0xc8e4681b,0xc3c9e6cb,0xb4275947,
        0x38f5ff20,0x2b3952d5,0x1f04aea2,0x818f8e38,0x000001b0 } },
    /* 118 */
    { { 0xe50d90f0,0x3be5bffa,0xf5011cdc,0x4cb3b11b,0xa691dfac,0xe10ca711,
        0x4ea1a773,0x62ec211d,0xe586eeb6,0x5a979ebb,0xa0c2f1fd,0x4df16ab1,
        0xc57bbfea,0xfe9e3f7e,0x5ae526f6,0x1b05960e,0x0000015e },
      { 0x8630e62e,0x1c8e04a5,0x6447e1b7,0x3d00310e,0x43b4447a,0xcf1e6b61,
        0x7462e7a3,0x92abb851,0x0002724d,0x8309ea08,0xe45296df,0x1d805d70,
        0x3d4ed812,0x0f3849b3,0x6834d44e,0x2d6bffbc,0x00000096 } },
    /* 119 */
    { { 0x48e07711,0xd13fe58d,0xd270a3b2,0x70f83648,0x8cdff04c,0x1517892d,
        0x51411f14,0x15bb6578,0x3e4f8a55,0x6c31cd90,0x0413362f,0x73f87152,
        0xeca06d4d,0x2fe025ee,0x954e317f,0x32a6e417,0x000000ad },
      { 0x69d147df,0x7e38c63f,0x710bf37b,0xb69bb06e,0x28d514de,0xb94debef,
        0x8d11c3d9,0x4b2307fb,0x0385c604,0x3b369df9,0xe7800e83,0x68ea2f49,
        0x7d501c1c,0xf028b258,0x5cef7818,0x97078221,0x00000055 } },
    /* 120 */
    { { 0x54c1d751,0x10c351db,0xba0f9512,0x81445301,0xbfdc8bed,0xa77eb34f,
        0xcf23680a,0x498d8138,0xe04f2860,0x928c14a4,0x16a5b6da,0x96192dba,
        0x5f9a9103,0x49dea95b,0x01724102,0x80dd4578,0x00000085 },
      { 0x0e09221c,0xe9072500,0xf21de056,0x62e05b21,0xe0e60950,0x448cafa1,
        0x6f775129,0x657fb97b,0xf1f34aca,0x5d2991bd,0x49ff15d6,0xa66cd5ac,
        0xd049ec79,0xdc1d6897,0xe72baea8,0x388fca84,0x00000067 } },
    /* 121 */
    { { 0xa6ef1dd3,0x6520b49d,0x3ba6cd76,0x391a045e,0xf33d5f48,0x9c84980a,
        0xef07474a,0xe53cf5b2,0x78bfb1ea,0xa35b2e9a,0xeda906fa,0xeca97fd6,
        0x1b9f2cf4,0xf1a93789,0x3ab28589,0x66753369,0x0000010d },
      { 0x73691faf,0x5b510496,0xd57ec618,0xdc73d3a9,0x930a8525,0x7e2921bb,
        0x40b05b69,0x094f571e,0x413bedca,0x5e96a017,0x8d1a6b98,0x9e7d4f72,
        0x3eade8b7,0x55143fda,0xd16e454d,0x859b8444,0x000000fb } },
    /* 122 */
    { { 0x7c667aaf,0x7c22083e,0x4a91ccba,0x33545cb9,0x8ca0e94a,0xca1e9931,
        0xe4eaa0c7,0xc3afff23,0x42f56844,0xa21ac436,0x60d52d0b,0xfcc68a8b,
        0x6a9301d4,0x401a585b,0x907abce1,0x547f762c,0x000000a3 },
      { 0xfbe260ce,0x63dd3ed3,0x80dc01fa,0x2717752d,0x6f1da3e4,0xd5fab75d,
        0x5261f10e,0x5f16864a,0xd20cd6bb,0xbe7b1f63,0x221ac656,0x9d638c10,
        0x673b918e,0x3137b8f6,0x4ada2fb8,0x23eb4438,0x00000174 } },
    /* 123 */
    { { 0x2a1fbcf4,0x194e27c4,0x5facd5ee,0x4c0d285b,0x915e6607,0x75c2ebdd,
        0xef0a6a9a,0x1e696510,0x067cf458,0x13c5afa1,0x7bee1fba,0x2be013c1,
        0xdad279e7,0x85a406d6,0x5142cf59,0x0042951d,0x00000031 },
      { 0xa22bbc45,0x6a735ec1,0x7f56f4d8,0x4ee5391a,0x236001de,0x305af9d0,
        0xaa2f8d25,0xa8b21851,0x187db78a,0x0e2c36d8,0xa1a888c3,0xcfcc083f,
        0xbd3e7d5b,0xb91dab7f,0xf4fdd023,0x62d85460,0x000000f4 } },
    /* 124 */
    { { 0x4972d703,0xf568ba02,0x39098a03,0xfc44ca1d,0xae28c855,0xe9b8e542,
        0x5b1b4536,0x4fd4f360,0x4c7f7e48,0x2e08b07b,0x2230823d,0x042f3b98,
        0x1889fd13,0xc9ffd313,0xc6c68359,0x56af0652,0x000001bb },
      { 0x06e0f16a,0xedbf05e2,0xd74644a5,0xfc1ac2fa,0x0f92c71a,0xe59a0a98,
        0x36c800a1,0x13ae37d7,0x236178dc,0x5f20efc6,0x2b46ef10,0x443a58b8,
        0x442509e4,0xc9517dcf,0x640ed9b0,0x7d0bb415,0x00000166 } },
    /* 125 */
    { { 0x3d22842d,0x3aa30a61,0xb3c4ece0,0x8c6e00f5,0x6df82b79,0x8764cf87,
        0x78d208c5,0xda92d86d,0xe788854a,0x0a52d391,0xa59b0994,0x499b26fb,
        0x04c5fc9a,0x5dc133ad,0x34e3f134,0xa5c09269,0x000001dd },
      { 0xfad6d673,0x6f0dcac2,0x00f3b3fe,0x6d8fdf05,0x631756e9,0xece71941,
        0x0a4d80e3,0x3990f493,0x31d13001,0xf2aca936,0x75581638,0xee91966c,
        0xe6dd5679,0x6df0f574,0xccd71cda,0xbe124868,0x00000111 } },
    /* 126 */
    { { 0x475cc1b4,0xf644c726,0x2b73978c,0x915fc2f9,0x0e3d7eb7,0x65a7e6d1,
        0xf40c38e0,0xbb44e21a,0xe1ad24fc,0x988662b9,0xc35606e5,0x270ba4dd,
        0x1a4f93f7,0xc3834a2c,0x3362a4d7,0x93d0c9a2,0x00000021 },
      { 0xf769fd7f,0xe2cb7b8c,0x89a213b9,0x1815da97,0x6b910fef,0x7b4f8c56,
        0x26931438,0x2088b309,0x925b37c0,0x477b71bd,0x26a640e5,0xa049a921,
        0xfd21c6ef,0xd3ddf1bd,0x232a56b2,0x9b5f9d7d,0x00000064 } },
    /* 127 */
    { { 0x679a9c35,0xd640adf8,0xcb74d796,0xcdad98e3,0x5f8e9daf,0x464b8ebb,
        0xad4a073c,0x4738614e,0x2edde557,0xbd86c0ee,0x576ce0b9,0x77331738,
        0x4095fb96,0x9b5d3327,0xee09aead,0x72f0aeb3,0x00000136 },
      { 0x64e54ba5,0xa388c76d,0xdc474d21,0x63fe7af1,0xb2a77081,0x7fa3e9d1,
        0xde1240ad,0x0447b49e,0xc720303a,0xd9f64b66,0xe6bd0213,0xb1c78029,
        0x0aa03ea5,0x1caf1c70,0x3bb85d2b,0x179180eb,0x00000103 } },
    /* 128 */
    { { 0xaf2ed12f,0xadbf4f9f,0xf380fd8a,0xce1d19e4,0xa39e81ae,0x0957bdb5,
        0x626ef6bc,0xf9833321,0x0cf5b28d,0x110ae5ea,0x20392cd4,0xab159450,
        0x6bc67855,0x67c49887,0xa3fd61c6,0xce7e5938,0x0000004a },
      { 0x28c7dea9,0x59c5b9ef,0x0a6a7184,0xd02f95ba,0x8202769c,0x034dc257,
        0x94dd6896,0x213b0b08,0xb5dea95a,0x03730b7f,0x617ca889,0xfe243ed0,
        0xfb1ba052,0x16cf4d17,0x226f96da,0xd8691d6b,0x000001c0 } },
    /* 129 */
    { { 0xbf8015c2,0xaa2edf3f,0xc49502d8,0xe7f8236d,0xa6a43157,0xe890f6e0,
        0xa2d04b0c,0x318ef325,0xa809dbab,0x9cc0668d,0xda67ca21,0xdd26937a,
        0x83febc49,0x8f27c12c,0x3c9b9844,0x87b3db2f,0x00000029 },
      { 0xfd2e3dc7,0x37e7aed0,0x7415fd55,0x498e8bdb,0x58a45f25,0xfc0d6c9a,
        0x209c85d0,0x83d5baba,0xd579e1ee,0x31ec8dc6,0xa502bfed,0x1f4cad0b,
        0x1f41bef1,0xc432e6ce,0xbbffca65,0x3b10afaa,0x00000191 } },
    /* 130 */
    { { 0x53053af7,0xbd9f7df0,0xb28a1cf4,0x60304765,0x7ce90438,0x441778fc,
        0xac8c5ddd,0x8fbed36e,0xfb59ec61,0x27b1313b,0xa1b1becf,0x9d2656ff,
        0x945973a9,0x334e1345,0xc362b595,0x3261888c,0x0000018c },
      { 0xaa7f6ff8,0xf413a414,0x3fab7c7a,0x092aeb88,0x7cc307ba,0xfa1d886b,
        0x2346100e,0xdc81c125,0x02140c93,0x93d4d273,0xe6104835,0xa1ed7e3c,
        0xdf1795f3,0xe2b91ecf,0x369ed416,0x160dc11a,0x00000191 } },
    /* 131 */
    { { 0x8b57d7cc,0x9a72f46e,0x4bf02386,0x3140b0e5,0x05b3a91d,0x886c396e,
        0xa4ec26e0,0x1b9ab3a9,0xc50f58e9,0x742feaeb,0x55e26af0,0x1592c608,
        0xbb1cd9f7,0x943cd476,0xc7f02c89,0x3ed97fd4,0x0000017c },
      { 0xe6d54964,0x53b02503,0xc6a318c0,0xd9bd1162,0x9cc28c22,0x18ff6cf4,
        0x03534640,0xa45c7840,0xb4cc0668,0x8ea3335e,0xf42dbe03,0x7ad727f8,
        0xfdf6c3cd,0xb157e911,0xec992d76,0xa7f894c9,0x000001b3 } },
    /* 132 */
    { { 0xaf09ea77,0x91e6e397,0x75dc25c5,0x26a760b9,0xb94a197b,0x8c040c08,
        0xb68ce619,0x041baca8,0x5bd23564,0xa19a0d15,0xd977b33f,0x86ca5b94,
        0xe5fbd029,0xf31f87f8,0xb1901f99,0xf76c55a6,0x000000b8 },
      { 0x3846ec9f,0x175bf8c3,0x9deaca46,0xf462205c,0xa3108df0,0x92cb5ec0,
        0xcfaed928,0x879db283,0x65049fb2,0x477dc004,0x96ee5031,0x48d24bac,
        0x56adce45,0xa7db6b16,0xab1c684f,0x0110cdab,0x000000fc } },
    /* 133 */
    { { 0x4d308bf2,0x151b66d8,0xd6638004,0x99013c9f,0xfd383bf9,0x6892df92,
        0x3ffc8efc,0xa10efd84,0x313ea287,0x527e316c,0x3a0df740,0x8ef6e3cd,
        0xf6ebd2a1,0xcb96e430,0xa70ee4ce,0xc1ebecf2,0x0000018c },
      { 0x1a70404c,0x80d14ad7,0xf9ce2a30,0x6ad21dd0,0x3aa3e072,0xb94cbcde,
        0x6363a690,0x0ab59611,0xc6b1e2b4,0xe70bff45,0x66ceec5b,0x1296dd0b,
        0x747757c0,0xd4cb2a74,0x3d7d91e8,0x08988ca6,0x000000aa } },
    /* 134 */
    { { 0xf8db0396,0xaa2dcfca,0xb422da76,0xe8ae8f37,0x96485724,0x652f8349,
        0x7bf1493f,0xf647c3c4,0xb0247a4e,0x8b600b46,0x7aebda8e,0xabf3e439,
        0xa7958df0,0x2e1d231f,0xf881bab2,0x38e692b1,0x000000ef },
      { 0x26cf3047,0x1f3c1689,0x59539858,0xdad14f94,0x293f20b6,0xfde85d1c,
        0xf57abb17,0x2ea5436e,0x1794de38,0x0d1a8ffc,0x2bfecd2f,0x9ba508e2,
        0xdb786042,0x110f0a7f,0x7cde31f8,0x2ade6f64,0x00000196 } },
    /* 135 */
    { { 0xfec78898,0xc996a537,0xde0fa77f,0x0b39de72,0xd34cb08f,0xf6d076ac,
        0xda78d353,0xacd8bb82,0xa0392cc1,0x5fe804d3,0xe581549d,0xab7adede,
        0xc067c6d9,0x883901a0,0x4ed93f37,0x5855ffa2,0x00000191 },
      { 0xbf9ebef3,0x29570e36,0xdf4b3177,0xe21046a5,0xa6816b5c,0xf9b89a95,
        0x288d0e11,0xadf39281,0x3979159a,0xd6baabe5,0x5c8fabb2,0x411afee0,
        0xe5c7af10,0xf192c3af,0xd7dce37b,0xaa72e81c,0x000000f7 } },
    /* 136 */
    { { 0x16c386ee,0x20fa3c0f,0xd4c09839,0xb33b0469,0x876a3136,0x79e0d722,
        0x3c406c06,0x343c0a92,0x4debe27d,0xef220e3e,0x196f00ea,0x09d7b1e1,
        0x24a9dcff,0x4a0f5dd8,0x99c1d085,0x53582ec5,0x000001e2 },
      { 0x5138c7ed,0xcc8ef262,0x6547f88d,0xdec43194,0xdd0a9488,0x2b6e53ad,
        0x8257ebdc,0xeb9f1efa,0x1f08c989,0xc583c6eb,0x40163768,0xf1736911,
        0xdbc20e3d,0x6282ff8b,0x9cbd514e,0x26b81005,0x000000d5 } },
    /* 137 */
    { { 0xa0025949,0x2449522f,0x0bbd8945,0xb26d888f,0xe637216f,0x33442f5f,
        0x472827f6,0xd8ec3b64,0x99fc2681,0x91d8a1a3,0x68c7710d,0x6d232ead,
        0xe51b2762,0x8e5bfe2f,0xfd109fa7,0x0f9f4fed,0x00000004 },
      { 0x6b4a05e0,0x1952ea51,0xf21c78eb,0xcb0d48ee,0x1997dfdb,0x64d36619,
        0x8b4c21fd,0x0d11b204,0xbe92303a,0xa6f569b6,0x78c5e809,0x2b8f6096,
        0x36805d8e,0x7226b5ab,0xdb349ca2,0xd6cff180,0x000001bd } },
    /* 138 */
    { { 0x943cc612,0xa49f8576,0x832b31c7,0xc914319e,0xcccadebd,0x9225e297,
        0xb0619821,0x4918fb42,0x25b1cc7c,0xaccb3084,0xa646e5f0,0x751d3347,
        0x590e3e22,0xeafb4aae,0x2c4a0008,0x82146038,0x00000151 },
      { 0xbf96a461,0x3c2481db,0xb52a3ba4,0x51c122e9,0x464db08b,0x21c2858e,
        0x6d6a081d,0xb1014b78,0xf533cef7,0x167d3ed4,0x81545f7c,0x6cfb3294,
        0x449b7b9f,0xea46d31c,0x9621c299,0xcfad7613,0x00000081 } },
    /* 139 */
    { { 0x478a7f0e,0xef796327,0xde17705d,0x914183e2,0x572117e8,0xd24a26df,
        0xb7cd52cf,0x3cdb1b09,0xad83c160,0x9e42b9fb,0x709ef8c9,0x6971d2ea,
        0x8ee54ccd,0x1894fc5b,0x34a520fc,0xf757b4e5,0x000000fc },
      { 0x86b62347,0x5a5518cc,0x7bc2a928,0xec51c9d2,0x2966727f,0x2eea2b05,
        0x0ae43e6f,0xbc8a8e3a,0x05ca066b,0x80535b5e,0x8833986d,0x91ffcdb1,
        0x32374cdd,0x2f4a5bba,0x0d202243,0x08763a49,0x00000124 } },
    /* 140 */
    { { 0x4efac14d,0xe498b972,0xa79a9d3c,0xb6f4bf8d,0xd6e07c29,0x0f1e8dbd,
        0x71771538,0xfac30cfd,0x71b03263,0x4c91ed22,0x19b455f5,0xbf938335,
        0x127092bf,0x76a5e789,0xb4813bd9,0xa97674e1,0x00000128 },
      { 0x583e5924,0x29b63c41,0x8f171d06,0x61f9aff1,0xab227a28,0x2b45b3cd,
        0x8a11ab70,0x939d5dda,0xe8db6971,0x2bfb47b0,0x0ec10805,0x562379df,
        0x24ce1801,0xaf5a6481,0x34f94aba,0x8d98c434,0x00000150 } },
    /* 141 */
    { { 0xcfffc80f,0xdea9fe73,0xd43473f6,0xe23e2e9b,0xc9d37ba7,0x27fb3ed3,
        0x7a3fc357,0x733766d2,0x8e04a03d,0xd0db4cf3,0x2bbe0f43,0x8ce01752,
        0xda986f4f,0xd87eb719,0x2fe6b037,0x6d1b50ae,0x00000153 },
      { 0xda40bab1,0x371f5def,0x9b2bda63,0x07d6a8af,0x0d4aca87,0x5e8a5c89,
        0x643ff8ab,0x4d72f0ff,0x4bf8ec2f,0x9c4c10d9,0x0eb93e22,0x36b0eaba,
        0x1d2dfd01,0xbc4b0e8f,0x9d34a082,0x9f252e5a,0x00000142 } },
    /* 142 */
    { { 0x7d0e7020,0x4affd4c1,0xb5482168,0x9b169aaa,0x588f348f,0xdbe01708,
        0x885986bb,0xdaebf6ff,0x15f9c381,0xb33987f5,0x04a94a7b,0x7e455f2c,
        0xa0ed6849,0x39a41442,0x1ef7798c,0x1c1ad4a6,0x00000154 },
      { 0x072709c4,0x7647b628,0x8810e5fe,0xb330d68b,0xe92e0f63,0xd1bd8874,
        0xf8bea9ba,0x144e4fb9,0x8318981a,0xc15afc18,0xb68c6a07,0xe19c5c82,
        0x36e00b66,0x858c57a2,0x07cb7aec,0x9b255110,0x00000011 } },
    /* 143 */
    { { 0xc887027d,0x121ced27,0x2bfab286,0x6050f335,0x19d511e2,0x6e373c1c,
        0x7f4c69f5,0x02d4c3a9,0x25226bb4,0xe6f356af,0x83e7ac30,0x3b9011c3,
        0x33d8fdfb,0x43b0c23d,0xaf2ea363,0xa8c390f7,0x0000000b },
      { 0x7e851bac,0xc430c3d6,0xa5f544fc,0x8991c389,0x67fba061,0x006bbc64,
        0x97cbdbf4,0xd49d024e,0x7734adad,0x4539b7dd,0x28cb6d2a,0x90ba8f9f,
        0x4de4b3ad,0x7a921830,0xa7b96928,0xb28732ef,0x0000006a } },
    /* 144 */
    { { 0x22ed5986,0x71dab52d,0x58533e06,0xdeee627a,0xcf155fe3,0xe8fee37a,
        0x7ae8b132,0xcd61490d,0x34a08b94,0x2706e185,0xf9c15c30,0xa85ffd52,
        0x51a5ad46,0xd5a224f3,0x54d700bb,0x44d1b6d5,0x000001e6 },
      { 0x862e4e9c,0x96830686,0x48763fe4,0xfe5cd76c,0xc0839caa,0x60309679,
        0x8d83d62d,0xc0e4cbeb,0x11bc4ae2,0x911e254e,0x64fca062,0x96a0d7c8,
        0xe9a27045,0xf5785dd5,0xf3e0412c,0x2f4677d0,0x000001be } },
    /* 145 */
    { { 0xab01a6dc,0x4c0012dd,0xae1adb69,0x391bd6c1,0xb9b05079,0x3ae7daec,
        0x62a1061f,0xc2714f9e,0xa96536b7,0x71978ee7,0x5e17654b,0xeec11bd0,
        0xefab3dd4,0xc71166e0,0x87edbf61,0x0f7aa572,0x000001d7 },
      { 0x51eb5932,0x26ea6f7d,0x5f882ca4,0x354ea0aa,0x7739f7dc,0x175b6097,
        0x9be57934,0xd335192a,0x78545ecc,0x9801f423,0x7b643c9d,0x32b8e256,
        0x23e3abec,0xb9411dd7,0xcf1c6509,0x656dea68,0x000000ee } },
    /* 146 */
    { { 0xa0890deb,0x4d38e140,0xbceb84bd,0xbf7bd87d,0xba041dec,0x51f0ff72,
        0xa6820be9,0xafeec70a,0x8c486298,0x755190a3,0xe7010ec4,0xecdba558,
        0x8c7879b1,0xced91db8,0xef5e215c,0x08de3e4c,0x0000014c },
      { 0x16266da2,0x9c1534ed,0x7b4c9009,0x9ce322eb,0x69927688,0x37decaef,
        0x05c2844d,0x6525097f,0x1ac519ab,0xd23b7e13,0x65a3cc86,0x682ebb72,
        0x628c4575,0x0c531db9,0x73805373,0x2e00e8b8,0x000000be } },
    /* 147 */
    { { 0x57ed32e9,0x3807c800,0x7c024997,0x427e40cf,0xabb54830,0x58506abb,
        0xce820bf4,0x5649776f,0xb2c43e81,0xb5353293,0xcfef6648,0x671e8353,
        0x903bdca5,0x27217d3f,0xa813fd79,0x40a9c109,0x000001dc },
      { 0x3db21a38,0x6beaa6c3,0xd73ef7e4,0xcae222e1,0xbd1d507f,0x1ff684e7,
        0x587a77ab,0xf5bac664,0x0c64a4d6,0x58c74f62,0x6a7c378a,0x4ca837d9,
        0x3e42e409,0xf43df531,0xfb49e14f,0x8a9a4347,0x0000013f } },
    /* 148 */
    { { 0x992f8923,0x85ab4edf,0x6fd209f3,0xe24aa5e0,0x1b1340ee,0x27be9b87,
        0x91e0bb40,0x2957d11f,0xf3d4c62c,0x425afad2,0xc7ff7aaf,0x2d231286,
        0x0114cbe9,0x96412b2b,0xc3e23529,0x6706a231,0x0000019f },
      { 0x225c02af,0x06b3bbd2,0x3fa3e98d,0x53ebc166,0xb84f482e,0xa6df2b75,
        0x2bfc55df,0x912b4521,0x512a73da,0x30bdbd40,0x3d53eaa4,0xac0f43d9,
        0x0c27fd53,0xfc358fe4,0x919424b4,0x2cb183be,0x000000a3 } },
    /* 149 */
    { { 0x3fa6a746,0xe39b0c2d,0x1d5a24a8,0xe84a7922,0x78cdf2b5,0x70a58914,
        0x30666cb3,0x8a88067d,0xf6d71d06,0xb09a709e,0x0065d184,0x50007a3e,
        0xb8dc9448,0x7046af4b,0xc65493ac,0x2b6a3129,0x000001fd },
      { 0xe45f2771,0xd3d5d5bd,0xf432ed95,0x8542b08a,0xf232a6bb,0x2ecd40fb,
        0xe8beccb2,0x0fcb6143,0xbf8e247f,0xcecc513a,0x8da3039b,0x955d56f7,
        0x56c2a0df,0x9157c619,0x3031fe2a,0xa6d35cbf,0x0000018c } },
    /* 150 */
    { { 0xbe0c4923,0xdd800b1b,0x6902907b,0x046ae740,0x957bd0c7,0x2398b37f,
        0x9655f8b8,0xaa8e1a9d,0x500f4150,0xcd2927fa,0x202e7aee,0x826a9c6d,
        0x9f29692e,0xb4cf58b3,0xbf41577c,0x3093868c,0x0000011f },
      { 0x333ed442,0xadcb5e7a,0x906fef7b,0xae5c8e2f,0x3d98f228,0x2d9b0123,
        0x7ffe125c,0x4632f2da,0xba231835,0x59487731,0x12d2c512,0xa0caae5b,
        0x9857d9c4,0xbf00e658,0x54f200f6,0xc5d10086,0x00000172 } },
    /* 151 */
    { { 0x2fc283e0,0x58954046,0x7ee0880e,0xf7633984,0xb7fd1622,0xfaf1b40e,
        0xf598c5ed,0xecf5151e,0x7e00d9bb,0x6b4d92f7,0xa8c43fd4,0x7543e3b3,
        0x6511d1d2,0x3994e12c,0xaf05b6d3,0xdd841a1d,0x000000c6 },
      { 0x23b991ad,0x23da17e0,0x71fba514,0xaab2b213,0x0ddc1879,0xb417ec5a,
        0x5f63acdc,0x173bc8ad,0x1e2a7d50,0x2fcf5210,0x6106d008,0x63373fd0,
        0x7db012cf,0x1e8211de,0x576545ef,0xa07766d9,0x0000018c } },
    /* 152 */
    { { 0xaf80dfaf,0x8e4347b9,0x9c4667f3,0xa80b631f,0x6ddbc238,0x6ff1db26,
        0xaa8718a0,0x6161e365,0xaf31c35f,0xe7f7ac90,0xfc6846e8,0xc03831d1,
        0x684175b4,0x1e669d10,0x934b731a,0x6da9d620,0x000000c7 },
      { 0xa3e4e78b,0x981f597b,0x55099f9a,0x2c14dedc,0x93088c61,0xbf373995,
        0x9b207458,0x7c568307,0xa2276900,0xc4440c47,0xf7e6daf3,0xb6df23c8,
        0x42929103,0x4f662c25,0x8b3b7963,0xf4ea6db1,0x000000f9 } },
    /* 153 */
    { { 0xced36049,0xc669eb88,0xf41b99f8,0x87a4ffe1,0x6a72e108,0x690b7563,
        0x65a0bb8a,0x67dd6a8c,0x96e42955,0x42cf8c58,0x1aabffad,0x5286b5f3,
        0x8f6f26a4,0x1f7dfaf2,0x0e1ae503,0xc5d9e0ac,0x00000120 },
      { 0xacc10da7,0xafbee3ff,0x944946e5,0x67e2d5f9,0x3c4220ff,0x8ec17e86,
        0xbd6f632e,0xfe6f7414,0xc3fc9ef4,0x4a9e3c0f,0x03bfb870,0x25ff3cba,
        0xbb03342d,0x18fd3600,0x0050cd2e,0x1e63e753,0x000001ac } },
    /* 154 */
    { { 0x8f3d6a02,0xdd83d07c,0x7ef4d0d1,0x71fc143c,0xd4c7af61,0xca994bf0,
        0x827c5cf0,0xc8a93e98,0x2b697882,0x4a102c7b,0x8a55e8ba,0x633c87d5,
        0xcc2d64f0,0x1ae8822f,0x986d01fc,0x2ce9b53f,0x000001c1 },
      { 0x95dc1b79,0x859639fd,0x3f4e616a,0x2728f754,0xede2fb9f,0x6e703c4c,
        0xd50fae9e,0x042f7680,0xc2d530ed,0x0546bc3b,0xcdd598ac,0x00a4006b,
        0xe1294910,0x3f3286c9,0xb6bf9629,0x77782255,0x00000146 } },
    /* 155 */
    { { 0xe30c98fe,0xaf81421e,0xfc2cd705,0xdeb0feb0,0x14df6ad2,0x9b2c4ca6,
        0x9ba314e8,0xd38134de,0x4f04b16d,0xa443deb8,0xf07f8ca8,0xfc556ee0,
        0x3a4f3917,0x3c1c83bb,0xb1adcd41,0x8397dd24,0x00000199 },
      { 0xdf4781e6,0xca01e17e,0x46f1f901,0x32d7c319,0xb53090da,0xa227a613,
        0xa7c8c607,0x2495b1dc,0xddc69709,0x1cf2fbee,0x45608098,0x1d3d82bb,
        0x085134d7,0xcfcddda3,0x96798c41,0x3dd171b5,0x000000d2 } },
    /* 156 */
    { { 0xd4dd7e96,0x97a40f84,0x8409fc0c,0x7114c8ea,0xa9d11393,0xc56f29e6,
        0x8fd8c6d6,0x3b606621,0x00269e7c,0xad3baa86,0x05929d5f,0x1413c6b0,
        0x222e365b,0xc1ad7e40,0x4798aaec,0x6a82621a,0x000001d3 },
      { 0xc1003c81,0xaeac45c4,0xf43d8602,0x9ef9ef5a,0x60f77469,0x36a65f5e,
        0xbf5d2858,0xf312e7ab,0xc84acef1,0x2f53ec81,0x9d248b52,0x63e32ca2,
        0x81e65c60,0xfe9aa7c5,0x52841973,0xe3686c9a,0x00000017 } },
    /* 157 */
    { { 0x9e90de99,0x0b2efe65,0xad05ab63,0xbe4485bc,0xe14e4892,0xc48a6a52,
        0x22628687,0x2ad85430,0x5eb3db54,0x261f0e95,0xd45e5841,0x48e81863,
        0x8ed75739,0xcfe1ce0f,0x7d84ade4,0xbd6f1ff5,0x0000003f },
      { 0xd1bf968c,0xd43711dd,0x48dfa472,0xd558d7cd,0xe425a566,0x49f09223,
        0x5c26d041,0x0cf83338,0x7c2c1743,0xbe7b81f1,0x5143d9d9,0xe3bdc33e,
        0x94fd3fae,0xf385ac35,0x9fd1811a,0x7551cf42,0x00000113 } },
    /* 158 */
    { { 0x20193bb2,0x4928f55b,0x7310b872,0x96e579d0,0xd345d276,0x5ee06309,
        0xa871868a,0x9a43e432,0x11038683,0x28c113e1,0xa332f108,0x8286ecf3,
        0x0385cbb4,0x3348aa37,0xef158daf,0x698ffcaa,0x000000c6 },
      { 0xf6908745,0xa044c54a,0x6a3353fb,0xa6b336e4,0xd561e821,0x694c2852,
        0x3634917f,0x1b297970,0x81f61315,0x6e1023b9,0xef46a5ef,0x6817dc2b,
        0x8e114f7f,0x93dea0af,0xed72c5bf,0xc3cf3cd5,0x00000136 } },
    /* 159 */
    { { 0x7b080de4,0xbb8799ab,0xd69d8396,0x3b8f781d,0x986f8f63,0x76b42aaa,
        0xa54bc5ca,0x5d74c038,0xa9c2fbb9,0x76fcb605,0x80178930,0x8451b440,
        0x9d286f0d,0x40f00c38,0x0c543263,0x3038e952,0x0000014c },
      { 0x6977aad9,0xc94bc381,0xd7087be3,0xadbfd082,0x875fed08,0x06d0820c,
        0x345656fc,0xe1ce84d4,0x0fd6dd4e,0x71c4d8e0,0x6a5fab40,0x23338b22,
        0x0baeeb6f,0xd477eac1,0x5f80c26c,0xe4db08bb,0x00000078 } },
    /* 160 */
    { { 0x1078342a,0x0111d12a,0x559a1064,0x0534725e,0x0fd3ffdd,0xea459d59,
        0x06f0ac1f,0xcf694a9f,0x3e19bc69,0xf6d24adb,0xb9ddcd00,0x3ce38f5e,
        0xb632dd4e,0x38400f66,0xe15e1c55,0xcab8fdfb,0x00000085 },
      { 0x8d09422f,0x0a943f6b,0x0f988c3b,0x17d29756,0x2ef2e4d9,0x55a441fa,
        0x35f7c13f,0x6743523b,0xedaad3ff,0x274d3407,0x9347242d,0x59411435,
        0x3bb8615d,0x1cb27301,0xbd7794cd,0xa0437004,0x0000007d } },
    /* 161 */
    { { 0x2d712c44,0x824b99a6,0xa6962577,0x148368f8,0xd65e2287,0x8ed68432,
        0x6f5bc5f8,0x14028306,0x4ec3479d,0xe6cf3121,0x9326db70,0x96db6f44,
        0xca32936b,0xca5ac098,0x2fea21af,0x69e248c7,0x0000004d },
      { 0xa71269fb,0x0aa89092,0x18650b60,0x2f6bdba8,0x9fb55db2,0x1d9cc2a3,
        0x6311e9d0,0x0fceb0df,0x90ac2c1d,0x6faeb79c,0xcb1f372a,0x2393b222,
        0xbc8c4193,0x62a6f3df,0x2fe8e674,0x9dea30b2,0x00000001 } },
    /* 162 */
    { { 0x12b3118b,0x7df689ac,0x6cb6ea56,0xd06ee39d,0x187cd978,0xcfcc22c2,
        0x8d537d87,0xb985b681,0xe9f56db2,0x75845152,0x5e098c15,0x0f839871,
        0x3b212cd2,0xbe96a5c8,0xd9ac1c47,0x3dda0338,0x000001fb },
      { 0xcfa0a9b8,0xf06b7fe0,0xe22dcf75,0x9478bac7,0x136887c8,0xf3815e04,
        0x914c54bc,0xed811dde,0x0f51ea64,0xc8c24160,0x4c870577,0x63914d83,
        0xa8abbcb4,0xed24e552,0x2644f52e,0x9e5eb9e8,0x00000001 } },
    /* 163 */
    { { 0x66d52313,0x1f65a04e,0x4d3f72bd,0xfd694545,0xa6b7ae11,0x2bc0ddaf,
        0x571ab247,0x921f79d8,0xae5a8d68,0xd4c5f966,0xaec5ce13,0xfde17716,
        0xb764bd39,0x70e6eda4,0x990d6783,0xffe94085,0x000001ef },
      { 0xd88f92e8,0xf3fa0e27,0x9c77123c,0xa21ef0fd,0x89274dba,0x6259974c,
        0xb9ba2762,0xd4cfa4a5,0x46ebcaf6,0x10c909d2,0x8f8e2870,0x0317a10d,
        0x453aeea2,0xb0771de1,0x68c6b0a3,0xdf0c4791,0x000000ea } },
    /* 164 */
    { { 0x4c854477,0x11bc1e48,0x8638e47c,0x2bec25b4,0x869c54d9,0x43d4e02b,
        0xbe1e7ed2,0xe318de32,0x6b460c4a,0xf5471eb0,0xaa426afe,0x38ae7bf3,
        0xd8452dc1,0x23ae26dd,0x5782de9d,0x9d3fc1d5,0x00000164 },
      { 0x0ade1979,0xd87cae31,0x3b4bc728,0xa847041d,0x56c3c9be,0x38923c40,
        0xd74ae467,0x36fe182a,0xecbe49ae,0x92bff6f4,0xdc41f9f5,0x6680db80,
        0xe4630715,0x35bac06f,0xd6d07307,0x6d68b4c7,0x000000c0 } },
    /* 165 */
    { { 0x854dfcf2,0xdbe22be7,0xa6ae3bd0,0xee21a7df,0xa521ec46,0xf4633ad1,
        0x41a9484c,0xee94527a,0x2aa123f3,0x1145eb9b,0xcae3ca92,0x5634a82a,
        0xfc85d925,0xe176aca0,0x19082d8c,0x504cf7fc,0x00000078 },
      { 0x3799793c,0xd74ce7c4,0xb5519fb5,0x74ddd618,0x95ff9808,0x2cf6df93,
        0xb8bf61e6,0x00ea45d1,0xdcfcf54f,0x26863613,0x030035b0,0x67423b76,
        0x4028a9cb,0x9fbc7534,0x051a077e,0x7b52ce37,0x000000f4 } },
    /* 166 */
    { { 0x96bec962,0xebf7d8ad,0x17e0107a,0xd1cc81f6,0x214e1058,0x64c44509,
        0x42394c9f,0x6c298c43,0x1a660513,0xd910052d,0x90df8243,0xc3643754,
        0xfe5cdea4,0x2313be1e,0xd27fb7b1,0x249a60f7,0x00000076 },
      { 0x1cf593a0,0x74975838,0x8364c59e,0x0c9ceefb,0xe05c9991,0x2f5a1333,
        0x421808e3,0x30ea5e1f,0x4f5e8f4f,0x56fb3a4f,0xb6c0cb47,0x2cae6e2e,
        0x08bdcc6a,0x60b307fd,0x0ff8c117,0xee17901c,0x0000001a } },
    /* 167 */
    { { 0x89aa9e14,0xc048336b,0xf676700f,0x66634271,0x906b6980,0x4daa0433,
        0xebb7ab23,0x30247ee1,0xeb59a053,0x969b4aa7,0x8000f4d5,0xd78ef825,
        0x46026b5b,0xe5db38eb,0x7d6856c4,0x06a43e5d,0x0000003b },
      { 0xed2a0ee7,0xaa0ae838,0xf16e8813,0x04bbe528,0x4ea64137,0x8ab6df5c,
        0x06e29867,0x5be80cb6,0xf459ed2b,0xf19b1b72,0x1761521a,0x7a9cce4d,
        0xaa516f3b,0x39aff994,0xb3416925,0x97d92e86,0x00000007 } },
    /* 168 */
    { { 0x5af3a8ca,0x25aeede1,0xa5c351ec,0x33924782,0xf93ec080,0x41e7a3fb,
        0xe6f425b4,0xb04f93c4,0x81e76009,0xe4ec12ec,0x5180ffc6,0x797366d4,
        0x0e0aef3a,0xd293cbb5,0x68d71d91,0xa1496944,0x00000061 },
      { 0x675a67a1,0xf52c541c,0x8f5fe906,0x67d38d30,0xf6be988e,0x2a70bccc,
        0x18589886,0xae03ecbe,0x7067045b,0xecd02616,0x10ca8d96,0x1facdd99,
        0x30c0735d,0x7aa10a82,0x3328f21c,0x2a27e554,0x00000015 } },
    /* 169 */
    { { 0xe6057e27,0x3dd609e0,0xc7a454da,0x87e8b6a7,0x1f32dd5b,0xff599145,
        0xd0ef51e2,0xea397a88,0x25567546,0xc49866a1,0x3228b480,0xea45c8b1,
        0xdd01997a,0x3dbe0e77,0xc51867d2,0x0e2ea28f,0x000001f8 },
      { 0x69d0820b,0x6295412d,0x1ea65a18,0x03173127,0xeb06380d,0xc27c8221,
        0x75fe9706,0x7ffd4efc,0x5a71d250,0x7b396a57,0xc7cb7543,0x61c80051,
        0xad4dbee3,0xe07db4d7,0x9b192d45,0x1c7481f4,0x00000143 } },
    /* 170 */
    { { 0x08e1cc4d,0x5eab2d04,0xad2dc1ee,0xe93758d3,0x5c9c7393,0x0ceb7dfe,
        0xd3379683,0x530d86a9,0xe24f86d7,0xef5283ca,0xf0b1bb0b,0xab5d1a64,
        0x54db4e3c,0x96aabc1f,0x3bc00c59,0x3e3d87cc,0x00000144 },
      { 0x1d60e7b0,0xe50a8213,0x5d33d018,0xfc9b629b,0xfd05338d,0xc54aee42,
        0xe821c6ea,0x0678f2c0,0x06ac09cb,0xe5c9d75f,0x53018df6,0x83357513,
        0x0bf8c667,0x81ca6fac,0x9d0ae2dd,0x7fc8020e,0x000000e1 } },
    /* 171 */
    { { 0x1baaa5eb,0x8add4741,0x79bd8036,0x02cbb759,0xcdffed22,0xd8680c40,
        0x4e091141,0x1c23a8f0,0x20748b87,0x65d141ed,0x659e9289,0x586a1575,
        0x5006dbfe,0x7c68d7cd,0x22569a74,0xda0ad0df,0x00000148 },
      { 0x7f9069d7,0xc8fcc5db,0x5c0531a4,0x2487d245,0xe9a2db3a,0xc5ab4899,
        0xb4fe9720,0x52bfd538,0xd27f35e4,0x73a04ca4,0xee2dac93,0x7cbbc549,
        0xff3ee7e2,0x0287229d,0x28da9360,0x3179878d,0x000000d0 } },
    /* 172 */
    { { 0x3b66c047,0x89b7e9bb,0x602a3e1d,0x22e65869,0xc8db9c00,0x44f82297,
        0xd08a74a3,0x0e76aca3,0xfcd398de,0xfbf1a71d,0x8320e66a,0x2fbb6eaa,
        0x179c9fc5,0xa82d0ebc,0x4e7ab2b4,0x4e00cf6f,0x0000000f },
      { 0x4890c439,0x424c0e9a,0xbc35a6b2,0x37564a2b,0xd9b7497d,0x95a4479d,
        0x612de942,0xa1ff3f0d,0xe60d0033,0x358627fc,0x522417da,0x815da8c0,
        0xef6b8385,0x506104d4,0xf16e96aa,0x800728d2,0x00000120 } },
    /* 173 */
    { { 0xab039042,0x976f2372,0x9fa084ed,0x10e6978c,0x58bec143,0xd03fdd2f,
        0xfe2045c3,0x3200c101,0xb0a5a928,0xe6868f7a,0xe61faff8,0x26c95d1d,
        0xb7b12265,0xa1e20127,0xc2a5ed17,0x8e63dd78,0x00000089 },
      { 0x22bba4ee,0xbb6533da,0xf496a574,0x3eff6397,0x14f2a6b9,0x409329f7,
        0x1dfdd73f,0xa08248bd,0x69bca1b1,0x62f33f2e,0xba2e0327,0x9a177e64,
        0x75ddf741,0xbc50e993,0x4a56bd1c,0xb87a979f,0x00000095 } },
    /* 174 */
    { { 0x67c1f177,0xe83736a9,0x600133c9,0x1b6d3508,0x6eac9a5b,0x9424bb92,
        0xc27ef31c,0x7a9c01a6,0x122b4870,0xad93bba5,0x9d1ac985,0x9eb94e2a,
        0xd53f175b,0x511c0206,0x5102d914,0xd13eb252,0x000000b1 },
      { 0x675a1171,0xcfe7dbeb,0x16c0d2b1,0xb228295c,0x057c88ca,0x8db25b5a,
        0xd300e9cf,0x73ea9e96,0x269552eb,0xb0e0037f,0x9e0f98df,0xea9d035c,
        0xd290480f,0x860e49b8,0xc036b319,0xa35e9512,0x00000037 } },
    /* 175 */
    { { 0x8f00df48,0xc56729ee,0x11ac8304,0xb89ca7b6,0x8b3a8123,0x497a57f9,
        0xc21ca3ea,0xe0431b19,0xe2bb3ce7,0x45a73deb,0xadc77819,0x2f86cc2b,
        0xe5eb3df1,0x5ff005e4,0xdd27dcf0,0xf955dd7a,0x0000005e },
      { 0x00ee402f,0xe0c22ffa,0x3b30bb4c,0x5b335e2a,0x643cb101,0x542551d0,
        0x3cd19688,0xc6183f45,0xf0be54b4,0xc6664f22,0x4c20cde4,0xa5f4cfee,
        0x80a4c475,0xdcaa972f,0x59111ed9,0xde4af200,0x0000019c } },
    /* 176 */
    { { 0xd771f428,0x9e9d0bc8,0xe43ca382,0x3ac1ecd9,0xeb93acf0,0x8d5ee480,
        0x065a2a3f,0x16232f81,0x2f0b8a73,0x1fc04faa,0x025474a2,0x4a8df7e7,
        0x3bb15f6f,0x51ac4ff2,0xe0950e52,0x66e21b73,0x0000006b },
      { 0x67a41dee,0x59c98480,0x7b3e2b3f,0x2cfa95ae,0x891454e1,0x54d98386,
        0xeefca6a4,0xf0dddbdf,0x11e9cb75,0x5f691b24,0xfef208c3,0xa9b9e766,
        0x18b33cf6,0xe8df1000,0xd1c174a9,0xb8a55ac9,0x000001c4 } },
    /* 177 */
    { { 0x5c4cccb8,0xa99f5862,0x2ef4d3ef,0x70bf5209,0x89efc878,0x28f4e576,
        0xda14206e,0xa2366f96,0x7c52107d,0x90331a00,0xd4a0f0f0,0x478d4cea,
        0x472a47b0,0xb2899ee2,0x64207549,0xae96534e,0x00000110 },
      { 0xcced05b0,0x2cc1d655,0x01759543,0xabac3f09,0x8e577cd7,0xbaeb70a4,
        0x40e98d6d,0x84b00893,0x603d24f1,0x26983653,0x2572173d,0x6e145883,
        0x611141de,0x1d348b26,0xefa27f34,0xe52257dc,0x0000006b } },
    /* 178 */
    { { 0xc947e655,0x92678f33,0x08923795,0xff0fb76a,0x790239d1,0xb2dfe745,
        0x3cdbb7ce,0xea087492,0x05f6d41c,0x21326db9,0x79dc5588,0x5b1ae9ae,
        0xe9c31702,0xe145340c,0xa2c38a9c,0x07502c29,0x000000c3 },
      { 0xc156ace2,0x0c124f11,0x79ff2529,0x2c170fe7,0x6e1171b2,0x60df9a81,
        0x55de2797,0xa19bca83,0x7c6cc79d,0x1ad927ea,0x1d61f770,0x28590112,
        0x261c06bb,0xfe80c826,0xaa2642bb,0x4050d338,0x0000015e } },
    /* 179 */
    { { 0xeaad87bc,0xc9397829,0x81e84cbd,0xe0ac9367,0x6ade4fde,0xb579c24d,
        0x690d7f56,0x50b9aba5,0xd14fb0b9,0xf09b29d3,0x25a0e7b6,0xd0684f23,
        0x606f4ff3,0x0514e9d3,0xe8ad733b,0xe63bdd26,0x00000077 },
      { 0xe0d25c6d,0x0afd06ec,0x00ba2dcf,0xdd90021a,0x8c5bb398,0x1b025770,
        0x198ff8fc,0x077f06d8,0xb7e2cd68,0x87d50ff1,0x263a3572,0xef75e057,
        0xfa925a9a,0xbf257892,0x739d0e95,0x847d3df0,0x00000111 } },
    /* 180 */
    { { 0xfec82924,0x52ab9cc7,0xa7220d69,0x1c76dd69,0xa06ef0e2,0xa63527de,
        0x27183904,0xab3e51c2,0x716807c8,0xf4db35ea,0x748f1246,0x8f3ede0a,
        0x41156095,0xf1493644,0x874b38de,0x5f6583d1,0x000000f7 },
      { 0x0b927eb7,0xa39189e1,0xc2e2f127,0xa87c6359,0x7fe966f4,0x0b72c233,
        0x105e5585,0x102b8382,0xe58c39f9,0x63fee006,0x991b5329,0x3f052ee3,
        0xcbaff97b,0x7f5b854c,0x5f805060,0x935e5f6c,0x0000016a } },
    /* 181 */
    { { 0xdfd88d38,0xf19a0355,0xc549df40,0x555cd8e3,0x04d006e1,0x322729e3,
        0xfd0b0ce6,0xf16b706c,0x35f2ad31,0xf156dc09,0xf7a3df9f,0xb30c5213,
        0xa55e5fb5,0x9f29cc92,0x2b858da2,0xa0ecfdd4,0x00000144 },
      { 0x52658a92,0xb5c115df,0xc4281616,0xbce3ed17,0x7fd92a91,0xa5595f70,
        0x9cd5d896,0x663c8bfd,0x5a9472b1,0x0776343f,0xb033e1bd,0x14e44ca8,
        0x1e5c02fb,0x27a1c986,0xcc4ffb32,0xece0f2c4,0x000001b5 } },
    /* 182 */
    { { 0x31211943,0x17127bab,0x5684325c,0x44a8cac6,0xd855fc3e,0xd2fe0b88,
        0xce91eea5,0x47abab0c,0x78ec7d12,0x5d23ddc4,0x0cd9fefa,0xa3986de7,
        0x82655766,0x32c7b867,0xeeaec7fa,0x3e54018b,0x00000087 },
      { 0xb38d17c1,0xc96e86f2,0x71fa040d,0x9cbfbd0c,0xf88499cb,0xe111ab79,
        0xf71ec80b,0x1d47c5ce,0x46c89692,0xacaa3bc1,0x3d316331,0x5f921c0e,
        0xe768765b,0x31fa081e,0x41eff270,0xd5dafd5f,0x000000fe } },
    /* 183 */
    { { 0x4cda1348,0x8af10b9d,0x25c3013a,0xb0769fd2,0x8957c22b,0x450aa5b1,
        0xf5acf1c4,0x5cafd6c7,0x9fef8029,0xcf71a140,0xee089f5d,0xe12029f5,
        0x0fbd2ba8,0x9752a8fb,0x6f70cb58,0x61e2275f,0x00000090 },
      { 0x1fbda16a,0xb70a4ac5,0xf1dfa2a2,0x79910e79,0xd9945f6f,0xba2ce132,
        0xeb4ba4ef,0x450d59ae,0x4bf2d53d,0x6a8e09b3,0xe620c7a8,0x76010204,
        0x0a53c6f4,0x63f8943d,0x87eaf56a,0x14c91d19,0x00000132 } },
    /* 184 */
    { { 0x490d66c3,0xe54fb120,0xa0dc8204,0xeaed7328,0x04b4294d,0xba014c38,
        0x31ddc467,0x3f2fa2ab,0x8342ed11,0x70ff55ea,0x23034e0e,0xb18da72f,
        0xbd8ae3c1,0xadc30dbe,0x3e945a02,0x179bdf6f,0x0000009c },
      { 0x7484c26f,0x46c928ef,0xef2adbb1,0x206b7db1,0x3f58dda7,0x0887f548,
        0x4bc7edb6,0xfde4e20c,0x975cafdc,0x484d121d,0x86beec20,0xc5b59670,
        0xa6d6db67,0xb579aa88,0x41187488,0x22c6d87e,0x00000015 } },
    /* 185 */
    { { 0xc471d4ae,0x0a890757,0x43a1da76,0xfef4b1a5,0x6aa701a1,0xb892b182,
        0x59c65f93,0xbf4d4e52,0xd789df35,0x923af929,0x0b79c3f2,0x3ccb46c6,
        0xcf4cf130,0x95582ce7,0x257f0ec4,0x7da081b4,0x0000011c },
      { 0x9aeef274,0xf92c6ae5,0x1437c083,0xe6c5bf4f,0xe13c86af,0xaa74b023,
        0x2a225360,0xd21dace6,0x22589fa5,0xb3d572b8,0xdfa74b0f,0x3d4a3916,
        0xb12891a9,0xe76cd8dc,0x59f4cfbd,0xa0391a3f,0x0000019a } },
    /* 186 */
    { { 0x203fc3f1,0x054ba69e,0x62106a29,0x09168ccb,0xaad5fa9f,0xb0818540,
        0xbff7ed6f,0xecb8f20e,0xbef94afd,0x2c80a618,0xb0abd1db,0xe25d8ca0,
        0x028e0a7c,0x75e67a41,0xd6e95b9a,0xdd7662dd,0x000001b2 },
      { 0xf289d7ee,0x87dff279,0xeea2205c,0x4d755d59,0xc18adac6,0xaeb0fd54,
        0x7ec01019,0x3a8c46cf,0xb48d70a4,0x6fc90e7e,0x10b39ef8,0x965c53c1,
        0x38545a20,0x455777cc,0x57dd023e,0xa33430f7,0x0000016e } },
    /* 187 */
    { { 0x0ff53d2c,0xfa9f3949,0xb00349b9,0x8dc91596,0xd5997967,0xf10a5014,
        0xa8a6b78a,0x4dd72dab,0x8b517b10,0xef5de540,0xa6d39be0,0x142b90bc,
        0xeda17f70,0xcaeaa3e9,0x06b31118,0xa01689d6,0x0000016d },
      { 0xf46afff7,0xea6ca563,0x34a5e5f3,0x3945c7ba,0xaa998fd8,0xc1ffe4c8,
        0xb63f535e,0x42a60146,0xd1f509e5,0x50816888,0x9f8cd0db,0xd1918daa,
        0x78a36772,0x6505e6bb,0x9cc6dc66,0x4ab03a81,0x000001ef } },
    /* 188 */
    { { 0xd376d986,0x06089d14,0xa2dc35b0,0xd0f4e077,0x53ff2c86,0x1c11709a,
        0x123c3fc8,0xfef4ba45,0x1b656fc2,0x852cd5a7,0x1fefa8bb,0xb57c7489,
        0x48110b77,0x8f05383e,0x52c5a129,0x4b55d3ad,0x0000004c },
      { 0xf3827633,0x5110cff3,0xe00afe96,0x086784d5,0x3ead32fa,0xcb387882,
        0x2b91cd86,0x3dcf4d16,0xe6f3638a,0x078b6a58,0xe8b7fd42,0x33792112,
        0xee5683e7,0x6964044d,0x28e28433,0x3b84210f,0x00000122 } },
    /* 189 */
    { { 0xc3ebeb27,0x6c28a9a9,0x3ef590f8,0xd7bcdcb5,0x4dae7f37,0xe88a2e11,
        0x726ea7c9,0x033522e4,0x8c141388,0x99d50386,0x61621575,0x59b1aeca,
        0xfcc564d8,0x719fcfeb,0x1aeb8e36,0x3a577af1,0x00000043 },
      { 0x6feba922,0xc3f26ce0,0x475a5693,0x5f6c83ee,0x28bf378e,0x7f796740,
        0xbdc3f6f1,0xd2a5e368,0xa6ed90ae,0x3d034a0a,0x4a47cbd5,0x3b1c3a4c,
        0x4dce2bc8,0xa4f0aa6e,0x74ca00eb,0x97c7af43,0x000001c0 } },
    /* 190 */
    { { 0x79c28de7,0x00377178,0xab9c330c,0x617aa2aa,0x66bc61eb,0x43081826,
        0x4d78b504,0xe0b5b5cf,0x9870fc72,0xd76a752d,0xd40b7bc5,0x3b4689f5,
        0x87f2d03a,0xa97fd867,0xfd6060a9,0x6ab7b5ee,0x000001c0 },
      { 0xffb71704,0xe99eadb1,0x390fe3b1,0x436e58bb,0xab4f19aa,0xeecab82c,
        0xe0f3d9dc,0xda492dfa,0x6e20ad12,0x2a0f54bd,0x7dbbd262,0xaf89fa0f,
        0xe8d2eb54,0xdcc50a1a,0xef7d0758,0x9799f816,0x000000b7 } },
    /* 191 */
    { { 0x104f98cc,0x9ec46462,0x72aedeae,0x45115922,0x7e62186f,0x7ae93dd0,
        0x8d6d69b6,0xd17ce026,0xfd43a8f3,0xb5347608,0x7c0ab797,0xe87f1c13,
        0x139f991d,0x3bf597a8,0xe547e0d6,0xe293a85b,0x0000008d },
      { 0x8ef668b1,0x0982add3,0x611c9764,0xc54e6b2d,0x1c1d4263,0x3ce76b12,
        0xeff64e73,0x3134b28e,0x2871612a,0xaf71a9ac,0xba093594,0x31c88af2,
        0xba9108e8,0x0b649112,0x5cf437da,0x8febc5c5,0x00000113 } },
    /* 192 */
    { { 0xc4a2daa2,0x7e9ca589,0x400f608c,0x18ea703c,0xd5175103,0x6f8cd058,
        0x4abb6f29,0x26493472,0x94296ab4,0x0be553e1,0xac51657d,0x9af9398f,
        0x4f880ea8,0xe232deec,0x67b1e1b1,0x2f81761e,0x00000137 },
      { 0x3a20f662,0x51014bc7,0x49ed9502,0x1fb7e77c,0xb62b9652,0x89f5096f,
        0xa2e8d37e,0x3a659c67,0x5804170e,0x0f2b2a26,0x9ed50a34,0x1674fce6,
        0xfdc3c00f,0xaaa4537e,0x4ce99d93,0xf3c3bfda,0x00000198 } },
    /* 193 */
    { { 0x81614189,0xbab1f5cd,0x24b259f7,0xc7d56c45,0x45fb415e,0xc7baa4b2,
        0x7af6bef9,0x302bc8dc,0x74b48e82,0x91b770e0,0x9b6d1b1f,0x4a1336e0,
        0xe6680c97,0x285c1357,0xc7ccb625,0x59bcb813,0x0000012d },
      { 0x7c019927,0xddad83b4,0x630dfd5b,0xe10f2667,0x31e05d23,0x15dbec5a,
        0x456ac460,0x2aa6e5fa,0x243cac82,0x46956529,0x4dc8c9e9,0xc69c9c7f,
        0xe24a4065,0xadb27e09,0xae41301b,0xdfa7a34e,0x000001cc } },
    /* 194 */
    { { 0x59cb1a7d,0x176a864d,0x6aefb8ee,0x4d864ca3,0x1c22b0d8,0x0ee83acb,
        0xd980df1d,0x7e80a6eb,0x7f94ced9,0xf582acc4,0x3a72c115,0xa29cd123,
        0xc7107bb7,0xce12a2a8,0x4ed80a30,0x0229ca56,0x00000150 },
      { 0x2f1c180b,0x9774bad5,0xd749aa10,0xd08be998,0x56dbd1ba,0x978c48ab,
        0x0afbea9a,0x6ed3e3e4,0x153dc5fc,0x8a8be97b,0x9be93ed0,0xadc7f095,
        0x2cee23bd,0x8d242908,0xdc2729de,0x417523c6,0x00000016 } },
    /* 195 */
    { { 0x6c14a31e,0x74eeccf1,0xb2de3c2d,0x488e2534,0x7cec43c3,0xf9bb3599,
        0x916ac936,0x4210459d,0x9f7e4400,0x71d15c02,0x44553583,0x8c9c7c12,
        0xec94a467,0xcc97548d,0x3167bad9,0x4ca67818,0x0000014e },
      { 0x8d0312bf,0x033af055,0x54161e66,0xbd1bf4f5,0xfa41781d,0x259945a7,
        0x00eef1d5,0x33494da8,0x79c3b8d0,0x6c505ec0,0x1c9f6e69,0x70ae1ade,
        0x76830aaa,0x0288f0c1,0xa62a060c,0x7f4cfe3b,0x0000000c } },
    /* 196 */
    { { 0x057d6006,0x0d8b447d,0xfd71c8b0,0x38b976e6,0xabcf40f5,0x5e77e029,
        0xf103a783,0x13bee386,0x5e472c4b,0x20a6ac20,0x31fcb194,0x43b045f6,
        0xc00abf49,0xe5dc1d9f,0xa5556b79,0x28c0bc70,0x000001b5 },
      { 0x8a8640b8,0xba9d07ee,0xd0e34012,0x25611023,0xbe24ae89,0xc7ce655b,
        0xfa579dcd,0xe358e524,0x377bbfe5,0x57ce2715,0x3c0947e4,0x64651c6c,
        0xf4a97826,0x5fbd8d50,0xe2e1c15a,0x6fcdd28f,0x0000008d } },
    /* 197 */
    { { 0x5c7202c8,0xb564a2f6,0x5a54b0d8,0x7d634052,0x1434fbf5,0x8414d672,
        0x1d9830a3,0x8114215e,0x5ef0fbe1,0xc7a758d5,0xe6f57f9f,0x5705dcf8,
        0xd92269d3,0x5dd49a56,0xbdb49f97,0x8f015d7a,0x000000f1 },
      { 0xb4799ce6,0x07131110,0x2cbcb7db,0x35bbfb99,0xf7ba21e2,0xc1f00c9f,
        0xb18f49fe,0x009d6913,0xabcf959b,0x8da61951,0x0d42146e,0x0e687213,
        0xae5f23f1,0x55832817,0x9ae7386b,0xc9b5bb68,0x00000143 } },
    /* 198 */
    { { 0x48c74424,0x423328db,0xd19cb2eb,0x32616e11,0x40d6e217,0xe534192a,
        0x0cbdc752,0xdd83a94c,0xd733bb01,0x5c623050,0x5b7a4520,0xcd0d631a,
        0x9a4011c8,0xccdc0a25,0x646e7cd5,0x22f112cc,0x000001e6 },
      { 0x3e1e4c4b,0x47d6e29a,0x9fb1548a,0xd5f82538,0x4fd3e319,0x7e3705b5,
        0x0a08b966,0x8c4ce59a,0xd8cbe8db,0xbca749e7,0xaeec3d75,0xcc4496ea,
        0x8a1a313d,0x17dc723a,0x8ceb9360,0x250ff77a,0x000001a5 } },
    /* 199 */
    { { 0xfe29bd79,0xa55a0726,0x4f990b34,0x6574a810,0xaad56983,0x6906946d,
        0x50d41fef,0x0e580ab9,0x6e6f7f45,0xbc75b514,0xf0f3718a,0x508cc97b,
        0xa5634087,0x51ba2ca4,0xe64d8910,0x75c39077,0x00000172 },
      { 0xf77ca6bd,0xf37cccaf,0xbdb18df5,0xe0a0df41,0x019e01f7,0x9f46cff8,
        0xaa65d72b,0xbe4f3d44,0x6e3663e9,0x7822d8ac,0x3ef9db6d,0x5f37f922,
        0xabe4a9aa,0x7f0ad39d,0xf69cc8ba,0xa0a57c70,0x00000098 } },
    /* 200 */
    { { 0x00fd5286,0xd9c50cf4,0x72a4b03c,0x1ea5b9d5,0x051ae73e,0xf5e60f9e,
        0x951b3824,0xfe9b5142,0x9fb4d667,0xb034b2d0,0xedc50856,0x4b537a80,
        0x8cb0022e,0x69ee1012,0x6a548aee,0x7c8b9e5c,0x000000ed },
      { 0xd933619b,0x746007bc,0x2b9dfe19,0x0ce7668e,0xcc6e2a2e,0xa9eed5d3,
        0x7eebf32f,0x35a14f5f,0x67cc4f64,0x75cb898d,0x7850c16c,0xcb2185fc,
        0x45f79c96,0x09874a76,0x27db4744,0x7468f8ae,0x00000139 } },
    /* 201 */
    { { 0xc88684f6,0xc5de68ad,0x619a7dbf,0x7c1edaab,0xb27a18f5,0x258d1735,
        0x8ecd89eb,0xb27e7b65,0xd879f7ea,0x3d8889c6,0x67d5befb,0xa8fdc96d,
        0x37bad73c,0xc84d86ae,0xce8e56d7,0xc7e91976,0x000001a4 },
      { 0x6319ffa6,0x5001a540,0x134ec04c,0x0cae64ec,0xd541242c,0x1f69a96c,
        0xbf2caeee,0x9da259ee,0x28bee805,0x88e7978c,0xb8e890e4,0xe9484beb,
        0xfb227fd9,0x0e5246d0,0x625d6318,0x8be2a54a,0x000001b7 } },
    /* 202 */
    { { 0xf472f13a,0xa223554a,0x5733e91c,0xfac993b7,0x96c168a2,0x26afe9f0,
        0x4b127535,0x7cfe761d,0xe77070ca,0x84301873,0xc7e7cdf6,0x66b6aaad,
        0xa1562ed4,0xda2dd5ea,0x39faf8d8,0xa81a2e00,0x00000016 },
      { 0x4e3de3bf,0xa880759c,0x52f3088a,0x0c1e2e11,0xaa7eba5b,0xcb2ded9a,
        0x9f9c11ca,0x4c65d553,0xb0dc5c19,0x0ab9bd87,0xca3f4b61,0xd32f8c96,
        0x28cb5f9f,0x49842fcc,0xb90e21df,0x31ae27cc,0x000000f4 } },
    /* 203 */
    { { 0x6a0ccd0a,0x3b2a0a0d,0x5993b555,0xa3eeec82,0x9de672a6,0xb13486fd,
        0x0da05dcf,0x8d9c5148,0x6739874d,0xc4aa444d,0xe29a35c9,0xd9cf35b2,
        0x89177ead,0xd6bd9b5f,0x2a0470a1,0x9af0f59d,0x000001d6 },
      { 0xba7535fd,0xb2f844c7,0xa842ff39,0x45bd4c3d,0xe951974b,0x5fe149ed,
        0xfd4453ec,0x6982e997,0xe6c37c0e,0xa63f705d,0xd2c3ef6a,0x09b0f6a9,
        0x1776a8d6,0xbedd3586,0xede11b78,0x4048a46a,0x00000176 } },
    /* 204 */
    { { 0x51a251d1,0xa47c6ee5,0x0d279dfd,0xbef4bf12,0xec518a28,0x4c2d538c,
        0x3880be6e,0x1b2b7887,0x1be9b20b,0xc69ccf8e,0x3796a19e,0xe41dfeae,
        0xfb50bdea,0x25676fc9,0x03e180c0,0x8b815a05,0x0000016a },
      { 0x53f5ef65,0x2ca085f6,0x77b25105,0x61dfbbf9,0xa3346fe6,0x88ea87e3,
        0x1b95f7ef,0x25ddfdee,0x5b65eaec,0x22074e69,0x4c2e023b,0x11869a15,
        0x42e83bb5,0x8601b577,0xfa877e7d,0x1464652c,0x00000015 } },
    /* 205 */
    { { 0x57fa58f1,0x250853c8,0x4ca4c670,0xb58a4e68,0x1b81f40d,0x07b96d0a,
        0x558e8cbd,0xa4651e10,0x42e388cf,0x1a64046e,0x44436088,0x51b0d539,
        0xe26b8fd0,0xc2bf35b3,0x5702cfce,0x4ae78709,0x000000fd },
      { 0xdf53d498,0x3c79bc29,0x1137f624,0x4cf31c4e,0x17a3cedf,0x93b6856c,
        0x6cd9115d,0x2461131c,0x9228cddb,0xab30a453,0x8d202bf1,0xe97757b6,
        0xe6108612,0xa666de7c,0x4f6026b4,0xc200fe65,0x00000051 } },
    /* 206 */
    { { 0xb1a2b4b5,0xea96103c,0x843c0968,0x98dccbfe,0x986ffb5b,0x6a37072d,
        0x169d3ac2,0x2fa07af2,0x771371f1,0x8bb85b9a,0xe7c299ef,0xeae10d34,
        0xe2372efc,0x3d4bdc69,0x8dd856f1,0x378df75d,0x00000039 },
      { 0xde7ff5d9,0x31e902ff,0x325a09ca,0x0e9a85d2,0xf4192fcd,0xd71b93a6,
        0x15b076b3,0xf52a5737,0x6e711d1c,0xd726aa86,0x2c292819,0x0b61b1df,
        0xc8015de6,0x224e575c,0x18b79e47,0x68e893e1,0x000001dc } },
    /* 207 */
    { { 0x6ffeda73,0xb7924ff9,0xa0da2018,0xe709f406,0xf89584df,0x368e20ea,
        0x8355a040,0x0095112e,0xfd777d7c,0x259d4528,0x2bf8f2c8,0xb0c49565,
        0x44c5311b,0x7f631928,0x8466d9d5,0x698d0e4f,0x000000d5 },
      { 0x015d204d,0xe10d64fa,0x6dd10c53,0x7b626bfa,0xa7698c94,0x087f8e63,
        0x05337a56,0x525a6547,0xdf5c782f,0x558e2244,0x855fbaff,0x48aa1e41,
        0x47ee3830,0x48f2218e,0x138463d3,0xf2523959,0x0000004d } },
    /* 208 */
    { { 0xd8695310,0x76f4fd69,0x7e8768ea,0xe28eb09f,0xe0d532a8,0x039c1812,
        0xc572ac79,0xdda67744,0x785d6293,0x1f9800e0,0x3da76bb2,0x2bfe2a5a,
        0xa2bc7217,0x6ed15b90,0xd1788a8e,0xd80e61bf,0x0000004c },
      { 0x16730056,0xb9f40370,0xdced3d43,0x46f45fef,0x1aa50742,0x0afd763c,
        0xff92ae73,0x21e5c652,0x1bb2063f,0x6ef0830d,0x12d22540,0x18306ecc,
        0x1f15001c,0x4edd9b3a,0xc0cc5424,0xe4eb25b8,0x000001f4 } },
    /* 209 */
    { { 0xa1db5c18,0xed61a714,0x7677074c,0x9454e61e,0x7bf685de,0xe970fbe5,
        0xd2145be5,0x221b0c53,0xee49a5f2,0xb931881b,0x14b11d03,0x00b91afa,
        0x3ec22137,0xc6aefe49,0x526200af,0x50554e94,0x0000013c },
      { 0x7364c92e,0xd42c45e7,0x735218e8,0xe0500265,0x84d3f3c5,0xd281da02,
        0xdbf7646b,0x312f8424,0x485f304f,0xe1a88f2a,0x1127a513,0x583f5631,
        0x1a60e0bc,0xed7950c7,0x4b7b70a4,0x92855e10,0x000000c6 } },
    /* 210 */
    { { 0x644614e7,0x8d06185c,0x4749a424,0x2e906cae,0x2587e528,0x585412ea,
        0xd12857cd,0x3763990a,0xba5593b5,0x770c7f70,0xdd5d2a46,0xc2cf6dc4,
        0x3b69a1ba,0x564da456,0x187895da,0x639f7e14,0x000001c8 },
      { 0xf8589620,0x05c96b02,0x41e44054,0x2fe468a3,0x096ad09c,0xbf22da11,
        0x9c652aee,0xbc73c298,0x547e1b8f,0xcdef9f8b,0x977dbf73,0x7073785a,
        0x7e13552d,0x0a92a1aa,0x3a393d3f,0x22761140,0x0000015b } },
    /* 211 */
    { { 0x1fbfaf32,0x89a5a7b0,0xbe661d21,0x5c5a62d0,0xf5e3b44d,0x47970f5e,
        0xf43bbf62,0x3ea001ed,0x260ae5a0,0xa8e74285,0x2697c62c,0xeb899ebd,
        0x751a7643,0x36a003e6,0xba0725a6,0xef178c51,0x000000ea },
      { 0x9bd51f28,0xaacf8e9f,0xa8712044,0x39febbdb,0x5bfc8365,0x8780ad3a,
        0x10e6f08f,0x408a34cd,0x8241ab0e,0x8104ca10,0x98a662a1,0x843e71ce,
        0x232048d6,0x9dce8514,0x1cf3d187,0x5cba23be,0x000001fa } },
    /* 212 */
    { { 0x2973a15c,0x2fe8c9d2,0xd42979f3,0x66fec8dd,0x0b6afb3e,0x39af4a39,
        0xab65ef22,0x0bb1e436,0x66c5fcdb,0x8f26201e,0x5af4870b,0x3cffe8a3,
        0x2bb44e24,0x65ae286f,0x51dd1722,0xda2e283a,0x00000114 },
      { 0xc1e3d708,0x4a9c9a56,0x1cb0efa6,0x4fe62d3f,0x97e87540,0xf0702984,
        0x3cea46fa,0x138b7d6b,0x83886263,0x0780634e,0x71c30909,0x27e84280,
        0xe5838647,0xf0af79d7,0xb236a267,0xc1b86582,0x00000104 } },
    /* 213 */
    { { 0xa526c894,0x32ff09ed,0x14ac7d23,0x95abf120,0x3cd92934,0xb6f94dcd,
        0x92e6b556,0xffaaeb12,0x1036c31b,0x193796ea,0x707ff32e,0xa9d237e7,
        0x829d67b8,0xd65a5b0d,0xdb29248b,0x48edb556,0x000001b3 },
      { 0xded46575,0x6ee9f9b2,0xffa69acf,0x496ca08a,0xf16d37d1,0xd5aeb3a1,
        0x789e5d01,0x4a507db1,0xc827cc45,0x05e2ce29,0x2964e677,0x29b6e4a5,
        0x4c0e46f2,0x0563b0ba,0x4bc46485,0xe75c2448,0x000000a3 } },
    /* 214 */
    { { 0xd2f6615d,0x0fcb476f,0xd98da9a9,0x4b7f9b78,0xd2bdf107,0xe2fddf1c,
        0x9b956f31,0x2bda3086,0xb596eadf,0xf3cca2f7,0x355b2538,0x91c09f8b,
        0xc6c846db,0x46f3f6f3,0x2a14642e,0x9bb9398e,0x000001ff },
      { 0xa17bd645,0x5118d4f5,0xdbd6d552,0x57033eab,0x734d0957,0x007e86fc,
        0x5f53c435,0x98ca065f,0xfd27dd19,0x9949d9bf,0x6952d1ca,0xddc4e304,
        0x81ac101c,0x84cab4fb,0x4a56b007,0x46d079f9,0x00000003 } },
    /* 215 */
    { { 0xa6bfdedd,0x95eb8e4f,0x7a74c6f9,0x993a285e,0x3d09a252,0x8bd5d4d1,
        0x19a5f767,0xeaa10be6,0x0cebb340,0xd3db083e,0x1dbf7a83,0xc633a78b,
        0xc30f23e1,0x2664bc3e,0x07a08379,0x6630f8f1,0x000001c9 },
      { 0xdef86a80,0xbbf4cb4b,0x3f8259ab,0x1fa4ec78,0x609532c8,0xa4bf7604,
        0x8b909e92,0x71bb7acc,0x17884160,0xca1d7317,0xca1ab928,0x7f7f14be,
        0x5f8455a5,0xbfea016e,0xbf21e899,0x7b8c76b9,0x0000002d } },
    /* 216 */
    { { 0x4b9f8e7d,0x46860563,0x63fc58a8,0x201176b7,0x2feed68a,0xe7a5da7e,
        0x65183190,0xcc67763e,0xe9377ad6,0x7d7d0102,0x77032321,0xccfc4720,
        0x534bb505,0x573ee031,0x0f1a2769,0x1bf1ef8c,0x000000f3 },
      { 0x0c935667,0x635f5c4b,0x060d2b8b,0x74152c39,0x37c3a574,0xeffaac2e,
        0x0b72e0cd,0xfd5fcc4c,0xf4f60247,0xb743f9b9,0x79e16f33,0x05c2e354,
        0x3074ef9c,0xa2234c47,0x495aace3,0x4092f279,0x00000124 } },
    /* 217 */
    { { 0xb30f9170,0x5bfd7851,0x37fce5b1,0x715aa1e9,0x928437b9,0xcffd55e0,
        0xc32f1273,0x88acd259,0x48be1e34,0x5a145cf2,0x7a5bc62b,0x3a340860,
        0x18156f46,0x6296eb15,0x2774e1c3,0x397fad19,0x000001e7 },
      { 0x9c8225b5,0x362f99f4,0x46b77c4d,0x33efce49,0x8541e91b,0x451df530,
        0x38f3d693,0x0bd2d934,0xe727b54e,0x0b5de2d6,0x7622d940,0x42d929c2,
        0x56f6a94b,0x36ace723,0xfccaf205,0x64a18cd5,0x00000044 } },
    /* 218 */
    { { 0xaba95d63,0x8dbe0aab,0x7b4b346d,0x92780c61,0x0e0d8142,0x6430f863,
        0xb56ef04c,0x875be02a,0x785e3633,0xc28feb95,0xc12c93e4,0xd5401795,
        0xe36f82a3,0x89ff51c1,0x10eeafd6,0x3c48c895,0x0000016b },
      { 0xd4f064be,0x79287eba,0x54ebda99,0x1a77d555,0x623727ea,0x46745ef2,
        0x89f366c6,0xa911f591,0xc59d6ebd,0x7e5435cd,0x7524d213,0x3a84daea,
        0x4395b38d,0xc7b1dd1c,0x1a823c49,0xca13e704,0x0000001c } },
    /* 219 */
    { { 0x874d64b0,0x6399860c,0x1653ce0c,0x3375b092,0xeaa11986,0x16700000,
        0x621cd15d,0x62c67909,0x77d70dcd,0xbe1d7dd6,0x305bd4cd,0xeff0f270,
        0x362f8f30,0x076ec621,0x7e445b78,0x81204816,0x000001d8 },
      { 0x161f9758,0x81749a0e,0xa3c4fce2,0xe60915fe,0x911dd8af,0xf537ce41,
        0x79a51a09,0xfe36a8ac,0x2ca5cf8e,0x67fb54b4,0xe49057f5,0x1bdcae07,
        0xa4244b64,0xb71ff0c5,0x4b606583,0x4815a536,0x00000106 } },
    /* 220 */
    { { 0xef39cc39,0x78c69c3e,0xfa6356d1,0x98304564,0x412fb990,0xbd3c3542,
        0x79dbb2a5,0xa1d531d3,0xe7e75e3d,0x4865f188,0x0b0147b1,0x2dac4e22,
        0x33d29ab0,0xf59e51ca,0x37b074ef,0xc964f7fe,0x000000f1 },
      { 0x0e301262,0x7080c0a6,0x5390a22d,0x9a458060,0xcc8a9029,0xda677f9a,
        0x14c0f1c2,0xdfae9057,0x6e66d9f7,0x3665ff16,0x47846924,0xc866dd8c,
        0xc4cc307c,0xc5afe98f,0xe0bf50e4,0x60e3ba63,0x00000039 } },
    /* 221 */
    { { 0x959ecdb3,0x1a785136,0xf9e959be,0x289af617,0xcde0dc88,0x5145b2b8,
        0x7c079e15,0xfe9070b0,0x50e22415,0xf77f04d3,0x358d6d42,0xb3ab7372,
        0xba7b629a,0x14fd41b9,0x7400fd25,0x7b32d80e,0x00000193 },
      { 0x7147886f,0xe5d80d4d,0x576c81ca,0xe08ced61,0x642717bb,0xe14e8692,
        0xabb4bd21,0x9dcdf198,0x6530308b,0x658be646,0xd99d19c7,0xfbf192da,
        0x304ab126,0x55a3d1b3,0xfa24de31,0x943f4be5,0x0000000e } },
    /* 222 */
    { { 0x7fe9ea48,0xc5424058,0x61b57486,0xaf24f825,0x78719740,0x9d2c413c,
        0x70eb874d,0x27a9be79,0xb62ba3aa,0x43fef8e0,0x2c1bf0ac,0x0a23f286,
        0x4af130e1,0x51c276f3,0xae55cebf,0xf6cd1e9a,0x00000185 },
      { 0x40369093,0x24defa7f,0x58581e0a,0x11f1d9d6,0xe512ed9e,0x9900bf33,
        0xed120896,0xbf8a8459,0x8b73c399,0x8324555e,0x8f6f54fe,0x54a30569,
        0x3c252355,0x2a9d6da5,0x2a093b31,0xe6a6f904,0x0000016a } },
    /* 223 */
    { { 0x152cdd35,0xb2e123c9,0x86402ef1,0xae6e43a8,0xb9ce5bd5,0x892bf0df,
        0x75804914,0xb4acb84a,0xf502eec2,0x8c7f55ff,0xaa33ef4e,0x9c8a7b93,
        0xfd9d2001,0x06b10357,0x0ba3bceb,0x3e319ff0,0x00000027 },
      { 0xabe360a3,0x182c2f77,0xadfefca6,0x57ef5c84,0x650b6fcc,0x9a4f0ca6,
        0xaaf0b202,0x3f4f8e56,0xa24ef156,0x5c8508a0,0x1ea45f13,0xd8f62fd9,
        0x28036dbe,0xf2c923a0,0x1a4d103b,0x4a9ca4c0,0x0000018a } },
    /* 224 */
    { { 0x5448e339,0x2a3fb798,0x18a39976,0xde8770cf,0x7a69170c,0x1160574d,
        0x2b6067ac,0x4bb05c59,0x848138ab,0xde0d2db0,0x4909e794,0x149dab92,
        0x790315f7,0x83a336b6,0xa335a258,0xcd9074d9,0x0000013c },
      { 0xac1b784d,0xe839c5e0,0xee527ae1,0xab65c8c6,0xa1c88ec0,0xd3c86146,
        0x46c1bf58,0x2201f790,0x3fda502a,0x71cec627,0x225b9065,0xff3f88eb,
        0xc556dfcd,0x6c1f0c98,0x484fa5cc,0xaa3222aa,0x000000ac } },
    /* 225 */
    { { 0xc9b4dfd6,0x17e74bc3,0xf8e76293,0x25ba8053,0x9d8c3520,0x0307dc05,
        0xb85a20b4,0x1c9036cc,0x23871359,0xf2c63f0a,0xca95fb4e,0x1a99d9d8,
        0x9850c6c6,0x3d7c4f39,0x68299668,0x162969c9,0x00000169 },
      { 0xcb63ee53,0x7d13c267,0x75eac353,0x67b12e61,0x191abfca,0xb3369a11,
        0xee1af69f,0x5ad0649d,0x11dc11e7,0x4d7a6f00,0xdb9f9765,0x80f030b8,
        0xf0ab1332,0xa20001a3,0x39d8cc62,0xe17c98d2,0x00000194 } },
    /* 226 */
    { { 0x1d8fe898,0x720d80b4,0x32184534,0x8d7a28b7,0x04f21740,0xf1f3c385,
        0x166aa6af,0x5d381cd5,0xcc560e35,0x9cde6084,0x5e61e2cd,0xcb041f0a,
        0xd9b4951a,0x621116f5,0x7ee2ac2c,0x509e16d3,0x000000c4 },
      { 0x2c6fd79e,0xb82a20c4,0x3af78b0e,0x95b7ee4e,0xbad819ca,0x3d9b63c1,
        0x98552569,0x10d674de,0xf9c19d0f,0x17de64b2,0x47c5e6a9,0xa03fabaf,
        0x2ce2db6f,0x858bc4ad,0x1fc9d18e,0x76c2380a,0x000000c9 } },
    /* 227 */
    { { 0xb064f114,0x91171ef8,0x4f2f0f4c,0x83cb1565,0x57b262b7,0x30525854,
        0x0f34936c,0x468c6701,0x99a41fed,0xef26d2fe,0xa7f7f6a9,0xf6da2267,
        0xa01bfc1b,0x2563b8db,0xc340ed40,0x14b36c85,0x0000000e },
      { 0x25db67e6,0x5e57e264,0x7f2e905f,0x85df4e89,0x026c4268,0x7832e514,
        0x3e875093,0x312be262,0x3c538691,0x856b5bd8,0x95734f9d,0x5b1cae55,
        0xd5aa4861,0x5a07bfe2,0xce8abb58,0x7a4c96f0,0x000001d0 } },
    /* 228 */
    { { 0x523aa2e9,0x7bf54d05,0xed3d0860,0xc8841e0c,0x7f9bfb69,0x5683f6e2,
        0x162bdf85,0xdcb07f44,0x07b0dcc9,0x62d17839,0x657a536e,0xa2cbb8ab,
        0x7cf47d3c,0x98b9a0d2,0x5eea6370,0xff154d68,0x000001f2 },
      { 0x56b232ac,0x568b768a,0x3f2a52ab,0x4e8d6e36,0x8837fc60,0xbae87a16,
        0xd10a7691,0xebc58a83,0xf9455fbe,0xad5e4af0,0x7d654e2e,0x1a20d6c3,
        0xda7c8255,0x8c40fcb9,0x60d9b931,0x6d7b3cd7,0x000000b2 } },
    /* 229 */
    { { 0xbb2eaf45,0x7b090c3e,0x62ffb92f,0xed24d91c,0xa736f23d,0xbf2a3ea4,
        0x6ff0fde3,0xb5b99ebd,0xca1102f5,0xbca2b55d,0x07e032a8,0xf6203cd8,
        0xa8bf17a8,0x5410b448,0xe1dc55b1,0xb86660a7,0x00000109 },
      { 0x02a2fbd8,0xb148b1da,0x3b22e8a5,0xfed85e8b,0x8712b509,0x1378a0e4,
        0xc6a3e516,0x68560148,0x1633b503,0x7100921c,0x25512711,0x93925143,
        0x07d31047,0x7b4931d2,0x8542e0bb,0x623e722b,0x000000ea } },
    /* 230 */
    { { 0x24972688,0x084823d3,0x003f5762,0x58b83c12,0x6d0d4528,0x194d6690,
        0x2c6f747e,0x84219584,0x0146d89a,0xc8f8a2e9,0x7451bbc2,0x29ec1de7,
        0xf7f284fa,0xf622b6b8,0x7b71e44f,0x83f1dbe9,0x00000060 },
      { 0x999dd56b,0x99649333,0x97a47de9,0x2cfac0ba,0xbbe8fb20,0x6660d8ae,
        0xf61d7bca,0x47c29dd8,0x85adc14d,0x6f5fb51d,0x4f9fd41c,0xe65ac788,
        0xff513e6c,0x1ce69dd4,0xffe59d3e,0x1ace591e,0x00000023 } },
    /* 231 */
    { { 0xa9fda771,0x2e67a438,0x8663100e,0x626f652c,0xe133f23b,0xdfb19e48,
        0x035d2d1f,0x599f88f2,0x8d13e878,0x1723a112,0xfb51ce07,0x890aa292,
        0xbbd9ba82,0xe5f3a70e,0x374514b4,0xdde82673,0x00000155 },
      { 0xd6f59a95,0x08b2b77e,0x02020420,0x93f853e3,0xebac7797,0x52252ac1,
        0xb56b6676,0x6ecdcb99,0x9722a500,0x4abdb9f9,0x04e2bad0,0x26210f3f,
        0x3034dd4d,0x0ca5a0ff,0xdac0b80d,0x333d8080,0x00000041 } },
    /* 232 */
    { { 0x35a85a06,0xe8510709,0x42ef1b44,0x4e166e76,0xa07b3a6d,0x84a90b71,
        0x30329e6a,0xd6dd6c00,0x3d555259,0x20c4ba65,0x6f8ad05e,0xee3b26af,
        0x2ab4cccd,0x20e3d541,0xa9406424,0x79798934,0x000001bd },
      { 0x8e0c7ff0,0xf2a1d184,0x9543b340,0xbae85efc,0xf51d318b,0xe96431ae,
        0x75878fa6,0xe5d3ed4e,0xc2895f52,0x4d2a29db,0x1f11067c,0x3af27877,
        0x9e7f4ee5,0x6ccde964,0xa56d74da,0x35188da1,0x00000192 } },
    /* 233 */
    { { 0x03d310ed,0xb0832120,0x987b0311,0xd20ee8cc,0x84c558a8,0x9e549d26,
        0xb7167ec8,0x5e25f3ce,0x4bf55bb5,0xacf114f4,0x061c9017,0x819edc77,
        0xdeb343c0,0x759a44e6,0x04c9b5ed,0x58df9f7e,0x00000078 },
      { 0x3bf13222,0x4fa47ebb,0xea07da11,0x1e451dcd,0xc0d8242f,0x1be9fac3,
        0x36eb871e,0x93257d4d,0xbea3190d,0xf49e775a,0x4ebe2b33,0x406d191f,
        0x0c110096,0x67aac53c,0xd381ac78,0x5215cf8b,0x000001f4 } },
    /* 234 */
    { { 0xfa493b79,0x387e8a8e,0x4eb1c2ac,0xb20e270b,0x9ff22320,0x9f393fa0,
        0xa91c393d,0x5ee1baae,0x138a8d96,0xdeda961a,0x97bd50e4,0x69ab238c,
        0x2363c8e0,0xff68d48a,0xce4c4c16,0xaf8e00e5,0x00000158 },
      { 0xcfc509a1,0x6ccdcf06,0xc26cc075,0x60f411ef,0x4d9c57f0,0x6d0cdfd6,
        0x32e99cac,0xa9514853,0x8b8e9510,0x58f9ab3d,0xb10dc3fd,0xa7e98709,
        0x75ef3509,0x8390843d,0x5a9312c7,0x28ccc9d0,0x000001b6 } },
    /* 235 */
    { { 0xe341463f,0x1d934f00,0x150da7a0,0x14c8a6ce,0x4109553f,0xdb4860fc,
        0xa93f4a91,0xc23bde5a,0x2cd58067,0x9f47c787,0x8433dc80,0x1d330054,
        0x75a32a7d,0x0c0be7f9,0x88c75da9,0x08b777d5,0x0000012e },
      { 0x61a10d37,0xdfc12817,0x5c50f5a5,0xed7b6181,0x79477c60,0x28af95db,
        0x33c5310b,0xa0aa2b77,0x53118267,0x905faab8,0x6b41959f,0xf40e9816,
        0x16b37784,0x9ccb4252,0x69866acc,0x6835d77c,0x000000c5 } },
    /* 236 */
    { { 0x2b450a66,0xe9d714cb,0x7dbfdc14,0x1318885c,0xb466a0c0,0x655a8d85,
        0x5bdfc1a6,0x02a21e99,0xe67792d1,0x7a0d7c98,0xb550a797,0x2a01bb57,
        0x5d74d337,0x42c46233,0x88dad495,0x7be4e1c0,0x0000008b },
      { 0x95812273,0x1873b03f,0xee3f757f,0x2e26ed32,0x6da6217a,0x2c710eae,
        0x261d9f4f,0x9b50b574,0xb7c1da2d,0x43971fa9,0xc4a85de7,0x22c4fb87,
        0xec22137b,0xf72c3451,0x77ba1926,0x1345668c,0x00000173 } },
    /* 237 */
    { { 0x8a3ba183,0x3e3e8c7a,0xfe389fa7,0x4e8cebbb,0x0f9ba60f,0x8ea44687,
        0xcb601a83,0x55176e35,0x12e52db4,0xf90bdc26,0x8f712bf1,0x95f9e459,
        0xbea054cd,0x9bd3200f,0xdd5fd40b,0x2cf19bf6,0x0000017a },
      { 0x66736feb,0x71cf6ca2,0xde7cfe2f,0xbde86f49,0xfc290563,0xc60abce8,
        0x726b6e4f,0xaae8a3ce,0x3f29235b,0xd2382445,0x650ffa5e,0xa4b557f5,
        0x113ef744,0xa1453e54,0x3e426dd2,0x7c676a53,0x000001b0 } },
    /* 238 */
    { { 0x35d96872,0xf5e603f2,0x3fa5b8ca,0xab1a23cc,0xe988dc5f,0x5459871b,
        0xd430c0bd,0xe32e8489,0x764d9cc3,0x7ec269e0,0xf2c0c40d,0xf7238212,
        0x887b83b4,0x2d946183,0x2f18a411,0x281fa671,0x00000010 },
      { 0x64858b37,0x8028048f,0x357de5d9,0xe0e149af,0x619ebb18,0xb2218791,
        0x9f2b0ba0,0x210200b3,0x1039cbae,0x5a87eae6,0x39579d1d,0x4efdcddb,
        0x2788515e,0x1b388eaa,0xc81878aa,0x1a552c3c,0x0000002c } },
    /* 239 */
    { { 0x0ea723dc,0x7ac7f500,0x42b15231,0x0a5f04f4,0xbe885c86,0x63d49445,
        0xff119702,0x61f9993f,0xc4c58cea,0xc3fba45c,0xb9cd6036,0xe6d151e6,
        0x57b923bb,0x75a3ab15,0xceb2fd46,0x4ec07c52,0x00000147 },
      { 0xed88239d,0xc46a3d32,0x835ae694,0x0d1b8ae6,0x9feeb2e7,0xf4fde325,
        0x43bc0bb5,0x223bf71c,0x8f62a705,0x3cd220b7,0x9fe799a5,0x2224860e,
        0x24ab7f93,0xd8558703,0xb594958b,0x8e0f7330,0x0000010f } },
    /* 240 */
    { { 0x3c67d520,0xaf35c7bb,0x23fca9ec,0xd8f4958b,0x8bbaa808,0x0778f194,
        0x2135e8ae,0x418c30ce,0xc888eff7,0xcdd8d9a9,0xf73144ab,0x72075df0,
        0x4506a534,0xb549c895,0x5fbb7fc5,0x4ef38979,0x0000011c },
      { 0x43f5e698,0x3fe2c9ac,0xe38a5e3a,0xce77fcbc,0x3089c2e1,0x6d05c90e,
        0xac1d5801,0x5a74f3ff,0x381b9d2a,0xaeeda220,0xf5f3960b,0xd958b143,
        0x0db7abbe,0x65ffd051,0x7a05b718,0x8e97e680,0x000000ce } },
    /* 241 */
    { { 0x8ce86a83,0x2251e61b,0xbf7e7160,0x8604159f,0x48f03377,0xfc127dd7,
        0x45052242,0x87cb2c37,0x934ea09b,0xbd4950f4,0xc4679441,0x5146c403,
        0x23ba416a,0xe8ad4710,0xaf638eb1,0x89b81a60,0x000001b3 },
      { 0xe8150c69,0xe699934e,0xe27c14bc,0x74f75908,0x6a0194ff,0x5dc0a891,
        0x1bd51b76,0x38f49d32,0x18779630,0x6bc3305e,0xfd3b4a68,0xfe2f3fbf,
        0xd7caf189,0x1409b377,0x9b8f109b,0x029ea13b,0x000001b3 } },
    /* 242 */
    { { 0x25a2fd88,0xef7938d2,0xceba0603,0x890f2f7c,0xd7a6dff4,0x4c3e1c80,
        0x2883f986,0x00c78f36,0x998e5305,0xed92b592,0x325ddc73,0x018a8f1b,
        0xd5d3708a,0x6dffd987,0x0d1f28bb,0xdcd3554f,0x00000059 },
      { 0x23a74e7d,0x17c6e41d,0x5db32df6,0x94b61ebe,0x9e7ffa0b,0x3c2fffa7,
        0x2ebb7a0d,0x473662b7,0x01adf9c3,0xa86415ee,0x54679264,0x1502c326,
        0x2fa09c57,0x16911349,0x24749086,0x897f34aa,0x00000195 } },
    /* 243 */
    { { 0xabadc253,0x4845d359,0xc797c95e,0xe054b92c,0x9a218212,0x22a9b5bd,
        0xa52b8827,0x9bb80a5e,0x2e61c676,0xea38e78e,0x08b0f8b3,0xfb274b1a,
        0xdb9d854c,0xb6aa42e3,0x56012d73,0x8ba22523,0x00000163 },
      { 0x75c8c576,0x7cec0e6f,0xe4bc7dd2,0xabb20e7c,0x69d80726,0x0958a0c8,
        0x8a023eb7,0xa908c66a,0x76110b15,0xca9f50ea,0x186f61a6,0x668c9994,
        0x2a0a69d8,0x9ddf22ed,0xbbf8a10f,0xbfee1897,0x000001e0 } },
    /* 244 */
    { { 0x48319e4f,0x26d86818,0x5a586fa0,0x6be6f6b5,0x26713265,0xbef5d886,
        0x98529cfa,0xac252ac5,0x62b29cfb,0xe7cc45f1,0xa2a6358d,0xee050609,
        0x2940ac70,0xf7cb9ca4,0xa885b1f0,0xfb44aaec,0x000001ad },
      { 0xe798678e,0x66b7a936,0x99540438,0xca01e103,0x816860b7,0xf2491e37,
        0xb745d857,0xeeffd483,0xa4705ed6,0x5dbb3628,0xb2a5d0f7,0x57d68d49,
        0x2389fee3,0xd1a8529a,0x1a7fd686,0xdbbc2549,0x000001ad } },
    /* 245 */
    { { 0x969686a3,0xe10cba20,0xe3c053f5,0x308b1c55,0x26f47102,0x1712b134,
        0x49033038,0x1f9165b1,0x2d01527b,0x45b72017,0xaa9a34e2,0x6fcf6647,
        0xb0be35c8,0x51f54b94,0x5a15e382,0xfccb22a5,0x000000e3 },
      { 0x5b4dc0be,0xaa71e4ec,0xdb1cd5c4,0xbb136248,0x046e1007,0xf36bff43,
        0xda9c99a3,0x5a6806d7,0x8349bc50,0x9cbfc6ee,0xe13e0850,0x26871e73,
        0x67f448c1,0x5e6aa227,0x2da7baf9,0xba77787c,0x000001b9 } },
    /* 246 */
    { { 0xc5a73375,0x1abe58ee,0x7a8ac438,0x175df69d,0xceca835a,0x2cf3150a,
        0xf507d30f,0xb87b0609,0xc60b0424,0x9ae53a2b,0x410f90ec,0x4931e182,
        0xadd689bb,0x452c7d0f,0x47631a8e,0xab453491,0x00000013 },
      { 0x8c84f3af,0xaf2dd856,0x1baae33e,0x829dc092,0x8b96b070,0x46542a85,
        0xe8a82516,0x42260d40,0x5c35322b,0xb9e5edac,0x39eda0d2,0xbca79560,
        0xb962b90a,0x86bd07c6,0xb1ec5302,0x2e22dac7,0x0000010a } },
    /* 247 */
    { { 0x239d8f0a,0x665fc09d,0xab8a1021,0x92b2e03c,0x0173477b,0xe4369768,
        0x8e361604,0xab38ed9f,0x9eb061be,0x79b0091d,0x3e845670,0xcd422654,
        0x2fe1a2e0,0xa0f77ec7,0x760a030f,0x1d242162,0x00000093 },
      { 0xf8646bc3,0xfa9f834c,0x40ae96f9,0x7df94a52,0x379177d1,0x901c3890,
        0xffeb66cd,0x9dfd0644,0x77b92465,0x81aec2ec,0xcd981d4f,0x2df3b7f2,
        0xf377b093,0xc9bc3f69,0xdd859d8b,0xdaef34f3,0x00000125 } },
    /* 248 */
    { { 0xa2c123bc,0xac08451b,0x0818fa54,0xd1e83a68,0x98957b8a,0x56dd5702,
        0xf0f12f16,0xcc7f2e34,0x0a9fa14d,0x1f6a9c33,0xb2fe782c,0xefc9a2bb,
        0x709f54dd,0xd319c697,0xd6460a53,0x0b8238cb,0x000001dc },
      { 0x44dfb6f6,0xf6492901,0x6e401d26,0x270d7cb4,0x48537ad8,0x1a70a40e,
        0x70d8dbd9,0x84d661b5,0xf170d58b,0xca27223a,0x6344e1d2,0xeeb4cf14,
        0xab9de1fa,0x2255fc95,0xdbdc5ea7,0xcd6e110a,0x000001f8 } },
    /* 249 */
    { { 0x78b8a0a7,0x2a57c6b9,0xe833edea,0x24b4aeb6,0x4bd13fe7,0x9e4617c1,
        0xfc2e8ee4,0xc4186888,0xfb147eef,0x8d398a49,0x2e662cfb,0xe9f191f1,
        0x958ba2ec,0x61872289,0x00b8d50d,0xbd6d0f1b,0x0000002d },
      { 0x24c93cc9,0x895cfdfe,0xb9e718e7,0x29ed7780,0x38baf7eb,0x01c8ba58,
        0x4ddcbf69,0x0225387e,0xa180d6bb,0x64b250bf,0xc947c7c2,0x6d68e548,
        0x9923f3cd,0x82a7b632,0x2d103cd2,0xb8f03613,0x0000000f } },
    /* 250 */
    { { 0x8cd9d494,0x8198b3f0,0x94f4f9f3,0x9b2065b9,0x3c738fa9,0x7664a220,
        0xd8d229cb,0x199f4c14,0xc51c54b3,0xddad75c4,0xd213a332,0x9a32ce0b,
        0x888c7b2f,0xf3a21085,0x5b1ff20a,0x6defa362,0x000000d1 },
      { 0x19a296eb,0x44e00548,0xd1a91313,0x1d94ff15,0xfeaa454f,0xd7dead2b,
        0x4d40bd7f,0xae65a803,0x1801a4af,0x604f147e,0xa5e0de77,0x983048f9,
        0xff572ca0,0xa3b19ca5,0x1821d117,0xa237dba7,0x000000e0 } },
    /* 251 */
    { { 0x91630ee8,0xedbabf84,0x05eb5301,0xde6589c2,0xa051f47b,0x9f7d2b2d,
        0x212bbe81,0xaeaa9f96,0x94292124,0xdced3d5e,0xf4435e5b,0x691f5b89,
        0x9411f66f,0x19604c33,0x4356f0da,0xb7fc09ca,0x000000e6 },
      { 0xf74f811c,0x1294e413,0xdf8d8ddb,0x1a42d831,0x963418c9,0x27f57217,
        0x88ebcdec,0x5fde5218,0xea305bc9,0xfdd5e06e,0xac668b61,0xed1e6088,
        0xeb811861,0x333af016,0x15ddcebc,0x5ecb192d,0x000001c9 } },
    /* 252 */
    { { 0xe0bde442,0x927b37a3,0x66f7a73e,0xe0543fe8,0x8ed10c2e,0xd30d9d20,
        0xa6617a32,0xaf79c341,0xd1d5cf8b,0xe7367870,0xe3abcf8b,0x02d0dce9,
        0x772b5e7b,0xfe23d2dd,0x1ffc70c5,0x29fceea0,0x0000010b },
      { 0x62d803ff,0x31bcae4d,0xdbc306a9,0x93ee913f,0xd8c10662,0xaf1de7ab,
        0xe7a6d658,0xd485782a,0x102f4e06,0x9126592e,0x136fafe6,0x91a3127f,
        0x88371213,0x46b93440,0xa31e1634,0x53bb4380,0x000000ba } },
    /* 253 */
    { { 0xca5636b0,0x62e517fc,0x6aba15c7,0x4296e021,0x212e7b2d,0x5aa8fd7c,
        0x5717ad84,0x9517ce6d,0x98b2f357,0xe762b85b,0xdf59b07c,0x42f996b5,
        0xf37ef6f0,0xf3732abb,0x4542b489,0xa5d145ea,0x0000015d },
      { 0xaa7f6e3f,0x1e77c55e,0xaa4a05bc,0x3f4d99a7,0x45828227,0xa56d7d77,
        0x77b748fb,0xdb0895fb,0x0629f5d1,0x1c484cce,0x359803fb,0xf5b1c90a,
        0x1720b8d0,0x43ac4f29,0x72ac13f2,0x8c10bfe8,0x000000e9 } },
    /* 254 */
    { { 0xc06c4fd6,0x9d1c4785,0xd25c2b9d,0xbf4b9025,0xd4982f24,0x04135eb1,
        0xba4fef2b,0x3ab3edc2,0x98de07ab,0x55a5239f,0x096f4b7d,0xd5fc49ab,
        0x3844c815,0xc50a2960,0x15676b2b,0xdb1148d0,0x00000047 },
      { 0x10f3bad9,0xc49f9cc5,0x022901d4,0x490888fc,0xc47b44df,0x917a55eb,
        0xf39f2b68,0x20b2ebc6,0x04e9962a,0x0c58e3af,0x573dd5b7,0x52ab7c1b,
        0xa329f76c,0x2b54add6,0x82f4ca3b,0x59dad1eb,0x00000108 } },
    /* 255 */
    { { 0xa182d1ad,0x662c4128,0x20916c45,0x7751796e,0xba681647,0xa7704272,
        0xb92c85c1,0xfac8b0fa,0xaefb2e07,0x207ab2df,0x7861b32d,0xc73530a0,
        0x88aed145,0x63dbed65,0x0a53a49d,0x547bcdca,0x000000bd },
      { 0x87056b51,0xa7c1382f,0x130f9912,0xc3d91edb,0xd3805b42,0xf7c7de46,
        0xfd31a995,0x456101eb,0xcd3fb8aa,0x1efd22b4,0x9eb17bce,0xfe391df7,
        0x616c0c32,0xb4d4c0c6,0x711beef4,0x19f023be,0x00000112 } },
};

/* Multiply the base point of P521 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Stripe implementation.
 * Pre-generated: 2^0, 2^65, ...
 * Pre-generated: products of all combinations of above.
 * 8 doubles and adds (with qz=1)
 *
 * r     Resulting point.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_521_ecc_mulmod_base_17(sp_point_521* r, const sp_digit* k,
        int map, int ct, void* heap)
{
    return sp_521_ecc_mulmod_stripe_17(r, &p521_base, p521_table,
                                      k, map, ct, heap);
}

#endif

/* Multiply the base point of P521 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * km    Scalar to multiply by.
 * r     Resulting point.
 * map   Indicates whether to convert result to affine.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_521* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_521  point[1];
    sp_digit k[17];
#endif
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    point = (sp_point_521*)XMALLOC(sizeof(sp_point_521), heap,
                                         DYNAMIC_TYPE_ECC);
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 17, heap,
                               DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        sp_521_from_mp(k, 17, km);

            err = sp_521_ecc_mulmod_base_17(point, k, map, 1, heap);
    }
    if (err == MP_OKAY) {
        err = sp_521_point_to_ecc_point_17(point, r);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Multiply the base point of P521 by the scalar, add point a and return
 * the result. If map is true then convert result to affine coordinates.
 *
 * km      Scalar to multiply by.
 * am      Point to add to scalar multiply result.
 * inMont  Point to add is in montgomery form.
 * r       Resulting point.
 * map     Indicates whether to convert result to affine.
 * heap    Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
        int inMont, ecc_point* r, int map, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_521* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_521 point[2];
    sp_digit k[17 + 17 * 2 * 6];
#endif
    sp_point_521* addP = NULL;
    sp_digit* tmp = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    point = (sp_point_521*)XMALLOC(sizeof(sp_point_521) * 2, heap,
                                         DYNAMIC_TYPE_ECC);
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(
            sizeof(sp_digit) * (17 + 17 * 2 * 6),
            heap, DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        addP = point + 1;
        tmp = k + 17;

        sp_521_from_mp(k, 17, km);
        sp_521_point_from_ecc_point_17(addP, am);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_521_mod_mul_norm_17(addP->x, addP->x, p521_mod);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_521_mod_mul_norm_17(addP->y, addP->y, p521_mod);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_521_mod_mul_norm_17(addP->z, addP->z, p521_mod);
    }
    if (err == MP_OKAY) {
            err = sp_521_ecc_mulmod_base_17(point, k, 0, 0, heap);
    }
    if (err == MP_OKAY) {
            sp_521_proj_point_add_17(point, point, addP, tmp);

        if (map) {
                sp_521_map_17(point, point, tmp);
        }

        err = sp_521_point_to_ecc_point_17(point, r);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \
                                                        defined(HAVE_ECC_VERIFY)
#endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */
/* Add 1 to a. (a = a + 1)
 *
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_521_add_one_17(sp_digit* a_p)
#else
static void sp_521_add_one_17(sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r1, r2, r3, r4}\n\t"
        "ADDS	r1, r1, #0x1\n\t"
        "ADCS	r2, r2, #0x0\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "STM	%[a]!, {r1, r2, r3, r4}\n\t"
        "LDM	%[a], {r1, r2, r3, r4}\n\t"
        "ADCS	r1, r1, #0x0\n\t"
        "ADCS	r2, r2, #0x0\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "STM	%[a]!, {r1, r2, r3, r4}\n\t"
        "LDM	%[a], {r1, r2, r3, r4}\n\t"
        "ADCS	r1, r1, #0x0\n\t"
        "ADCS	r2, r2, #0x0\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "STM	%[a]!, {r1, r2, r3, r4}\n\t"
        "LDM	%[a], {r1, r2, r3, r4}\n\t"
        "ADCS	r1, r1, #0x0\n\t"
        "ADCS	r2, r2, #0x0\n\t"
        "ADCS	r3, r3, #0x0\n\t"
        "ADCS	r4, r4, #0x0\n\t"
        "STM	%[a]!, {r1, r2, r3, r4}\n\t"
        "LDM	%[a], {r1}\n\t"
        "ADCS	r1, r1, #0x0\n\t"
        "STM	%[a]!, {r1}\n\t"
        : [a] "+r" (a)
        :
        : "memory", "r1", "r2", "r3", "r4", "cc"
    );
}

/* Read big endian unsigned byte array into r.
 *
 * r  A single precision integer.
 * size  Maximum number of bytes to convert
 * a  Byte array.
 * n  Number of bytes in array to read.
 */
static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
{
    int i;
    int j;
    byte* d;

    for (i = n - 1,j = 0; i >= 3; i -= 4) {
        r[j]  = ((sp_digit)a[i - 0] <<  0) |
                ((sp_digit)a[i - 1] <<  8) |
                ((sp_digit)a[i - 2] << 16) |
                ((sp_digit)a[i - 3] << 24);
        j++;
    }

    if (i >= 0) {
        r[j] = 0;

        d = (byte*)r;
        switch (i) {
            case 2: d[n - 1 - 2] = a[2]; //fallthrough
            case 1: d[n - 1 - 1] = a[1]; //fallthrough
            case 0: d[n - 1 - 0] = a[0]; //fallthrough
        }
        j++;
    }

    for (; j < size; j++) {
        r[j] = 0;
    }
}

/* Generates a scalar that is in the range 1..order-1.
 *
 * rng  Random number generator.
 * k    Scalar value.
 * returns RNG failures, MEMORY_E when memory allocation fails and
 * MP_OKAY on success.
 */
static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k)
{
    int err;
    byte buf[66];

    do {
        err = wc_RNG_GenerateBlock(rng, buf, sizeof(buf));
        if (err == 0) {
            buf[0] &= 0x1;
            sp_521_from_bin(k, 17, buf, (int)sizeof(buf));
            if (sp_521_cmp_17(k, p521_order2) <= 0) {
                sp_521_add_one_17(k);
                break;
            }
        }
    }
    while (err == 0);

    return err;
}

/* Makes a random EC key pair.
 *
 * rng   Random number generator.
 * priv  Generated private value.
 * pub   Generated public point.
 * heap  Heap to use for allocation.
 * returns ECC_INF_E when the point does not have the correct order, RNG
 * failures, MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_521* point = NULL;
    sp_digit* k = NULL;
#else
    #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    sp_point_521 point[2];
    #else
    sp_point_521 point[1];
    #endif
    sp_digit k[17];
#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    sp_point_521* infinity = NULL;
#endif
    int err = MP_OKAY;


    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    point = (sp_point_521*)XMALLOC(sizeof(sp_point_521) * 2, heap, DYNAMIC_TYPE_ECC);
    #else
    point = (sp_point_521*)XMALLOC(sizeof(sp_point_521), heap, DYNAMIC_TYPE_ECC);
    #endif
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 17, heap,
                               DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
    #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
        infinity = point + 1;
    #endif

        err = sp_521_ecc_gen_k_17(rng, k);
    }
    if (err == MP_OKAY) {
            err = sp_521_ecc_mulmod_base_17(point, k, 1, 1, NULL);
    }

#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    if (err == MP_OKAY) {
            err = sp_521_ecc_mulmod_17(infinity, point, p521_order, 1, 1, NULL);
    }
    if (err == MP_OKAY) {
        if (sp_521_iszero_17(point->x) || sp_521_iszero_17(point->y)) {
            err = ECC_INF_E;
        }
    }
#endif

    if (err == MP_OKAY) {
        err = sp_521_to_mp(k, priv);
    }
    if (err == MP_OKAY) {
        err = sp_521_point_to_ecc_point_17(point, pub);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL) {
        /* point is not sensitive, so no need to zeroize */
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
    }
#endif

    return err;
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_ecc_key_gen_521_ctx {
    int state;
    sp_521_ecc_mulmod_17_ctx mulmod_ctx;
    sp_digit k[17];
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    sp_point_521  point[2];
#else
    sp_point_521 point[1];
#endif /* WOLFSSL_VALIDATE_ECC_KEYGEN */
} sp_ecc_key_gen_521_ctx;

int sp_ecc_make_key_521_nb(sp_ecc_ctx_t* sp_ctx, WC_RNG* rng, mp_int* priv,
    ecc_point* pub, void* heap)
{
    int err = FP_WOULDBLOCK;
    sp_ecc_key_gen_521_ctx* ctx = (sp_ecc_key_gen_521_ctx*)sp_ctx->data;
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    sp_point_521* infinity = ctx->point + 1;
#endif /* WOLFSSL_VALIDATE_ECC_KEYGEN */

    typedef char ctx_size_test[sizeof(sp_ecc_key_gen_521_ctx)
                               >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
        case 0:
            err = sp_521_ecc_gen_k_17(rng, ctx->k);
            if (err == MP_OKAY) {
                err = FP_WOULDBLOCK;
                ctx->state = 1;
            }
            break;
        case 1:
            err = sp_521_ecc_mulmod_base_17_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx,
                      ctx->point, ctx->k, 1, 1, heap);
            if (err == MP_OKAY) {
                err = FP_WOULDBLOCK;
            #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
                XMEMSET(&ctx->mulmod_ctx, 0, sizeof(ctx->mulmod_ctx));
                ctx->state = 2;
            #else
                ctx->state = 3;
            #endif
            }
            break;
    #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
        case 2:
            err = sp_521_ecc_mulmod_17_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx,
                      infinity, ctx->point, p521_order, 1, 1);
            if (err == MP_OKAY) {
                if (sp_521_iszero_17(ctx->point->x) ||
                    sp_521_iszero_17(ctx->point->y)) {
                    err = ECC_INF_E;
                }
                else {
                    err = FP_WOULDBLOCK;
                    ctx->state = 3;
                }
            }
            break;
    #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN */
        case 3:
            err = sp_521_to_mp(ctx->k, priv);
            if (err == MP_OKAY) {
                err = sp_521_point_to_ecc_point_17(ctx->point, pub);
            }
            break;
    }

    if (err != FP_WOULDBLOCK) {
        XMEMSET(ctx, 0, sizeof(sp_ecc_key_gen_521_ctx));
    }

    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */

#ifdef HAVE_ECC_DHE
/* Write r as big endian to byte array.
 * Fixed length number of bytes written: 66
 *
 * r  A single precision integer.
 * a  Byte array.
 */
static void sp_521_to_bin_17(sp_digit* r, byte* a)
{
    int i;
    int j = 0;

    a[j++] = r[16] >> 8;
    a[j++] = r[16] >> 0;
    for (i = 15; i >= 0; i--) {
        a[j++] = r[i] >> 24;
        a[j++] = r[i] >> 16;
        a[j++] = r[i] >> 8;
        a[j++] = r[i] >> 0;
    }
}

/* Multiply the point by the scalar and serialize the X ordinate.
 * The number is 0 padded to maximum size on output.
 *
 * priv    Scalar to multiply the point by.
 * pub     Point to multiply.
 * out     Buffer to hold X ordinate.
 * outLen  On entry, size of the buffer in bytes.
 *         On exit, length of data in buffer in bytes.
 * heap    Heap to use for allocation.
 * returns BUFFER_E if the buffer is to small for output size,
 * MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
                          word32* outLen, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_521* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_521 point[1];
    sp_digit k[17];
#endif
    int err = MP_OKAY;

    if (*outLen < 65U) {
        err = BUFFER_E;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        point = (sp_point_521*)XMALLOC(sizeof(sp_point_521), heap,
                                         DYNAMIC_TYPE_ECC);
        if (point == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 17, heap,
                               DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        sp_521_from_mp(k, 17, priv);
        sp_521_point_from_ecc_point_17(point, pub);
            err = sp_521_ecc_mulmod_17(point, point, k, 1, 1, heap);
    }
    if (err == MP_OKAY) {
        sp_521_to_bin_17(point->x, out);
        *outLen = 66;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_ecc_sec_gen_521_ctx {
    int state;
    union {
        sp_521_ecc_mulmod_17_ctx mulmod_ctx;
    };
    sp_digit k[17];
    sp_point_521 point;
} sp_ecc_sec_gen_521_ctx;

int sp_ecc_secret_gen_521_nb(sp_ecc_ctx_t* sp_ctx, const mp_int* priv,
    const ecc_point* pub, byte* out, word32* outLen, void* heap)
{
    int err = FP_WOULDBLOCK;
    sp_ecc_sec_gen_521_ctx* ctx = (sp_ecc_sec_gen_521_ctx*)sp_ctx->data;

    typedef char ctx_size_test[sizeof(sp_ecc_sec_gen_521_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    if (*outLen < 32U) {
        err = BUFFER_E;
    }

    switch (ctx->state) {
        case 0:
            sp_521_from_mp(ctx->k, 17, priv);
            sp_521_point_from_ecc_point_17(&ctx->point, pub);
            ctx->state = 1;
            break;
        case 1:
            err = sp_521_ecc_mulmod_17_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx,
                      &ctx->point, &ctx->point, ctx->k, 1, 1, heap);
            if (err == MP_OKAY) {
                sp_521_to_bin_17(ctx->point.x, out);
                *outLen = 66;
            }
            break;
    }

    if (err == MP_OKAY && ctx->state != 1) {
        err = FP_WOULDBLOCK;
    }
    if (err != FP_WOULDBLOCK) {
        XMEMSET(ctx, 0, sizeof(sp_ecc_sec_gen_521_ctx));
    }

    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */
#endif /* HAVE_ECC_DHE */

#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_521_rshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p)
#else
static void sp_521_rshift_17(sp_digit* r, const sp_digit* a, byte n)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register byte n __asm__ ("r2") = (byte)n_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "RSB	r7, %[n], #0x20\n\t"
        "LDRD	r4, r5, [%[a]]\n\t"
        "LSR	r4, r4, %[n]\n\t"
        "LSL	r3, r5, r7\n\t"
        "LSR	r5, r5, %[n]\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r6, [%[a], #8]\n\t"
        "STR	r4, [%[a]]\n\t"
        "LSL	r3, r6, r7\n\t"
        "LSR	r6, r6, %[n]\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r4, [%[a], #12]\n\t"
        "STR	r5, [%[a], #4]\n\t"
        "LSL	r3, r4, r7\n\t"
        "LSR	r4, r4, %[n]\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r5, [%[a], #16]\n\t"
        "STR	r6, [%[a], #8]\n\t"
        "LSL	r3, r5, r7\n\t"
        "LSR	r5, r5, %[n]\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r6, [%[a], #20]\n\t"
        "STR	r4, [%[a], #12]\n\t"
        "LSL	r3, r6, r7\n\t"
        "LSR	r6, r6, %[n]\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r4, [%[a], #24]\n\t"
        "STR	r5, [%[a], #16]\n\t"
        "LSL	r3, r4, r7\n\t"
        "LSR	r4, r4, %[n]\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r5, [%[a], #28]\n\t"
        "STR	r6, [%[a], #20]\n\t"
        "LSL	r3, r5, r7\n\t"
        "LSR	r5, r5, %[n]\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r6, [%[a], #32]\n\t"
        "STR	r4, [%[a], #24]\n\t"
        "LSL	r3, r6, r7\n\t"
        "LSR	r6, r6, %[n]\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r4, [%[a], #36]\n\t"
        "STR	r5, [%[a], #28]\n\t"
        "LSL	r3, r4, r7\n\t"
        "LSR	r4, r4, %[n]\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r5, [%[a], #40]\n\t"
        "STR	r6, [%[a], #32]\n\t"
        "LSL	r3, r5, r7\n\t"
        "LSR	r5, r5, %[n]\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r6, [%[a], #44]\n\t"
        "STR	r4, [%[a], #36]\n\t"
        "LSL	r3, r6, r7\n\t"
        "LSR	r6, r6, %[n]\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r4, [%[a], #48]\n\t"
        "STR	r5, [%[a], #40]\n\t"
        "LSL	r3, r4, r7\n\t"
        "LSR	r4, r4, %[n]\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r5, [%[a], #52]\n\t"
        "STR	r6, [%[a], #44]\n\t"
        "LSL	r3, r5, r7\n\t"
        "LSR	r5, r5, %[n]\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r6, [%[a], #56]\n\t"
        "STR	r4, [%[a], #48]\n\t"
        "LSL	r3, r6, r7\n\t"
        "LSR	r6, r6, %[n]\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r4, [%[a], #60]\n\t"
        "STR	r5, [%[a], #52]\n\t"
        "LSL	r3, r4, r7\n\t"
        "LSR	r4, r4, %[n]\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r5, [%[a], #64]\n\t"
        "STR	r6, [%[a], #56]\n\t"
        "LSL	r3, r5, r7\n\t"
        "LSR	r5, r5, %[n]\n\t"
        "ORR	r4, r4, r3\n\t"
        "STRD	r4, r5, [%[r], #60]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
        :
        : "memory", "r4", "r5", "r6", "r3", "r7", "cc"
    );
}

#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_521_lshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p)
#else
static void sp_521_lshift_17(sp_digit* r, const sp_digit* a, byte n)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register byte n __asm__ ("r2") = (byte)n_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "RSB	r7, %[n], #0x1f\n\t"
        "LDR	r5, [%[a], #64]\n\t"
        "LSR	r6, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r6, r6, r7\n\t"
        "LDR	r4, [%[a], #60]\n\t"
        "STR	r6, [%[r], #68]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #56]\n\t"
        "STR	r5, [%[r], #64]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #52]\n\t"
        "STR	r4, [%[r], #60]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #48]\n\t"
        "STR	r6, [%[r], #56]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #44]\n\t"
        "STR	r5, [%[r], #52]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #40]\n\t"
        "STR	r4, [%[r], #48]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #36]\n\t"
        "STR	r6, [%[r], #44]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #32]\n\t"
        "STR	r5, [%[r], #40]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #28]\n\t"
        "STR	r4, [%[r], #36]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #24]\n\t"
        "STR	r6, [%[r], #32]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #20]\n\t"
        "STR	r5, [%[r], #28]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #16]\n\t"
        "STR	r4, [%[r], #24]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #12]\n\t"
        "STR	r6, [%[r], #20]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #8]\n\t"
        "STR	r5, [%[r], #16]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #4]\n\t"
        "STR	r4, [%[r], #12]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a]]\n\t"
        "STR	r6, [%[r], #8]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "STR	r4, [%[r]]\n\t"
        "STR	r5, [%[r], #4]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
        :
        : "memory", "r4", "r5", "r6", "r3", "r7", "cc"
    );
}

#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_521_lshift_34(sp_digit* r_p, const sp_digit* a_p, byte n_p)
#else
static void sp_521_lshift_34(sp_digit* r, const sp_digit* a, byte n)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register byte n __asm__ ("r2") = (byte)n_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "RSB	r7, %[n], #0x1f\n\t"
        "LDR	r5, [%[a], #132]\n\t"
        "LSR	r6, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r6, r6, r7\n\t"
        "LDR	r4, [%[a], #128]\n\t"
        "STR	r6, [%[r], #136]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #124]\n\t"
        "STR	r5, [%[r], #132]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #120]\n\t"
        "STR	r4, [%[r], #128]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #116]\n\t"
        "STR	r6, [%[r], #124]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #112]\n\t"
        "STR	r5, [%[r], #120]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #108]\n\t"
        "STR	r4, [%[r], #116]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #104]\n\t"
        "STR	r6, [%[r], #112]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #100]\n\t"
        "STR	r5, [%[r], #108]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #96]\n\t"
        "STR	r4, [%[r], #104]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #92]\n\t"
        "STR	r6, [%[r], #100]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #88]\n\t"
        "STR	r5, [%[r], #96]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #84]\n\t"
        "STR	r4, [%[r], #92]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #80]\n\t"
        "STR	r6, [%[r], #88]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #76]\n\t"
        "STR	r5, [%[r], #84]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #72]\n\t"
        "STR	r4, [%[r], #80]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #68]\n\t"
        "STR	r6, [%[r], #76]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #64]\n\t"
        "STR	r5, [%[r], #72]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #60]\n\t"
        "STR	r4, [%[r], #68]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #56]\n\t"
        "STR	r6, [%[r], #64]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #52]\n\t"
        "STR	r5, [%[r], #60]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #48]\n\t"
        "STR	r4, [%[r], #56]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #44]\n\t"
        "STR	r6, [%[r], #52]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #40]\n\t"
        "STR	r5, [%[r], #48]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #36]\n\t"
        "STR	r4, [%[r], #44]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #32]\n\t"
        "STR	r6, [%[r], #40]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #28]\n\t"
        "STR	r5, [%[r], #36]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #24]\n\t"
        "STR	r4, [%[r], #32]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #20]\n\t"
        "STR	r6, [%[r], #28]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #16]\n\t"
        "STR	r5, [%[r], #24]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a], #12]\n\t"
        "STR	r4, [%[r], #20]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "LDR	r4, [%[a], #8]\n\t"
        "STR	r6, [%[r], #16]\n\t"
        "LSR	r3, r4, #1\n\t"
        "LSL	r4, r4, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r5, r5, r3\n\t"
        "LDR	r6, [%[a], #4]\n\t"
        "STR	r5, [%[r], #12]\n\t"
        "LSR	r3, r6, #1\n\t"
        "LSL	r6, r6, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r4, r4, r3\n\t"
        "LDR	r5, [%[a]]\n\t"
        "STR	r4, [%[r], #8]\n\t"
        "LSR	r3, r5, #1\n\t"
        "LSL	r5, r5, %[n]\n\t"
        "LSR	r3, r3, r7\n\t"
        "ORR	r6, r6, r3\n\t"
        "STR	r5, [%[r]]\n\t"
        "STR	r6, [%[r], #4]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
        :
        : "memory", "r4", "r5", "r6", "r3", "r7", "cc"
    );
}

#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r10, #0x0\n\t"
        "ADD	r11, %[a], #0x40\n\t"
        "\n"
    "L_sp_521_sub_in_pkace_17_word:\n\t"
        "RSBS	r10, r10, #0x0\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	r10, r10, r10\n\t"
        "CMP	%[a], r11\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_521_sub_in_pkace_17_word\n\t"
#else
        "BNE.N	L_sp_521_sub_in_pkace_17_word\n\t"
#endif
        "RSBS	r10, r10, #0x0\n\t"
        "LDM	%[a], {r2}\n\t"
        "LDM	%[b]!, {r6}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "STM	%[a]!, {r2}\n\t"
        "SBC	%[a], %[a], %[a]\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
    );
    return (uint32_t)(size_t)a;
}

#else
/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer and result.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SUBS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2}\n\t"
        "LDM	%[b]!, {r6}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "STM	%[a]!, {r2}\n\t"
        "SBC	%[a], r9, r9\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)a;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDR	r8, [%[a]]\n\t"
        "UMULL	r5, r3, %[b], r8\n\t"
        "MOV	r4, #0x0\n\t"
        "STR	r5, [%[r]]\n\t"
        "MOV	r5, #0x0\n\t"
        "MOV	r9, #0x4\n\t"
        "\n"
    "L_sp_521_mul_d_17_word:\n\t"
        /* A[i] * B */
        "LDR	r8, [%[a], r9]\n\t"
        "UMULL	r6, r7, %[b], r8\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], r9]\n\t"
        "MOV	r3, r4\n\t"
        "MOV	r4, r5\n\t"
        "MOV	r5, #0x0\n\t"
        "ADD	r9, r9, #0x4\n\t"
        "CMP	r9, #0x44\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_521_mul_d_17_word\n\t"
#else
        "BLT.N	L_sp_521_mul_d_17_word\n\t"
#endif
        "STR	r3, [%[r], #68]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
}

#else
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMULL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[1] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[2] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[3] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[4] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[5] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[6] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[7] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[8] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[9] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[10] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[11] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[12] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[13] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[14] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[15] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[16] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "STR	r5, [%[r]]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_USE_UDIV
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r8, %[div], #16\n\t"
        "ADD	r5, r8, #0x1\n\t"
        "UDIV	r6, %[d1], r5\n\t"
        "LSL	r7, %[div], #16\n\t"
        "LSL	r6, r6, #16\n\t"
        "UMULL	r3, r4, %[div], r6\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "SUBS	r3, %[d1], r5\n\t"
        "SBC	r9, r9, r9\n\t"
        "ADD	r9, r9, #0x1\n\t"
        "RSB	r10, r9, #0x0\n\t"
        "LSL	r9, r9, #16\n\t"
        "AND	r7, r7, r10\n\t"
        "AND	r8, r8, r10\n\t"
        "SUBS	%[d0], %[d0], r7\n\t"
        "ADD	r6, r6, r9\n\t"
        "SBC	%[d1], %[d1], r8\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "UMULL	r3, r4, %[div], r3\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "MUL	r3, %[div], r3\n\t"
        "SUB	%[d0], %[d0], r3\n\t"
        "UDIV	r3, %[d0], %[div]\n\t"
        "ADD	%[d1], r6, r3\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#else
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r5, %[div], #1\n\t"
        "ADD	r5, r5, #0x1\n\t"
        "MOV	r6, %[d0]\n\t"
        "MOV	r7, %[d1]\n\t"
        /* Do top 32 */
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "MOV	r3, #0x0\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        /* Next 30 bits */
        "MOV	r4, #0x1d\n\t"
        "\n"
    "L_div_521_word_17_bit:\n\t"
        "LSLS	r6, r6, #1\n\t"
        "ADC	r7, r7, r7\n\t"
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "ADD	r3, r3, r3\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        "SUBS	r4, r4, #0x1\n\t"
        "bpl	L_div_521_word_17_bit\n\t"
        "ADD	r3, r3, r3\n\t"
        "ADD	r3, r3, #0x1\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "SUBS	r8, %[div], r9\n\t"
        "SBC	r8, r8, r8\n\t"
        "SUB	%[d1], r3, r8\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#endif
/* AND m into each word of a and store in r.
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * m  Mask to AND against each digit.
 */
static void sp_521_mask_17(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
    int i;

    for (i=0; i<17; i++) {
        r[i] = a[i] & m;
    }
#else
    int i;

    for (i = 0; i < 16; i += 8) {
        r[i+0] = a[i+0] & m;
        r[i+1] = a[i+1] & m;
        r[i+2] = a[i+2] & m;
        r[i+3] = a[i+3] & m;
        r[i+4] = a[i+4] & m;
        r[i+5] = a[i+5] & m;
        r[i+6] = a[i+6] & m;
        r[i+7] = a[i+7] & m;
    }
    r[16] = a[16] & m;
#endif
}

/* Divide d in a and put remainder into r (m*d + r = a)
 * m is not calculated as it is not needed at this time.
 *
 * a  Number to be divided.
 * d  Number to divide with.
 * m  Multiplier result.
 * r  Remainder from the division.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_521_div_17(const sp_digit* a, const sp_digit* d,
        sp_digit* m, sp_digit* r)
{
    sp_digit t1[35];
    sp_digit t2[18];
    sp_digit sd[18];
    sp_digit div;
    sp_digit r1;
    int i;

    ASSERT_SAVED_VECTOR_REGISTERS();

    (void)m;
    div = (d[16] << 23) | (d[15] >> 9);
    XMEMCPY(t1, a, sizeof(*t1) * 2 * 17);
    r1 = sp_521_cmp_17(&t1[17], d) >= 0;
    sp_521_cond_sub_17(&t1[17], &t1[17], d, (sp_digit)0 - r1);
    sp_521_lshift_17(sd, d, 23);
    sp_521_lshift_34(t1, t1, 23);

    for (i = 16; i >= 0; i--) {
        sp_digit hi = t1[17 + i] - (t1[17 + i] == div);
        r1 = div_521_word_17(hi, t1[17 + i - 1], div);

        sp_521_mul_d_17(t2, sd, r1);
        t1[17 + i] += sp_521_sub_in_place_17(&t1[i], t2);
        t1[17 + i] -= t2[17];
        sp_521_mask_17(t2, sd, t1[17 + i]);
        t1[17 + i] += sp_521_add_17(&t1[i], &t1[i], t2);
        sp_521_mask_17(t2, sd, t1[17 + i]);
        t1[17 + i] += sp_521_add_17(&t1[i], &t1[i], t2);
    }

    r1 = sp_521_cmp_17(t1, sd) >= 0;
    sp_521_cond_sub_17(r, t1, sd, (sp_digit)0 - r1);
    sp_521_rshift_17(r, r, 23);

    return MP_OKAY;
}

/* Reduce a modulo m into r. (r = a mod m)
 *
 * r  A single precision number that is the reduced result.
 * a  A single precision number that is to be reduced.
 * m  A single precision number that is the modulus to reduce with.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_521_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    return sp_521_div_17(a, m, NULL, r);
}

#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
/* Multiply two number mod the order of P521 curve. (r = a * b mod order)
 *
 * r  Result of the multiplication.
 * a  First operand of the multiplication.
 * b  Second operand of the multiplication.
 */
static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
{
    sp_521_mul_17(r, a, b);
    sp_521_mont_reduce_order_17(r, p521_order, p521_mp_order);
}

#if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
#ifdef WOLFSSL_SP_SMALL
/* Order-2 for the P521 curve. */
static const uint32_t p521_order_minus_2[17] = {
    0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
    0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU,
    0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
};
#else
/* The low half of the order-2 of the P521 curve. */
static const uint32_t p521_order_low[9] = {
    0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
    0xbf2f966bU,0x51868783U,0xfffffffaU
};
#endif /* WOLFSSL_SP_SMALL */

/* Square number mod the order of P521 curve. (r = a * a mod order)
 *
 * r  Result of the squaring.
 * a  Number to square.
 */
static void sp_521_mont_sqr_order_17(sp_digit* r, const sp_digit* a)
{
    sp_521_sqr_17(r, a);
    sp_521_mont_reduce_order_17(r, p521_order, p521_mp_order);
}

#ifndef WOLFSSL_SP_SMALL
/* Square number mod the order of P521 curve a number of times.
 * (r = a ^ n mod order)
 *
 * r  Result of the squaring.
 * a  Number to square.
 */
static void sp_521_mont_sqr_n_order_17(sp_digit* r, const sp_digit* a, int n)
{
    int i;

    sp_521_mont_sqr_order_17(r, a);
    for (i=1; i<n; i++) {
        sp_521_mont_sqr_order_17(r, r);
    }
}
#endif /* !WOLFSSL_SP_SMALL */

/* Invert the number, in Montgomery form, modulo the order of the P521 curve.
 * (r = 1 / a mod order)
 *
 * r   Inverse result.
 * a   Number to invert.
 * td  Temporary data.
 */

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_521_mont_inv_order_17_ctx {
    int state;
    int i;
} sp_521_mont_inv_order_17_ctx;
static int sp_521_mont_inv_order_17_nb(sp_ecc_ctx_t* sp_ctx, sp_digit* r, const sp_digit* a,
        sp_digit* t)
{
    int err = FP_WOULDBLOCK;
    sp_521_mont_inv_order_17_ctx* ctx = (sp_521_mont_inv_order_17_ctx*)sp_ctx;

    typedef char ctx_size_test[sizeof(sp_521_mont_inv_order_17_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0:
        XMEMCPY(t, a, sizeof(sp_digit) * 17);
        ctx->i = 519;
        ctx->state = 1;
        break;
    case 1:
        sp_521_mont_sqr_order_17(t, t);
        ctx->state = 2;
        break;
    case 2:
        if ((p521_order_minus_2[ctx->i / 32] & ((sp_int_digit)1 << (ctx->i % 32))) != 0) {
            sp_521_mont_mul_order_17(t, t, a);
        }
        ctx->i--;
        ctx->state = (ctx->i == 0) ? 3 : 1;
        break;
    case 3:
        XMEMCPY(r, t, sizeof(sp_digit) * 17U);
        err = MP_OKAY;
        break;
    }
    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */

static void sp_521_mont_inv_order_17(sp_digit* r, const sp_digit* a,
        sp_digit* td)
{
#ifdef WOLFSSL_SP_SMALL
    sp_digit* t = td;
    int i;

    XMEMCPY(t, a, sizeof(sp_digit) * 17);
    for (i=519; i>=0; i--) {
        sp_521_mont_sqr_order_17(t, t);
        if ((p521_order_minus_2[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
            sp_521_mont_mul_order_17(t, t, a);
        }
    }
    XMEMCPY(r, t, sizeof(sp_digit) * 17U);
#else
    sp_digit* t = td;
    sp_digit* t2 = td + 2 * 17;
    sp_digit* t3 = td + 4 * 17;
    int i;

    /* t = a^2 */
    sp_521_mont_sqr_order_17(t, a);
    /* t = a^3 = t * a */
    sp_521_mont_mul_order_17(t, t, a);
    /* t= a^c = t ^ 2 ^ 2 */
    sp_521_mont_sqr_n_order_17(t2, t, 2);
    /* t = a^f = t2 * t */
    sp_521_mont_mul_order_17(t, t2, t);

    /* t3 = a^1e */
    sp_521_mont_sqr_order_17(t3, t);
    /* t3 = a^1f = t3 * a */
    sp_521_mont_mul_order_17(t3, t3, a);

    /* t2= a^f0 = t ^ 2 ^ 4 */
    sp_521_mont_sqr_n_order_17(t2, t, 4);
    /* t = a^ff = t2 * t */
    sp_521_mont_mul_order_17(t, t2, t);
    /* t2= a^ff00 = t ^ 2 ^ 8 */
    sp_521_mont_sqr_n_order_17(t2, t, 8);
    /* t3= a^ffff = t2 * t */
    sp_521_mont_mul_order_17(t, t2, t);
    /* t2= a^ffff0000 = t ^ 2 ^ 16 */
    sp_521_mont_sqr_n_order_17(t2, t, 16);
    /* t = a^ffffffff = t2 * t */
    sp_521_mont_mul_order_17(t, t2, t);

    /* t2= a^ffffffff00000000 = t ^ 2 ^ 32 */
    sp_521_mont_sqr_n_order_17(t2, t, 32);
    /* t = a^ffffffffffffffff = t2 * t */
    sp_521_mont_mul_order_17(t, t2, t);
    /* t2= a^ffffffffffffffff0000000000000000 = t ^ 2 ^ 64 */
    sp_521_mont_sqr_n_order_17(t2, t, 64);
    /* t = a^ffffffffffffffffffffffffffffffff = t2 * t */
    sp_521_mont_mul_order_17(t, t2, t);
    /* t2= a^ffffffffffffffffffffffffffffffff00000000000000000000000000000000 = t ^ 2 ^ 128 */
    sp_521_mont_sqr_n_order_17(t2, t, 128);
    /* t = a^ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff = t2 * t */
    sp_521_mont_mul_order_17(t, t2, t);

    /* t2 = a^1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0 */
    sp_521_mont_sqr_n_order_17(t2, t, 5);
    /* t2 = a^1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff = t * t3 */
    sp_521_mont_mul_order_17(t2, t2, t3);

    for (i=259; i>=1; i--) {
        sp_521_mont_sqr_order_17(t2, t2);
        if ((p521_order_low[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
            sp_521_mont_mul_order_17(t2, t2, a);
        }
    }
    sp_521_mont_sqr_order_17(t2, t2);
    sp_521_mont_mul_order_17(r, t2, a);
#endif /* WOLFSSL_SP_SMALL */
}

#endif /* HAVE_ECC_SIGN || (HAVE_ECC_VERIFY && WOLFSSL_SP_SMALL) */
#endif /* HAVE_ECC_SIGN | HAVE_ECC_VERIFY */
#ifdef HAVE_ECC_SIGN
#ifndef SP_ECC_MAX_SIG_GEN
#define SP_ECC_MAX_SIG_GEN  64
#endif

/* Calculate second signature value S from R, k and private value.
 *
 * s = (r * x + e) / k
 *
 * s    Signature value.
 * r    First signature value.
 * k    Ephemeral private key.
 * x    Private key as a number.
 * e    Hash of message as a number.
 * tmp  Temporary storage for intermediate numbers.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_521_calc_s_17(sp_digit* s, const sp_digit* r, sp_digit* k,
    sp_digit* x, const sp_digit* e, sp_digit* tmp)
{
    int err;
    sp_digit carry;
    sp_int32 c;
    sp_digit* kInv = k;

    /* Conv k to Montgomery form (mod order) */
        sp_521_mul_17(k, k, p521_norm_order);
    err = sp_521_mod_17(k, k, p521_order);
    if (err == MP_OKAY) {
        sp_521_norm_17(k);

        /* kInv = 1/k mod order */
            sp_521_mont_inv_order_17(kInv, k, tmp);
        sp_521_norm_17(kInv);

        /* s = r * x + e */
            sp_521_mul_17(x, x, r);
        err = sp_521_mod_17(x, x, p521_order);
    }
    if (err == MP_OKAY) {
        sp_521_norm_17(x);
        carry = sp_521_add_17(s, e, x);
        sp_521_cond_sub_17(s, s, p521_order, 0 - carry);
        sp_521_norm_17(s);
        c = sp_521_cmp_17(s, p521_order);
        sp_521_cond_sub_17(s, s, p521_order,
            (sp_digit)0 - (sp_digit)(c >= 0));
        sp_521_norm_17(s);

        /* s = s * k^-1 mod order */
            sp_521_mont_mul_order_17(s, s, kInv);
        sp_521_norm_17(s);
    }

    return err;
}

/* Sign the hash using the private key.
 *   e = [hash, 521 bits] from binary
 *   r = (k.G)->x mod order
 *   s = (r * x + e) / k mod order
 * The hash is truncated to the first 521 bits.
 *
 * hash     Hash to sign.
 * hashLen  Length of the hash data.
 * rng      Random number generator.
 * priv     Private part of key - scalar.
 * rm       First part of result as an mp_int.
 * sm       Sirst part of result as an mp_int.
 * heap     Heap to use for allocation.
 * returns RNG failures, MEMORY_E when memory allocation fails and
 * MP_OKAY on success.
 */
int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
    const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* e = NULL;
    sp_point_521* point = NULL;
#else
    sp_digit e[7 * 2 * 17];
    sp_point_521 point[1];
#endif
    sp_digit* x = NULL;
    sp_digit* k = NULL;
    sp_digit* r = NULL;
    sp_digit* tmp = NULL;
    sp_digit* s = NULL;
    sp_int32 c;
    int err = MP_OKAY;
    int i;

    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        point = (sp_point_521*)XMALLOC(sizeof(sp_point_521), heap,
                                             DYNAMIC_TYPE_ECC);
        if (point == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 17, heap,
                               DYNAMIC_TYPE_ECC);
        if (e == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        x = e + 2 * 17;
        k = e + 4 * 17;
        r = e + 6 * 17;
        tmp = e + 8 * 17;
        s = e;

        if (hashLen > 66U) {
            hashLen = 66U;
        }
    }

    for (i = SP_ECC_MAX_SIG_GEN; err == MP_OKAY && i > 0; i--) {
        /* New random point. */
        if (km == NULL || mp_iszero(km)) {
            err = sp_521_ecc_gen_k_17(rng, k);
        }
        else {
            sp_521_from_mp(k, 17, km);
            mp_zero(km);
        }
        if (err == MP_OKAY) {
                err = sp_521_ecc_mulmod_base_17(point, k, 1, 1, heap);
        }

        if (err == MP_OKAY) {
            /* r = point->x mod order */
            XMEMCPY(r, point->x, sizeof(sp_digit) * 17U);
            sp_521_norm_17(r);
            c = sp_521_cmp_17(r, p521_order);
            sp_521_cond_sub_17(r, r, p521_order,
                (sp_digit)0 - (sp_digit)(c >= 0));
            sp_521_norm_17(r);

            if (!sp_521_iszero_17(r)) {
                /* x is modified in calculation of s. */
                sp_521_from_mp(x, 17, priv);
                /* s ptr == e ptr, e is modified in calculation of s. */
                sp_521_from_bin(e, 17, hash, (int)hashLen);

                /* Take 521 leftmost bits of hash. */
                if (hashLen == 66U) {
                    sp_521_rshift_17(e, e, 7);
                }

                err = sp_521_calc_s_17(s, r, k, x, e, tmp);

                /* Check that signature is usable. */
                if ((err == MP_OKAY) && (!sp_521_iszero_17(s))) {
                    break;
                }
            }
        }
#ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
        i = 1;
#endif
    }

    if (i == 0) {
        err = RNG_FAILURE_E;
    }

    if (err == MP_OKAY) {
        err = sp_521_to_mp(r, rm);
    }
    if (err == MP_OKAY) {
        err = sp_521_to_mp(s, sm);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (e != NULL)
#endif
    {
        ForceZero(e, sizeof(sp_digit) * 7 * 2 * 17);
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(e, heap, DYNAMIC_TYPE_ECC);
    #endif
    }
#ifdef WOLFSSL_SP_SMALL_STACK
    if (point != NULL)
#endif
    {
        ForceZero(point, sizeof(sp_point_521));
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
    #endif
    }

    return err;
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_ecc_sign_521_ctx {
    int state;
    union {
        sp_521_ecc_mulmod_17_ctx mulmod_ctx;
        sp_521_mont_inv_order_17_ctx mont_inv_order_ctx;
    };
    sp_digit e[2*17];
    sp_digit x[2*17];
    sp_digit k[2*17];
    sp_digit r[2*17];
    sp_digit tmp[3 * 2*17];
    sp_point_521 point;
    sp_digit* s;
    sp_digit* kInv;
    int i;
} sp_ecc_sign_521_ctx;

int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, WC_RNG* rng,
    mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
    int err = FP_WOULDBLOCK;
    sp_ecc_sign_521_ctx* ctx = (sp_ecc_sign_521_ctx*)sp_ctx->data;

    typedef char ctx_size_test[sizeof(sp_ecc_sign_521_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0: /* INIT */
        ctx->s = ctx->e;
        ctx->kInv = ctx->k;

        ctx->i = SP_ECC_MAX_SIG_GEN;
        ctx->state = 1;
        break;
    case 1: /* GEN */
        /* New random point. */
        if (km == NULL || mp_iszero(km)) {
            err = sp_521_ecc_gen_k_17(rng, ctx->k);
        }
        else {
            sp_521_from_mp(ctx->k, 17, km);
            mp_zero(km);
        }
        XMEMSET(&ctx->mulmod_ctx, 0, sizeof(ctx->mulmod_ctx));
        ctx->state = 2;
        break;
    case 2: /* MULMOD */
        err = sp_521_ecc_mulmod_17_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx,
            &ctx->point, &p521_base, ctx->k, 1, 1, heap);
        if (err == MP_OKAY) {
            ctx->state = 3;
        }
        break;
    case 3: /* MODORDER */
    {
        sp_int32 c;
        /* r = point->x mod order */
        XMEMCPY(ctx->r, ctx->point.x, sizeof(sp_digit) * 17U);
        sp_521_norm_17(ctx->r);
        c = sp_521_cmp_17(ctx->r, p521_order);
        sp_521_cond_sub_17(ctx->r, ctx->r, p521_order,
            (sp_digit)0 - (sp_digit)(c >= 0));
        sp_521_norm_17(ctx->r);

        if (hashLen > 66U) {
            hashLen = 66U;
        }
        sp_521_from_mp(ctx->x, 17, priv);
        sp_521_from_bin(ctx->e, 17, hash, (int)hashLen);
        if (hashLen == 66U) {
            sp_521_rshift_17(ctx->e, ctx->e, 7);
        }
        ctx->state = 4;
        break;
    }
    case 4: /* KMODORDER */
        /* Conv k to Montgomery form (mod order) */
        sp_521_mul_17(ctx->k, ctx->k, p521_norm_order);
        err = sp_521_mod_17(ctx->k, ctx->k, p521_order);
        if (err == MP_OKAY) {
            sp_521_norm_17(ctx->k);
            XMEMSET(&ctx->mont_inv_order_ctx, 0, sizeof(ctx->mont_inv_order_ctx));
            ctx->state = 5;
        }
        break;
    case 5: /* KINV */
        /* kInv = 1/k mod order */
        err = sp_521_mont_inv_order_17_nb((sp_ecc_ctx_t*)&ctx->mont_inv_order_ctx, ctx->kInv, ctx->k, ctx->tmp);
        if (err == MP_OKAY) {
            XMEMSET(&ctx->mont_inv_order_ctx, 0, sizeof(ctx->mont_inv_order_ctx));
            ctx->state = 6;
        }
        break;
    case 6: /* KINVNORM */
        sp_521_norm_17(ctx->kInv);
        ctx->state = 7;
        break;
    case 7: /* R */
        /* s = r * x + e */
        sp_521_mul_17(ctx->x, ctx->x, ctx->r);
        ctx->state = 8;
        break;
    case 8: /* S1 */
        err = sp_521_mod_17(ctx->x, ctx->x, p521_order);
        if (err == MP_OKAY)
            ctx->state = 9;
        break;
    case 9: /* S2 */
    {
        sp_digit carry;
        sp_int32 c;
        sp_521_norm_17(ctx->x);
        carry = sp_521_add_17(ctx->s, ctx->e, ctx->x);
        sp_521_cond_sub_17(ctx->s, ctx->s,
            p521_order, 0 - carry);
        sp_521_norm_17(ctx->s);
        c = sp_521_cmp_17(ctx->s, p521_order);
        sp_521_cond_sub_17(ctx->s, ctx->s, p521_order,
            (sp_digit)0 - (sp_digit)(c >= 0));
        sp_521_norm_17(ctx->s);

        /* s = s * k^-1 mod order */
        sp_521_mont_mul_order_17(ctx->s, ctx->s, ctx->kInv);
        sp_521_norm_17(ctx->s);

        /* Check that signature is usable. */
        if (sp_521_iszero_17(ctx->s) == 0) {
            ctx->state = 10;
            break;
        }
    #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
        ctx->i = 1;
    #endif

        /* not usable gen, try again */
        ctx->i--;
        if (ctx->i == 0) {
            err = RNG_FAILURE_E;
        }
        ctx->state = 1;
        break;
    }
    case 10: /* RES */
        err = sp_521_to_mp(ctx->r, rm);
        if (err == MP_OKAY) {
            err = sp_521_to_mp(ctx->s, sm);
        }
        break;
    }

    if (err == MP_OKAY && ctx->state != 10) {
        err = FP_WOULDBLOCK;
    }
    if (err != FP_WOULDBLOCK) {
        XMEMSET(ctx->e, 0, sizeof(sp_digit) * 2U * 17U);
        XMEMSET(ctx->x, 0, sizeof(sp_digit) * 2U * 17U);
        XMEMSET(ctx->k, 0, sizeof(sp_digit) * 2U * 17U);
        XMEMSET(ctx->r, 0, sizeof(sp_digit) * 2U * 17U);
        XMEMSET(ctx->tmp, 0, sizeof(sp_digit) * 3U * 2U * 17U);
    }

    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */
#endif /* HAVE_ECC_SIGN */

#ifndef WOLFSSL_SP_SMALL
#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r11, #0x0\n\t"
        "ADD	r12, %[a], #0x40\n\t"
        "\n"
    "L_sp_521_sub_17_word:\n\t"
        "RSBS	r11, r11, #0x0\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	r11, r3, r3\n\t"
        "CMP	%[a], r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_521_sub_17_word\n\t"
#else
        "BNE.N	L_sp_521_sub_17_word\n\t"
#endif
        "RSBS	r11, r11, #0x0\n\t"
        "LDM	%[a]!, {r3}\n\t"
        "LDM	%[b]!, {r7}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "STM	%[r]!, {r3}\n\t"
        "SBC	%[r], r6, r6\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SUBS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3}\n\t"
        "LDM	%[b]!, {r7}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "STM	%[r]!, {r3}\n\t"
        "SBC	%[r], r6, r6\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
/* Divide the number by 2 mod the modulus. (r = a / 2 % m)
 *
 * r  Result of division by 2.
 * a  Number to divide.
 * m  Modulus.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
#else
static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r2") = (const sp_digit*)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r4}\n\t"
        "ANDS	r3, r4, #0x1\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_div2_mod_17_even\n\t"
#else
        "BEQ.N	L_sp_521_div2_mod_17_even\n\t"
#endif
        "MOV	r12, #0x0\n\t"
        "LDM	%[a]!, {r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4}\n\t"
        "LDM	%[m]!, {r8}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "ADC	r3, r12, r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_div2_mod_17_div2\n\t"
#else
        "B.N	L_sp_521_div2_mod_17_div2\n\t"
#endif
        "\n"
    "L_sp_521_div2_mod_17_even:\n\t"
        "LDM	%[a]!, {r5, r6, r7}\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4}\n\t"
        "STM	%[r]!, {r4}\n\t"
        "\n"
    "L_sp_521_div2_mod_17_div2:\n\t"
        "SUB	%[r], %[r], #0x44\n\t"
        "LDRD	r8, r9, [%[r]]\n\t"
        "LSR	r8, r8, #1\n\t"
        "ORR	r8, r8, r9, lsl #31\n\t"
        "LSR	r9, r9, #1\n\t"
        "LDR	r10, [%[r], #8]\n\t"
        "STR	r8, [%[r]]\n\t"
        "ORR	r9, r9, r10, lsl #31\n\t"
        "LSR	r10, r10, #1\n\t"
        "LDR	r8, [%[r], #12]\n\t"
        "STR	r9, [%[r], #4]\n\t"
        "ORR	r10, r10, r8, lsl #31\n\t"
        "LSR	r8, r8, #1\n\t"
        "LDR	r9, [%[r], #16]\n\t"
        "STR	r10, [%[r], #8]\n\t"
        "ORR	r8, r8, r9, lsl #31\n\t"
        "LSR	r9, r9, #1\n\t"
        "LDR	r10, [%[r], #20]\n\t"
        "STR	r8, [%[r], #12]\n\t"
        "ORR	r9, r9, r10, lsl #31\n\t"
        "LSR	r10, r10, #1\n\t"
        "LDR	r8, [%[r], #24]\n\t"
        "STR	r9, [%[r], #16]\n\t"
        "ORR	r10, r10, r8, lsl #31\n\t"
        "LSR	r8, r8, #1\n\t"
        "LDR	r9, [%[r], #28]\n\t"
        "STR	r10, [%[r], #20]\n\t"
        "ORR	r8, r8, r9, lsl #31\n\t"
        "LSR	r9, r9, #1\n\t"
        "LDR	r10, [%[r], #32]\n\t"
        "STR	r8, [%[r], #24]\n\t"
        "ORR	r9, r9, r10, lsl #31\n\t"
        "LSR	r10, r10, #1\n\t"
        "LDR	r8, [%[r], #36]\n\t"
        "STR	r9, [%[r], #28]\n\t"
        "ORR	r10, r10, r8, lsl #31\n\t"
        "LSR	r8, r8, #1\n\t"
        "LDR	r9, [%[r], #40]\n\t"
        "STR	r10, [%[r], #32]\n\t"
        "ORR	r8, r8, r9, lsl #31\n\t"
        "LSR	r9, r9, #1\n\t"
        "LDR	r10, [%[r], #44]\n\t"
        "STR	r8, [%[r], #36]\n\t"
        "ORR	r9, r9, r10, lsl #31\n\t"
        "LSR	r10, r10, #1\n\t"
        "LDR	r8, [%[r], #48]\n\t"
        "STR	r9, [%[r], #40]\n\t"
        "ORR	r10, r10, r8, lsl #31\n\t"
        "LSR	r8, r8, #1\n\t"
        "LDR	r9, [%[r], #52]\n\t"
        "STR	r10, [%[r], #44]\n\t"
        "ORR	r8, r8, r9, lsl #31\n\t"
        "LSR	r9, r9, #1\n\t"
        "LDR	r10, [%[r], #56]\n\t"
        "STR	r8, [%[r], #48]\n\t"
        "ORR	r9, r9, r10, lsl #31\n\t"
        "LSR	r10, r10, #1\n\t"
        "LDR	r8, [%[r], #60]\n\t"
        "STR	r9, [%[r], #52]\n\t"
        "ORR	r10, r10, r8, lsl #31\n\t"
        "LSR	r8, r8, #1\n\t"
        "LDR	r9, [%[r], #64]\n\t"
        "STR	r10, [%[r], #56]\n\t"
        "ORR	r8, r8, r9, lsl #31\n\t"
        "LSR	r9, r9, #1\n\t"
        "ORR	r9, r9, r3, lsl #31\n\t"
        "STR	r8, [%[r], #60]\n\t"
        "STR	r9, [%[r], #64]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
    );
}

#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static int sp_521_num_bits_17(const sp_digit* a_p)
#else
static int sp_521_num_bits_17(const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register const sp_digit* a __asm__ ("r0") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	r1, [%[a], #64]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_num_bits_17_16\n\t"
#else
        "BEQ.N	L_sp_521_num_bits_17_16\n\t"
#endif
        "MOV	r2, #0x220\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_num_bits_17_18\n\t"
#else
        "B.N	L_sp_521_num_bits_17_18\n\t"
#endif
        "\n"
    "L_sp_521_num_bits_17_16:\n\t"
        "LDR	r1, [%[a], #60]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_num_bits_17_15\n\t"
#else
        "BEQ.N	L_sp_521_num_bits_17_15\n\t"
#endif
        "MOV	r2, #0x200\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_num_bits_17_18\n\t"
#else
        "B.N	L_sp_521_num_bits_17_18\n\t"
#endif
        "\n"
    "L_sp_521_num_bits_17_15:\n\t"
        "LDR	r1, [%[a], #56]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_num_bits_17_14\n\t"
#else
        "BEQ.N	L_sp_521_num_bits_17_14\n\t"
#endif
        "MOV	r2, #0x1e0\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_num_bits_17_18\n\t"
#else
        "B.N	L_sp_521_num_bits_17_18\n\t"
#endif
        "\n"
    "L_sp_521_num_bits_17_14:\n\t"
        "LDR	r1, [%[a], #52]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_num_bits_17_13\n\t"
#else
        "BEQ.N	L_sp_521_num_bits_17_13\n\t"
#endif
        "MOV	r2, #0x1c0\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_num_bits_17_18\n\t"
#else
        "B.N	L_sp_521_num_bits_17_18\n\t"
#endif
        "\n"
    "L_sp_521_num_bits_17_13:\n\t"
        "LDR	r1, [%[a], #48]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_num_bits_17_12\n\t"
#else
        "BEQ.N	L_sp_521_num_bits_17_12\n\t"
#endif
        "MOV	r2, #0x1a0\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_num_bits_17_18\n\t"
#else
        "B.N	L_sp_521_num_bits_17_18\n\t"
#endif
        "\n"
    "L_sp_521_num_bits_17_12:\n\t"
        "LDR	r1, [%[a], #44]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_num_bits_17_11\n\t"
#else
        "BEQ.N	L_sp_521_num_bits_17_11\n\t"
#endif
        "MOV	r2, #0x180\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_num_bits_17_18\n\t"
#else
        "B.N	L_sp_521_num_bits_17_18\n\t"
#endif
        "\n"
    "L_sp_521_num_bits_17_11:\n\t"
        "LDR	r1, [%[a], #40]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_num_bits_17_10\n\t"
#else
        "BEQ.N	L_sp_521_num_bits_17_10\n\t"
#endif
        "MOV	r2, #0x160\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_num_bits_17_18\n\t"
#else
        "B.N	L_sp_521_num_bits_17_18\n\t"
#endif
        "\n"
    "L_sp_521_num_bits_17_10:\n\t"
        "LDR	r1, [%[a], #36]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_num_bits_17_9\n\t"
#else
        "BEQ.N	L_sp_521_num_bits_17_9\n\t"
#endif
        "MOV	r2, #0x140\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_num_bits_17_18\n\t"
#else
        "B.N	L_sp_521_num_bits_17_18\n\t"
#endif
        "\n"
    "L_sp_521_num_bits_17_9:\n\t"
        "LDR	r1, [%[a], #32]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_num_bits_17_8\n\t"
#else
        "BEQ.N	L_sp_521_num_bits_17_8\n\t"
#endif
        "MOV	r2, #0x120\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_num_bits_17_18\n\t"
#else
        "B.N	L_sp_521_num_bits_17_18\n\t"
#endif
        "\n"
    "L_sp_521_num_bits_17_8:\n\t"
        "LDR	r1, [%[a], #28]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_num_bits_17_7\n\t"
#else
        "BEQ.N	L_sp_521_num_bits_17_7\n\t"
#endif
        "MOV	r2, #0x100\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_num_bits_17_18\n\t"
#else
        "B.N	L_sp_521_num_bits_17_18\n\t"
#endif
        "\n"
    "L_sp_521_num_bits_17_7:\n\t"
        "LDR	r1, [%[a], #24]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_num_bits_17_6\n\t"
#else
        "BEQ.N	L_sp_521_num_bits_17_6\n\t"
#endif
        "MOV	r2, #0xe0\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_num_bits_17_18\n\t"
#else
        "B.N	L_sp_521_num_bits_17_18\n\t"
#endif
        "\n"
    "L_sp_521_num_bits_17_6:\n\t"
        "LDR	r1, [%[a], #20]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_num_bits_17_5\n\t"
#else
        "BEQ.N	L_sp_521_num_bits_17_5\n\t"
#endif
        "MOV	r2, #0xc0\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_num_bits_17_18\n\t"
#else
        "B.N	L_sp_521_num_bits_17_18\n\t"
#endif
        "\n"
    "L_sp_521_num_bits_17_5:\n\t"
        "LDR	r1, [%[a], #16]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_num_bits_17_4\n\t"
#else
        "BEQ.N	L_sp_521_num_bits_17_4\n\t"
#endif
        "MOV	r2, #0xa0\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_num_bits_17_18\n\t"
#else
        "B.N	L_sp_521_num_bits_17_18\n\t"
#endif
        "\n"
    "L_sp_521_num_bits_17_4:\n\t"
        "LDR	r1, [%[a], #12]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_num_bits_17_3\n\t"
#else
        "BEQ.N	L_sp_521_num_bits_17_3\n\t"
#endif
        "MOV	r2, #0x80\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_num_bits_17_18\n\t"
#else
        "B.N	L_sp_521_num_bits_17_18\n\t"
#endif
        "\n"
    "L_sp_521_num_bits_17_3:\n\t"
        "LDR	r1, [%[a], #8]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_num_bits_17_2\n\t"
#else
        "BEQ.N	L_sp_521_num_bits_17_2\n\t"
#endif
        "MOV	r2, #0x60\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_num_bits_17_18\n\t"
#else
        "B.N	L_sp_521_num_bits_17_18\n\t"
#endif
        "\n"
    "L_sp_521_num_bits_17_2:\n\t"
        "LDR	r1, [%[a], #4]\n\t"
        "CMP	r1, #0x0\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BEQ	L_sp_521_num_bits_17_1\n\t"
#else
        "BEQ.N	L_sp_521_num_bits_17_1\n\t"
#endif
        "MOV	r2, #0x40\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "B	L_sp_521_num_bits_17_18\n\t"
#else
        "B.N	L_sp_521_num_bits_17_18\n\t"
#endif
        "\n"
    "L_sp_521_num_bits_17_1:\n\t"
        "LDR	r1, [%[a]]\n\t"
        "MOV	r2, #0x20\n\t"
        "CLZ	r4, r1\n\t"
        "SUB	r4, r2, r4\n\t"
        "\n"
    "L_sp_521_num_bits_17_18:\n\t"
        "MOV	%[a], r4\n\t"
        : [a] "+r" (a)
        :
        : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Non-constant time modular inversion.
 *
 * @param  [out]  r   Resulting number.
 * @param  [in]   a   Number to invert.
 * @param  [in]   m   Modulus.
 * @return  MP_OKAY on success.
 */
static int sp_521_mod_inv_17(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    sp_digit u[17];
    sp_digit v[17];
    sp_digit b[17];
    sp_digit d[17];
    int ut, vt;
    sp_digit o;


    XMEMCPY(u, m, sizeof(u));
    XMEMCPY(v, a, sizeof(v));

    ut = sp_521_num_bits_17(u);
    vt = sp_521_num_bits_17(v);

    XMEMSET(b, 0, sizeof(b));
    if ((v[0] & 1) == 0) {
        sp_521_rshift1_17(v, v);
        XMEMCPY(d, m, sizeof(u));
        d[0] += 1;
        sp_521_rshift1_17(d, d);
        vt--;

        while ((v[0] & 1) == 0) {
            sp_521_rshift1_17(v, v);
            sp_521_div2_mod_17(d, d, m);
            vt--;
        }
    }
    else {
        XMEMSET(d+1, 0, sizeof(d)-sizeof(sp_digit));
        d[0] = 1;
    }

    while (ut > 1 && vt > 1) {
        if ((ut > vt) || ((ut == vt) && (sp_521_cmp_17(u, v) >= 0))) {
            sp_521_sub_17(u, u, v);
            o = sp_521_sub_17(b, b, d);
            if (o != 0)
                sp_521_add_17(b, b, m);
            ut = sp_521_num_bits_17(u);

            do {
                sp_521_rshift1_17(u, u);
                sp_521_div2_mod_17(b, b, m);
                ut--;
            }
            while (ut > 0 && (u[0] & 1) == 0);
        }
        else {
            sp_521_sub_17(v, v, u);
            o = sp_521_sub_17(d, d, b);
            if (o != 0)
                sp_521_add_17(d, d, m);
            vt = sp_521_num_bits_17(v);

            do {
                sp_521_rshift1_17(v, v);
                sp_521_div2_mod_17(d, d, m);
                vt--;
            }
            while (vt > 0 && (v[0] & 1) == 0);
        }
    }

    if (ut == 1)
        XMEMCPY(r, b, sizeof(b));
    else
        XMEMCPY(r, d, sizeof(d));


    return MP_OKAY;
}

#endif /* WOLFSSL_SP_SMALL */

/* Add point p1 into point p2. Handles p1 == p2 and result at infinity.
 *
 * p1   First point to add and holds result.
 * p2   Second point to add.
 * tmp  Temporary storage for intermediate numbers.
 */
static void sp_521_add_points_17(sp_point_521* p1, const sp_point_521* p2,
    sp_digit* tmp)
{

        sp_521_proj_point_add_17(p1, p1, p2, tmp);
    if (sp_521_iszero_17(p1->z)) {
        if (sp_521_iszero_17(p1->x) && sp_521_iszero_17(p1->y)) {
                sp_521_proj_point_dbl_17(p1, p2, tmp);
        }
        else {
            /* Y ordinate is not used from here - don't set. */
            p1->x[0] = 0;
            p1->x[1] = 0;
            p1->x[2] = 0;
            p1->x[3] = 0;
            p1->x[4] = 0;
            p1->x[5] = 0;
            p1->x[6] = 0;
            p1->x[7] = 0;
            p1->x[8] = 0;
            p1->x[9] = 0;
            p1->x[10] = 0;
            p1->x[11] = 0;
            p1->x[12] = 0;
            p1->x[13] = 0;
            p1->x[14] = 0;
            p1->x[15] = 0;
            p1->x[16] = 0;
            XMEMCPY(p1->z, p521_norm_mod, sizeof(p521_norm_mod));
        }
    }
}

/* Calculate the verification point: [e/s]G + [r/s]Q
 *
 * p1    Calculated point.
 * p2    Public point and temporary.
 * s     Second part of signature as a number.
 * u1    Temporary number.
 * u2    Temporary number.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_521_calc_vfy_point_17(sp_point_521* p1, sp_point_521* p2,
    sp_digit* s, sp_digit* u1, sp_digit* u2, sp_digit* tmp, void* heap)
{
    int err;

#ifndef WOLFSSL_SP_SMALL
    err = sp_521_mod_inv_17(s, s, p521_order);
    if (err == MP_OKAY)
#endif /* !WOLFSSL_SP_SMALL */
    {
        sp_521_mul_17(s, s, p521_norm_order);
        err = sp_521_mod_17(s, s, p521_order);
    }
    if (err == MP_OKAY) {
        sp_521_norm_17(s);
#ifdef WOLFSSL_SP_SMALL
        {
            sp_521_mont_inv_order_17(s, s, tmp);
            sp_521_mont_mul_order_17(u1, u1, s);
            sp_521_mont_mul_order_17(u2, u2, s);
        }
#else
        {
            sp_521_mont_mul_order_17(u1, u1, s);
            sp_521_mont_mul_order_17(u2, u2, s);
        }
#endif /* WOLFSSL_SP_SMALL */
        {
            err = sp_521_ecc_mulmod_base_17(p1, u1, 0, 0, heap);
        }
    }
    if ((err == MP_OKAY) && sp_521_iszero_17(p1->z)) {
        p1->infinity = 1;
    }
    if (err == MP_OKAY) {
            err = sp_521_ecc_mulmod_17(p2, p2, u2, 0, 0, heap);
    }
    if ((err == MP_OKAY) && sp_521_iszero_17(p2->z)) {
        p2->infinity = 1;
    }

    if (err == MP_OKAY) {
        sp_521_add_points_17(p1, p2, tmp);
    }

    return err;
}

#ifdef HAVE_ECC_VERIFY
/* Verify the signature values with the hash and public key.
 *   e = Truncate(hash, 521)
 *   u1 = e/s mod order
 *   u2 = r/s mod order
 *   r == (u1.G + u2.Q)->x mod order
 * Optimization: Leave point in projective form.
 *   (x, y, 1) == (x' / z'*z', y' / z'*z'*z', z' / z')
 *   (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x'
 * The hash is truncated to the first 521 bits.
 *
 * hash     Hash to sign.
 * hashLen  Length of the hash data.
 * rng      Random number generator.
 * priv     Private part of key - scalar.
 * rm       First part of result as an mp_int.
 * sm       Sirst part of result as an mp_int.
 * heap     Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
    const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
    int* res, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* u1 = NULL;
    sp_point_521* p1 = NULL;
#else
    sp_digit  u1[18 * 17];
    sp_point_521 p1[2];
#endif
    sp_digit* u2 = NULL;
    sp_digit* s = NULL;
    sp_digit* tmp = NULL;
    sp_point_521* p2 = NULL;
    sp_digit carry;
    sp_int32 c = 0;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        p1 = (sp_point_521*)XMALLOC(sizeof(sp_point_521) * 2, heap,
                                             DYNAMIC_TYPE_ECC);
        if (p1 == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 17, heap,
                                                              DYNAMIC_TYPE_ECC);
        if (u1 == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        u2  = u1 + 2 * 17;
        s   = u1 + 4 * 17;
        tmp = u1 + 6 * 17;
        p2 = p1 + 1;

        if (hashLen > 66U) {
            hashLen = 66U;
        }

        sp_521_from_bin(u1, 17, hash, (int)hashLen);
        sp_521_from_mp(u2, 17, rm);
        sp_521_from_mp(s, 17, sm);
        sp_521_from_mp(p2->x, 17, pX);
        sp_521_from_mp(p2->y, 17, pY);
        sp_521_from_mp(p2->z, 17, pZ);

        if (hashLen == 66U) {
            sp_521_rshift_17(u1, u1, 7);
        }

        err = sp_521_calc_vfy_point_17(p1, p2, s, u1, u2, tmp, heap);
    }
    if (err == MP_OKAY) {
        /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
        /* Reload r and convert to Montgomery form. */
        sp_521_from_mp(u2, 17, rm);
        err = sp_521_mod_mul_norm_17(u2, u2, p521_mod);
    }

    if (err == MP_OKAY) {
        /* u1 = r.z'.z' mod prime */
            sp_521_mont_sqr_17(p1->z, p1->z, p521_mod, p521_mp_mod);
            sp_521_mont_mul_17(u1, u2, p1->z, p521_mod, p521_mp_mod);
        *res = (int)(sp_521_cmp_17(p1->x, u1) == 0);
        if (*res == 0) {
            /* Reload r and add order. */
            sp_521_from_mp(u2, 17, rm);
            carry = sp_521_add_17(u2, u2, p521_order);
            /* Carry means result is greater than mod and is not valid. */
            if (carry == 0) {
                sp_521_norm_17(u2);

                /* Compare with mod and if greater or equal then not valid. */
                c = sp_521_cmp_17(u2, p521_mod);
            }
        }
        if ((*res == 0) && (c < 0)) {
            /* Convert to Montogomery form */
            err = sp_521_mod_mul_norm_17(u2, u2, p521_mod);
            if (err == MP_OKAY) {
                /* u1 = (r + 1*order).z'.z' mod prime */
                {
                    sp_521_mont_mul_17(u1, u2, p1->z, p521_mod, p521_mp_mod);
                }
                *res = (sp_521_cmp_17(p1->x, u1) == 0);
            }
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (u1 != NULL)
        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
    if (p1 != NULL)
        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_ecc_verify_521_ctx {
    int state;
    union {
        sp_521_ecc_mulmod_17_ctx mulmod_ctx;
        sp_521_mont_inv_order_17_ctx mont_inv_order_ctx;
        sp_521_proj_point_dbl_17_ctx dbl_ctx;
        sp_521_proj_point_add_17_ctx add_ctx;
    };
    sp_digit u1[2*17];
    sp_digit u2[2*17];
    sp_digit s[2*17];
    sp_digit tmp[2*17 * 6];
    sp_point_521 p1;
    sp_point_521 p2;
} sp_ecc_verify_521_ctx;

int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
    word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
    const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
    int err = FP_WOULDBLOCK;
    sp_ecc_verify_521_ctx* ctx = (sp_ecc_verify_521_ctx*)sp_ctx->data;

    typedef char ctx_size_test[sizeof(sp_ecc_verify_521_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0: /* INIT */
        if (hashLen > 66U) {
            hashLen = 66U;
        }

        sp_521_from_bin(ctx->u1, 17, hash, (int)hashLen);
        sp_521_from_mp(ctx->u2, 17, rm);
        sp_521_from_mp(ctx->s, 17, sm);
        sp_521_from_mp(ctx->p2.x, 17, pX);
        sp_521_from_mp(ctx->p2.y, 17, pY);
        sp_521_from_mp(ctx->p2.z, 17, pZ);
        if (hashLen == 66U) {
            sp_521_rshift_17(ctx->u1, ctx->u1, 7);
        }
        ctx->state = 1;
        break;
    case 1: /* NORMS0 */
        sp_521_mul_17(ctx->s, ctx->s, p521_norm_order);
        err = sp_521_mod_17(ctx->s, ctx->s, p521_order);
        if (err == MP_OKAY)
            ctx->state = 2;
        break;
    case 2: /* NORMS1 */
        sp_521_norm_17(ctx->s);
        XMEMSET(&ctx->mont_inv_order_ctx, 0, sizeof(ctx->mont_inv_order_ctx));
        ctx->state = 3;
        break;
    case 3: /* NORMS2 */
        err = sp_521_mont_inv_order_17_nb((sp_ecc_ctx_t*)&ctx->mont_inv_order_ctx, ctx->s, ctx->s, ctx->tmp);
        if (err == MP_OKAY) {
            ctx->state = 4;
        }
        break;
    case 4: /* NORMS3 */
        sp_521_mont_mul_order_17(ctx->u1, ctx->u1, ctx->s);
        ctx->state = 5;
        break;
    case 5: /* NORMS4 */
        sp_521_mont_mul_order_17(ctx->u2, ctx->u2, ctx->s);
        XMEMSET(&ctx->mulmod_ctx, 0, sizeof(ctx->mulmod_ctx));
        ctx->state = 6;
        break;
    case 6: /* MULBASE */
        err = sp_521_ecc_mulmod_17_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx, &ctx->p1, &p521_base, ctx->u1, 0, 0, heap);
        if (err == MP_OKAY) {
            if (sp_521_iszero_17(ctx->p1.z)) {
                ctx->p1.infinity = 1;
            }
            XMEMSET(&ctx->mulmod_ctx, 0, sizeof(ctx->mulmod_ctx));
            ctx->state = 7;
        }
        break;
    case 7: /* MULMOD */
        err = sp_521_ecc_mulmod_17_nb((sp_ecc_ctx_t*)&ctx->mulmod_ctx, &ctx->p2, &ctx->p2, ctx->u2, 0, 0, heap);
        if (err == MP_OKAY) {
            if (sp_521_iszero_17(ctx->p2.z)) {
                ctx->p2.infinity = 1;
            }
            XMEMSET(&ctx->add_ctx, 0, sizeof(ctx->add_ctx));
            ctx->state = 8;
        }
        break;
    case 8: /* ADD */
        err = sp_521_proj_point_add_17_nb((sp_ecc_ctx_t*)&ctx->add_ctx, &ctx->p1, &ctx->p1, &ctx->p2, ctx->tmp);
        if (err == MP_OKAY)
            ctx->state = 9;
        break;
    case 9: /* MONT */
        /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
        /* Reload r and convert to Montgomery form. */
        sp_521_from_mp(ctx->u2, 17, rm);
        err = sp_521_mod_mul_norm_17(ctx->u2, ctx->u2, p521_mod);
        if (err == MP_OKAY)
            ctx->state = 10;
        break;
    case 10: /* SQR */
        /* u1 = r.z'.z' mod prime */
        sp_521_mont_sqr_17(ctx->p1.z, ctx->p1.z, p521_mod, p521_mp_mod);
        ctx->state = 11;
        break;
    case 11: /* MUL */
        sp_521_mont_mul_17(ctx->u1, ctx->u2, ctx->p1.z, p521_mod, p521_mp_mod);
        ctx->state = 12;
        break;
    case 12: /* RES */
    {
        sp_int32 c = 0;
        err = MP_OKAY; /* math okay, now check result */
        *res = (int)(sp_521_cmp_17(ctx->p1.x, ctx->u1) == 0);
        if (*res == 0) {
            sp_digit carry;

            /* Reload r and add order. */
            sp_521_from_mp(ctx->u2, 17, rm);
            carry = sp_521_add_17(ctx->u2, ctx->u2, p521_order);
            /* Carry means result is greater than mod and is not valid. */
            if (carry == 0) {
                sp_521_norm_17(ctx->u2);

                /* Compare with mod and if greater or equal then not valid. */
                c = sp_521_cmp_17(ctx->u2, p521_mod);
            }
        }
        if ((*res == 0) && (c < 0)) {
            /* Convert to Montogomery form */
            err = sp_521_mod_mul_norm_17(ctx->u2, ctx->u2, p521_mod);
            if (err == MP_OKAY) {
                /* u1 = (r + 1*order).z'.z' mod prime */
                sp_521_mont_mul_17(ctx->u1, ctx->u2, ctx->p1.z, p521_mod,
                                                            p521_mp_mod);
                *res = (int)(sp_521_cmp_17(ctx->p1.x, ctx->u1) == 0);
            }
        }
        break;
    }
    } /* switch */

    if (err == MP_OKAY && ctx->state != 12) {
        err = FP_WOULDBLOCK;
    }

    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */
#endif /* HAVE_ECC_VERIFY */

#ifdef HAVE_ECC_CHECK_KEY
/* Check that the x and y ordinates are a valid point on the curve.
 *
 * point  EC point.
 * heap   Heap to use if dynamically allocating.
 * returns MEMORY_E if dynamic memory allocation fails, MP_VAL if the point is
 * not on the curve and MP_OKAY otherwise.
 */
static int sp_521_ecc_is_point_17(const sp_point_521* point,
    void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* t1 = NULL;
#else
    sp_digit t1[17 * 4];
#endif
    sp_digit* t2 = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 17 * 4, heap, DYNAMIC_TYPE_ECC);
    if (t1 == NULL)
        err = MEMORY_E;
#endif
    (void)heap;

    if (err == MP_OKAY) {
        t2 = t1 + 2 * 17;

        /* y^2 - x^3 - a.x = b */
        sp_521_sqr_17(t1, point->y);
        (void)sp_521_mod_17(t1, t1, p521_mod);
        sp_521_sqr_17(t2, point->x);
        (void)sp_521_mod_17(t2, t2, p521_mod);
        sp_521_mul_17(t2, t2, point->x);
        (void)sp_521_mod_17(t2, t2, p521_mod);
        sp_521_mont_sub_17(t1, t1, t2, p521_mod);

        /* y^2 - x^3 + 3.x = b, when a = -3  */
        sp_521_mont_add_17(t1, t1, point->x, p521_mod);
        sp_521_mont_add_17(t1, t1, point->x, p521_mod);
        sp_521_mont_add_17(t1, t1, point->x, p521_mod);


        if (sp_521_cmp_17(t1, p521_b) != 0) {
            err = MP_VAL;
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t1 != NULL)
        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Check that the x and y ordinates are a valid point on the curve.
 *
 * pX  X ordinate of EC point.
 * pY  Y ordinate of EC point.
 * returns MEMORY_E if dynamic memory allocation fails, MP_VAL if the point is
 * not on the curve and MP_OKAY otherwise.
 */
int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_521* pub = NULL;
#else
    sp_point_521 pub[1];
#endif
    const byte one[1] = { 1 };
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    pub = (sp_point_521*)XMALLOC(sizeof(sp_point_521), NULL,
                                       DYNAMIC_TYPE_ECC);
    if (pub == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {
        sp_521_from_mp(pub->x, 17, pX);
        sp_521_from_mp(pub->y, 17, pY);
        sp_521_from_bin(pub->z, 17, one, (int)sizeof(one));

        err = sp_521_ecc_is_point_17(pub, NULL);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (pub != NULL)
        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Check that the private scalar generates the EC point (px, py), the point is
 * on the curve and the point has the correct order.
 *
 * pX     X ordinate of EC point.
 * pY     Y ordinate of EC point.
 * privm  Private scalar that generates EC point.
 * returns MEMORY_E if dynamic memory allocation fails, MP_VAL if the point is
 * not on the curve, ECC_INF_E if the point does not have the correct order,
 * ECC_PRIV_KEY_E when the private scalar doesn't generate the EC point and
 * MP_OKAY otherwise.
 */
int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
    const mp_int* privm, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* priv = NULL;
    sp_point_521* pub = NULL;
#else
    sp_digit priv[17];
    sp_point_521 pub[2];
#endif
    sp_point_521* p = NULL;
    const byte one[1] = { 1 };
    int err = MP_OKAY;


    /* Quick check the lengs of public key ordinates and private key are in
     * range. Proper check later.
     */
    if (((mp_count_bits(pX) > 521) ||
        (mp_count_bits(pY) > 521) ||
        ((privm != NULL) && (mp_count_bits(privm) > 521)))) {
        err = ECC_OUT_OF_RANGE_E;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        pub = (sp_point_521*)XMALLOC(sizeof(sp_point_521) * 2, heap,
                                           DYNAMIC_TYPE_ECC);
        if (pub == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY && privm) {
        priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 17, heap,
                                  DYNAMIC_TYPE_ECC);
        if (priv == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        p = pub + 1;

        sp_521_from_mp(pub->x, 17, pX);
        sp_521_from_mp(pub->y, 17, pY);
        sp_521_from_bin(pub->z, 17, one, (int)sizeof(one));
        if (privm)
            sp_521_from_mp(priv, 17, privm);

        /* Check point at infinitiy. */
        if ((sp_521_iszero_17(pub->x) != 0) &&
            (sp_521_iszero_17(pub->y) != 0)) {
            err = ECC_INF_E;
        }
    }

    /* Check range of X and Y */
    if ((err == MP_OKAY) &&
            ((sp_521_cmp_17(pub->x, p521_mod) >= 0) ||
             (sp_521_cmp_17(pub->y, p521_mod) >= 0))) {
        err = ECC_OUT_OF_RANGE_E;
    }

    if (err == MP_OKAY) {
        /* Check point is on curve */
        err = sp_521_ecc_is_point_17(pub, heap);
    }

    if (err == MP_OKAY) {
        /* Point * order = infinity */
            err = sp_521_ecc_mulmod_17(p, pub, p521_order, 1, 1, heap);
    }
    /* Check result is infinity */
    if ((err == MP_OKAY) && ((sp_521_iszero_17(p->x) == 0) ||
                             (sp_521_iszero_17(p->y) == 0))) {
        err = ECC_INF_E;
    }

    if (privm) {
        if (err == MP_OKAY) {
            /* Base * private = point */
                err = sp_521_ecc_mulmod_base_17(p, priv, 1, 1, heap);
        }
        /* Check result is public key */
        if ((err == MP_OKAY) &&
                ((sp_521_cmp_17(p->x, pub->x) != 0) ||
                 (sp_521_cmp_17(p->y, pub->y) != 0))) {
            err = ECC_PRIV_KEY_E;
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (pub != NULL)
        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
    if (priv != NULL)
        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}
#endif
#ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL
/* Add two projective EC points together.
 * (pX, pY, pZ) + (qX, qY, qZ) = (rX, rY, rZ)
 *
 * pX   First EC point's X ordinate.
 * pY   First EC point's Y ordinate.
 * pZ   First EC point's Z ordinate.
 * qX   Second EC point's X ordinate.
 * qY   Second EC point's Y ordinate.
 * qZ   Second EC point's Z ordinate.
 * rX   Resultant EC point's X ordinate.
 * rY   Resultant EC point's Y ordinate.
 * rZ   Resultant EC point's Z ordinate.
 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
 */
int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
                              mp_int* qX, mp_int* qY, mp_int* qZ,
                              mp_int* rX, mp_int* rY, mp_int* rZ)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp = NULL;
    sp_point_521* p = NULL;
#else
    sp_digit tmp[2 * 17 * 6];
    sp_point_521 p[2];
#endif
    sp_point_521* q = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        p = (sp_point_521*)XMALLOC(sizeof(sp_point_521) * 2, NULL,
                                         DYNAMIC_TYPE_ECC);
        if (p == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 17 * 6, NULL,
                                 DYNAMIC_TYPE_ECC);
        if (tmp == NULL) {
            err = MEMORY_E;
        }
    }
#endif

    if (err == MP_OKAY) {
        q = p + 1;

        sp_521_from_mp(p->x, 17, pX);
        sp_521_from_mp(p->y, 17, pY);
        sp_521_from_mp(p->z, 17, pZ);
        sp_521_from_mp(q->x, 17, qX);
        sp_521_from_mp(q->y, 17, qY);
        sp_521_from_mp(q->z, 17, qZ);
        p->infinity = sp_521_iszero_17(p->x) &
                      sp_521_iszero_17(p->y);
        q->infinity = sp_521_iszero_17(q->x) &
                      sp_521_iszero_17(q->y);

            sp_521_proj_point_add_17(p, p, q, tmp);
    }

    if (err == MP_OKAY) {
        err = sp_521_to_mp(p->x, rX);
    }
    if (err == MP_OKAY) {
        err = sp_521_to_mp(p->y, rY);
    }
    if (err == MP_OKAY) {
        err = sp_521_to_mp(p->z, rZ);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (tmp != NULL)
        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
    if (p != NULL)
        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Double a projective EC point.
 * (pX, pY, pZ) + (pX, pY, pZ) = (rX, rY, rZ)
 *
 * pX   EC point's X ordinate.
 * pY   EC point's Y ordinate.
 * pZ   EC point's Z ordinate.
 * rX   Resultant EC point's X ordinate.
 * rY   Resultant EC point's Y ordinate.
 * rZ   Resultant EC point's Z ordinate.
 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
 */
int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
                              mp_int* rX, mp_int* rY, mp_int* rZ)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp = NULL;
    sp_point_521* p = NULL;
#else
    sp_digit tmp[2 * 17 * 2];
    sp_point_521 p[1];
#endif
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        p = (sp_point_521*)XMALLOC(sizeof(sp_point_521), NULL,
                                         DYNAMIC_TYPE_ECC);
        if (p == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 17 * 2, NULL,
                                 DYNAMIC_TYPE_ECC);
        if (tmp == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        sp_521_from_mp(p->x, 17, pX);
        sp_521_from_mp(p->y, 17, pY);
        sp_521_from_mp(p->z, 17, pZ);
        p->infinity = sp_521_iszero_17(p->x) &
                      sp_521_iszero_17(p->y);

            sp_521_proj_point_dbl_17(p, p, tmp);
    }

    if (err == MP_OKAY) {
        err = sp_521_to_mp(p->x, rX);
    }
    if (err == MP_OKAY) {
        err = sp_521_to_mp(p->y, rY);
    }
    if (err == MP_OKAY) {
        err = sp_521_to_mp(p->z, rZ);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (tmp != NULL)
        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
    if (p != NULL)
        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Map a projective EC point to affine in place.
 * pZ will be one.
 *
 * pX   EC point's X ordinate.
 * pY   EC point's Y ordinate.
 * pZ   EC point's Z ordinate.
 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
 */
int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp = NULL;
    sp_point_521* p = NULL;
#else
    sp_digit tmp[2 * 17 * 5];
    sp_point_521 p[1];
#endif
    int err = MP_OKAY;


#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        p = (sp_point_521*)XMALLOC(sizeof(sp_point_521), NULL,
                                         DYNAMIC_TYPE_ECC);
        if (p == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 17 * 5, NULL,
                                 DYNAMIC_TYPE_ECC);
        if (tmp == NULL)
            err = MEMORY_E;
    }
#endif
    if (err == MP_OKAY) {
        sp_521_from_mp(p->x, 17, pX);
        sp_521_from_mp(p->y, 17, pY);
        sp_521_from_mp(p->z, 17, pZ);
        p->infinity = sp_521_iszero_17(p->x) &
                      sp_521_iszero_17(p->y);

            sp_521_map_17(p, p, tmp);
    }

    if (err == MP_OKAY) {
        err = sp_521_to_mp(p->x, pX);
    }
    if (err == MP_OKAY) {
        err = sp_521_to_mp(p->y, pY);
    }
    if (err == MP_OKAY) {
        err = sp_521_to_mp(p->z, pZ);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (tmp != NULL)
        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
    if (p != NULL)
        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}
#endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
#ifdef HAVE_COMP_KEY
/* Square root power for the P521 curve. */
static const uint32_t p521_sqrt_power[17] = {
    0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
    0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
    0x00000000,0x00000000,0x00000080
};

/* Find the square root of a number mod the prime of the curve.
 *
 * y  The number to operate on and the result.
 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
 */
static int sp_521_mont_sqrt_17(sp_digit* y)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* t = NULL;
#else
    sp_digit t[2 * 17];
#endif
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 17, NULL, DYNAMIC_TYPE_ECC);
    if (t == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {

        {
            int i;

            XMEMCPY(t, y, sizeof(sp_digit) * 17);
            for (i=518; i>=0; i--) {
                sp_521_mont_sqr_17(t, t, p521_mod, p521_mp_mod);
                if (p521_sqrt_power[i / 32] & ((sp_digit)1 << (i % 32)))
                    sp_521_mont_mul_17(t, t, y, p521_mod, p521_mp_mod);
            }
            XMEMCPY(y, t, sizeof(sp_digit) * 17);
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}


/* Uncompress the point given the X ordinate.
 *
 * xm    X ordinate.
 * odd   Whether the Y ordinate is odd.
 * ym    Calculated Y ordinate.
 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
 */
int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* x = NULL;
#else
    sp_digit x[4 * 17];
#endif
    sp_digit* y = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 17, NULL, DYNAMIC_TYPE_ECC);
    if (x == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {
        y = x + 2 * 17;

        sp_521_from_mp(x, 17, xm);
        err = sp_521_mod_mul_norm_17(x, x, p521_mod);
    }
    if (err == MP_OKAY) {
        /* y = x^3 */
        {
            sp_521_mont_sqr_17(y, x, p521_mod, p521_mp_mod);
            sp_521_mont_mul_17(y, y, x, p521_mod, p521_mp_mod);
        }
        /* y = x^3 - 3x */
        sp_521_mont_sub_17(y, y, x, p521_mod);
        sp_521_mont_sub_17(y, y, x, p521_mod);
        sp_521_mont_sub_17(y, y, x, p521_mod);
        /* y = x^3 - 3x + b */
        err = sp_521_mod_mul_norm_17(x, p521_b, p521_mod);
    }
    if (err == MP_OKAY) {
        sp_521_mont_add_17(y, y, x, p521_mod);
        /* y = sqrt(x^3 - 3x + b) */
        err = sp_521_mont_sqrt_17(y);
    }
    if (err == MP_OKAY) {
        XMEMSET(y + 17, 0, 17U * sizeof(sp_digit));
        sp_521_mont_reduce_17(y, p521_mod, p521_mp_mod);
        if ((((word32)y[0] ^ (word32)odd) & 1U) != 0U) {
            sp_521_mont_sub_17(y, p521_mod, y, p521_mod);
        }

        err = sp_521_to_mp(y, ym);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (x != NULL)
        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}
#endif
#endif /* WOLFSSL_SP_521 */
#ifdef WOLFCRYPT_HAVE_SAKKE
#ifdef WOLFSSL_SP_1024

/* Point structure to use. */
typedef struct sp_point_1024 {
    /* X ordinate of point. */
    sp_digit x[2 * 32];
    /* Y ordinate of point. */
    sp_digit y[2 * 32];
    /* Z ordinate of point. */
    sp_digit z[2 * 32];
    /* Indicates point is at infinity. */
    int infinity;
} sp_point_1024;

#ifndef WOLFSSL_SP_SMALL
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_1024_mul_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static void sp_1024_mul_16(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x40\n\t"
        /* A[0] * B[0] */
        "LDR	r11, [%[a]]\n\t"
        "LDR	r12, [%[b]]\n\t"
        "UMULL	r3, r4, r11, r12\n\t"
        "MOV	r5, #0x0\n\t"
        "STR	r3, [sp]\n\t"
        /* A[0] * B[1] */
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[0] */
        "LDR	r8, [%[a], #4]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #4]\n\t"
        /* A[2] * B[0] */
        "LDR	r8, [%[a], #8]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[1] */
        "LDR	r11, [%[a], #4]\n\t"
        "LDR	r12, [%[b], #4]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[0] * B[2] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #8]\n\t"
        /* A[0] * B[3] */
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[2] */
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[1] */
        "LDR	r8, [%[a], #8]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[0] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [sp, #12]\n\t"
        /* A[4] * B[0] */
        "LDR	r8, [%[a], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[1] */
        "LDR	r8, [%[a], #12]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[2] * B[2] */
        "LDR	r11, [%[a], #8]\n\t"
        "LDR	r12, [%[b], #8]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[3] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[0] * B[4] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #16]\n\t"
        /* A[0] * B[5] */
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[4] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[2] * B[3] */
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[2] */
        "LDR	r8, [%[a], #12]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[1] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[0] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #20]\n\t"
        /* A[6] * B[0] */
        "LDR	r8, [%[a], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[1] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[4] * B[2] */
        "LDR	r8, [%[a], #16]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[3] */
        "LDR	r11, [%[a], #12]\n\t"
        "LDR	r12, [%[b], #12]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[4] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[5] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[0] * B[6] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [sp, #24]\n\t"
        /* A[0] * B[7] */
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[6] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[2] * B[5] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[4] */
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[4] * B[3] */
        "LDR	r8, [%[a], #16]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[2] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[1] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[0] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #28]\n\t"
        /* A[8] * B[0] */
        "LDR	r8, [%[a], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[1] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[6] * B[2] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[3] */
        "LDR	r8, [%[a], #20]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[4] */
        "LDR	r11, [%[a], #16]\n\t"
        "LDR	r12, [%[b], #16]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[5] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[2] * B[6] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[7] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[0] * B[8] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #32]\n\t"
        /* A[0] * B[9] */
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[8] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[7] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[6] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[4] * B[5] */
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[4] */
        "LDR	r8, [%[a], #20]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[6] * B[3] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[2] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[1] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[0] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [sp, #36]\n\t"
        /* A[10] * B[0] */
        "LDR	r8, [%[a], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[1] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[8] * B[2] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[3] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[4] */
        "LDR	r8, [%[a], #24]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[5] */
        "LDR	r11, [%[a], #20]\n\t"
        "LDR	r12, [%[b], #20]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[4] * B[6] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[7] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[2] * B[8] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[9] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[0] * B[10] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #40]\n\t"
        /* A[0] * B[11] */
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[10] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[2] * B[9] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[8] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[7] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[6] */
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[6] * B[5] */
        "LDR	r8, [%[a], #24]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[4] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * B[3] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[2] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[1] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[11] * B[0] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #44]\n\t"
        /* A[12] * B[0] */
        "LDR	r8, [%[a], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[11] * B[1] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[10] * B[2] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[3] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[4] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[5] */
        "LDR	r8, [%[a], #28]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[6] * B[6] */
        "LDR	r11, [%[a], #24]\n\t"
        "LDR	r12, [%[b], #24]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[7] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[4] * B[8] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[9] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[10] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[11] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[0] * B[12] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [sp, #48]\n\t"
        /* A[0] * B[13] */
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[12] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[2] * B[11] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[10] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[4] * B[9] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[8] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[7] */
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[6] */
        "LDR	r8, [%[a], #28]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[8] * B[5] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[4] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * B[3] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[11] * B[2] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[12] * B[1] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[13] * B[0] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #52]\n\t"
        /* A[14] * B[0] */
        "LDR	r8, [%[a], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[13] * B[1] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[12] * B[2] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[11] * B[3] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[4] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[5] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * B[6] */
        "LDR	r8, [%[a], #32]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[7] */
        "LDR	r11, [%[a], #28]\n\t"
        "LDR	r12, [%[b], #28]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[6] * B[8] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[9] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[10] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[11] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[2] * B[12] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * B[13] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[0] * B[14] */
        "LDR	r8, [%[a]]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [sp, #56]\n\t"
        /* A[0] * B[15] */
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[1] * B[14] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[2] * B[13] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[12] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[4] * B[11] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[10] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[6] * B[9] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[8] */
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[7] */
        "LDR	r8, [%[a], #32]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[6] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[10] * B[5] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[11] * B[4] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[12] * B[3] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[13] * B[2] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[14] * B[1] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[15] * B[0] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b]]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [sp, #60]\n\t"
        /* A[15] * B[1] */
        "LDR	r9, [%[b], #4]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[14] * B[2] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[13] * B[3] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[12] * B[4] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[11] * B[5] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * B[6] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[7] */
        "LDR	r8, [%[a], #36]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[8] * B[8] */
        "LDR	r11, [%[a], #32]\n\t"
        "LDR	r12, [%[b], #32]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[9] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[10] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[11] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[4] * B[12] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[3] * B[13] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[2] * B[14] */
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * B[15] */
        "LDR	r8, [%[a], #4]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #64]\n\t"
        /* A[2] * B[15] */
        "LDR	r8, [%[a], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[3] * B[14] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[4] * B[13] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[12] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[6] * B[11] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[10] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * B[9] */
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[8] */
        "LDR	r8, [%[a], #36]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[7] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[11] * B[6] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[12] * B[5] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[13] * B[4] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[14] * B[3] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[15] * B[2] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #8]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [%[r], #68]\n\t"
        /* A[15] * B[3] */
        "LDR	r9, [%[b], #12]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[14] * B[4] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[13] * B[5] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[12] * B[6] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[11] * B[7] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[10] * B[8] */
        "LDR	r8, [%[a], #40]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[9] */
        "LDR	r11, [%[a], #36]\n\t"
        "LDR	r12, [%[b], #36]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[10] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[11] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[6] * B[12] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[5] * B[13] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[4] * B[14] */
        "LDR	r8, [%[a], #16]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[3] * B[15] */
        "LDR	r8, [%[a], #12]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #72]\n\t"
        /* A[4] * B[15] */
        "LDR	r8, [%[a], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[5] * B[14] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[6] * B[13] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[12] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[8] * B[11] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[10] */
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * B[9] */
        "LDR	r8, [%[a], #40]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[11] * B[8] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[12] * B[7] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[13] * B[6] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[14] * B[5] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[15] * B[4] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #16]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #76]\n\t"
        /* A[15] * B[5] */
        "LDR	r9, [%[b], #20]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[14] * B[6] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[13] * B[7] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[12] * B[8] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[11] * B[9] */
        "LDR	r8, [%[a], #44]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[10] */
        "LDR	r11, [%[a], #40]\n\t"
        "LDR	r12, [%[b], #40]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[11] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[8] * B[12] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[7] * B[13] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[6] * B[14] */
        "LDR	r8, [%[a], #24]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[5] * B[15] */
        "LDR	r8, [%[a], #20]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [%[r], #80]\n\t"
        /* A[6] * B[15] */
        "LDR	r8, [%[a], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[7] * B[14] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[8] * B[13] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[12] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[10] * B[11] */
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[11] * B[10] */
        "LDR	r8, [%[a], #44]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[12] * B[9] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[13] * B[8] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[14] * B[7] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[15] * B[6] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #24]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #84]\n\t"
        /* A[15] * B[7] */
        "LDR	r9, [%[b], #28]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[14] * B[8] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[13] * B[9] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[12] * B[10] */
        "LDR	r8, [%[a], #48]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[11] * B[11] */
        "LDR	r11, [%[a], #44]\n\t"
        "LDR	r12, [%[b], #44]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[10] * B[12] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[9] * B[13] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[8] * B[14] */
        "LDR	r8, [%[a], #32]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[7] * B[15] */
        "LDR	r8, [%[a], #28]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #88]\n\t"
        /* A[8] * B[15] */
        "LDR	r8, [%[a], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[9] * B[14] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[10] * B[13] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[11] * B[12] */
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[12] * B[11] */
        "LDR	r8, [%[a], #48]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[13] * B[10] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[14] * B[9] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[15] * B[8] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #32]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [%[r], #92]\n\t"
        /* A[15] * B[9] */
        "LDR	r9, [%[b], #36]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[14] * B[10] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[13] * B[11] */
        "LDR	r8, [%[a], #52]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[12] * B[12] */
        "LDR	r11, [%[a], #48]\n\t"
        "LDR	r12, [%[b], #48]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[11] * B[13] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[10] * B[14] */
        "LDR	r8, [%[a], #40]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[9] * B[15] */
        "LDR	r8, [%[a], #36]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #96]\n\t"
        /* A[10] * B[15] */
        "LDR	r8, [%[a], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[11] * B[14] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[12] * B[13] */
        "LDR	r9, [%[b], #52]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[13] * B[12] */
        "LDR	r8, [%[a], #52]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[14] * B[11] */
        "LDR	r8, [%[a], #56]\n\t"
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[15] * B[10] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #40]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #100]\n\t"
        /* A[15] * B[11] */
        "LDR	r9, [%[b], #44]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[14] * B[12] */
        "LDR	r8, [%[a], #56]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[13] * B[13] */
        "LDR	r11, [%[a], #52]\n\t"
        "LDR	r12, [%[b], #52]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[12] * B[14] */
        "LDR	r8, [%[a], #48]\n\t"
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[11] * B[15] */
        "LDR	r8, [%[a], #44]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [%[r], #104]\n\t"
        /* A[12] * B[15] */
        "LDR	r8, [%[a], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "MOV	r5, #0x0\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[13] * B[14] */
        "LDR	r9, [%[b], #56]\n\t"
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[14] * B[13] */
        "LDR	r8, [%[a], #56]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        /* A[15] * B[12] */
        "LDR	r8, [%[a], #60]\n\t"
        "LDR	r9, [%[b], #48]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], #108]\n\t"
        /* A[15] * B[13] */
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[14] * B[14] */
        "LDR	r11, [%[a], #56]\n\t"
        "LDR	r12, [%[b], #56]\n\t"
        "UMULL	r6, r7, r11, r12\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[13] * B[15] */
        "LDR	r8, [%[a], #52]\n\t"
        "LDR	r9, [%[b], #60]\n\t"
        "UMULL	r6, r7, r8, r9\n\t"
        "ADDS	r4, r4, r6\n\t"
        "ADCS	r5, r5, r7\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #112]\n\t"
        /* A[14] * B[15] */
        "UMULL	r6, r7, r11, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[15] * B[14] */
        "LDR	r8, [%[a], #60]\n\t"
        "UMULL	r6, r7, r8, r12\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r5, [%[r], #116]\n\t"
        /* A[15] * B[15] */
        "UMLAL	r3, r4, r8, r9\n\t"
        "STR	r3, [%[r], #120]\n\t"
        "STR	r4, [%[r], #124]\n\t"
        "LDM	sp!, {r3, r4, r5, r6}\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	sp!, {r3, r4, r5, r6}\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	sp!, {r3, r4, r5, r6}\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	sp!, {r3, r4, r5, r6}\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
    );
}

/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_1024_sqr_16(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_1024_sqr_16(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x40\n\t"
        /* A[0] * A[0] */
        "LDR	r10, [%[a]]\n\t"
        "UMULL	r8, r3, r10, r10\n\t"
        "MOV	r4, #0x0\n\t"
        "STR	r8, [sp]\n\t"
        /* A[0] * A[1] */
        "LDR	r10, [%[a], #4]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "STR	r3, [sp, #4]\n\t"
        /* A[0] * A[2] */
        "LDR	r10, [%[a], #8]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[1] * A[1] */
        "LDR	r10, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [sp, #8]\n\t"
        /* A[0] * A[3] */
        "LDR	r10, [%[a], #12]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[1] * A[2] */
        "LDR	r10, [%[a], #8]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r2, [sp, #12]\n\t"
        /* A[0] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        /* A[1] * A[3] */
        "LDR	r10, [%[a], #12]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        /* A[2] * A[2] */
        "LDR	r10, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "STR	r3, [sp, #16]\n\t"
        /* A[0] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[3] */
        "LDR	r10, [%[a], #12]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [sp, #20]\n\t"
        /* A[0] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[3] */
        "LDR	r10, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [sp, #24]\n\t"
        /* A[0] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [sp, #28]\n\t"
        /* A[0] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[4] */
        "LDR	r10, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [sp, #32]\n\t"
        /* A[0] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [sp, #36]\n\t"
        /* A[0] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[5] */
        "LDR	r10, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [sp, #40]\n\t"
        /* A[0] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [sp, #44]\n\t"
        /* A[0] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[6] */
        "LDR	r10, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [sp, #48]\n\t"
        /* A[0] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [sp, #52]\n\t"
        /* A[0] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[7] */
        "LDR	r10, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [sp, #56]\n\t"
        /* A[0] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a]]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[1] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[2] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [sp, #60]\n\t"
        /* A[1] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #4]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[2] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[3] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[8] */
        "LDR	r10, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [%[r], #64]\n\t"
        /* A[2] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #8]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[3] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[4] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [%[r], #68]\n\t"
        /* A[3] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[4] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[5] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[9] * A[9] */
        "LDR	r10, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [%[r], #72]\n\t"
        /* A[4] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[5] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[6] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[9] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [%[r], #76]\n\t"
        /* A[5] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[6] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[7] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[9] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[10] * A[10] */
        "LDR	r10, [%[a], #40]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [%[r], #80]\n\t"
        /* A[6] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[7] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[8] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[9] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[10] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [%[r], #84]\n\t"
        /* A[7] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[8] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[9] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[10] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[11] * A[11] */
        "LDR	r10, [%[a], #44]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [%[r], #88]\n\t"
        /* A[8] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r3, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[9] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[10] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[11] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r4, r4, r5\n\t"
        "ADCS	r2, r2, r6\n\t"
        "ADC	r3, r3, r7\n\t"
        "STR	r4, [%[r], #92]\n\t"
        /* A[9] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[10] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[11] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[12] * A[12] */
        "LDR	r10, [%[a], #48]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r5\n\t"
        "ADCS	r3, r3, r6\n\t"
        "ADC	r4, r4, r7\n\t"
        "STR	r2, [%[r], #96]\n\t"
        /* A[10] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "UMULL	r5, r6, r10, r12\n\t"
        "MOV	r2, #0x0\n\t"
        "MOV	r7, #0x0\n\t"
        /* A[11] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* A[12] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "LDR	r12, [%[a], #48]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r5, r5, r8\n\t"
        "ADCS	r6, r6, r9\n\t"
        "ADC	r7, r7, #0x0\n\t"
        "ADDS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADC	r7, r7, r7\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADCS	r4, r4, r6\n\t"
        "ADC	r2, r2, r7\n\t"
        "STR	r3, [%[r], #100]\n\t"
        /* A[11] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[12] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #48]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* A[13] * A[13] */
        "LDR	r10, [%[a], #52]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #104]\n\t"
        /* A[12] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #48]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r4, r4, #0x0\n\t"
        /* A[13] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "LDR	r12, [%[a], #52]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "ADDS	r2, r2, r8\n\t"
        "ADCS	r3, r3, r9\n\t"
        "ADC	r4, r4, #0x0\n\t"
        "STR	r2, [%[r], #108]\n\t"
        /* A[13] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #52]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "MOV	r2, #0x0\n\t"
        "ADC	r2, r2, #0x0\n\t"
        /* A[14] * A[14] */
        "LDR	r10, [%[a], #56]\n\t"
        "UMULL	r8, r9, r10, r10\n\t"
        "ADDS	r3, r3, r8\n\t"
        "ADCS	r4, r4, r9\n\t"
        "ADC	r2, r2, #0x0\n\t"
        "STR	r3, [%[r], #112]\n\t"
        /* A[14] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "LDR	r12, [%[a], #56]\n\t"
        "UMULL	r8, r9, r10, r12\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r2, r2, r9\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, #0x0\n\t"
        "STR	r4, [%[r], #116]\n\t"
        /* A[15] * A[15] */
        "LDR	r10, [%[a], #60]\n\t"
        "UMLAL	r2, r3, r10, r10\n\t"
        "STR	r2, [%[r], #120]\n\t"
        "STR	r3, [%[r], #124]\n\t"
        "LDM	sp!, {r2, r3, r4, r8}\n\t"
        "STM	%[r]!, {r2, r3, r4, r8}\n\t"
        "LDM	sp!, {r2, r3, r4, r8}\n\t"
        "STM	%[r]!, {r2, r3, r4, r8}\n\t"
        "LDM	sp!, {r2, r3, r4, r8}\n\t"
        "STM	%[r]!, {r2, r3, r4, r8}\n\t"
        "LDM	sp!, {r2, r3, r4, r8}\n\t"
        "STM	%[r]!, {r2, r3, r4, r8}\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
    );
}

/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_1024_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADDS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "MOV	%[r], #0x0\n\t"
        "ADC	%[r], %[r], #0x0\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer and result.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SUBS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	%[a], r9, r9\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADDS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "ADCS	r3, r3, r7\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "MOV	%[r], #0x0\n\t"
        "ADC	%[r], %[r], #0x0\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* AND m into each word of a and store in r.
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * m  Mask to AND against each digit.
 */
static void sp_1024_mask_16(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
    int i;

    for (i=0; i<16; i++) {
        r[i] = a[i] & m;
    }
#else
    int i;

    for (i = 0; i < 16; i += 8) {
        r[i+0] = a[i+0] & m;
        r[i+1] = a[i+1] & m;
        r[i+2] = a[i+2] & m;
        r[i+3] = a[i+3] & m;
        r[i+4] = a[i+4] & m;
        r[i+5] = a[i+5] & m;
        r[i+6] = a[i+6] & m;
        r[i+7] = a[i+7] & m;
    }
#endif
}

/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
SP_NOINLINE static void sp_1024_mul_32(sp_digit* r, const sp_digit* a,
        const sp_digit* b)
{
    sp_digit* z0 = r;
    sp_digit z1[32];
    sp_digit a1[16];
    sp_digit b1[16];
    sp_digit* z2 = r + 32;
    sp_digit u;
    sp_digit ca;
    sp_digit cb;

    ca = sp_1024_add_16(a1, a, &a[16]);
    cb = sp_1024_add_16(b1, b, &b[16]);
    u  = ca & cb;

    sp_1024_mul_16(z2, &a[16], &b[16]);
    sp_1024_mul_16(z0, a, b);
    sp_1024_mul_16(z1, a1, b1);

    u += sp_1024_sub_in_place_32(z1, z0);
    u += sp_1024_sub_in_place_32(z1, z2);
    sp_1024_mask_16(a1, a1, 0 - cb);
    u += sp_1024_add_16(z1 + 16, z1 + 16, a1);
    sp_1024_mask_16(b1, b1, 0 - ca);
    u += sp_1024_add_16(z1 + 16, z1 + 16, b1);

    u += sp_1024_add_32(r + 16, r + 16, z1);
    XMEMSET(a1 + 1, 0, sizeof(sp_digit) * (16 - 1));
    a1[0] = u;
    (void)sp_1024_add_16(r + 48, r + 48, a1);
}

/* Sub b from a into r. (r = a - b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_1024_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_1024_sub_16(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SUBS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
        "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "STM	%[r]!, {r3, r4, r5, r6}\n\t"
        "SBC	%[r], r6, r6\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
SP_NOINLINE static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a)
{
    sp_digit* z0 = r;
    sp_digit* z2 = r + 32;
    sp_digit z1[32];
    sp_digit* a1 = z1;
    sp_digit zero[16];
    sp_digit u;
    sp_digit mask;
    sp_digit* p1;
    sp_digit* p2;

    XMEMSET(zero, 0, sizeof(sp_digit) * 16);

    mask = sp_1024_sub_16(a1, a, &a[16]);
    p1 = (sp_digit*)(((sp_digit)zero &   mask ) | ((sp_digit)a1 & (~mask)));
    p2 = (sp_digit*)(((sp_digit)zero & (~mask)) | ((sp_digit)a1 &   mask ));
    (void)sp_1024_sub_16(a1, p1, p2);

    sp_1024_sqr_16(z2, &a[16]);
    sp_1024_sqr_16(z0, a);
    sp_1024_sqr_16(z1, a1);

    u = 0;
    u -= sp_1024_sub_in_place_32(z1, z2);
    u -= sp_1024_sub_in_place_32(z1, z0);
    u += sp_1024_sub_in_place_32(r + 16, z1);
    zero[0] = u;
    (void)sp_1024_add_16(r + 48, r + 48, zero);
}

#else
/* Multiply a and b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_1024_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x100\n\t"
        "LDR	lr, [%[a]]\n\t"
        "LDR	r11, [%[b]]\n\t"
        "UMULL	r8, r6, lr, r11\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_1024_mul_32_outer:\n\t"
        "SUBS	r3, r5, #0x7c\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_1024_mul_32_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "LDR	lr, [%[a], r4]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_1024_mul_32_inner_done\n\t"
#else
        "BGT.N	L_sp_1024_mul_32_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_1024_mul_32_inner\n\t"
#else
        "BLT.N	L_sp_1024_mul_32_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[b], r3]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_1024_mul_32_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0xf4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_1024_mul_32_outer\n\t"
#else
        "BLE.N	L_sp_1024_mul_32_outer\n\t"
#endif
        "LDR	lr, [%[a], #124]\n\t"
        "LDR	r11, [%[b], #124]\n\t"
        "UMLAL	r6, r7, lr, r11\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "\n"
    "L_sp_1024_mul_32_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_1024_mul_32_store\n\t"
#else
        "BGT.N	L_sp_1024_mul_32_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

/* Square a and put result in r. (r = a * a)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_1024_sqr_32(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "SUB	sp, sp, #0x100\n\t"
        "LDR	lr, [%[a]]\n\t"
        "UMULL	r8, r6, lr, lr\n\t"
        "STR	r8, [sp]\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r5, #0x4\n\t"
        "\n"
    "L_sp_1024_sqr_32_outer:\n\t"
        "SUBS	r3, r5, #0x7c\n\t"
        "IT	cc\n\t"
        "MOVCC	r3, #0x0\n\t"
        "SUB	r4, r5, r3\n\t"
        "\n"
    "L_sp_1024_sqr_32_inner:\n\t"
        "LDR	lr, [%[a], r3]\n\t"
        "LDR	r11, [%[a], r4]\n\t"
        "UMULL	r9, r10, lr, r11\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "ADD	r3, r3, #0x4\n\t"
        "SUB	r4, r4, #0x4\n\t"
        "CMP	r3, r4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_1024_sqr_32_inner_done\n\t"
#else
        "BGT.N	L_sp_1024_sqr_32_inner_done\n\t"
#endif
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_1024_sqr_32_inner\n\t"
#else
        "BLT.N	L_sp_1024_sqr_32_inner\n\t"
#endif
        "LDR	lr, [%[a], r3]\n\t"
        "UMULL	r9, r10, lr, lr\n\t"
        "ADDS	r6, r6, r9\n\t"
        "ADCS	r7, r7, r10\n\t"
        "ADC	r8, r8, #0x0\n\t"
        "\n"
    "L_sp_1024_sqr_32_inner_done:\n\t"
        "STR	r6, [sp, r5]\n\t"
        "MOV	r6, r7\n\t"
        "MOV	r7, r8\n\t"
        "MOV	r8, #0x0\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0xf4\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLE	L_sp_1024_sqr_32_outer\n\t"
#else
        "BLE.N	L_sp_1024_sqr_32_outer\n\t"
#endif
        "LDR	lr, [%[a], #124]\n\t"
        "UMLAL	r6, r7, lr, lr\n\t"
        "STR	r6, [sp, r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "STR	r7, [sp, r5]\n\t"
        "\n"
    "L_sp_1024_sqr_32_store:\n\t"
        "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
        "SUBS	r5, r5, #0x20\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BGT	L_sp_1024_sqr_32_store\n\t"
#else
        "BGT.N	L_sp_1024_sqr_32_store\n\t"
#endif
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
    );
}

#endif /* !WOLFSSL_SP_SMALL */
/* The modulus (prime) of the curve P1024. */
static const sp_digit p1024_mod[32] = {
    0xfea85feb,0x666d807a,0xac7ace87,0x80c5df10,0x89857db0,0xfce3e823,
    0x56971f1f,0x9f94d6af,0x1c3c09aa,0xa7cf3c52,0x31852a82,0xb6aff4a8,
    0x65681ce1,0x512ac5cd,0x326b4cd4,0xe26c6487,0xa666a6d0,0x356d27f4,
    0xf7c88a19,0xe791b39f,0x31a59cb0,0x228730d5,0xe2fc0f1b,0xf40aab27,
    0xb3e01a2e,0xbe9ae358,0x9cb48261,0x416c0ce1,0xdad0657a,0x65c61198,
    0x0a563fda,0x997abb1f
};
/* The Montgomery normalizer for modulus of the curve P1024. */
static const sp_digit p1024_norm_mod[32] = {
    0x0157a015,0x99927f85,0x53853178,0x7f3a20ef,0x767a824f,0x031c17dc,
    0xa968e0e0,0x606b2950,0xe3c3f655,0x5830c3ad,0xce7ad57d,0x49500b57,
    0x9a97e31e,0xaed53a32,0xcd94b32b,0x1d939b78,0x5999592f,0xca92d80b,
    0x083775e6,0x186e4c60,0xce5a634f,0xdd78cf2a,0x1d03f0e4,0x0bf554d8,
    0x4c1fe5d1,0x41651ca7,0x634b7d9e,0xbe93f31e,0x252f9a85,0x9a39ee67,
    0xf5a9c025,0x668544e0
};
/* The Montgomery multiplier for modulus of the curve P1024. */
static sp_digit p1024_mp_mod = 0x7c8f2f3d;
#if defined(WOLFSSL_SP_SMALL) || defined(HAVE_ECC_CHECK_KEY)
/* The order of the curve P1024. */
static const sp_digit p1024_order[32] = {
    0xbfaa17fb,0xd99b601e,0x2b1eb3a1,0x203177c4,0xe2615f6c,0xff38fa08,
    0xd5a5c7c7,0xa7e535ab,0x870f026a,0xa9f3cf14,0x0c614aa0,0x6dabfd2a,
    0x595a0738,0x144ab173,0xcc9ad335,0x389b1921,0x2999a9b4,0x4d5b49fd,
    0xfdf22286,0x39e46ce7,0x4c69672c,0xc8a1cc35,0xf8bf03c6,0xbd02aac9,
    0x2cf8068b,0x6fa6b8d6,0x672d2098,0x905b0338,0x36b4195e,0x99718466,
    0xc2958ff6,0x265eaec7
};
#endif
/* The base point of curve P1024. */
static const sp_point_1024 p1024_base = {
    /* X ordinate */
    {
        0xeae63895,0x880dc8ab,0x967e0979,0x80ec46c4,0xb63f73ec,0xee9163a5,
        0x80728d87,0xd5cfb4cc,0xba66910d,0xa7c1514d,0x7a60de74,0xa702c339,
        0x8b72f2e1,0x337c8654,0x5dd5bccb,0x9760af76,0x406ce890,0x718bd9e7,
        0xdb9dfa55,0x43d5f22c,0x30b09e10,0xab10db90,0xf6ce2308,0xb5edb6c0,
        0xb6ff7cbf,0x98b2f204,0x0aec69c6,0x2b1a2fd6,0x3ed9b52a,0x0a799005,
        0x332c29ad,0x53fc09ee,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0
    },
    /* Y ordinate */
    {
        0x1bef16d7,0x75573fd7,0x6a67dcde,0xadb9b570,0xd5bb4636,0x80bdad5a,
        0xe9cb99a9,0x13515ad7,0xc5a4d5f2,0x492d979f,0x164aa989,0xac6f1e80,
        0xb7652fe0,0xcad696b5,0xad547c6c,0x70dae117,0xa9e032b9,0x416cff0c,
        0x9a140b2e,0x6b598ccf,0xf0de55f6,0xe7f7f5e5,0x654ec2b9,0xf5ea69f4,
        0x1e141178,0x3d778d82,0x02990696,0xd3e82016,0x3634a135,0xf9f1f053,
        0x3f6009f1,0x0a824906,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0
    },
    /* Z ordinate */
    {
        0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
        0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
        0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
        0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
        0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
        0x00000000,0x00000000,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0, (sp_digit)0,
        (sp_digit)0, (sp_digit)0
    },
    /* infinity */
    0
};

#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into a. (a -= b)
 *
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r10, #0x0\n\t"
        "ADD	r11, %[a], #0x80\n\t"
        "\n"
    "L_sp_1024_sub_in_pkace_32_word:\n\t"
        "RSBS	r10, r10, #0x0\n\t"
        "LDM	%[a], {r2, r3, r4, r5}\n\t"
        "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
        "SBCS	r2, r2, r6\n\t"
        "SBCS	r3, r3, r7\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "STM	%[a]!, {r2, r3, r4, r5}\n\t"
        "SBC	r10, r10, r10\n\t"
        "CMP	%[a], r11\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_1024_sub_in_pkace_32_word\n\t"
#else
        "BNE.N	L_sp_1024_sub_in_pkace_32_word\n\t"
#endif
        "MOV	%[a], r10\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
    );
    return (uint32_t)(size_t)a;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r8, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "\n"
    "L_sp_1024_cond_sub_32_words:\n\t"
        "SUBS	r4, r8, r4\n\t"
        "LDR	r6, [%[a], r5]\n\t"
        "LDR	r7, [%[b], r5]\n\t"
        "AND	r7, r7, %[m]\n\t"
        "SBCS	r6, r6, r7\n\t"
        "SBC	r4, r8, r8\n\t"
        "STR	r6, [%[r], r5]\n\t"
        "ADD	r5, r5, #0x4\n\t"
        "CMP	r5, #0x80\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_1024_cond_sub_32_words\n\t"
#else
        "BLT.N	L_sp_1024_cond_sub_32_words\n\t"
#endif
        "MOV	%[r], r4\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not copying.
 *
 * r  A single precision number representing condition subtract result.
 * a  A single precision number to subtract from.
 * b  A single precision number to subtract.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r5, #0x0\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SUBS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "SBCS	r6, r6, r8\n\t"
        "SBCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "SBC	%[r], r5, r5\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Add b to a into r. (r = a + b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision integer.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r3, #0x0\n\t"
        "ADD	r12, %[a], #0x80\n\t"
        "\n"
    "L_sp_1024_add_32_word:\n\t"
        "ADDS	r3, r3, #0xffffffff\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "MOV	r4, #0x0\n\t"
        "ADC	r3, r4, #0x0\n\t"
        "CMP	%[a], r12\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BNE	L_sp_1024_add_32_word\n\t"
#else
        "BNE.N	L_sp_1024_add_32_word\n\t"
#endif
        "MOV	%[r], r3\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDR	r8, [%[a]]\n\t"
        "UMULL	r5, r3, %[b], r8\n\t"
        "MOV	r4, #0x0\n\t"
        "STR	r5, [%[r]]\n\t"
        "MOV	r5, #0x0\n\t"
        "MOV	r9, #0x4\n\t"
        "\n"
    "L_sp_1024_mul_d_32_word:\n\t"
        /* A[i] * B */
        "LDR	r8, [%[a], r9]\n\t"
        "UMULL	r6, r7, %[b], r8\n\t"
        "ADDS	r3, r3, r6\n\t"
        "ADCS	r4, r4, r7\n\t"
        "ADC	r5, r5, #0x0\n\t"
        "STR	r3, [%[r], r9]\n\t"
        "MOV	r3, r4\n\t"
        "MOV	r4, r5\n\t"
        "MOV	r5, #0x0\n\t"
        "ADD	r9, r9, #0x4\n\t"
        "CMP	r9, #0x80\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_1024_mul_d_32_word\n\t"
#else
        "BLT.N	L_sp_1024_mul_d_32_word\n\t"
#endif
        "STR	r3, [%[r], #128]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
    );
}

#else
/* Mul a by digit b into r. (r = a * b)
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * b  A single precision digit.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
#else
static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register sp_digit b __asm__ ("r2") = (sp_digit)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* A[0] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMULL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[1] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[2] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[3] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[4] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[5] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[6] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[7] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[8] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[9] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[10] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[11] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[12] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[13] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[14] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[15] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[16] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[17] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[18] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[19] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[20] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[21] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[22] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[23] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[24] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[25] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[26] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[27] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[28] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "MOV	r3, #0x0\n\t"
        /* A[29] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r5, r3, %[b], r8\n\t"
        "STM	%[r]!, {r5}\n\t"
        "MOV	r4, #0x0\n\t"
        /* A[30] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r3, r4, %[b], r8\n\t"
        "STM	%[r]!, {r3}\n\t"
        "MOV	r5, #0x0\n\t"
        /* A[31] * B */
        "LDM	%[a]!, {r8}\n\t"
        "UMLAL	r4, r5, %[b], r8\n\t"
        "STM	%[r]!, {r4}\n\t"
        "STR	r5, [%[r]]\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_USE_UDIV
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r8, %[div], #16\n\t"
        "ADD	r5, r8, #0x1\n\t"
        "UDIV	r6, %[d1], r5\n\t"
        "LSL	r7, %[div], #16\n\t"
        "LSL	r6, r6, #16\n\t"
        "UMULL	r3, r4, %[div], r6\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "SUBS	r3, %[d1], r5\n\t"
        "SBC	r9, r9, r9\n\t"
        "ADD	r9, r9, #0x1\n\t"
        "RSB	r10, r9, #0x0\n\t"
        "LSL	r9, r9, #16\n\t"
        "AND	r7, r7, r10\n\t"
        "AND	r8, r8, r10\n\t"
        "SUBS	%[d0], %[d0], r7\n\t"
        "ADD	r6, r6, r9\n\t"
        "SBC	%[d1], %[d1], r8\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "UMULL	r3, r4, %[div], r3\n\t"
        "SUBS	%[d0], %[d0], r3\n\t"
        "SBC	%[d1], %[d1], r4\n\t"
        "LSL	r4, %[d1], #16\n\t"
        "LSR	r3, %[d0], #16\n\t"
        "ORR	r3, r3, r4\n\t"
        "UDIV	r3, r3, r5\n\t"
        "ADD	r6, r6, r3\n\t"
        "MUL	r3, %[div], r3\n\t"
        "SUB	%[d0], %[d0], r3\n\t"
        "UDIV	r3, %[d0], %[div]\n\t"
        "ADD	%[d1], r6, r3\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#else
/* Divide the double width number (d1|d0) by the divisor. (d1|d0 / div)
 *
 * d1   The high order half of the number to divide.
 * d0   The low order half of the number to divide.
 * div  The divisor.
 * returns the result of the division.
 *
 * Note that this is an approximate div. It may give an answer 1 larger.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
#else
SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit div)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit d1 __asm__ ("r0") = (sp_digit)d1_p;
    register sp_digit d0 __asm__ ("r1") = (sp_digit)d0_p;
    register sp_digit div __asm__ ("r2") = (sp_digit)div_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LSR	r5, %[div], #1\n\t"
        "ADD	r5, r5, #0x1\n\t"
        "MOV	r6, %[d0]\n\t"
        "MOV	r7, %[d1]\n\t"
        /* Do top 32 */
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "MOV	r3, #0x0\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        /* Next 30 bits */
        "MOV	r4, #0x1d\n\t"
        "\n"
    "L_div_1024_word_32_bit:\n\t"
        "LSLS	r6, r6, #1\n\t"
        "ADC	r7, r7, r7\n\t"
        "SUBS	r8, r5, r7\n\t"
        "SBC	r8, r8, r8\n\t"
        "ADD	r3, r3, r3\n\t"
        "SUB	r3, r3, r8\n\t"
        "AND	r8, r8, r5\n\t"
        "SUBS	r7, r7, r8\n\t"
        "SUBS	r4, r4, #0x1\n\t"
        "bpl	L_div_1024_word_32_bit\n\t"
        "ADD	r3, r3, r3\n\t"
        "ADD	r3, r3, #0x1\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "UMULL	r6, r7, r3, %[div]\n\t"
        "SUBS	r9, %[d0], r6\n\t"
        "SBC	r10, %[d1], r7\n\t"
        "ADD	r3, r3, r10\n\t"
        "SUBS	r8, %[div], r9\n\t"
        "SBC	r8, r8, r8\n\t"
        "SUB	%[d1], r3, r8\n\t"
        : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)d1;
}

#endif
/* AND m into each word of a and store in r.
 *
 * r  A single precision integer.
 * a  A single precision integer.
 * m  Mask to AND against each digit.
 */
static void sp_1024_mask_32(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
    int i;

    for (i=0; i<32; i++) {
        r[i] = a[i] & m;
    }
#else
    int i;

    for (i = 0; i < 32; i += 8) {
        r[i+0] = a[i+0] & m;
        r[i+1] = a[i+1] & m;
        r[i+2] = a[i+2] & m;
        r[i+3] = a[i+3] & m;
        r[i+4] = a[i+4] & m;
        r[i+5] = a[i+5] & m;
        r[i+6] = a[i+6] & m;
        r[i+7] = a[i+7] & m;
    }
#endif
}

/* Compare a with b in constant time.
 *
 * a  A single precision integer.
 * b  A single precision integer.
 * return -ve, 0 or +ve if a is less than, equal to or greater than b
 * respectively.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_int32 sp_1024_cmp_32(const sp_digit* a_p, const sp_digit* b_p)
#else
static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register const sp_digit* a __asm__ ("r0") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r1") = (const sp_digit*)b_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r2, #0xffffffff\n\t"
        "MOV	r8, #0x1\n\t"
        "MOV	r7, #0x0\n\t"
        "MOV	r3, #0xffffffff\n\t"
#ifdef WOLFSSL_SP_SMALL
        "MOV	r6, #0x7c\n\t"
        "\n"
    "L_sp_1024_cmp_32_words:\n\t"
        "LDR	r4, [%[a], r6]\n\t"
        "LDR	r5, [%[b], r6]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "SUBS	r6, r6, #0x4\n\t"
        "bcs	L_sp_1024_cmp_32_words\n\t"
        "EOR	r2, r2, r3\n\t"
#else
        "LDR	r4, [%[a], #124]\n\t"
        "LDR	r5, [%[b], #124]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #120]\n\t"
        "LDR	r5, [%[b], #120]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #116]\n\t"
        "LDR	r5, [%[b], #116]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #112]\n\t"
        "LDR	r5, [%[b], #112]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #108]\n\t"
        "LDR	r5, [%[b], #108]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #104]\n\t"
        "LDR	r5, [%[b], #104]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #100]\n\t"
        "LDR	r5, [%[b], #100]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #96]\n\t"
        "LDR	r5, [%[b], #96]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #92]\n\t"
        "LDR	r5, [%[b], #92]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #88]\n\t"
        "LDR	r5, [%[b], #88]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #84]\n\t"
        "LDR	r5, [%[b], #84]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #80]\n\t"
        "LDR	r5, [%[b], #80]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #76]\n\t"
        "LDR	r5, [%[b], #76]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #72]\n\t"
        "LDR	r5, [%[b], #72]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #68]\n\t"
        "LDR	r5, [%[b], #68]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #64]\n\t"
        "LDR	r5, [%[b], #64]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #60]\n\t"
        "LDR	r5, [%[b], #60]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #56]\n\t"
        "LDR	r5, [%[b], #56]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #52]\n\t"
        "LDR	r5, [%[b], #52]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #48]\n\t"
        "LDR	r5, [%[b], #48]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #44]\n\t"
        "LDR	r5, [%[b], #44]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #40]\n\t"
        "LDR	r5, [%[b], #40]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #36]\n\t"
        "LDR	r5, [%[b], #36]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #32]\n\t"
        "LDR	r5, [%[b], #32]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #28]\n\t"
        "LDR	r5, [%[b], #28]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #24]\n\t"
        "LDR	r5, [%[b], #24]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #20]\n\t"
        "LDR	r5, [%[b], #20]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #16]\n\t"
        "LDR	r5, [%[b], #16]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #12]\n\t"
        "LDR	r5, [%[b], #12]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #8]\n\t"
        "LDR	r5, [%[b], #8]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a], #4]\n\t"
        "LDR	r5, [%[b], #4]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[b]]\n\t"
        "AND	r4, r4, r3\n\t"
        "AND	r5, r5, r3\n\t"
        "SUBS	r4, r4, r5\n\t"
        "IT	hi\n\t"
        "movhi	r2, r8\n\t"
        "IT	lo\n\t"
        "movlo	r2, r3\n\t"
        "IT	ne\n\t"
        "movne	r3, r7\n\t"
        "EOR	r2, r2, r3\n\t"
#endif /*WOLFSSL_SP_SMALL */
        "MOV	%[a], r2\n\t"
        : [a] "+r" (a), [b] "+r" (b)
        :
        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)a;
}

/* Divide d in a and put remainder into r (m*d + r = a)
 * m is not calculated as it is not needed at this time.
 *
 * a  Number to be divided.
 * d  Number to divide with.
 * m  Multiplier result.
 * r  Remainder from the division.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_1024_div_32(const sp_digit* a, const sp_digit* d,
        sp_digit* m, sp_digit* r)
{
    sp_digit t1[64], t2[33];
    sp_digit div, r1;
    int i;

    (void)m;

    div = d[31];
    XMEMCPY(t1, a, sizeof(*t1) * 2 * 32);
    r1 = sp_1024_cmp_32(&t1[32], d) >= 0;
    sp_1024_cond_sub_32(&t1[32], &t1[32], d, (sp_digit)0 - r1);
    for (i = 31; i >= 0; i--) {
        volatile sp_digit mask = (sp_digit)0 - (t1[32 + i] == div);
        sp_digit hi = t1[32 + i] + mask;
        r1 = div_1024_word_32(hi, t1[32 + i - 1], div);
        r1 |= mask;

        sp_1024_mul_d_32(t2, d, r1);
        t1[32 + i] += sp_1024_sub_in_place_32(&t1[i], t2);
        t1[32 + i] -= t2[32];
        sp_1024_mask_32(t2, d, t1[32 + i]);
        t1[32 + i] += sp_1024_add_32(&t1[i], &t1[i], t2);
        sp_1024_mask_32(t2, d, t1[32 + i]);
        t1[32 + i] += sp_1024_add_32(&t1[i], &t1[i], t2);
    }

    r1 = sp_1024_cmp_32(t1, d) >= 0;
    sp_1024_cond_sub_32(r, t1, d, (sp_digit)0 - r1);

    return MP_OKAY;
}

/* Reduce a modulo m into r. (r = a mod m)
 *
 * r  A single precision number that is the reduced result.
 * a  A single precision number that is to be reduced.
 * m  A single precision number that is the modulus to reduce with.
 * returns MP_OKAY indicating success.
 */
static WC_INLINE int sp_1024_mod_32(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    return sp_1024_div_32(a, m, NULL, r);
}

/* Multiply a number by Montgomery normalizer mod modulus (prime).
 *
 * r  The resulting Montgomery form number.
 * a  The number to convert.
 * m  The modulus (prime).
 * returns MEMORY_E when memory allocation fails and MP_OKAY otherwise.
 */
static int sp_1024_mod_mul_norm_32(sp_digit* r, const sp_digit* a,
        const sp_digit* m)
{
    sp_1024_mul_32(r, a, p1024_norm_mod);
    return sp_1024_mod_32(r, r, m);
}


#ifdef WOLFCRYPT_HAVE_SAKKE
/* Create a new point.
 *
 * heap  [in]   Buffer to allocate dynamic memory from.
 * sp    [in]   Data for point - only if not allocating.
 * p     [out]  New point.
 * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise.
 */
static int sp_1024_point_new_ex_32(void* heap, sp_point_1024* sp,
    sp_point_1024** p)
{
    int ret = MP_OKAY;
    (void)heap;
#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    (void)sp;
    *p = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, DYNAMIC_TYPE_ECC);
#else
    *p = sp;
#endif
    if (*p == NULL) {
        ret = MEMORY_E;
    }
    return ret;
}

#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
/* Allocate memory for point and return error. */
#define sp_1024_point_new_32(heap, sp, p) sp_1024_point_new_ex_32((heap), NULL, &(p))
#else
/* Set pointer to data and return no error. */
#define sp_1024_point_new_32(heap, sp, p) sp_1024_point_new_ex_32((heap), &(sp), &(p))
#endif
#endif /* WOLFCRYPT_HAVE_SAKKE */
#ifdef WOLFCRYPT_HAVE_SAKKE
/* Free the point.
 *
 * p      [in,out]  Point to free.
 * clear  [in]      Indicates whether to zeroize point.
 * heap   [in]      Buffer from which dynamic memory was allocate from.
 */
static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap)
{
#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
/* If valid pointer then clear point data if requested and free data. */
    if (p != NULL) {
        if (clear != 0) {
            XMEMSET(p, 0, sizeof(*p));
        }
        XFREE(p, heap, DYNAMIC_TYPE_ECC);
    }
#else
/* Clear point data if requested. */
    if ((p != NULL) && (clear != 0)) {
        XMEMSET(p, 0, sizeof(*p));
    }
#endif
    (void)heap;
}
#endif /* WOLFCRYPT_HAVE_SAKKE */

/* Convert an mp_int to an array of sp_digit.
 *
 * r  A single precision integer.
 * size  Maximum number of bytes to convert
 * a  A multi-precision integer.
 */
static void sp_1024_from_mp(sp_digit* r, int size, const mp_int* a)
{
#if DIGIT_BIT == 32
    int i;
    sp_digit j = (sp_digit)0 - (sp_digit)a->used;
    int o = 0;

    for (i = 0; i < size; i++) {
        sp_digit mask = (sp_digit)0 - (j >> 31);
        r[i] = a->dp[o] & mask;
        j++;
        o += (int)(j >> 31);
    }
#elif DIGIT_BIT > 32
    unsigned int i;
    int j = 0;
    word32 s = 0;

    r[0] = 0;
    for (i = 0; i < (unsigned int)a->used && j < size; i++) {
        r[j] |= ((sp_digit)a->dp[i] << s);
        r[j] &= 0xffffffff;
        s = 32U - s;
        if (j + 1 >= size) {
            break;
        }
        /* lint allow cast of mismatch word32 and mp_digit */
        r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
        while ((s + 32U) <= (word32)DIGIT_BIT) {
            s += 32U;
            r[j] &= 0xffffffff;
            if (j + 1 >= size) {
                break;
            }
            if (s < (word32)DIGIT_BIT) {
                /* lint allow cast of mismatch word32 and mp_digit */
                r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
            }
            else {
                r[++j] = (sp_digit)0;
            }
        }
        s = (word32)DIGIT_BIT - s;
    }

    for (j++; j < size; j++) {
        r[j] = 0;
    }
#else
    unsigned int i;
    int j = 0;
    int s = 0;

    r[0] = 0;
    for (i = 0; i < (unsigned int)a->used && j < size; i++) {
        r[j] |= ((sp_digit)a->dp[i]) << s;
        if (s + DIGIT_BIT >= 32) {
            r[j] &= 0xffffffff;
            if (j + 1 >= size) {
                break;
            }
            s = 32 - s;
            if (s == DIGIT_BIT) {
                r[++j] = 0;
                s = 0;
            }
            else {
                r[++j] = a->dp[i] >> s;
                s = DIGIT_BIT - s;
            }
        }
        else {
            s += DIGIT_BIT;
        }
    }

    for (j++; j < size; j++) {
        r[j] = 0;
    }
#endif
}

/* Convert a point of type ecc_point to type sp_point_1024.
 *
 * p   Point of type sp_point_1024 (result).
 * pm  Point of type ecc_point.
 */
static void sp_1024_point_from_ecc_point_32(sp_point_1024* p,
        const ecc_point* pm)
{
    XMEMSET(p->x, 0, sizeof(p->x));
    XMEMSET(p->y, 0, sizeof(p->y));
    XMEMSET(p->z, 0, sizeof(p->z));
    sp_1024_from_mp(p->x, 32, pm->x);
    sp_1024_from_mp(p->y, 32, pm->y);
    sp_1024_from_mp(p->z, 32, pm->z);
    p->infinity = 0;
}

/* Convert an array of sp_digit to an mp_int.
 *
 * a  A single precision integer.
 * r  A multi-precision integer.
 */
static int sp_1024_to_mp(const sp_digit* a, mp_int* r)
{
    int err;

    err = mp_grow(r, (1024 + DIGIT_BIT - 1) / DIGIT_BIT);
    if (err == MP_OKAY) { /*lint !e774 case where err is always MP_OKAY*/
#if DIGIT_BIT == 32
        XMEMCPY(r->dp, a, sizeof(sp_digit) * 32);
        r->used = 32;
        mp_clamp(r);
#elif DIGIT_BIT < 32
        int i;
        int j = 0;
        int s = 0;

        r->dp[0] = 0;
        for (i = 0; i < 32; i++) {
            r->dp[j] |= (mp_digit)(a[i] << s);
            r->dp[j] &= ((sp_digit)1 << DIGIT_BIT) - 1;
            s = DIGIT_BIT - s;
            r->dp[++j] = (mp_digit)(a[i] >> s);
            while (s + DIGIT_BIT <= 32) {
                s += DIGIT_BIT;
                r->dp[j++] &= ((sp_digit)1 << DIGIT_BIT) - 1;
                if (s == SP_WORD_SIZE) {
                    r->dp[j] = 0;
                }
                else {
                    r->dp[j] = (mp_digit)(a[i] >> s);
                }
            }
            s = 32 - s;
        }
        r->used = (1024 + DIGIT_BIT - 1) / DIGIT_BIT;
        mp_clamp(r);
#else
        int i;
        int j = 0;
        int s = 0;

        r->dp[0] = 0;
        for (i = 0; i < 32; i++) {
            r->dp[j] |= ((mp_digit)a[i]) << s;
            if (s + 32 >= DIGIT_BIT) {
    #if DIGIT_BIT != 32 && DIGIT_BIT != 64
                r->dp[j] &= ((sp_digit)1 << DIGIT_BIT) - 1;
    #endif
                s = DIGIT_BIT - s;
                r->dp[++j] = a[i] >> s;
                s = 32 - s;
            }
            else {
                s += 32;
            }
        }
        r->used = (1024 + DIGIT_BIT - 1) / DIGIT_BIT;
        mp_clamp(r);
#endif
    }

    return err;
}

/* Convert a point of type sp_point_1024 to type ecc_point.
 *
 * p   Point of type sp_point_1024.
 * pm  Point of type ecc_point (result).
 * returns MEMORY_E when allocation of memory in ecc_point fails otherwise
 * MP_OKAY.
 */
static int sp_1024_point_to_ecc_point_32(const sp_point_1024* p, ecc_point* pm)
{
    int err;

    err = sp_1024_to_mp(p->x, pm->x);
    if (err == MP_OKAY) {
        err = sp_1024_to_mp(p->y, pm->y);
    }
    if (err == MP_OKAY) {
        err = sp_1024_to_mp(p->z, pm->z);
    }

    return err;
}

#ifdef WOLFSSL_SP_NO_UMAAL
/* Reduce the number back to 1024 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDR	lr, [%[m]]\n\t"
        /* i = 0 */
        "MOV	r11, #0x0\n\t"
        "MOV	r3, #0x0\n\t"
        "LDR	r4, [%[a]]\n\t"
        "LDR	r5, [%[a], #4]\n\t"
        "\n"
    "L_sp_1024_mont_reduce_32_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	r10, %[mp], r4\n\t"
        /* a[i+0] += m[0] * mu */
        "MOV	r7, #0x0\n\t"
        "UMLAL	r4, r7, r10, lr\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r9, [%[m], #4]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r5, r6, r10, r9\n\t"
        "MOV	r4, r5\n\t"
        "ADDS	r4, r4, r7\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r9, [%[m], #8]\n\t"
        "LDR	r5, [%[a], #8]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r5, r7, r10, r9\n\t"
        "ADDS	r5, r5, r6\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r9, [%[m], #12]\n\t"
        "LDR	r12, [%[a], #12]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #12]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r9, [%[m], #16]\n\t"
        "LDR	r12, [%[a], #16]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #16]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r9, [%[m], #20]\n\t"
        "LDR	r12, [%[a], #20]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #20]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r9, [%[m], #24]\n\t"
        "LDR	r12, [%[a], #24]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #24]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r9, [%[m], #28]\n\t"
        "LDR	r12, [%[a], #28]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #28]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+8] += m[8] * mu */
        "LDR	r9, [%[m], #32]\n\t"
        "LDR	r12, [%[a], #32]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #32]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+9] += m[9] * mu */
        "LDR	r9, [%[m], #36]\n\t"
        "LDR	r12, [%[a], #36]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #36]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+10] += m[10] * mu */
        "LDR	r9, [%[m], #40]\n\t"
        "LDR	r12, [%[a], #40]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #40]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+11] += m[11] * mu */
        "LDR	r9, [%[m], #44]\n\t"
        "LDR	r12, [%[a], #44]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #44]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+12] += m[12] * mu */
        "LDR	r9, [%[m], #48]\n\t"
        "LDR	r12, [%[a], #48]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #48]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+13] += m[13] * mu */
        "LDR	r9, [%[m], #52]\n\t"
        "LDR	r12, [%[a], #52]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #52]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+14] += m[14] * mu */
        "LDR	r9, [%[m], #56]\n\t"
        "LDR	r12, [%[a], #56]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #56]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+15] += m[15] * mu */
        "LDR	r9, [%[m], #60]\n\t"
        "LDR	r12, [%[a], #60]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #60]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+16] += m[16] * mu */
        "LDR	r9, [%[m], #64]\n\t"
        "LDR	r12, [%[a], #64]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #64]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+17] += m[17] * mu */
        "LDR	r9, [%[m], #68]\n\t"
        "LDR	r12, [%[a], #68]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #68]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+18] += m[18] * mu */
        "LDR	r9, [%[m], #72]\n\t"
        "LDR	r12, [%[a], #72]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #72]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+19] += m[19] * mu */
        "LDR	r9, [%[m], #76]\n\t"
        "LDR	r12, [%[a], #76]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #76]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+20] += m[20] * mu */
        "LDR	r9, [%[m], #80]\n\t"
        "LDR	r12, [%[a], #80]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #80]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+21] += m[21] * mu */
        "LDR	r9, [%[m], #84]\n\t"
        "LDR	r12, [%[a], #84]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #84]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+22] += m[22] * mu */
        "LDR	r9, [%[m], #88]\n\t"
        "LDR	r12, [%[a], #88]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #88]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+23] += m[23] * mu */
        "LDR	r9, [%[m], #92]\n\t"
        "LDR	r12, [%[a], #92]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #92]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+24] += m[24] * mu */
        "LDR	r9, [%[m], #96]\n\t"
        "LDR	r12, [%[a], #96]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #96]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+25] += m[25] * mu */
        "LDR	r9, [%[m], #100]\n\t"
        "LDR	r12, [%[a], #100]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #100]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+26] += m[26] * mu */
        "LDR	r9, [%[m], #104]\n\t"
        "LDR	r12, [%[a], #104]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #104]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+27] += m[27] * mu */
        "LDR	r9, [%[m], #108]\n\t"
        "LDR	r12, [%[a], #108]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #108]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+28] += m[28] * mu */
        "LDR	r9, [%[m], #112]\n\t"
        "LDR	r12, [%[a], #112]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #112]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+29] += m[29] * mu */
        "LDR	r9, [%[m], #116]\n\t"
        "LDR	r12, [%[a], #116]\n\t"
        "MOV	r6, #0x0\n\t"
        "UMLAL	r12, r6, r10, r9\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #116]\n\t"
        "ADC	r6, r6, #0x0\n\t"
        /* a[i+30] += m[30] * mu */
        "LDR	r9, [%[m], #120]\n\t"
        "LDR	r12, [%[a], #120]\n\t"
        "MOV	r7, #0x0\n\t"
        "UMLAL	r12, r7, r10, r9\n\t"
        "ADDS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #120]\n\t"
        "ADC	r7, r7, #0x0\n\t"
        /* a[i+31] += m[31] * mu */
        "LDR	r9, [%[m], #124]\n\t"
        "LDR	r12, [%[a], #124]\n\t"
        "UMULL	r8, r9, r10, r9\n\t"
        "ADDS	r7, r7, r8\n\t"
        "ADCS	r6, r9, r3\n\t"
        "MOV	r3, #0x0\n\t"
        "ADC	r3, r3, r3\n\t"
        "ADDS	r12, r12, r7\n\t"
        "STR	r12, [%[a], #124]\n\t"
        "LDR	r12, [%[a], #128]\n\t"
        "ADCS	r12, r12, r6\n\t"
        "STR	r12, [%[a], #128]\n\t"
        "ADC	r3, r3, #0x0\n\t"
        /* i += 1 */
        "ADD	r11, r11, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r11, #0x80\n\t"
#ifdef __GNUC__
        "BLT	L_sp_1024_mont_reduce_32_word\n\t"
#else
        "BLT.W	L_sp_1024_mont_reduce_32_word\n\t"
#endif
        /* Loop Done */
        "STR	r4, [%[a]]\n\t"
        "STR	r5, [%[a], #4]\n\t"
        "LDR	r8, [%[m], #124]\n\t"
        "SUBS	r12, r8, r12\n\t"
        "neg	r3, r3\n\t"
        "SBC	r12, r12, r12\n\t"
        "ORR	r3, r3, r12\n\t"
        "MOV	%[mp], r3\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_1024_cond_sub_32(a - 32, a, m, mp);
}

#else
/* Reduce the number back to 1024 bits using Montgomery reduction.
 *
 * a   A single precision number to reduce in place.
 * m   The single precision number representing the modulus.
 * mp  The digit representing the negative inverse of m mod 2^n.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
#else
SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_digit mp)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* a __asm__ ("r0") = (sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r1") = (const sp_digit*)m_p;
    register sp_digit mp __asm__ ("r2") = (sp_digit)mp_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        /* i = 0 */
        "MOV	r4, #0x0\n\t"
        "MOV	r5, #0x0\n\t"
        "LDR	r6, [%[a]]\n\t"
        "LDR	r7, [%[a], #4]\n\t"
        "LDR	r8, [%[a], #8]\n\t"
        "LDR	r9, [%[a], #12]\n\t"
        "LDR	r10, [%[a], #16]\n\t"
        "\n"
    "L_sp_1024_mont_reduce_32_word:\n\t"
        /* mu = a[i] * mp */
        "MUL	lr, %[mp], r6\n\t"
        /* a[i+0] += m[0] * mu */
        "LDR	r12, [%[m]]\n\t"
        "MOV	r3, #0x0\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+1] += m[1] * mu */
        "LDR	r12, [%[m], #4]\n\t"
        "MOV	r6, r7\n\t"
        "UMAAL	r6, r3, lr, r12\n\t"
        /* a[i+2] += m[2] * mu */
        "LDR	r12, [%[m], #8]\n\t"
        "MOV	r7, r8\n\t"
        "UMAAL	r7, r3, lr, r12\n\t"
        /* a[i+3] += m[3] * mu */
        "LDR	r12, [%[m], #12]\n\t"
        "MOV	r8, r9\n\t"
        "UMAAL	r8, r3, lr, r12\n\t"
        /* a[i+4] += m[4] * mu */
        "LDR	r12, [%[m], #16]\n\t"
        "MOV	r9, r10\n\t"
        "UMAAL	r9, r3, lr, r12\n\t"
        /* a[i+5] += m[5] * mu */
        "LDR	r12, [%[m], #20]\n\t"
        "LDR	r10, [%[a], #20]\n\t"
        "UMAAL	r10, r3, lr, r12\n\t"
        /* a[i+6] += m[6] * mu */
        "LDR	r12, [%[m], #24]\n\t"
        "LDR	r11, [%[a], #24]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #24]\n\t"
        /* a[i+7] += m[7] * mu */
        "LDR	r12, [%[m], #28]\n\t"
        "LDR	r11, [%[a], #28]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #28]\n\t"
        /* a[i+8] += m[8] * mu */
        "LDR	r12, [%[m], #32]\n\t"
        "LDR	r11, [%[a], #32]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #32]\n\t"
        /* a[i+9] += m[9] * mu */
        "LDR	r12, [%[m], #36]\n\t"
        "LDR	r11, [%[a], #36]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #36]\n\t"
        /* a[i+10] += m[10] * mu */
        "LDR	r12, [%[m], #40]\n\t"
        "LDR	r11, [%[a], #40]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #40]\n\t"
        /* a[i+11] += m[11] * mu */
        "LDR	r12, [%[m], #44]\n\t"
        "LDR	r11, [%[a], #44]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #44]\n\t"
        /* a[i+12] += m[12] * mu */
        "LDR	r12, [%[m], #48]\n\t"
        "LDR	r11, [%[a], #48]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #48]\n\t"
        /* a[i+13] += m[13] * mu */
        "LDR	r12, [%[m], #52]\n\t"
        "LDR	r11, [%[a], #52]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #52]\n\t"
        /* a[i+14] += m[14] * mu */
        "LDR	r12, [%[m], #56]\n\t"
        "LDR	r11, [%[a], #56]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #56]\n\t"
        /* a[i+15] += m[15] * mu */
        "LDR	r12, [%[m], #60]\n\t"
        "LDR	r11, [%[a], #60]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #60]\n\t"
        /* a[i+16] += m[16] * mu */
        "LDR	r12, [%[m], #64]\n\t"
        "LDR	r11, [%[a], #64]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #64]\n\t"
        /* a[i+17] += m[17] * mu */
        "LDR	r12, [%[m], #68]\n\t"
        "LDR	r11, [%[a], #68]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #68]\n\t"
        /* a[i+18] += m[18] * mu */
        "LDR	r12, [%[m], #72]\n\t"
        "LDR	r11, [%[a], #72]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #72]\n\t"
        /* a[i+19] += m[19] * mu */
        "LDR	r12, [%[m], #76]\n\t"
        "LDR	r11, [%[a], #76]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #76]\n\t"
        /* a[i+20] += m[20] * mu */
        "LDR	r12, [%[m], #80]\n\t"
        "LDR	r11, [%[a], #80]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #80]\n\t"
        /* a[i+21] += m[21] * mu */
        "LDR	r12, [%[m], #84]\n\t"
        "LDR	r11, [%[a], #84]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #84]\n\t"
        /* a[i+22] += m[22] * mu */
        "LDR	r12, [%[m], #88]\n\t"
        "LDR	r11, [%[a], #88]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #88]\n\t"
        /* a[i+23] += m[23] * mu */
        "LDR	r12, [%[m], #92]\n\t"
        "LDR	r11, [%[a], #92]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #92]\n\t"
        /* a[i+24] += m[24] * mu */
        "LDR	r12, [%[m], #96]\n\t"
        "LDR	r11, [%[a], #96]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #96]\n\t"
        /* a[i+25] += m[25] * mu */
        "LDR	r12, [%[m], #100]\n\t"
        "LDR	r11, [%[a], #100]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #100]\n\t"
        /* a[i+26] += m[26] * mu */
        "LDR	r12, [%[m], #104]\n\t"
        "LDR	r11, [%[a], #104]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #104]\n\t"
        /* a[i+27] += m[27] * mu */
        "LDR	r12, [%[m], #108]\n\t"
        "LDR	r11, [%[a], #108]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #108]\n\t"
        /* a[i+28] += m[28] * mu */
        "LDR	r12, [%[m], #112]\n\t"
        "LDR	r11, [%[a], #112]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #112]\n\t"
        /* a[i+29] += m[29] * mu */
        "LDR	r12, [%[m], #116]\n\t"
        "LDR	r11, [%[a], #116]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #116]\n\t"
        /* a[i+30] += m[30] * mu */
        "LDR	r12, [%[m], #120]\n\t"
        "LDR	r11, [%[a], #120]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "STR	r11, [%[a], #120]\n\t"
        /* a[i+31] += m[31] * mu */
        "LDR	r12, [%[m], #124]\n\t"
        "LDR	r11, [%[a], #124]\n\t"
        "UMAAL	r11, r3, lr, r12\n\t"
        "LDR	lr, [%[a], #128]\n\t"
        "MOV	r12, #0x0\n\t"
        "UMAAL	r3, lr, r12, r12\n\t"
        "STR	r11, [%[a], #124]\n\t"
        "ADDS	r3, r3, r5\n\t"
        "ADC	r5, lr, #0x0\n\t"
        "STR	r3, [%[a], #128]\n\t"
        /* i += 1 */
        "ADD	r4, r4, #0x4\n\t"
        "ADD	%[a], %[a], #0x4\n\t"
        "CMP	r4, #0x80\n\t"
#ifdef __GNUC__
        "BLT	L_sp_1024_mont_reduce_32_word\n\t"
#else
        "BLT.W	L_sp_1024_mont_reduce_32_word\n\t"
#endif
        /* Loop Done */
        "STR	r6, [%[a]]\n\t"
        "STR	r7, [%[a], #4]\n\t"
        "STR	r8, [%[a], #8]\n\t"
        "STR	r9, [%[a], #12]\n\t"
        "STR	r10, [%[a], #16]\n\t"
        "LDR	r12, [%[m], #124]\n\t"
        "SUBS	r3, r12, r3\n\t"
        "neg	r5, r5\n\t"
        "SBC	r3, r3, r3\n\t"
        "ORR	r5, r5, r3\n\t"
        "MOV	%[mp], r5\n\t"
        : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
        :
        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
    );
    sp_1024_cond_sub_32(a - 32, a, m, mp);
}

#endif
/* Multiply two Montgomery form numbers mod the modulus (prime).
 * (r = a * b mod m)
 *
 * r   Result of multiplication.
 * a   First number to multiply in Montgomery form.
 * b   Second number to multiply in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_1024_mont_mul_32(sp_digit* r, const sp_digit* a,
        const sp_digit* b, const sp_digit* m, sp_digit mp)
{
    sp_1024_mul_32(r, a, b);
    sp_1024_mont_reduce_32(r, m, mp);
}

/* Square the Montgomery form number. (r = a * a mod m)
 *
 * r   Result of squaring.
 * a   Number to square in Montgomery form.
 * m   Modulus (prime).
 * mp  Montgomery multiplier.
 */
SP_NOINLINE static void sp_1024_mont_sqr_32(sp_digit* r, const sp_digit* a,
        const sp_digit* m, sp_digit mp)
{
    sp_1024_sqr_32(r, a);
    sp_1024_mont_reduce_32(r, m, mp);
}

/* Mod-2 for the P1024 curve. */
static const uint8_t p1024_mod_minus_2[] = {
     6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
     6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
     9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
     8,0x0d,  8,0x00,  6,0x06,  9,0x17,  6,0x14,  6,0x15,  6,0x11,  6,0x0b,
     9,0x0c,  6,0x1e, 13,0x14,  7,0x0e,  6,0x1d, 12,0x0a,  6,0x0b,  8,0x07,
     6,0x18,  6,0x0f,  6,0x10,  8,0x1c,  7,0x16,  7,0x02,  6,0x01,  6,0x13,
    10,0x15,  7,0x06,  8,0x14,  6,0x0c,  6,0x19,  7,0x10,  6,0x19,  6,0x19,
     9,0x16,  7,0x19,  6,0x1f,  6,0x17,  6,0x12,  8,0x02,  6,0x01,  6,0x04,
     6,0x15,  7,0x16,  6,0x04,  6,0x1f,  6,0x09,  7,0x06,  7,0x13,  7,0x09,
     6,0x0d, 10,0x18,  6,0x06,  6,0x11,  6,0x04,  6,0x01,  6,0x13,  8,0x06,
     6,0x0d,  8,0x13,  7,0x08,  6,0x08,  6,0x05,  7,0x0c,  7,0x0e,  7,0x15,
     6,0x05,  7,0x14, 10,0x19,  6,0x10,  6,0x16,  6,0x15,  7,0x1f,  6,0x14,
     6,0x0a, 10,0x11,  6,0x01,  7,0x05,  7,0x08,  8,0x0a,  7,0x1e,  7,0x1c,
     6,0x1c,  7,0x09, 10,0x18,  7,0x1c, 10,0x06,  6,0x0a,  6,0x07,  6,0x19,
     7,0x06,  6,0x0d,  7,0x0f,  7,0x0b,  7,0x05,  6,0x11,  6,0x1c,  7,0x1f,
     6,0x1e,  7,0x18,  6,0x1e,  6,0x00,  6,0x03,  6,0x02,  7,0x10,  6,0x0b,
     6,0x1b,  7,0x10,  6,0x00,  8,0x11,  7,0x1b,  6,0x18,  6,0x01,  7,0x0c,
     7,0x1d,  7,0x13,  6,0x08,  7,0x1b,  8,0x13,  7,0x16, 13,0x1d,  7,0x1f,
     6,0x0a,  6,0x01,  7,0x1f,  6,0x14,  1,0x01
};

/* Invert the number, in Montgomery form, modulo the modulus (prime) of the
 * P1024 curve. (r = 1 / a mod m)
 *
 * r   Inverse result.
 * a   Number to invert.
 * td  Temporary data.
 */
static void sp_1024_mont_inv_32(sp_digit* r, const sp_digit* a,
        sp_digit* td)
{
    sp_digit* t = &td[32 * 2 * 32];
    int i;
    int j;
    sp_digit* table[32];

    for (i = 0; i < 32; i++) {
        table[i] = &td[2 * 32 * i];
    }
    XMEMCPY(table[0], a, sizeof(sp_digit) * 32);
    for (i = 1; i < 6; i++) {
        sp_1024_mont_sqr_32(table[0], table[0], p1024_mod, p1024_mp_mod);
    }
    for (i = 1; i < 32; i++) {
        sp_1024_mont_mul_32(table[i], table[i-1], a, p1024_mod, p1024_mp_mod);
    }

    XMEMCPY(t, table[p1024_mod_minus_2[1]], sizeof(sp_digit) * 32);
    for (i = 2; i < (int)sizeof(p1024_mod_minus_2) - 2; i += 2) {
        for (j = 0; j < p1024_mod_minus_2[i]; j++) {
            sp_1024_mont_sqr_32(t, t, p1024_mod, p1024_mp_mod);
        }
        sp_1024_mont_mul_32(t, t, table[p1024_mod_minus_2[i+1]], p1024_mod,
            p1024_mp_mod);
    }
    sp_1024_mont_sqr_32(t, t, p1024_mod, p1024_mp_mod);
    sp_1024_mont_mul_32(r, t, a, p1024_mod, p1024_mp_mod);
}

/* Normalize the values in each word to 32.
 *
 * a  Array of sp_digit to normalize.
 */
#define sp_1024_norm_32(a)

/* Map the Montgomery form projective coordinate point to an affine point.
 *
 * r  Resulting affine coordinate point.
 * p  Montgomery form projective coordinate point.
 * t  Temporary ordinate data.
 */
static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
    sp_digit* t)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t + 2*32;
    sp_int32 n;

    sp_1024_mont_inv_32(t1, p->z, t + 2*32);

    sp_1024_mont_sqr_32(t2, t1, p1024_mod, p1024_mp_mod);
    sp_1024_mont_mul_32(t1, t2, t1, p1024_mod, p1024_mp_mod);

    /* x /= z^2 */
    sp_1024_mont_mul_32(r->x, p->x, t2, p1024_mod, p1024_mp_mod);
    XMEMSET(r->x + 32, 0, sizeof(sp_digit) * 32U);
    sp_1024_mont_reduce_32(r->x, p1024_mod, p1024_mp_mod);
    /* Reduce x to less than modulus */
    n = sp_1024_cmp_32(r->x, p1024_mod);
    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, ~(n >> 31));
    sp_1024_norm_32(r->x);

    /* y /= z^3 */
    sp_1024_mont_mul_32(r->y, p->y, t1, p1024_mod, p1024_mp_mod);
    XMEMSET(r->y + 32, 0, sizeof(sp_digit) * 32U);
    sp_1024_mont_reduce_32(r->y, p1024_mod, p1024_mp_mod);
    /* Reduce y to less than modulus */
    n = sp_1024_cmp_32(r->y, p1024_mod);
    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, ~(n >> 31));
    sp_1024_norm_32(r->y);

    XMEMSET(r->z, 0, sizeof(r->z) / 2);
    r->z[0] = 1;
}

/* Add two Montgomery form numbers (r = a + b % m).
 *
 * r   Result of addition.
 * a   First number to add in Montgomery form.
 * b   Second number to add in Montgomery form.
 * m   Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register const sp_digit* m __asm__ ("r3") = (const sp_digit*)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r12, #0x0\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDR	r11, [%[m], #124]\n\t"
        "ADC	r12, r12, #0x0\n\t"
        "SUBS	r11, r11, r7\n\t"
        "neg	r12, r12\n\t"
        "SBC	r11, r11, r11\n\t"
        "SUB	%[r], %[r], #0x80\n\t"
        "ORR	r12, r12, r11\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SUBS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBC	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
}

/* Double a Montgomery form number (r = a + a % m).
 *
 * r   Result of doubling.
 * a   Number to double in Montgomery form.
 * m   Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r2") = (const sp_digit*)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r12, #0x0\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADDS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "ADCS	r11, r11, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "ADCS	r11, r11, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "ADCS	r11, r11, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "ADCS	r11, r11, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDR	r4, [%[m], #124]\n\t"
        "ADC	r12, r12, #0x0\n\t"
        "SUBS	r4, r4, r11\n\t"
        "neg	r12, r12\n\t"
        "SBC	r4, r4, r4\n\t"
        "SUB	%[r], %[r], #0x80\n\t"
        "ORR	r12, r12, r4\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SUBS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBC	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
        :
        : "memory", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12", "cc"
    );
}

/* Triple a Montgomery form number (r = a + a + a % m).
 *
 * r   Result of Tripling.
 * a   Number to triple in Montgomery form.
 * m   Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* m __asm__ ("r2") = (const sp_digit*)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r12, #0x0\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADDS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "ADCS	r11, r11, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "ADCS	r11, r11, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "ADCS	r11, r11, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "ADCS	r4, r4, r4\n\t"
        "ADCS	r5, r5, r5\n\t"
        "ADCS	r6, r6, r6\n\t"
        "ADCS	r7, r7, r7\n\t"
        "ADCS	r8, r8, r8\n\t"
        "ADCS	r9, r9, r9\n\t"
        "ADCS	r10, r10, r10\n\t"
        "ADCS	r11, r11, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
        "LDR	r4, [%[m], #124]\n\t"
        "ADC	r12, r12, #0x0\n\t"
        "SUBS	r4, r4, r11\n\t"
        "neg	r12, r12\n\t"
        "SBC	r4, r4, r4\n\t"
        "SUB	%[r], %[r], #0x80\n\t"
        "ORR	r12, r12, r4\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SUBS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBC	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "SUB	%[r], %[r], #0x80\n\t"
        "SUB	%[m], %[m], #0x80\n\t"
        "SUB	%[a], %[a], #0x80\n\t"
        "MOV	r12, #0x0\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r8, r9, r10, r11}\n\t"
        "ADDS	r8, r8, r4\n\t"
        "ADCS	r9, r9, r5\n\t"
        "ADCS	r10, r10, r6\n\t"
        "ADCS	r11, r11, r7\n\t"
        "STM	%[r]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r8, r9, r10, r11}\n\t"
        "ADCS	r8, r8, r4\n\t"
        "ADCS	r9, r9, r5\n\t"
        "ADCS	r10, r10, r6\n\t"
        "ADCS	r11, r11, r7\n\t"
        "STM	%[r]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r8, r9, r10, r11}\n\t"
        "ADCS	r8, r8, r4\n\t"
        "ADCS	r9, r9, r5\n\t"
        "ADCS	r10, r10, r6\n\t"
        "ADCS	r11, r11, r7\n\t"
        "STM	%[r]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r8, r9, r10, r11}\n\t"
        "ADCS	r8, r8, r4\n\t"
        "ADCS	r9, r9, r5\n\t"
        "ADCS	r10, r10, r6\n\t"
        "ADCS	r11, r11, r7\n\t"
        "STM	%[r]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r8, r9, r10, r11}\n\t"
        "ADCS	r8, r8, r4\n\t"
        "ADCS	r9, r9, r5\n\t"
        "ADCS	r10, r10, r6\n\t"
        "ADCS	r11, r11, r7\n\t"
        "STM	%[r]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r8, r9, r10, r11}\n\t"
        "ADCS	r8, r8, r4\n\t"
        "ADCS	r9, r9, r5\n\t"
        "ADCS	r10, r10, r6\n\t"
        "ADCS	r11, r11, r7\n\t"
        "STM	%[r]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r8, r9, r10, r11}\n\t"
        "ADCS	r8, r8, r4\n\t"
        "ADCS	r9, r9, r5\n\t"
        "ADCS	r10, r10, r6\n\t"
        "ADCS	r11, r11, r7\n\t"
        "STM	%[r]!, {r8, r9, r10, r11}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r8, r9, r10, r11}\n\t"
        "ADCS	r8, r8, r4\n\t"
        "ADCS	r9, r9, r5\n\t"
        "ADCS	r10, r10, r6\n\t"
        "ADCS	r11, r11, r7\n\t"
        "STM	%[r]!, {r8, r9, r10, r11}\n\t"
        "LDR	r7, [%[m], #124]\n\t"
        "ADC	r12, r12, #0x0\n\t"
        "SUBS	r7, r7, r11\n\t"
        "neg	r12, r12\n\t"
        "SBC	r7, r7, r7\n\t"
        "SUB	%[r], %[r], #0x80\n\t"
        "ORR	r12, r12, r7\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SUBS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBC	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
        :
        : "memory", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12", "cc"
    );
}

/* Subtract two Montgomery form numbers (r = a - b % m).
 *
 * r   Result of subtration.
 * a   Number to subtract from in Montgomery form.
 * b   Number to subtract with in Montgomery form.
 * m   Modulus (prime).
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
SP_NOINLINE static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
#else
SP_NOINLINE static void sp_1024_mont_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register const sp_digit* m __asm__ ("r3") = (const sp_digit*)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "SUBS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
        "SBCS	r4, r4, r8\n\t"
        "SBCS	r5, r5, r9\n\t"
        "SBCS	r6, r6, r10\n\t"
        "SBCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "SBC	r12, r12, r12\n\t"
        "SUB	%[r], %[r], #0x80\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "ADDS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADCS	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        "LDM	%[r], {r4, r5, r6, r7}\n\t"
        "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
        "AND	r8, r8, r12\n\t"
        "AND	r9, r9, r12\n\t"
        "AND	r10, r10, r12\n\t"
        "AND	r11, r11, r12\n\t"
        "ADCS	r4, r4, r8\n\t"
        "ADCS	r5, r5, r9\n\t"
        "ADCS	r6, r6, r10\n\t"
        "ADC	r7, r7, r11\n\t"
        "STM	%[r]!, {r4, r5, r6, r7}\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
    );
}

#ifdef WOLFSSL_SP_SMALL
/* Conditionally add a and b using the mask m.
 * m is -1 to add and 0 when not.
 *
 * r  A single precision number representing conditional add result.
 * a  A single precision number to add with.
 * b  A single precision number to add.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r5, #0x0\n\t"
        "MOV	r8, #0x0\n\t"
        "MOV	r4, #0x0\n\t"
        "\n"
    "L_sp_1024_cond_add_32_words:\n\t"
        "ADDS	r5, r5, #0xffffffff\n\t"
        "LDR	r6, [%[a], r4]\n\t"
        "LDR	r7, [%[b], r4]\n\t"
        "AND	r7, r7, %[m]\n\t"
        "ADCS	r6, r6, r7\n\t"
        "ADC	r5, r8, r8\n\t"
        "STR	r6, [%[r], r4]\n\t"
        "ADD	r4, r4, #0x4\n\t"
        "CMP	r4, #0x80\n\t"
#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
        "BLT	L_sp_1024_cond_add_32_words\n\t"
#else
        "BLT.N	L_sp_1024_cond_add_32_words\n\t"
#endif
        "MOV	%[r], r5\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
    );
    return (uint32_t)(size_t)r;
}

#else
/* Conditionally add a and b using the mask m.
 * m is -1 to add and 0 when not.
 *
 * r  A single precision number representing conditional add result.
 * a  A single precision number to add with.
 * b  A single precision number to add.
 * m  Mask value to apply.
 */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
#else
static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
    register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p;
    register sp_digit m __asm__ ("r3") = (sp_digit)m_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "MOV	r10, #0x0\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADDS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "LDM	%[a]!, {r6, r7}\n\t"
        "LDM	%[b]!, {r8, r9}\n\t"
        "AND	r8, r8, %[m]\n\t"
        "AND	r9, r9, %[m]\n\t"
        "ADCS	r6, r6, r8\n\t"
        "ADCS	r7, r7, r9\n\t"
        "STM	%[r]!, {r6, r7}\n\t"
        "ADC	%[r], r10, r10\n\t"
        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
        :
        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
    );
    return (uint32_t)(size_t)r;
}

#endif /* WOLFSSL_SP_SMALL */
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
static void sp_1024_rshift1_32(sp_digit* r_p, const sp_digit* a_p)
#else
static void sp_1024_rshift1_32(sp_digit* r, const sp_digit* a)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
    register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p;
    register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p;
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */

    __asm__ __volatile__ (
        "LDM	%[a], {r2, r3}\n\t"
        "LSR	r2, r2, #1\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #8]\n\t"
        "STR	r2, [%[r]]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #12]\n\t"
        "STR	r3, [%[r], #4]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #16]\n\t"
        "STR	r4, [%[r], #8]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #20]\n\t"
        "STR	r2, [%[r], #12]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #24]\n\t"
        "STR	r3, [%[r], #16]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #28]\n\t"
        "STR	r4, [%[r], #20]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #32]\n\t"
        "STR	r2, [%[r], #24]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #36]\n\t"
        "STR	r3, [%[r], #28]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #40]\n\t"
        "STR	r4, [%[r], #32]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #44]\n\t"
        "STR	r2, [%[r], #36]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #48]\n\t"
        "STR	r3, [%[r], #40]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #52]\n\t"
        "STR	r4, [%[r], #44]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #56]\n\t"
        "STR	r2, [%[r], #48]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #60]\n\t"
        "STR	r3, [%[r], #52]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #64]\n\t"
        "STR	r4, [%[r], #56]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #68]\n\t"
        "STR	r2, [%[r], #60]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #72]\n\t"
        "STR	r3, [%[r], #64]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #76]\n\t"
        "STR	r4, [%[r], #68]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #80]\n\t"
        "STR	r2, [%[r], #72]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #84]\n\t"
        "STR	r3, [%[r], #76]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #88]\n\t"
        "STR	r4, [%[r], #80]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #92]\n\t"
        "STR	r2, [%[r], #84]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #96]\n\t"
        "STR	r3, [%[r], #88]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #100]\n\t"
        "STR	r4, [%[r], #92]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #104]\n\t"
        "STR	r2, [%[r], #96]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #108]\n\t"
        "STR	r3, [%[r], #100]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #112]\n\t"
        "STR	r4, [%[r], #104]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "LDR	r4, [%[a], #116]\n\t"
        "STR	r2, [%[r], #108]\n\t"
        "ORR	r3, r3, r4, lsl #31\n\t"
        "LSR	r4, r4, #1\n\t"
        "LDR	r2, [%[a], #120]\n\t"
        "STR	r3, [%[r], #112]\n\t"
        "ORR	r4, r4, r2, lsl #31\n\t"
        "LSR	r2, r2, #1\n\t"
        "LDR	r3, [%[a], #124]\n\t"
        "STR	r4, [%[r], #116]\n\t"
        "ORR	r2, r2, r3, lsl #31\n\t"
        "LSR	r3, r3, #1\n\t"
        "STR	r2, [%[r], #120]\n\t"
        "STR	r3, [%[r], #124]\n\t"
        : [r] "+r" (r), [a] "+r" (a)
        :
        : "memory", "r2", "r3", "r4", "cc"
    );
}

/* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m)
 *
 * r  Result of division by 2.
 * a  Number to divide.
 * m  Modulus (prime).
 */
static void sp_1024_mont_div2_32(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
    sp_digit o;

    o = sp_1024_cond_add_32(r, a, m, 0 - (a[0] & 1));
    sp_1024_rshift1_32(r, r);
    r[31] |= o << 31;
}

/* Double the Montgomery form projective point p.
 *
 * r  Result of doubling point.
 * p  Point to double.
 * t  Temporary ordinate data.
 */
static void sp_1024_proj_point_dbl_32(sp_point_1024* r, const sp_point_1024* p,
    sp_digit* t)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t + 2*32;
    sp_digit* x;
    sp_digit* y;
    sp_digit* z;

    x = r->x;
    y = r->y;
    z = r->z;
    /* Put infinity into result. */
    if (r != p) {
        r->infinity = p->infinity;
    }

    /* T1 = Z * Z */
    sp_1024_mont_sqr_32(t1, p->z, p1024_mod, p1024_mp_mod);
    /* Z = Y * Z */
    sp_1024_mont_mul_32(z, p->y, p->z, p1024_mod, p1024_mp_mod);
    /* Z = 2Z */
    sp_1024_mont_dbl_32(z, z, p1024_mod);
    /* T2 = X - T1 */
    sp_1024_mont_sub_32(t2, p->x, t1, p1024_mod);
    /* T1 = X + T1 */
    sp_1024_mont_add_32(t1, p->x, t1, p1024_mod);
    /* T2 = T1 * T2 */
    sp_1024_mont_mul_32(t2, t1, t2, p1024_mod, p1024_mp_mod);
    /* T1 = 3T2 */
    sp_1024_mont_tpl_32(t1, t2, p1024_mod);
    /* Y = 2Y */
    sp_1024_mont_dbl_32(y, p->y, p1024_mod);
    /* Y = Y * Y */
    sp_1024_mont_sqr_32(y, y, p1024_mod, p1024_mp_mod);
    /* T2 = Y * Y */
    sp_1024_mont_sqr_32(t2, y, p1024_mod, p1024_mp_mod);
    /* T2 = T2/2 */
    sp_1024_mont_div2_32(t2, t2, p1024_mod);
    /* Y = Y * X */
    sp_1024_mont_mul_32(y, y, p->x, p1024_mod, p1024_mp_mod);
    /* X = T1 * T1 */
    sp_1024_mont_sqr_32(x, t1, p1024_mod, p1024_mp_mod);
    /* X = X - Y */
    sp_1024_mont_sub_32(x, x, y, p1024_mod);
    /* X = X - Y */
    sp_1024_mont_sub_32(x, x, y, p1024_mod);
    /* Y = Y - X */
    sp_1024_mont_sub_32(y, y, x, p1024_mod);
    /* Y = Y * T1 */
    sp_1024_mont_mul_32(y, y, t1, p1024_mod, p1024_mp_mod);
    /* Y = Y - T2 */
    sp_1024_mont_sub_32(y, y, t2, p1024_mod);
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_1024_proj_point_dbl_32_ctx {
    int state;
    sp_digit* t1;
    sp_digit* t2;
    sp_digit* x;
    sp_digit* y;
    sp_digit* z;
} sp_1024_proj_point_dbl_32_ctx;

/* Double the Montgomery form projective point p.
 *
 * r  Result of doubling point.
 * p  Point to double.
 * t  Temporary ordinate data.
 */
static int sp_1024_proj_point_dbl_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
        const sp_point_1024* p, sp_digit* t)
{
    int err = FP_WOULDBLOCK;
    sp_1024_proj_point_dbl_32_ctx* ctx = (sp_1024_proj_point_dbl_32_ctx*)sp_ctx->data;

    typedef char ctx_size_test[sizeof(sp_1024_proj_point_dbl_32_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0:
        ctx->t1 = t;
        ctx->t2 = t + 2*32;
        ctx->x = r->x;
        ctx->y = r->y;
        ctx->z = r->z;

        /* Put infinity into result. */
        if (r != p) {
            r->infinity = p->infinity;
        }
        ctx->state = 1;
        break;
    case 1:
        /* T1 = Z * Z */
        sp_1024_mont_sqr_32(ctx->t1, p->z, p1024_mod, p1024_mp_mod);
        ctx->state = 2;
        break;
    case 2:
        /* Z = Y * Z */
        sp_1024_mont_mul_32(ctx->z, p->y, p->z, p1024_mod, p1024_mp_mod);
        ctx->state = 3;
        break;
    case 3:
        /* Z = 2Z */
        sp_1024_mont_dbl_32(ctx->z, ctx->z, p1024_mod);
        ctx->state = 4;
        break;
    case 4:
        /* T2 = X - T1 */
        sp_1024_mont_sub_32(ctx->t2, p->x, ctx->t1, p1024_mod);
        ctx->state = 5;
        break;
    case 5:
        /* T1 = X + T1 */
        sp_1024_mont_add_32(ctx->t1, p->x, ctx->t1, p1024_mod);
        ctx->state = 6;
        break;
    case 6:
        /* T2 = T1 * T2 */
        sp_1024_mont_mul_32(ctx->t2, ctx->t1, ctx->t2, p1024_mod, p1024_mp_mod);
        ctx->state = 7;
        break;
    case 7:
        /* T1 = 3T2 */
        sp_1024_mont_tpl_32(ctx->t1, ctx->t2, p1024_mod);
        ctx->state = 8;
        break;
    case 8:
        /* Y = 2Y */
        sp_1024_mont_dbl_32(ctx->y, p->y, p1024_mod);
        ctx->state = 9;
        break;
    case 9:
        /* Y = Y * Y */
        sp_1024_mont_sqr_32(ctx->y, ctx->y, p1024_mod, p1024_mp_mod);
        ctx->state = 10;
        break;
    case 10:
        /* T2 = Y * Y */
        sp_1024_mont_sqr_32(ctx->t2, ctx->y, p1024_mod, p1024_mp_mod);
        ctx->state = 11;
        break;
    case 11:
        /* T2 = T2/2 */
        sp_1024_mont_div2_32(ctx->t2, ctx->t2, p1024_mod);
        ctx->state = 12;
        break;
    case 12:
        /* Y = Y * X */
        sp_1024_mont_mul_32(ctx->y, ctx->y, p->x, p1024_mod, p1024_mp_mod);
        ctx->state = 13;
        break;
    case 13:
        /* X = T1 * T1 */
        sp_1024_mont_sqr_32(ctx->x, ctx->t1, p1024_mod, p1024_mp_mod);
        ctx->state = 14;
        break;
    case 14:
        /* X = X - Y */
        sp_1024_mont_sub_32(ctx->x, ctx->x, ctx->y, p1024_mod);
        ctx->state = 15;
        break;
    case 15:
        /* X = X - Y */
        sp_1024_mont_sub_32(ctx->x, ctx->x, ctx->y, p1024_mod);
        ctx->state = 16;
        break;
    case 16:
        /* Y = Y - X */
        sp_1024_mont_sub_32(ctx->y, ctx->y, ctx->x, p1024_mod);
        ctx->state = 17;
        break;
    case 17:
        /* Y = Y * T1 */
        sp_1024_mont_mul_32(ctx->y, ctx->y, ctx->t1, p1024_mod, p1024_mp_mod);
        ctx->state = 18;
        break;
    case 18:
        /* Y = Y - T2 */
        sp_1024_mont_sub_32(ctx->y, ctx->y, ctx->t2, p1024_mod);
        ctx->state = 19;
        /* fall-through */
    case 19:
        err = MP_OKAY;
        break;
    }

    if (err == MP_OKAY && ctx->state != 19) {
        err = FP_WOULDBLOCK;
    }

    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */
/* Compare two numbers to determine if they are equal.
 * Constant time implementation.
 *
 * a  First number to compare.
 * b  Second number to compare.
 * returns 1 when equal and 0 otherwise.
 */
static int sp_1024_cmp_equal_32(const sp_digit* a, const sp_digit* b)
{
    return ((a[0] ^ b[0]) | (a[1] ^ b[1]) | (a[2] ^ b[2]) |
            (a[3] ^ b[3]) | (a[4] ^ b[4]) | (a[5] ^ b[5]) |
            (a[6] ^ b[6]) | (a[7] ^ b[7]) | (a[8] ^ b[8]) |
            (a[9] ^ b[9]) | (a[10] ^ b[10]) | (a[11] ^ b[11]) |
            (a[12] ^ b[12]) | (a[13] ^ b[13]) | (a[14] ^ b[14]) |
            (a[15] ^ b[15]) | (a[16] ^ b[16]) | (a[17] ^ b[17]) |
            (a[18] ^ b[18]) | (a[19] ^ b[19]) | (a[20] ^ b[20]) |
            (a[21] ^ b[21]) | (a[22] ^ b[22]) | (a[23] ^ b[23]) |
            (a[24] ^ b[24]) | (a[25] ^ b[25]) | (a[26] ^ b[26]) |
            (a[27] ^ b[27]) | (a[28] ^ b[28]) | (a[29] ^ b[29]) |
            (a[30] ^ b[30]) | (a[31] ^ b[31])) == 0;
}

/* Returns 1 if the number of zero.
 * Implementation is constant time.
 *
 * a  Number to check.
 * returns 1 if the number is zero and 0 otherwise.
 */
static int sp_1024_iszero_32(const sp_digit* a)
{
    return (a[0] | a[1] | a[2] | a[3] | a[4] | a[5] | a[6] | a[7] |
            a[8] | a[9] | a[10] | a[11] | a[12] | a[13] | a[14] | a[15] |
            a[16] | a[17] | a[18] | a[19] | a[20] | a[21] | a[22] | a[23] |
            a[24] | a[25] | a[26] | a[27] | a[28] | a[29] | a[30] | a[31]) == 0;
}


/* Add two Montgomery form projective points.
 *
 * r  Result of addition.
 * p  First point to add.
 * q  Second point to add.
 * t  Temporary ordinate data.
 */
static void sp_1024_proj_point_add_32(sp_point_1024* r,
        const sp_point_1024* p, const sp_point_1024* q, sp_digit* t)
{
    sp_digit* t6 = t;
    sp_digit* t1 = t + 2*32;
    sp_digit* t2 = t + 4*32;
    sp_digit* t3 = t + 6*32;
    sp_digit* t4 = t + 8*32;
    sp_digit* t5 = t + 10*32;

    /* U1 = X1*Z2^2 */
    sp_1024_mont_sqr_32(t1, q->z, p1024_mod, p1024_mp_mod);
    sp_1024_mont_mul_32(t3, t1, q->z, p1024_mod, p1024_mp_mod);
    sp_1024_mont_mul_32(t1, t1, p->x, p1024_mod, p1024_mp_mod);
    /* U2 = X2*Z1^2 */
    sp_1024_mont_sqr_32(t2, p->z, p1024_mod, p1024_mp_mod);
    sp_1024_mont_mul_32(t4, t2, p->z, p1024_mod, p1024_mp_mod);
    sp_1024_mont_mul_32(t2, t2, q->x, p1024_mod, p1024_mp_mod);
    /* S1 = Y1*Z2^3 */
    sp_1024_mont_mul_32(t3, t3, p->y, p1024_mod, p1024_mp_mod);
    /* S2 = Y2*Z1^3 */
    sp_1024_mont_mul_32(t4, t4, q->y, p1024_mod, p1024_mp_mod);

    /* Check double */
    if ((~p->infinity) & (~q->infinity) &
            sp_1024_cmp_equal_32(t2, t1) &
            sp_1024_cmp_equal_32(t4, t3)) {
        sp_1024_proj_point_dbl_32(r, p, t);
    }
    else {
        sp_digit* x = t6;
        sp_digit* y = t1;
        sp_digit* z = t2;

        /* H = U2 - U1 */
        sp_1024_mont_sub_32(t2, t2, t1, p1024_mod);
        /* R = S2 - S1 */
        sp_1024_mont_sub_32(t4, t4, t3, p1024_mod);
        /* X3 = R^2 - H^3 - 2*U1*H^2 */
        sp_1024_mont_sqr_32(t5, t2, p1024_mod, p1024_mp_mod);
        sp_1024_mont_mul_32(y, t1, t5, p1024_mod, p1024_mp_mod);
        sp_1024_mont_mul_32(t5, t5, t2, p1024_mod, p1024_mp_mod);
        /* Z3 = H*Z1*Z2 */
        sp_1024_mont_mul_32(z, p->z, t2, p1024_mod, p1024_mp_mod);
        sp_1024_mont_mul_32(z, z, q->z, p1024_mod, p1024_mp_mod);
        sp_1024_mont_sqr_32(x, t4, p1024_mod, p1024_mp_mod);
        sp_1024_mont_sub_32(x, x, t5, p1024_mod);
        sp_1024_mont_mul_32(t5, t5, t3, p1024_mod, p1024_mp_mod);
        sp_1024_mont_dbl_32(t3, y, p1024_mod);
        sp_1024_mont_sub_32(x, x, t3, p1024_mod);
        /* Y3 = R*(U1*H^2 - X3) - S1*H^3 */
        sp_1024_mont_sub_32(y, y, x, p1024_mod);
        sp_1024_mont_mul_32(y, y, t4, p1024_mod, p1024_mp_mod);
        sp_1024_mont_sub_32(y, y, t5, p1024_mod);
        {
            int i;
            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
            sp_digit maskt = ~(maskp | maskq);
            sp_digit inf = (sp_digit)(p->infinity & q->infinity);

            for (i = 0; i < 32; i++) {
                r->x[i] = (p->x[i] & maskp) | (q->x[i] & maskq) |
                          (x[i] & maskt);
            }
            for (i = 0; i < 32; i++) {
                r->y[i] = (p->y[i] & maskp) | (q->y[i] & maskq) |
                          (y[i] & maskt);
            }
            for (i = 0; i < 32; i++) {
                r->z[i] = (p->z[i] & maskp) | (q->z[i] & maskq) |
                          (z[i] & maskt);
            }
            r->z[0] |= inf;
            r->infinity = (word32)inf;
        }
    }
}

#ifdef WOLFSSL_SP_NONBLOCK
typedef struct sp_1024_proj_point_add_32_ctx {
    int state;
    sp_1024_proj_point_dbl_32_ctx dbl_ctx;
    const sp_point_1024* ap[2];
    sp_point_1024* rp[2];
    sp_digit* t1;
    sp_digit* t2;
    sp_digit* t3;
    sp_digit* t4;
    sp_digit* t5;
    sp_digit* t6;
    sp_digit* x;
    sp_digit* y;
    sp_digit* z;
} sp_1024_proj_point_add_32_ctx;

/* Add two Montgomery form projective points.
 *
 * r  Result of addition.
 * p  First point to add.
 * q  Second point to add.
 * t  Temporary ordinate data.
 */
static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
    const sp_point_1024* p, const sp_point_1024* q, sp_digit* t)
{
    int err = FP_WOULDBLOCK;
    sp_1024_proj_point_add_32_ctx* ctx = (sp_1024_proj_point_add_32_ctx*)sp_ctx->data;

    /* Ensure only the first point is the same as the result. */
    if (q == r) {
        const sp_point_1024* a = p;
        p = q;
        q = a;
    }

    typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_32_ctx) >= sizeof(*sp_ctx) ? -1 : 1];
    (void)sizeof(ctx_size_test);

    switch (ctx->state) {
    case 0: /* INIT */
        ctx->t6 = t;
        ctx->t1 = t + 2*32;
        ctx->t2 = t + 4*32;
        ctx->t3 = t + 6*32;
        ctx->t4 = t + 8*32;
        ctx->t5 = t + 10*32;
        ctx->x = ctx->t6;
        ctx->y = ctx->t1;
        ctx->z = ctx->t2;

        ctx->state = 1;
        break;
    case 1:
        /* U1 = X1*Z2^2 */
        sp_1024_mont_sqr_32(ctx->t1, q->z, p1024_mod, p1024_mp_mod);
        ctx->state = 2;
        break;
    case 2:
        sp_1024_mont_mul_32(ctx->t3, ctx->t1, q->z, p1024_mod, p1024_mp_mod);
        ctx->state = 3;
        break;
    case 3:
        sp_1024_mont_mul_32(ctx->t1, ctx->t1, p->x, p1024_mod, p1024_mp_mod);
        ctx->state = 4;
        break;
    case 4:
        /* U2 = X2*Z1^2 */
        sp_1024_mont_sqr_32(ctx->t2, p->z, p1024_mod, p1024_mp_mod);
        ctx->state = 5;
        break;
    case 5:
        sp_1024_mont_mul_32(ctx->t4, ctx->t2, p->z, p1024_mod, p1024_mp_mod);
        ctx->state = 6;
        break;
    case 6:
        sp_1024_mont_mul_32(ctx->t2, ctx->t2, q->x, p1024_mod, p1024_mp_mod);
        ctx->state = 7;
        break;
    case 7:
        /* S1 = Y1*Z2^3 */
        sp_1024_mont_mul_32(ctx->t3, ctx->t3, p->y, p1024_mod, p1024_mp_mod);
        ctx->state = 8;
        break;
    case 8:
        /* S2 = Y2*Z1^3 */
        sp_1024_mont_mul_32(ctx->t4, ctx->t4, q->y, p1024_mod, p1024_mp_mod);
        ctx->state = 9;
        break;
    case 9:
        /* Check double */
        if ((~p->infinity) & (~q->infinity) &
                sp_1024_cmp_equal_32(ctx->t2, ctx->t1) &
                sp_1024_cmp_equal_32(ctx->t4, ctx->t3)) {
            XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
            sp_1024_proj_point_dbl_32(r, p, t);
            ctx->state = 25;
        }
        else {
            ctx->state = 10;
        }
        break;
    case 10:
        /* H = U2 - U1 */
        sp_1024_mont_sub_32(ctx->t2, ctx->t2, ctx->t1, p1024_mod);
        ctx->state = 11;
        break;
    case 11:
        /* R = S2 - S1 */
        sp_1024_mont_sub_32(ctx->t4, ctx->t4, ctx->t3, p1024_mod);
        ctx->state = 12;
        break;
    case 12:
        /* X3 = R^2 - H^3 - 2*U1*H^2 */
        sp_1024_mont_sqr_32(ctx->t5, ctx->t2, p1024_mod, p1024_mp_mod);
        ctx->state = 13;
        break;
    case 13:
        sp_1024_mont_mul_32(ctx->y, ctx->t1, ctx->t5, p1024_mod, p1024_mp_mod);
        ctx->state = 14;
        break;
    case 14:
        sp_1024_mont_mul_32(ctx->t5, ctx->t5, ctx->t2, p1024_mod, p1024_mp_mod);
        ctx->state = 15;
        break;
    case 15:
        /* Z3 = H*Z1*Z2 */
        sp_1024_mont_mul_32(ctx->z, p->z, ctx->t2, p1024_mod, p1024_mp_mod);
        ctx->state = 16;
        break;
    case 16:
        sp_1024_mont_mul_32(ctx->z, ctx->z, q->z, p1024_mod, p1024_mp_mod);
        ctx->state = 17;
        break;
    case 17:
        sp_1024_mont_sqr_32(ctx->x, ctx->t4, p1024_mod, p1024_mp_mod);
        ctx->state = 18;
        break;
    case 18:
        sp_1024_mont_sub_32(ctx->x, ctx->x, ctx->t5, p1024_mod);
        ctx->state = 19;
        break;
    case 19:
        sp_1024_mont_mul_32(ctx->t5, ctx->t5, ctx->t3, p1024_mod, p1024_mp_mod);
        ctx->state = 20;
        break;
    case 20:
        sp_1024_mont_dbl_32(ctx->t3, ctx->y, p1024_mod);
        sp_1024_mont_sub_32(ctx->x, ctx->x, ctx->t3, p1024_mod);
        ctx->state = 21;
        break;
    case 21:
        /* Y3 = R*(U1*H^2 - X3) - S1*H^3 */
        sp_1024_mont_sub_32(ctx->y, ctx->y, ctx->x, p1024_mod);
        ctx->state = 22;
        break;
    case 22:
        sp_1024_mont_mul_32(ctx->y, ctx->y, ctx->t4, p1024_mod, p1024_mp_mod);
        ctx->state = 23;
        break;
    case 23:
        sp_1024_mont_sub_32(ctx->y, ctx->y, ctx->t5, p1024_mod);
        ctx->state = 24;
        break;
    case 24:
    {
        {
            int i;
            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
            sp_digit maskt = ~(maskp | maskq);
            sp_digit inf = (sp_digit)(p->infinity & q->infinity);

            for (i = 0; i < 32; i++) {
                r->x[i] = (p->x[i] & maskp) | (q->x[i] & maskq) |
                          (ctx->x[i] & maskt);
            }
            for (i = 0; i < 32; i++) {
                r->y[i] = (p->y[i] & maskp) | (q->y[i] & maskq) |
                          (ctx->y[i] & maskt);
            }
            for (i = 0; i < 32; i++) {
                r->z[i] = (p->z[i] & maskp) | (q->z[i] & maskq) |
                          (ctx->z[i] & maskt);
            }
            r->z[0] |= inf;
            r->infinity = (word32)inf;
        }
        ctx->state = 25;
        break;
    }
    case 25:
        err = MP_OKAY;
        break;
    }

    if (err == MP_OKAY && ctx->state != 25) {
        err = FP_WOULDBLOCK;
    }
    return err;
}
#endif /* WOLFSSL_SP_NONBLOCK */

/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Fast implementation that generates a pre-computation table.
 * 4 bits of window (no sliding!).
 * Uses add and double for calculating table.
 * 1024 doubles.
 * 268 adds.
 *
 * r     Resulting point.
 * g     Point to multiply.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g, const sp_digit* k,
        int map, int ct, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_1024* t = NULL;
    sp_digit* tmp = NULL;
#else
    sp_point_1024 t[16 + 1];
    sp_digit tmp[2 * 32 * 37];
#endif
    sp_point_1024* rt = NULL;
    sp_digit n;
    int i;
    int c;
    int y;
    int err = MP_OKAY;

    /* Constant time used for cache attack resistance implementation. */
    (void)ct;
    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * (16 + 1),
        heap, DYNAMIC_TYPE_ECC);
    if (t == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 37, heap,
                                DYNAMIC_TYPE_ECC);
        if (tmp == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        rt = t + 16;

        /* t[0] = {0, 0, 1} * norm */
        XMEMSET(&t[0], 0, sizeof(t[0]));
        t[0].infinity = 1;
        /* t[1] = {g->x, g->y, g->z} * norm */
        (void)sp_1024_mod_mul_norm_32(t[1].x, g->x, p1024_mod);
        (void)sp_1024_mod_mul_norm_32(t[1].y, g->y, p1024_mod);
        (void)sp_1024_mod_mul_norm_32(t[1].z, g->z, p1024_mod);
        t[1].infinity = 0;
        sp_1024_proj_point_dbl_32(&t[ 2], &t[ 1], tmp);
        t[ 2].infinity = 0;
        sp_1024_proj_point_add_32(&t[ 3], &t[ 2], &t[ 1], tmp);
        t[ 3].infinity = 0;
        sp_1024_proj_point_dbl_32(&t[ 4], &t[ 2], tmp);
        t[ 4].infinity = 0;
        sp_1024_proj_point_add_32(&t[ 5], &t[ 3], &t[ 2], tmp);
        t[ 5].infinity = 0;
        sp_1024_proj_point_dbl_32(&t[ 6], &t[ 3], tmp);
        t[ 6].infinity = 0;
        sp_1024_proj_point_add_32(&t[ 7], &t[ 4], &t[ 3], tmp);
        t[ 7].infinity = 0;
        sp_1024_proj_point_dbl_32(&t[ 8], &t[ 4], tmp);
        t[ 8].infinity = 0;
        sp_1024_proj_point_add_32(&t[ 9], &t[ 5], &t[ 4], tmp);
        t[ 9].infinity = 0;
        sp_1024_proj_point_dbl_32(&t[10], &t[ 5], tmp);
        t[10].infinity = 0;
        sp_1024_proj_point_add_32(&t[11], &t[ 6], &t[ 5], tmp);
        t[11].infinity = 0;
        sp_1024_proj_point_dbl_32(&t[12], &t[ 6], tmp);
        t[12].infinity = 0;
        sp_1024_proj_point_add_32(&t[13], &t[ 7], &t[ 6], tmp);
        t[13].infinity = 0;
        sp_1024_proj_point_dbl_32(&t[14], &t[ 7], tmp);
        t[14].infinity = 0;
        sp_1024_proj_point_add_32(&t[15], &t[ 8], &t[ 7], tmp);
        t[15].infinity = 0;

        i = 30;
        n = k[i+1] << 0;
        c = 28;
        y = (int)(n >> 28);
        XMEMCPY(rt, &t[y], sizeof(sp_point_1024));
        n <<= 4;
        for (; i>=0 || c>=4; ) {
            if (c < 4) {
                n |= k[i--];
                c += 32;
            }
            y = (n >> 28) & 0xf;
            n <<= 4;
            c -= 4;

            sp_1024_proj_point_dbl_32(rt, rt, tmp);
            sp_1024_proj_point_dbl_32(rt, rt, tmp);
            sp_1024_proj_point_dbl_32(rt, rt, tmp);
            sp_1024_proj_point_dbl_32(rt, rt, tmp);
            sp_1024_proj_point_add_32(rt, rt, &t[y], tmp);
        }

        if (map != 0) {
            sp_1024_map_32(r, rt, tmp);
        }
        else {
            XMEMCPY(r, rt, sizeof(sp_point_1024));
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (tmp != NULL)
#endif
    {
        ForceZero(tmp, sizeof(sp_digit) * 2 * 32 * 37);
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
    #endif
    }
#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
#endif
    {
        ForceZero(t, sizeof(sp_point_1024) * 17);
    #ifdef WOLFSSL_SP_SMALL_STACK
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
    #endif
    }

    return err;
}

#if defined(FP_ECC) || !defined(WOLFSSL_SP_SMALL)
/* Double the Montgomery form projective point p a number of times.
 *
 * r  Result of repeated doubling of point.
 * p  Point to double.
 * n  Number of times to double
 * t  Temporary ordinate data.
 */
static void sp_1024_proj_point_dbl_n_32(sp_point_1024* p, int i,
    sp_digit* t)
{
    sp_digit* w = t;
    sp_digit* a = t + 2*32;
    sp_digit* b = t + 4*32;
    sp_digit* t1 = t + 6*32;
    sp_digit* t2 = t + 8*32;
    sp_digit* x;
    sp_digit* y;
    sp_digit* z;
    volatile int n = i;

    x = p->x;
    y = p->y;
    z = p->z;

    /* Y = 2*Y */
    sp_1024_mont_dbl_32(y, y, p1024_mod);
    /* W = Z^4 */
    sp_1024_mont_sqr_32(w, z, p1024_mod, p1024_mp_mod);
    sp_1024_mont_sqr_32(w, w, p1024_mod, p1024_mp_mod);
#ifndef WOLFSSL_SP_SMALL
    while (--n > 0)
#else
    while (--n >= 0)
#endif
    {
        /* A = 3*(X^2 - W) */
        sp_1024_mont_sqr_32(t1, x, p1024_mod, p1024_mp_mod);
        sp_1024_mont_sub_32(t1, t1, w, p1024_mod);
        sp_1024_mont_tpl_32(a, t1, p1024_mod);
        /* B = X*Y^2 */
        sp_1024_mont_sqr_32(t1, y, p1024_mod, p1024_mp_mod);
        sp_1024_mont_mul_32(b, t1, x, p1024_mod, p1024_mp_mod);
        /* X = A^2 - 2B */
        sp_1024_mont_sqr_32(x, a, p1024_mod, p1024_mp_mod);
        sp_1024_mont_dbl_32(t2, b, p1024_mod);
        sp_1024_mont_sub_32(x, x, t2, p1024_mod);
        /* B = 2.(B - X) */
        sp_1024_mont_sub_32(t2, b, x, p1024_mod);
        sp_1024_mont_dbl_32(b, t2, p1024_mod);
        /* Z = Z*Y */
        sp_1024_mont_mul_32(z, z, y, p1024_mod, p1024_mp_mod);
        /* t1 = Y^4 */
        sp_1024_mont_sqr_32(t1, t1, p1024_mod, p1024_mp_mod);
#ifdef WOLFSSL_SP_SMALL
        if (n != 0)
#endif
        {
            /* W = W*Y^4 */
            sp_1024_mont_mul_32(w, w, t1, p1024_mod, p1024_mp_mod);
        }
        /* y = 2*A*(B - X) - Y^4 */
        sp_1024_mont_mul_32(y, b, a, p1024_mod, p1024_mp_mod);
        sp_1024_mont_sub_32(y, y, t1, p1024_mod);
    }
#ifndef WOLFSSL_SP_SMALL
    /* A = 3*(X^2 - W) */
    sp_1024_mont_sqr_32(t1, x, p1024_mod, p1024_mp_mod);
    sp_1024_mont_sub_32(t1, t1, w, p1024_mod);
    sp_1024_mont_tpl_32(a, t1, p1024_mod);
    /* B = X*Y^2 */
    sp_1024_mont_sqr_32(t1, y, p1024_mod, p1024_mp_mod);
    sp_1024_mont_mul_32(b, t1, x, p1024_mod, p1024_mp_mod);
    /* X = A^2 - 2B */
    sp_1024_mont_sqr_32(x, a, p1024_mod, p1024_mp_mod);
    sp_1024_mont_dbl_32(t2, b, p1024_mod);
    sp_1024_mont_sub_32(x, x, t2, p1024_mod);
    /* B = 2.(B - X) */
    sp_1024_mont_sub_32(t2, b, x, p1024_mod);
    sp_1024_mont_dbl_32(b, t2, p1024_mod);
    /* Z = Z*Y */
    sp_1024_mont_mul_32(z, z, y, p1024_mod, p1024_mp_mod);
    /* t1 = Y^4 */
    sp_1024_mont_sqr_32(t1, t1, p1024_mod, p1024_mp_mod);
    /* y = 2*A*(B - X) - Y^4 */
    sp_1024_mont_mul_32(y, b, a, p1024_mod, p1024_mp_mod);
    sp_1024_mont_sub_32(y, y, t1, p1024_mod);
#endif /* WOLFSSL_SP_SMALL */
    /* Y = Y/2 */
    sp_1024_mont_div2_32(y, y, p1024_mod);
}

/* Convert the projective point to affine.
 * Ordinates are in Montgomery form.
 *
 * a  Point to convert.
 * t  Temporary data.
 */
static void sp_1024_proj_to_affine_32(sp_point_1024* a, sp_digit* t)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t + 2 * 32;
    sp_digit* tmp = t + 4 * 32;

    sp_1024_mont_inv_32(t1, a->z, tmp);

    sp_1024_mont_sqr_32(t2, t1, p1024_mod, p1024_mp_mod);
    sp_1024_mont_mul_32(t1, t2, t1, p1024_mod, p1024_mp_mod);

    sp_1024_mont_mul_32(a->x, a->x, t2, p1024_mod, p1024_mp_mod);
    sp_1024_mont_mul_32(a->y, a->y, t1, p1024_mod, p1024_mp_mod);
    XMEMCPY(a->z, p1024_norm_mod, sizeof(p1024_norm_mod));
}

#endif /* FP_ECC || !WOLFSSL_SP_SMALL */
/* A table entry for pre-computed points. */
typedef struct sp_table_entry_1024 {
    sp_digit x[32];
    sp_digit y[32];
} sp_table_entry_1024;

#ifdef FP_ECC
#endif /* FP_ECC */
/* Add two Montgomery form projective points. The second point has a q value of
 * one.
 * Only the first point can be the same pointer as the result point.
 *
 * r  Result of addition.
 * p  First point to add.
 * q  Second point to add.
 * t  Temporary ordinate data.
 */
static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
    const sp_point_1024* p, const sp_point_1024* q, sp_digit* t)
{
    sp_digit* t2 = t;
    sp_digit* t3 = t + 2*32;
    sp_digit* t6 = t + 4*32;
    sp_digit* t1 = t + 6*32;
    sp_digit* t4 = t + 8*32;
    sp_digit* t5 = t + 10*32;

    /* Calculate values to subtract from P->x and P->y. */
    /* U2 = X2*Z1^2 */
    sp_1024_mont_sqr_32(t2, p->z, p1024_mod, p1024_mp_mod);
    sp_1024_mont_mul_32(t4, t2, p->z, p1024_mod, p1024_mp_mod);
    sp_1024_mont_mul_32(t2, t2, q->x, p1024_mod, p1024_mp_mod);
    /* S2 = Y2*Z1^3 */
    sp_1024_mont_mul_32(t4, t4, q->y, p1024_mod, p1024_mp_mod);

    if ((~p->infinity) & (~q->infinity) &
            sp_1024_cmp_equal_32(p->x, t2) &
            sp_1024_cmp_equal_32(p->y, t4)) {
        sp_1024_proj_point_dbl_32(r, p, t);
    }
    else {
        sp_digit* x = t2;
        sp_digit* y = t3;
        sp_digit* z = t6;

        /* H = U2 - X1 */
        sp_1024_mont_sub_32(t2, t2, p->x, p1024_mod);
        /* R = S2 - Y1 */
        sp_1024_mont_sub_32(t4, t4, p->y, p1024_mod);
        /* Z3 = H*Z1 */
        sp_1024_mont_mul_32(z, p->z, t2, p1024_mod, p1024_mp_mod);
        /* X3 = R^2 - H^3 - 2*X1*H^2 */
        sp_1024_mont_sqr_32(t1, t2, p1024_mod, p1024_mp_mod);
        sp_1024_mont_mul_32(t3, p->x, t1, p1024_mod, p1024_mp_mod);
        sp_1024_mont_mul_32(t1, t1, t2, p1024_mod, p1024_mp_mod);
        sp_1024_mont_sqr_32(t2, t4, p1024_mod, p1024_mp_mod);
        sp_1024_mont_sub_32(t2, t2, t1, p1024_mod);
        sp_1024_mont_dbl_32(t5, t3, p1024_mod);
        sp_1024_mont_sub_32(x, t2, t5, p1024_mod);
        /* Y3 = R*(X1*H^2 - X3) - Y1*H^3 */
        sp_1024_mont_sub_32(t3, t3, x, p1024_mod);
        sp_1024_mont_mul_32(t3, t3, t4, p1024_mod, p1024_mp_mod);
        sp_1024_mont_mul_32(t1, t1, p->y, p1024_mod, p1024_mp_mod);
        sp_1024_mont_sub_32(y, t3, t1, p1024_mod);
        {
            int i;
            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
            sp_digit maskt = ~(maskp | maskq);
            sp_digit inf = (sp_digit)(p->infinity & q->infinity);

            for (i = 0; i < 32; i++) {
                r->x[i] = (p->x[i] & maskp) | (q->x[i] & maskq) |
                          (x[i] & maskt);
            }
            for (i = 0; i < 32; i++) {
                r->y[i] = (p->y[i] & maskp) | (q->y[i] & maskq) |
                          (y[i] & maskt);
            }
            for (i = 0; i < 32; i++) {
                r->z[i] = (p->z[i] & maskp) | (q->z[i] & maskq) |
                          (z[i] & maskt);
            }
            r->z[0] |= inf;
            r->infinity = (word32)inf;
        }
    }
}

#ifdef WOLFSSL_SP_SMALL
#if defined(FP_ECC) || !defined(WOLFSSL_SP_SMALL)
/* Generate the pre-computed table of points for the base point.
 *
 * width = 4
 * 16 entries
 * 256 bits between
 *
 * a      The base point.
 * table  Place to store generated point data.
 * tmp    Temporary data.
 * heap  Heap to use for allocation.
 */
static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
        sp_table_entry_1024* table, sp_digit* tmp, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_1024* t = NULL;
#else
    sp_point_1024 t[3];
#endif
    sp_point_1024* s1 = NULL;
    sp_point_1024* s2 = NULL;
    int i;
    int j;
    int err = MP_OKAY;

    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap,
                                     DYNAMIC_TYPE_ECC);
    if (t == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {
        s1 = t + 1;
        s2 = t + 2;

        err = sp_1024_mod_mul_norm_32(t->x, a->x, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(t->y, a->y, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(t->z, a->z, p1024_mod);
    }
    if (err == MP_OKAY) {
        t->infinity = 0;
        sp_1024_proj_to_affine_32(t, tmp);

        XMEMCPY(s1->z, p1024_norm_mod, sizeof(p1024_norm_mod));
        s1->infinity = 0;
        XMEMCPY(s2->z, p1024_norm_mod, sizeof(p1024_norm_mod));
        s2->infinity = 0;

        /* table[0] = {0, 0, infinity} */
        XMEMSET(&table[0], 0, sizeof(sp_table_entry_1024));
        /* table[1] = Affine version of 'a' in Montgomery form */
        XMEMCPY(table[1].x, t->x, sizeof(table->x));
        XMEMCPY(table[1].y, t->y, sizeof(table->y));

        for (i=1; i<4; i++) {
            sp_1024_proj_point_dbl_n_32(t, 256, tmp);
            sp_1024_proj_to_affine_32(t, tmp);
            XMEMCPY(table[1<<i].x, t->x, sizeof(table->x));
            XMEMCPY(table[1<<i].y, t->y, sizeof(table->y));
        }

        for (i=1; i<4; i++) {
            XMEMCPY(s1->x, table[1<<i].x, sizeof(table->x));
            XMEMCPY(s1->y, table[1<<i].y, sizeof(table->y));
            for (j=(1<<i)+1; j<(1<<(i+1)); j++) {
                XMEMCPY(s2->x, table[j-(1<<i)].x, sizeof(table->x));
                XMEMCPY(s2->y, table[j-(1<<i)].y, sizeof(table->y));
                sp_1024_proj_point_add_qz1_32(t, s1, s2, tmp);
                sp_1024_proj_to_affine_32(t, tmp);
                XMEMCPY(table[j].x, t->x, sizeof(table->x));
                XMEMCPY(table[j].y, t->y, sizeof(table->y));
            }
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#endif /* FP_ECC || !WOLFSSL_SP_SMALL */
/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Stripe implementation.
 * Pre-generated: 2^0, 2^256, ...
 * Pre-generated: products of all combinations of above.
 * 4 doubles and adds (with qz=1)
 *
 * r      Resulting point.
 * k      Scalar to multiply by.
 * table  Pre-computed table.
 * map    Indicates whether to convert result to affine.
 * ct     Constant time required.
 * heap   Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g,
        const sp_table_entry_1024* table, const sp_digit* k, int map,
        int ct, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_1024* rt = NULL;
    sp_digit* t = NULL;
#else
    sp_point_1024 rt[2];
    sp_digit t[2 * 32 * 37];
#endif
    sp_point_1024* p = NULL;
    int i;
    int j;
    int y;
    int x;
    int err = MP_OKAY;

    (void)g;
    /* Constant time used for cache attack resistance implementation. */
    (void)ct;
    (void)heap;


#ifdef WOLFSSL_SP_SMALL_STACK
    rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
                                      DYNAMIC_TYPE_ECC);
    if (rt == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 37, heap,
                               DYNAMIC_TYPE_ECC);
        if (t == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        p = rt + 1;

        XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod));
        XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod));

        y = 0;
        x = 255;
        for (j=0; j<4; j++) {
            y |= (int)(((k[x / 32] >> (x % 32)) & 1) << j);
            x += 256;
        }
        XMEMCPY(rt->x, table[y].x, sizeof(table[y].x));
        XMEMCPY(rt->y, table[y].y, sizeof(table[y].y));
        rt->infinity = !y;
        for (i=254; i>=0; i--) {
            y = 0;
            x = i;
            for (j=0; j<4; j++) {
                y |= (int)(((k[x / 32] >> (x % 32)) & 1) << j);
                x += 256;
            }

            sp_1024_proj_point_dbl_32(rt, rt, t);
            XMEMCPY(p->x, table[y].x, sizeof(table[y].x));
            XMEMCPY(p->y, table[y].y, sizeof(table[y].y));
            p->infinity = !y;
            sp_1024_proj_point_add_qz1_32(rt, rt, p, t);
        }

        if (map != 0) {
            sp_1024_map_32(r, rt, t);
        }
        else {
            XMEMCPY(r, rt, sizeof(sp_point_1024));
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
    if (rt != NULL)
        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef FP_ECC
#ifndef FP_ENTRIES
    #define FP_ENTRIES 16
#endif

/* Cache entry - holds precomputation tables for a point. */
typedef struct sp_cache_1024_t {
    /* X ordinate of point that table was generated from. */
    sp_digit x[32];
    /* Y ordinate of point that table was generated from. */
    sp_digit y[32];
    /* Precomputation table for point. */
    sp_table_entry_1024 table[16];
    /* Count of entries in table. */
    uint32_t cnt;
    /* Point and table set in entry. */
    int set;
} sp_cache_1024_t;

/* Cache of tables. */
static THREAD_LS_T sp_cache_1024_t sp_cache_1024[FP_ENTRIES];
/* Index of last entry in cache. */
static THREAD_LS_T int sp_cache_1024_last = -1;
/* Cache has been initialized. */
static THREAD_LS_T int sp_cache_1024_inited = 0;

#ifndef HAVE_THREAD_LS
    static volatile int initCacheMutex_1024 = 0;
    static wolfSSL_Mutex sp_cache_1024_lock;
#endif

/* Get the cache entry for the point.
 *
 * g      [in]   Point scalar multiplying.
 * cache  [out]  Cache table to use.
 */
static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cache)
{
    int i;
    int j;
    uint32_t least;

    if (sp_cache_1024_inited == 0) {
        for (i=0; i<FP_ENTRIES; i++) {
            sp_cache_1024[i].set = 0;
        }
        sp_cache_1024_inited = 1;
    }

    /* Compare point with those in cache. */
    for (i=0; i<FP_ENTRIES; i++) {
        if (!sp_cache_1024[i].set)
            continue;

        if (sp_1024_cmp_equal_32(g->x, sp_cache_1024[i].x) &
                           sp_1024_cmp_equal_32(g->y, sp_cache_1024[i].y)) {
            sp_cache_1024[i].cnt++;
            break;
        }
    }

    /* No match. */
    if (i == FP_ENTRIES) {
        /* Find empty entry. */
        i = (sp_cache_1024_last + 1) % FP_ENTRIES;
        for (; i != sp_cache_1024_last; i=(i+1)%FP_ENTRIES) {
            if (!sp_cache_1024[i].set) {
                break;
            }
        }

        /* Evict least used. */
        if (i == sp_cache_1024_last) {
            least = sp_cache_1024[0].cnt;
            for (j=1; j<FP_ENTRIES; j++) {
                if (sp_cache_1024[j].cnt < least) {
                    i = j;
                    least = sp_cache_1024[i].cnt;
                }
            }
        }

        XMEMCPY(sp_cache_1024[i].x, g->x, sizeof(sp_cache_1024[i].x));
        XMEMCPY(sp_cache_1024[i].y, g->y, sizeof(sp_cache_1024[i].y));
        sp_cache_1024[i].set = 1;
        sp_cache_1024[i].cnt = 1;
    }

    *cache = &sp_cache_1024[i];
    sp_cache_1024_last = i;
}
#endif /* FP_ECC */

/* Multiply the base point of P1024 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * r     Resulting point.
 * g     Point to multiply.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
        const sp_digit* k, int map, int ct, void* heap)
{
#ifndef FP_ECC
    return sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap);
#else
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp;
#else
    sp_digit tmp[2 * 32 * 38];
#endif
    sp_cache_1024_t* cache;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 38, heap, DYNAMIC_TYPE_ECC);
    if (tmp == NULL) {
        err = MEMORY_E;
    }
#endif
#ifndef HAVE_THREAD_LS
    if (err == MP_OKAY) {
        if (initCacheMutex_1024 == 0) {
            wc_InitMutex(&sp_cache_1024_lock);
            initCacheMutex_1024 = 1;
        }
        if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
            err = BAD_MUTEX_E;
        }
    }
#endif /* HAVE_THREAD_LS */

    if (err == MP_OKAY) {
        sp_ecc_get_cache_1024(g, &cache);
        if (cache->cnt == 2)
            sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap);

#ifndef HAVE_THREAD_LS
        wc_UnLockMutex(&sp_cache_1024_lock);
#endif /* HAVE_THREAD_LS */

        if (cache->cnt < 2) {
            err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap);
        }
        else {
            err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k,
                    map, ct, heap);
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
    return err;
#endif
}

#else
#if defined(FP_ECC) || !defined(WOLFSSL_SP_SMALL)
/* Generate the pre-computed table of points for the base point.
 *
 * width = 8
 * 256 entries
 * 128 bits between
 *
 * a      The base point.
 * table  Place to store generated point data.
 * tmp    Temporary data.
 * heap  Heap to use for allocation.
 */
static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
        sp_table_entry_1024* table, sp_digit* tmp, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_1024* t = NULL;
#else
    sp_point_1024 t[3];
#endif
    sp_point_1024* s1 = NULL;
    sp_point_1024* s2 = NULL;
    int i;
    int j;
    int err = MP_OKAY;

    (void)heap;

#ifdef WOLFSSL_SP_SMALL_STACK
    t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap,
                                     DYNAMIC_TYPE_ECC);
    if (t == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {
        s1 = t + 1;
        s2 = t + 2;

        err = sp_1024_mod_mul_norm_32(t->x, a->x, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(t->y, a->y, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(t->z, a->z, p1024_mod);
    }
    if (err == MP_OKAY) {
        t->infinity = 0;
        sp_1024_proj_to_affine_32(t, tmp);

        XMEMCPY(s1->z, p1024_norm_mod, sizeof(p1024_norm_mod));
        s1->infinity = 0;
        XMEMCPY(s2->z, p1024_norm_mod, sizeof(p1024_norm_mod));
        s2->infinity = 0;

        /* table[0] = {0, 0, infinity} */
        XMEMSET(&table[0], 0, sizeof(sp_table_entry_1024));
        /* table[1] = Affine version of 'a' in Montgomery form */
        XMEMCPY(table[1].x, t->x, sizeof(table->x));
        XMEMCPY(table[1].y, t->y, sizeof(table->y));

        for (i=1; i<8; i++) {
            sp_1024_proj_point_dbl_n_32(t, 128, tmp);
            sp_1024_proj_to_affine_32(t, tmp);
            XMEMCPY(table[1<<i].x, t->x, sizeof(table->x));
            XMEMCPY(table[1<<i].y, t->y, sizeof(table->y));
        }

        for (i=1; i<8; i++) {
            XMEMCPY(s1->x, table[1<<i].x, sizeof(table->x));
            XMEMCPY(s1->y, table[1<<i].y, sizeof(table->y));
            for (j=(1<<i)+1; j<(1<<(i+1)); j++) {
                XMEMCPY(s2->x, table[j-(1<<i)].x, sizeof(table->x));
                XMEMCPY(s2->y, table[j-(1<<i)].y, sizeof(table->y));
                sp_1024_proj_point_add_qz1_32(t, s1, s2, tmp);
                sp_1024_proj_to_affine_32(t, tmp);
                XMEMCPY(table[j].x, t->x, sizeof(table->x));
                XMEMCPY(table[j].y, t->y, sizeof(table->y));
            }
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#endif /* FP_ECC || !WOLFSSL_SP_SMALL */
/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Stripe implementation.
 * Pre-generated: 2^0, 2^128, ...
 * Pre-generated: products of all combinations of above.
 * 8 doubles and adds (with qz=1)
 *
 * r      Resulting point.
 * k      Scalar to multiply by.
 * table  Pre-computed table.
 * map    Indicates whether to convert result to affine.
 * ct     Constant time required.
 * heap   Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g,
        const sp_table_entry_1024* table, const sp_digit* k, int map,
        int ct, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_1024* rt = NULL;
    sp_digit* t = NULL;
#else
    sp_point_1024 rt[2];
    sp_digit t[2 * 32 * 37];
#endif
    sp_point_1024* p = NULL;
    int i;
    int j;
    int y;
    int x;
    int err = MP_OKAY;

    (void)g;
    /* Constant time used for cache attack resistance implementation. */
    (void)ct;
    (void)heap;


#ifdef WOLFSSL_SP_SMALL_STACK
    rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
                                      DYNAMIC_TYPE_ECC);
    if (rt == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 37, heap,
                               DYNAMIC_TYPE_ECC);
        if (t == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        p = rt + 1;

        XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod));
        XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod));

        y = 0;
        x = 127;
        for (j=0; j<8; j++) {
            y |= (int)(((k[x / 32] >> (x % 32)) & 1) << j);
            x += 128;
        }
        XMEMCPY(rt->x, table[y].x, sizeof(table[y].x));
        XMEMCPY(rt->y, table[y].y, sizeof(table[y].y));
        rt->infinity = !y;
        for (i=126; i>=0; i--) {
            y = 0;
            x = i;
            for (j=0; j<8; j++) {
                y |= (int)(((k[x / 32] >> (x % 32)) & 1) << j);
                x += 128;
            }

            sp_1024_proj_point_dbl_32(rt, rt, t);
            XMEMCPY(p->x, table[y].x, sizeof(table[y].x));
            XMEMCPY(p->y, table[y].y, sizeof(table[y].y));
            p->infinity = !y;
            sp_1024_proj_point_add_qz1_32(rt, rt, p, t);
        }

        if (map != 0) {
            sp_1024_map_32(r, rt, t);
        }
        else {
            XMEMCPY(r, rt, sizeof(sp_point_1024));
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
    if (rt != NULL)
        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef FP_ECC
#ifndef FP_ENTRIES
    #define FP_ENTRIES 16
#endif

/* Cache entry - holds precomputation tables for a point. */
typedef struct sp_cache_1024_t {
    /* X ordinate of point that table was generated from. */
    sp_digit x[32];
    /* Y ordinate of point that table was generated from. */
    sp_digit y[32];
    /* Precomputation table for point. */
    sp_table_entry_1024 table[256];
    /* Count of entries in table. */
    uint32_t cnt;
    /* Point and table set in entry. */
    int set;
} sp_cache_1024_t;

/* Cache of tables. */
static THREAD_LS_T sp_cache_1024_t sp_cache_1024[FP_ENTRIES];
/* Index of last entry in cache. */
static THREAD_LS_T int sp_cache_1024_last = -1;
/* Cache has been initialized. */
static THREAD_LS_T int sp_cache_1024_inited = 0;

#ifndef HAVE_THREAD_LS
    static volatile int initCacheMutex_1024 = 0;
    static wolfSSL_Mutex sp_cache_1024_lock;
#endif

/* Get the cache entry for the point.
 *
 * g      [in]   Point scalar multiplying.
 * cache  [out]  Cache table to use.
 */
static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cache)
{
    int i;
    int j;
    uint32_t least;

    if (sp_cache_1024_inited == 0) {
        for (i=0; i<FP_ENTRIES; i++) {
            sp_cache_1024[i].set = 0;
        }
        sp_cache_1024_inited = 1;
    }

    /* Compare point with those in cache. */
    for (i=0; i<FP_ENTRIES; i++) {
        if (!sp_cache_1024[i].set)
            continue;

        if (sp_1024_cmp_equal_32(g->x, sp_cache_1024[i].x) &
                           sp_1024_cmp_equal_32(g->y, sp_cache_1024[i].y)) {
            sp_cache_1024[i].cnt++;
            break;
        }
    }

    /* No match. */
    if (i == FP_ENTRIES) {
        /* Find empty entry. */
        i = (sp_cache_1024_last + 1) % FP_ENTRIES;
        for (; i != sp_cache_1024_last; i=(i+1)%FP_ENTRIES) {
            if (!sp_cache_1024[i].set) {
                break;
            }
        }

        /* Evict least used. */
        if (i == sp_cache_1024_last) {
            least = sp_cache_1024[0].cnt;
            for (j=1; j<FP_ENTRIES; j++) {
                if (sp_cache_1024[j].cnt < least) {
                    i = j;
                    least = sp_cache_1024[i].cnt;
                }
            }
        }

        XMEMCPY(sp_cache_1024[i].x, g->x, sizeof(sp_cache_1024[i].x));
        XMEMCPY(sp_cache_1024[i].y, g->y, sizeof(sp_cache_1024[i].y));
        sp_cache_1024[i].set = 1;
        sp_cache_1024[i].cnt = 1;
    }

    *cache = &sp_cache_1024[i];
    sp_cache_1024_last = i;
}
#endif /* FP_ECC */

/* Multiply the base point of P1024 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * r     Resulting point.
 * g     Point to multiply.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
        const sp_digit* k, int map, int ct, void* heap)
{
#ifndef FP_ECC
    return sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap);
#else
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* tmp;
#else
    sp_digit tmp[2 * 32 * 38];
#endif
    sp_cache_1024_t* cache;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 38, heap, DYNAMIC_TYPE_ECC);
    if (tmp == NULL) {
        err = MEMORY_E;
    }
#endif
#ifndef HAVE_THREAD_LS
    if (err == MP_OKAY) {
        if (initCacheMutex_1024 == 0) {
            wc_InitMutex(&sp_cache_1024_lock);
            initCacheMutex_1024 = 1;
        }
        if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
            err = BAD_MUTEX_E;
        }
    }
#endif /* HAVE_THREAD_LS */

    if (err == MP_OKAY) {
        sp_ecc_get_cache_1024(g, &cache);
        if (cache->cnt == 2)
            sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap);

#ifndef HAVE_THREAD_LS
        wc_UnLockMutex(&sp_cache_1024_lock);
#endif /* HAVE_THREAD_LS */

        if (cache->cnt < 2) {
            err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap);
        }
        else {
            err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k,
                    map, ct, heap);
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
    return err;
#endif
}

#endif /* WOLFSSL_SP_SMALL */
/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * km    Scalar to multiply by.
 * p     Point to multiply.
 * r     Resulting point.
 * map   Indicates whether to convert result to affine.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
        int map, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_1024* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_1024 point[1];
    sp_digit k[32];
#endif
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
                                         DYNAMIC_TYPE_ECC);
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap,
                               DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        sp_1024_from_mp(k, 32, km);
        sp_1024_point_from_ecc_point_32(point, gm);

            err = sp_1024_ecc_mulmod_32(point, point, k, map, 1, heap);
    }
    if (err == MP_OKAY) {
        err = sp_1024_point_to_ecc_point_32(point, r);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifdef WOLFSSL_SP_SMALL
/* Striping precomputation table.
 * 4 points combined into a table of 16 points.
 * Distance of 256 between points.
 */
static const sp_table_entry_1024 p1024_table[16] = {
    /* 0 */
    { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
      { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
    /* 1 */
    { { 0xe0162bc2,0xbf9c7ec6,0x10a89289,0xddecc6e3,0x9e499d81,0x5d599df0,
        0x6d358218,0x9a96ea28,0x70c5f8db,0x01aec7d3,0x8cf5d066,0xe72e4995,
        0x3e91d7f8,0xc2e7297d,0xda9f2f5a,0x8621db92,0x5a5679ed,0x4b26c867,
        0x2c56aac1,0x233385df,0xc6a13f99,0xb88e74d4,0xffa8ec11,0x1214b173,
        0x1f3f9fef,0xa0386a27,0xc0e7b44e,0xbd9b1b4e,0xeecd3496,0xafe528dc,
        0x1c49f80b,0x8dfff96a },
      { 0xc03c0c83,0xb4a4753a,0xabcdcd75,0x68e69d18,0xf775b649,0xe3839b88,
        0xbf58f352,0x803f949a,0xbd0bc15c,0x5f702679,0x8ff298c2,0x85bf5d16,
        0xc6c7976e,0x3f6ebd98,0x45e3e1b4,0x20618af4,0x54e64093,0x67d5598e,
        0x504fed9e,0xb047283b,0x70d87517,0x450cabfd,0x3f5addbe,0x47d628bf,
        0x78cb4cca,0x0037ef30,0x6b1c4908,0x4e148d3c,0x4fcfd837,0xe256d329,
        0xde3c01f3,0x2aa1207b } },
    /* 2 */
    { { 0x755c2a27,0xcf3e0bb2,0x59585c44,0xd38e42f9,0x19285e60,0x46b13e0f,
        0x76273d0f,0xc3ecd0c0,0x193c569a,0x7800f085,0x4351818a,0xf04e74ab,
        0x8496363b,0x9258aa38,0xb8c894fe,0x8456617c,0x2af969a0,0x8bc62aaa,
        0x5a4668d9,0x66c2280b,0xa992f4fa,0xbc9df58e,0x3f401e99,0x5db0b7d9,
        0xc4c38c0e,0xe0614fe1,0x2ccdf6b3,0xd531151c,0xe143b618,0x1c7575ec,
        0xdf9398a4,0x40247985 },
      { 0x8f055746,0xfba25178,0x0ab1e6e0,0xc5ba0040,0xac292697,0xe1b194fb,
        0x5b4f4740,0x77152119,0x9bb7ba54,0x250091d0,0xb9a139a4,0x7a674861,
        0xf353aa7e,0xba8413b3,0x2443ceee,0xafe77192,0x3847bbd0,0x14468d36,
        0x3da4942d,0x61f79ff6,0xd425b456,0x1563a1c1,0x75ff4630,0x3c270fcd,
        0xeb2802c9,0x42072090,0xc85c7004,0x68f0cdcb,0xfa032e74,0xca4372fb,
        0xc8b79d80,0x1a6fd1e6 } },
    /* 3 */
    { { 0x8d5116a3,0x967a901a,0xb2f5f47f,0x0b844394,0x60ebaf3b,0xe39ad452,
        0x60ccfc0c,0x1e1be617,0xcc3f53f2,0xac07e3d2,0x1ed11bb6,0xdd838e0e,
        0x1c15b0c2,0x45475307,0x920fe5b8,0x70dd4748,0xe471896d,0x1a20be2d,
        0x59276c7c,0x3c3fad8a,0xc886ee07,0x026a1cc3,0x6e831ac4,0x9fdb6f37,
        0xac501d65,0x26a35d1a,0x40da8574,0x0ae98905,0xabd734e5,0x65dde0a4,
        0x15614750,0x29b7d4dc },
      { 0xcbf4e20b,0x44b3c2cb,0x58cc44c5,0x1c3f548f,0x5b0cac1f,0x39809b54,
        0x00f80621,0x0c0f02b5,0x066905e0,0xe612b890,0x8350188c,0x8f158ed7,
        0x3f5576b2,0xc01dc458,0xa45492e0,0x29803272,0x0ff92443,0x77a5623a,
        0x29d0dc41,0xd12a2b00,0x2780e87a,0xb4125459,0x0d53f272,0x1ebcf903,
        0x24301e8d,0xbae6ea40,0xa37d0798,0x1e5f3f2f,0x22b4126c,0x9342c310,
        0x5382497e,0x5d092802 } },
    /* 4 */
    { { 0x4b59213a,0xf5b495d0,0x8d70200e,0xca672039,0x2b6771c1,0x4bcb09a6,
        0x2b9eb0cb,0x26adeed4,0x8cdba212,0xeb544754,0xf08890d1,0x0e1abfcd,
        0x698e46b4,0x52509963,0x82e9c138,0xe1bff0b0,0x51099a71,0xa189e4cd,
        0xc9b91cc7,0x2360c9bc,0x137ec4be,0x9bd4d7dc,0xd1519f6e,0xd0356521,
        0xcf832503,0xbf5f6d78,0x8deea2b4,0xe4301031,0xef4c319c,0xc3132494,
        0x0f1fa7d7,0x2ab3bd47 },
      { 0x922c9fbb,0x5753b680,0x0f16c6d1,0x869e7dc8,0xbac16efc,0x83445135,
        0x846d1d9b,0x4326a3b4,0xb2d62c21,0xb517fee3,0x0b292ad5,0x6905afa2,
        0x2cadac13,0x2a57131a,0xebdbca8d,0xcd904d8f,0x3f365fb2,0xdfeda86f,
        0xdc7eaa1c,0x7097b208,0xa45e77c0,0x89a35a84,0xcf5d118e,0x417a062c,
        0x1f6e99e8,0x3c0c04a8,0xba7a087d,0xc44704b0,0x3ea22ad2,0x6f8a27d1,
        0x4c27d229,0x93a4b416 } },
    /* 5 */
    { { 0x1f1efb7a,0xd4271bc1,0x33fccc0d,0xae4e68e6,0xb11f50a8,0x9d9bc8f1,
        0xaf076089,0x5430398f,0x443d0e03,0x45e242fb,0xf6e3d4c1,0x73ec2519,
        0xba9bad09,0xab70f790,0xf9add10f,0xde612ad5,0x14e942b4,0xb837e54e,
        0xddb8b68a,0x175a56d3,0x1ac2a408,0xe85b233c,0xf0c80f94,0xf8ff6c30,
        0x898db4f9,0x4b7f3fb7,0x45a7dcdd,0xa2c6044f,0xfe3d3895,0xf3abb2f6,
        0x32ee7763,0x342ce0d7 },
      { 0xcf491b1f,0xeb261394,0x1909e395,0xdcaaeed7,0x9fe4dbea,0xdcc4055a,
        0x493d604d,0x17a6611d,0x1ce5ebef,0xba445a3a,0xe3989cb5,0xe82e2858,
        0x83f58406,0xb96f4282,0xa156cf55,0x99877b99,0x4e166a0e,0xaf906a66,
        0xb2976d13,0xcea1d353,0x36c61a01,0xefc16f27,0xb0f55d86,0xdb04c433,
        0x8eb34c01,0x3cb4b269,0x2ae60280,0x38d07f78,0x43be3ec5,0x43ac3bcb,
        0xe156fd20,0x455f4af3 } },
    /* 6 */
    { { 0x95532833,0x2e6fe0a6,0xd626d067,0xabca228e,0x649e73bd,0x22aef3d9,
        0xf03c4c0c,0x2083a87a,0x35169b45,0xe954e75d,0x74506a89,0x577509ee,
        0x2aeacf90,0x49cb276e,0xfa409f91,0x08275d77,0xf0bbd6b9,0x61eb6f3d,
        0xe4132704,0x948202cb,0xb1c498b1,0x35f3fc21,0x361fee59,0x76c68ba8,
        0x50e051f3,0xa18cbbd9,0x318e7042,0x2384a879,0x80dd1e8b,0x292abead,
        0x5c37c334,0x65713c29 },
      { 0xceb77b9a,0xdccca8e9,0x23b69469,0x2f97e727,0xa01d6b28,0xc76abee6,
        0x5abecdfe,0x3925203d,0x29290d70,0x89448082,0xb0314438,0xf9931424,
        0x7cd447c3,0x04209df1,0xc855c827,0x7c6f2059,0x56c0e069,0xd97d7862,
        0x412d94c4,0x5a9db6fe,0x994c41dd,0x19a64591,0xc89e21a3,0x12348aa1,
        0xc6a03f0e,0xd6904b50,0xa616feac,0x55c15156,0x7cc7693b,0x4e36d1b5,
        0x3bae3c38,0x6b0e996c } },
    /* 7 */
    { { 0xcceced00,0x32789fab,0xe5b7aa66,0x3237e71a,0x2ddebcdf,0x87b2e269,
        0xb61dad8f,0xb7245120,0xd35f803c,0xe11e5e48,0x98e50f0d,0xfb4df5d7,
        0xbcd2ab92,0x60ee68b4,0x1ce3363d,0x98ab2f5c,0x7cd42647,0x15ba39da,
        0x83f4fb3f,0x1a6572eb,0xe56f08db,0x0f77de88,0x172562c2,0x1743761e,
        0x8a58f0f4,0xbe349ff8,0x84d1d6e2,0xe04da71b,0x9e9ff3b4,0x368f0342,
        0x678223f8,0x4022a205 },
      { 0x83847375,0x527bbd05,0x3f451af0,0x3ae56b62,0x4b2c7f18,0x6198f24d,
        0x4525b98d,0xee323f5b,0x0e0884b5,0xa9d8d39a,0xfb12c776,0xd005d7f6,
        0x708bc154,0xd71c483e,0x742541bc,0x8ca6fd28,0xf8397ddb,0x0af3dccd,
        0x3eccf243,0xb80d3125,0x58d81b8d,0xc743a108,0x71391f68,0x3f48eb21,
        0x33bb657f,0x493aff88,0x07e47e31,0x1d15ed66,0xe08279f6,0x10159b11,
        0x24a6a956,0x312179cb } },
    /* 8 */
    { { 0xfb99cfe6,0x950323d3,0xc9334178,0x7b09bc26,0x7cbdfb6f,0x64111e41,
        0x89a75760,0x91141744,0x10919cb0,0x4c633df9,0x396bfd2f,0x715fc7c7,
        0x8cab62db,0x8ca19512,0x4db81aac,0x30672473,0xb4c4c54a,0xe67a246b,
        0xbf229646,0xd77ea0fa,0xfa5b5d70,0x5bed15f1,0xc2f192f3,0xa5686da5,
        0x7f6690ad,0xdecac72a,0xcaa50b7d,0x0c4af2a2,0x6049ad2f,0xf44631c1,
        0x04ecf056,0x325d2796 },
      { 0x4848c144,0xee11fb55,0xb6a7af32,0x4e062925,0x369e0f9a,0x125b68e1,
        0xca53b21e,0xad9bdae6,0x2e98ea1b,0xf50d605c,0x9f2fa395,0xbdb9e153,
        0xe91532f5,0x4570e32d,0x46a250d7,0x810698ae,0xad9d9145,0x7fd9546c,
        0x11e97a5e,0xabf67721,0x249f82e9,0xca29f7d5,0x9851df63,0xa9c539a9,
        0x71d0e3e5,0xfd84d54b,0x041d2b56,0xd1e0459c,0xfd80096a,0xceb3eb6e,
        0xe32a79d3,0x19d48546 } },
    /* 9 */
    { { 0xb540f5e5,0xfe19ee8f,0x04e68d17,0x86d2a52f,0xadbdc871,0xd2320db0,
        0xd03a7fc8,0xa83ad5a8,0x08bcb916,0x54bf83c7,0x2e51e840,0x092133ea,
        0xcb52dddf,0xbce38424,0x31063583,0xd5c7be40,0x458e3176,0xc1ebb9df,
        0xbc4dabbf,0xafb19639,0xc05725a8,0x36350fe4,0x84e1cd24,0xac4a0634,
        0xc145b8de,0xadf73154,0xb3483237,0x0aa6dd9e,0xcbff2720,0xa3345c3d,
        0xb4e453b0,0x1b3ace6c },
      { 0x90a8bdc5,0x0343e5e9,0x6306a089,0xa203bf9d,0x8e48520e,0x98489a35,
        0xde7d1d06,0xbd17debe,0x5f795d3f,0x8fafa6d7,0x387b0a3f,0xa4ceb630,
        0xffddeafa,0xe0166b32,0x7e764e02,0xa2fe2054,0xe871f304,0x55ab9824,
        0x952ec45e,0xa2bd36bb,0xa90d20ca,0x7b4c1484,0x75bcfb53,0x5319f387,
        0x6982c4e5,0x34238a4a,0xa102921d,0xa2bb61c7,0xdb3ab17e,0x1e061b64,
        0x192f0a14,0x538ec33e } },
    /* 10 */
    { { 0x576374c2,0xe53c7785,0x84727040,0xe60526d1,0x228ca044,0x8a066dc8,
        0xf1ce1313,0x1fe1c1b2,0xcdeb0c5d,0x2aeec832,0x9cbf826f,0xa7596699,
        0xde77a589,0xcd188e81,0x118d1254,0xe5ce0fe0,0x0790b86a,0xa142a984,
        0x39ac28ce,0xe28f043f,0x87de5804,0x4eef8290,0xf639a8c5,0x83c31b32,
        0x5887794f,0xd70454a7,0x18b1b391,0xca635d50,0x31d9c795,0xcefea076,
        0xb6f8aa25,0x13cbee76 },
      { 0x8d3f34f3,0x79cabe0f,0xa3617fe3,0xbda9c31c,0xdd9426a1,0xb26dee23,
        0xf29c9104,0xe9dd9627,0xe2c6cd3b,0x033eb169,0xfcba2196,0x8a73f492,
        0xb858c83c,0x92e37e0b,0x23b3fbb7,0xe4f2aca6,0x64be00a2,0x8101fb1e,
        0x948f6448,0x91a7826a,0x907260e7,0x414067b4,0xe30bb835,0xf774aa50,
        0xc999c06e,0xf922ca80,0x0ba08511,0x6b8635b9,0x25fa04f0,0xbf936b5c,
        0xe02e8967,0x4e0a1ada } },
    /* 11 */
    { { 0x8ba29c4d,0x00ca6670,0x22988094,0xc08240ce,0x16dda752,0x21c5ca67,
        0xabbbfa34,0x689c0e45,0x3ed28b72,0x1d7545fd,0xd7c56ab4,0x5f221198,
        0x38759d65,0x4b3d8f74,0x8fe50b89,0x93490dfb,0xe80eba16,0xb641f5d7,
        0x79acb537,0x7b0da5eb,0x0c1d5e5e,0xab6b1497,0xa5da429a,0x2338e68d,
        0x2f6d2f25,0xe010c437,0x6530f3a7,0x226f16d2,0xcbef08bc,0xefb0f7b6,
        0x9f99c999,0x733e30d9 },
      { 0xa42a38f9,0xecfe1582,0x4730b500,0xaec2d58e,0xde976b2c,0x2ee2f2a7,
        0xa969c1bb,0xf0539db5,0xfcecdb4a,0x31954168,0xe7a8e902,0xf2f7348a,
        0x3121541f,0x1d58d7cc,0x2202ae52,0x5d25b75c,0xf40835a7,0xdea9965a,
        0x529b4e46,0x3feb6a41,0xbd27ad9b,0x5c97fb6f,0x261f900b,0xd87554c0,
        0x04d5b19e,0xb43031d9,0xcb219b9c,0x33d5e9b8,0x3ee00bcf,0x7a43d492,
        0xb79a5c0c,0x56facb39 } },
    /* 12 */
    { { 0x7c834915,0x667eaed6,0xbc5eb64d,0x9f77aa6a,0x25d62011,0x729ebcb6,
        0x699fd9c2,0x0aee24f2,0x2b8d4f6c,0xe1eb5874,0x14c976d6,0x7f12710c,
        0xf6d9ea65,0x91390335,0x06b50064,0x668b7049,0x0876ee4f,0x65969a0e,
        0x2f9d9360,0xf901bf3f,0xb499e3ce,0xfb1a8651,0xf2dbcaaa,0x80b953fb,
        0x973b06b6,0x312cc566,0x3af36c64,0x3534d9c3,0x10ffd815,0xe4463a52,
        0xf18c2b91,0x57ea2b4b },
      { 0x8aa0f2f2,0x00f5e162,0x0e46bcaa,0x8c7e75c5,0xa4a2c42d,0x97ab479a,
        0x14baa202,0xb4f308ea,0x6943cc2e,0xa901bd14,0xeed58804,0xbb125fee,
        0x9d180f7c,0x6502c8f9,0x1580c61c,0xe5353919,0x27101ee3,0x7e278069,
        0xfaa72717,0x7a0a40a1,0x4c75b153,0x32edce02,0x538f1c22,0xda23660b,
        0xbe307d2e,0x4d511e98,0x9baee0b4,0x24276e40,0x7ff1f307,0xa78c3927,
        0xea7935c9,0x60480b46 } },
    /* 13 */
    { { 0x3872ece3,0x31087d66,0x955b70f8,0x5f29be7d,0x9cf95bb8,0xb50b4fc7,
        0xdbffa621,0xbae3b58d,0xe022ba5d,0x0e61d280,0x4181449c,0x78ae5117,
        0xcf555485,0x0b132840,0xb8ce0b0e,0x800ed1b6,0x78d5de3d,0x35dffdd5,
        0x69a56b47,0xf7e42374,0x8d910ae7,0xd5e32369,0x6313c7c7,0xb6ff52a0,
        0xa92de9e5,0x5a2fe20d,0xd12110bb,0x41b347d3,0x40c16f23,0xc5905edb,
        0x9a8f88cc,0x0774a0d3 },
      { 0xe3b6c106,0x3ae181ab,0x8de150b7,0x4ebe163f,0x6f354836,0xcf75b82f,
        0x3ac7ac16,0xaa0d2063,0x291722af,0x5c680668,0x11545553,0x73941e61,
        0xbf5de3f7,0x17127e38,0x1afb41da,0x32cfdf03,0x87bc8663,0xc6893c91,
        0xa62c9c99,0x75046744,0x962c1947,0x96866e2d,0x378cdf4c,0x489ec8df,
        0x3407fa32,0x3a60709b,0x551290d1,0xd37d2159,0xbab92273,0x9623d303,
        0x2432014b,0x08151954 } },
    /* 14 */
    { { 0xb05f2b26,0x569044f3,0x80b9f76c,0xb35a294a,0x4290f6ae,0x8839fe28,
        0x026a5877,0x761cfb23,0x2e5ff9c3,0x768926b6,0x0b11c576,0xbae6cd20,
        0x72a03efe,0xdc857756,0xe1bad63a,0x0cae074a,0xd709d99c,0x3fe491a1,
        0x6501d9c1,0x76c5ded6,0xc32aeff7,0x1da6eca1,0xc57683e8,0x50849d55,
        0xdf98d847,0x9e392e9c,0x64d9a564,0xfad7982f,0xa37b98b2,0xf7c3bdb7,
        0xf0860497,0x1fe09f94 },
      { 0x7648cc63,0x49a7eaae,0x67cfa714,0x13ea2511,0x653f4559,0xfc8b923c,
        0x81a16e86,0xd957619b,0x3c864674,0x0c7e804b,0x1616599a,0xfc88134a,
        0x0a652328,0x366ea969,0x4bc9029e,0x41532960,0xae2aad2b,0xef9e1994,
        0x7f10bef5,0x9e2a8c52,0xc67bf860,0x73dcb586,0x844cc25d,0xf61a43fa,
        0x74eb3653,0xd74e7eea,0xdd240f02,0xf3356706,0xfd83bcb4,0xeec7694c,
        0xdb62526a,0x4de95786 } },
    /* 15 */
    { { 0x3deac2f7,0x4867d315,0xb61d9a8e,0xa084778a,0x0ab7b2d5,0xf3b76f96,
        0xcfdf4f79,0x00b30056,0x31ab8f4b,0xd0701e15,0x9c779d01,0x07f948d5,
        0x82675371,0x7c994ebc,0x48bad4c0,0x1104d4ee,0xbfc9d058,0x798ce0b5,
        0x309fa80b,0xc7ca898d,0xacb33eaf,0x0244f225,0x5b2f3175,0xd51e8dfc,
        0xa4d7be34,0x3e49ba6b,0xbda02b43,0x1760f4c7,0x4435275a,0x37e36a7e,
        0xe636980c,0x1c94418b },
      { 0x09dc1414,0x43a21313,0x43c93537,0x060765fc,0xdf5f79ce,0x6ff3207a,
        0x85d4cfca,0x6f18b1fa,0x63e995ab,0xf5c4272e,0xa82b3002,0x121a09e4,
        0x97147f16,0x82b65d1b,0x20a7fe26,0x4993c20c,0xe6716726,0x99c9cb98,
        0xfeb440a0,0x5a02d673,0x251b4bc5,0x3f3fa9e1,0xa05338ea,0x75dbc474,
        0x7b09f6cb,0x3cb4044b,0x80434609,0x6767da18,0x098ceac2,0x97851422,
        0xb55235ba,0x611bfbb2 } },
};

/* Multiply the base point of P1024 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Stripe implementation.
 * Pre-generated: 2^0, 2^256, ...
 * Pre-generated: products of all combinations of above.
 * 4 doubles and adds (with qz=1)
 *
 * r     Resulting point.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_1024_ecc_mulmod_base_32(sp_point_1024* r, const sp_digit* k,
        int map, int ct, void* heap)
{
    return sp_1024_ecc_mulmod_stripe_32(r, &p1024_base, p1024_table,
                                      k, map, ct, heap);
}

#else
/* Striping precomputation table.
 * 8 points combined into a table of 256 points.
 * Distance of 128 between points.
 */
static const sp_table_entry_1024 p1024_table[256] = {
    /* 0 */
    { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
      { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
    /* 1 */
    { { 0xe0162bc2,0xbf9c7ec6,0x10a89289,0xddecc6e3,0x9e499d81,0x5d599df0,
        0x6d358218,0x9a96ea28,0x70c5f8db,0x01aec7d3,0x8cf5d066,0xe72e4995,
        0x3e91d7f8,0xc2e7297d,0xda9f2f5a,0x8621db92,0x5a5679ed,0x4b26c867,
        0x2c56aac1,0x233385df,0xc6a13f99,0xb88e74d4,0xffa8ec11,0x1214b173,
        0x1f3f9fef,0xa0386a27,0xc0e7b44e,0xbd9b1b4e,0xeecd3496,0xafe528dc,
        0x1c49f80b,0x8dfff96a },
      { 0xc03c0c83,0xb4a4753a,0xabcdcd75,0x68e69d18,0xf775b649,0xe3839b88,
        0xbf58f352,0x803f949a,0xbd0bc15c,0x5f702679,0x8ff298c2,0x85bf5d16,
        0xc6c7976e,0x3f6ebd98,0x45e3e1b4,0x20618af4,0x54e64093,0x67d5598e,
        0x504fed9e,0xb047283b,0x70d87517,0x450cabfd,0x3f5addbe,0x47d628bf,
        0x78cb4cca,0x0037ef30,0x6b1c4908,0x4e148d3c,0x4fcfd837,0xe256d329,
        0xde3c01f3,0x2aa1207b } },
    /* 2 */
    { { 0x01900955,0xa95b6dae,0xceb4656d,0xa5dc9cc1,0xe72fe95b,0x50c78907,
        0xa040c334,0xa1ae5447,0x7952ea6e,0x91191370,0x6d097305,0x54ff7343,
        0xbda4d10f,0xa4db0074,0x91644070,0xfd5306f1,0x8b24522c,0x14b9fe73,
        0x7849f762,0x1468dad6,0xb0dcd2e4,0x87b29a18,0x5e1ad492,0xadd7f1a1,
        0xdbba2a1a,0x9ac63a81,0x81223379,0x01379c5b,0xb0e53bc8,0xf402b2f0,
        0x0bf13b61,0x8c3eb27f },
      { 0xe513696f,0x9a4ad3e1,0x18c81ffa,0x0350ba5c,0x3c033d13,0x1e2fc136,
        0x17a531bc,0x53da6e71,0x1aed610d,0x42ec6490,0xe99ff567,0xd33e8df7,
        0x3deed12a,0xe4aad73e,0x180f4deb,0xd983b465,0x502f30b4,0x99365269,
        0xa8918d7f,0x7e2799ab,0x700fc79a,0x0ffe84b6,0x40bfd8c2,0x7b4400d6,
        0x5d2641bd,0xc3a21d21,0xc32621cb,0x79839442,0xb1401e83,0xace6500b,
        0x251c4310,0x7bf4163e } },
    /* 3 */
    { { 0xe3fd589e,0x1c174f88,0xdf974a03,0xdb501790,0x3e70549f,0xd09623e3,
        0x15924f34,0x8d091eff,0xf9b65ac5,0xeef79cad,0x3f69c2cf,0xd2cc4262,
        0x52cd82bc,0x817d9032,0xa5f1dddd,0xacf4f4d9,0x5011b6bd,0xd0612635,
        0x2ed140c9,0x9f74490d,0x4db686d2,0x64092e8c,0x776b0fcc,0x225eef16,
        0xdf16aeb6,0x0e8c01e9,0x84bbd82a,0x62836741,0x8956e337,0x757574e2,
        0x705a7f07,0x9871edc6 },
      { 0x776535f7,0xbd0b76d5,0x2635b3b8,0x5214d602,0x9d216f64,0xc0c25ad9,
        0x5515bf75,0xfd4df3a7,0x5e9f1675,0x24a625bc,0x406873e7,0x3c35efb7,
        0xbb2e5c4a,0xef5c9a33,0x806b198a,0xa971b35e,0xa3c690ed,0x9f5c0ca5,
        0x8e1e2341,0xa8d5dd89,0x955ad9e4,0x4cecbcce,0x248d3416,0x2ecf4407,
        0x45c0af6e,0x1abb3811,0x1c780fff,0x3f4bee82,0xc272ed57,0xd14df768,
        0x371637ad,0x397ed10a } },
    /* 4 */
    { { 0x755c2a27,0xcf3e0bb2,0x59585c44,0xd38e42f9,0x19285e60,0x46b13e0f,
        0x76273d0f,0xc3ecd0c0,0x193c569a,0x7800f085,0x4351818a,0xf04e74ab,
        0x8496363b,0x9258aa38,0xb8c894fe,0x8456617c,0x2af969a0,0x8bc62aaa,
        0x5a4668d9,0x66c2280b,0xa992f4fa,0xbc9df58e,0x3f401e99,0x5db0b7d9,
        0xc4c38c0e,0xe0614fe1,0x2ccdf6b3,0xd531151c,0xe143b618,0x1c7575ec,
        0xdf9398a4,0x40247985 },
      { 0x8f055746,0xfba25178,0x0ab1e6e0,0xc5ba0040,0xac292697,0xe1b194fb,
        0x5b4f4740,0x77152119,0x9bb7ba54,0x250091d0,0xb9a139a4,0x7a674861,
        0xf353aa7e,0xba8413b3,0x2443ceee,0xafe77192,0x3847bbd0,0x14468d36,
        0x3da4942d,0x61f79ff6,0xd425b456,0x1563a1c1,0x75ff4630,0x3c270fcd,
        0xeb2802c9,0x42072090,0xc85c7004,0x68f0cdcb,0xfa032e74,0xca4372fb,
        0xc8b79d80,0x1a6fd1e6 } },
    /* 5 */
    { { 0x8d5116a3,0x967a901a,0xb2f5f47f,0x0b844394,0x60ebaf3b,0xe39ad452,
        0x60ccfc0c,0x1e1be617,0xcc3f53f2,0xac07e3d2,0x1ed11bb6,0xdd838e0e,
        0x1c15b0c2,0x45475307,0x920fe5b8,0x70dd4748,0xe471896d,0x1a20be2d,
        0x59276c7c,0x3c3fad8a,0xc886ee07,0x026a1cc3,0x6e831ac4,0x9fdb6f37,
        0xac501d65,0x26a35d1a,0x40da8574,0x0ae98905,0xabd734e5,0x65dde0a4,
        0x15614750,0x29b7d4dc },
      { 0xcbf4e20b,0x44b3c2cb,0x58cc44c5,0x1c3f548f,0x5b0cac1f,0x39809b54,
        0x00f80621,0x0c0f02b5,0x066905e0,0xe612b890,0x8350188c,0x8f158ed7,
        0x3f5576b2,0xc01dc458,0xa45492e0,0x29803272,0x0ff92443,0x77a5623a,
        0x29d0dc41,0xd12a2b00,0x2780e87a,0xb4125459,0x0d53f272,0x1ebcf903,
        0x24301e8d,0xbae6ea40,0xa37d0798,0x1e5f3f2f,0x22b4126c,0x9342c310,
        0x5382497e,0x5d092802 } },
    /* 6 */
    { { 0xff2f780d,0x583a2b7e,0xd7d76b1d,0x34d26820,0x86f74aec,0xe3c32847,
        0x10823feb,0x0fd42212,0xfb5e7bf4,0x227e417e,0xa568f8cd,0x510d49b6,
        0x1781bbec,0x53bce7d6,0x2f3718b7,0x9cfe3f22,0xd9de6c1f,0x7f44e89f,
        0x3fac9b55,0xf1cc553f,0xe6f300bc,0x9d2d0846,0x9f0ae6b1,0x976c82a2,
        0x24b8bbe0,0xe63dbf5e,0x973a5aa7,0x4cac7f45,0x84dd33c7,0xc6eb6237,
        0x142fee5d,0x0a26e434 },
      { 0xacaa9a08,0x8081339f,0x5246ece1,0x40f31105,0x61393747,0x892c8170,
        0x242f02e1,0x8d8d4103,0x3b5de98a,0x482bfd20,0x5abbe952,0x89ef946b,
        0x37698249,0xb8d218b9,0x66617c7a,0xd5268e89,0x8b7d2b91,0x962e7551,
        0xfe8d67c3,0x2c5c7973,0x2b017c51,0x42e3150a,0xc1a29469,0x6f4e5ebc,
        0x531c7083,0xa39910ce,0xb77b9e50,0xaf4f6eb4,0xda120ad0,0x68cbb175,
        0xb92636ec,0x19497c61 } },
    /* 7 */
    { { 0x417659a8,0x6920b0c6,0x92cb28ff,0xc77ab9c7,0xb687797f,0x55b67180,
        0xe7759363,0x4caf58c1,0x5561b186,0x5155bdb6,0x780f4946,0x2e64e355,
        0x229a8b20,0xeb0ac9b7,0x2571bd60,0x88594d78,0xe3fa78f9,0x5dcc0939,
        0x2ac2d379,0x7b8b4830,0xb90f1444,0x505fbf60,0x3ce4b3c1,0xac610e81,
        0xd59b5c18,0x39a4f27a,0x7cea0222,0x5fa33973,0x8dff1c7b,0xe578730b,
        0x517bf7a6,0x96b91b8b },
      { 0x9aac087c,0xc1a991f4,0x6cfdb28d,0xce62f74e,0x5f7600d6,0x08d6ff9a,
        0xf917f9c9,0xd781cd04,0x3de52dbf,0x7796f5f6,0x2ed72180,0xe7db64e0,
        0x6fa4137d,0x0f0876f6,0x3ca1f716,0x3271ee64,0x7c4ab8a3,0xcb9b2058,
        0x39481047,0xcba17107,0x598c5c37,0xdf9a190d,0x6f20e125,0x0cb6e72a,
        0xf4f2902d,0xa3142204,0x7ce2dcfb,0x42d28cb9,0xa3d3c351,0xdf261b8a,
        0xcffc249d,0x73f3d315 } },
    /* 8 */
    { { 0xe6fd3673,0x5d86855b,0x9d214b7b,0x309b70af,0xdcc46cd3,0x8d332f90,
        0x595510de,0xe553c015,0x38c1251c,0x5746a096,0x85cc1bc9,0xcd7cea5b,
        0x002eba8f,0x4ffa1468,0x22fcd77c,0x10a3cb70,0xc4ea05e3,0xb6999dfb,
        0x4efa756e,0x3375a0d0,0xdced5fd8,0x4d90279e,0x251fd56e,0x48192403,
        0x82a4c5f1,0xe87633a4,0x1b34105b,0x3170d130,0x7247e578,0x93998b0f,
        0x436ba1fa,0x88934f64 },
      { 0x4713eabc,0xf09f43b0,0xaccdc517,0x4ca7dd91,0xef13ca7c,0x27daa63b,
        0x2588184b,0x8b2e5a7a,0xd95dc269,0x0a8cb612,0xe1f2f14c,0x346975a2,
        0xe172935c,0x1f29b8ed,0xd40bc1e3,0xc3cbfd6e,0x132623da,0xd3f46b3f,
        0xfb0b7681,0xc115be6d,0x56da4344,0x5e31c345,0xa8e43d98,0xa7c63f18,
        0x4bddb4ea,0x55cb2083,0x4a54f58c,0xb16a0c38,0x46fd69d9,0x74eacca2,
        0x153548e1,0x0d1898bb } },
    /* 9 */
    { { 0xe35ef043,0x4ea73461,0x3496b564,0x107b67d9,0xd0f83a3c,0xd62c173b,
        0x51d29c35,0xfad4b038,0x71b1c1a4,0x3f42882a,0x54b43b9e,0x5d2bcf66,
        0x2abdf543,0xc77b15aa,0xdabe3dc1,0x5cb38a80,0xa481673b,0x15fda0ae,
        0xe7b90ebe,0x86996b4d,0x2bc8f3d8,0x84f87e25,0x37c4e424,0xaded03d6,
        0xd7a7afd8,0xe5ede666,0xa1ccb93a,0x80dd95a2,0x46fba391,0xa55cfd25,
        0x46f82e60,0x2bdab1dc },
      { 0xfa6fed61,0x7a4de22b,0xcc8dd94e,0xca458aa5,0x071222f5,0x3e372df1,
        0xe5aff377,0x06a4b44f,0x4a738e6d,0xbc2d0ba7,0x5f31f136,0x1a470e1d,
        0xe102a911,0x77ff933a,0x310c7885,0x8b380a50,0x783fc5ac,0x9f3c0228,
        0x44725d06,0xec668925,0x5ac84221,0x878f0e16,0xcfda6e8a,0x9a3af1af,
        0x78cd2aba,0x0183ed37,0x826d0eae,0x32cdbd60,0xcbee6415,0xb3234661,
        0xb9c10120,0x353eb892 } },
    /* 10 */
    { { 0x10b5521e,0xc8fdcad6,0x52e702f0,0x1a11b440,0x8ffda49c,0x6302680d,
        0xcbf36bad,0xcdb9654a,0x4c10a2d7,0x7b58ce11,0xe630e7e0,0x1e5d1f7d,
        0x6760a813,0x8cbe3d7d,0x6480d77f,0xeb35866b,0x7f036219,0x58728cf3,
        0x42a8a757,0xdd5865ed,0x906a2870,0x283f1f1d,0xa51f906b,0x79e23fa4,
        0x543b20a8,0xf2ac6e83,0xb81e7754,0x4f0b6379,0x840016ee,0x57fbc0d4,
        0xe621b67d,0x8da20771 },
      { 0xecce65ec,0x3c855004,0xb748185e,0x76d10d1f,0x78797ad2,0x64be7bca,
        0x77e54aad,0x43444db0,0xbe0df0ff,0x17b6b0c9,0x055086a4,0x8fc4256c,
        0xfd74d5a3,0xf952c43b,0x01c4edb8,0x501e005a,0x4a57e328,0xd5172dfc,
        0x535d6ee3,0xdb40ce4e,0x0c650918,0xbaef1e5c,0x857561fc,0xe85145e7,
        0x34a224c6,0xe468536a,0x0ec0e0a2,0x69a8e227,0x242b03fc,0xb3f52247,
        0xc3bebd5f,0x862f55e2 } },
    /* 11 */
    { { 0x226049fe,0x2d6a390f,0xdcbbc9fb,0xcc92a578,0x97634fb7,0xa52feca4,
        0x3dea5893,0x2b340cb6,0x2a49e916,0xa39f338a,0x949e41f3,0x26b2df3d,
        0x065a7e40,0xc71c7cdb,0x468281a2,0x4a9b84a0,0x731eeeca,0x63eeb503,
        0x76cbb725,0xe6d09134,0xb94a678c,0x0cf979a9,0x808fd9f1,0xb44d8c3b,
        0xe0afc5b9,0xe60da613,0x3ea5be69,0x52dce7de,0xdc1ee74f,0x3a5d6864,
        0x3bc80790,0x71ab2891 },
      { 0x3b5b60ad,0xcf618fc4,0x4a0c3184,0x0afb5e30,0xbc403302,0xd22381cc,
        0xdb1c0c66,0x33cf8953,0xa6112a8d,0x9c994e4d,0xd1967a86,0xd7aae2c3,
        0x5b7acd29,0xc28d5493,0x6c9a57fb,0x8075bd13,0x9c8427f9,0xc9c0373e,
        0x193225f5,0x2cbca18d,0x442c018c,0x73777d13,0xfbb3a727,0xebe5ed47,
        0x1962dc18,0x70437d49,0x2dc08806,0xf39c1e09,0x15fff35c,0x03e9c6f7,
        0x5e360a65,0x8d087bb6 } },
    /* 12 */
    { { 0x3fdc1844,0xbe212302,0x105eac56,0x6eca27ef,0xf168a348,0x2183a606,
        0xe1d7a4cb,0x295f807d,0x7ef5d43e,0x7246a632,0xc77025c7,0xae143205,
        0xf3484e3e,0x4bdfc7ca,0xdf52c075,0xec939895,0xd7a9cac0,0x82e655f6,
        0x8baeddb0,0x985dfe20,0x527de731,0x79c817e4,0x313de1ea,0x30ce0fbc,
        0xcc4f6cbb,0x9df95b89,0xf5bb20cd,0xf2aedf1e,0x1a8cfb01,0xfc1e0a89,
        0x63edb7ec,0x225ed34a },
      { 0xbabb1a85,0x3e13154d,0x1e6a565a,0xd3d8dae7,0xab4b100f,0xd3217d56,
        0xebc78e1a,0xd44d934e,0x48e73d37,0x0215321b,0x201e43cb,0xbbc90bfa,
        0x27500905,0x3c23f1d0,0xc86691a1,0x2a2e5000,0x6065841c,0x08b2bad2,
        0x30026b60,0x15d41caf,0x5276ce61,0x1712c2f4,0x15932ffb,0x01c4c3e7,
        0x6a74caf2,0x7894e13d,0x0c0537a4,0x02d6f5df,0xc2b1c97e,0xa8fb7602,
        0xd0887c7b,0x612b60e5 } },
    /* 13 */
    { { 0xba245d6b,0xefd495cf,0xa2ce3ff6,0x5cf0cbb7,0xdff5feee,0x24da2ac0,
        0xcf28c6a3,0x90c914f8,0x4308a56b,0x72fdb50d,0x13d72034,0x03dbf779,
        0x822ac9e9,0xcfa5ec91,0x3aea3e81,0x0dde73c8,0x66289139,0x545ba962,
        0xca6acbd3,0xa52f648b,0x98a0683a,0xff6f276e,0xa378ed52,0x2536d3ac,
        0x885ac1d9,0x353c2c54,0x00bc84a7,0xcaff52da,0x37684167,0x3971f81c,
        0xd2d7986e,0x0f7334e1 },
      { 0x6596067e,0xafbb5c83,0x38c19806,0x33e54e19,0x39cb0dcc,0x8285d967,
        0x424035f9,0x2b53f43d,0xdfef9095,0x38c531f8,0xdb0f571a,0x90fbe8e4,
        0xa39ca787,0x9a0c1ed2,0x606f2620,0x2fecc1d6,0x72b7cb4a,0x9dc890b1,
        0xccbb7868,0xc33ca6fb,0xfe73ee49,0xd1b11082,0xfcb66c48,0x590b7d17,
        0x86e14573,0x9356b0a6,0x053ead85,0x75d682c4,0xc54d30fb,0xb2ae55fa,
        0xf8aee949,0x67636a72 } },
    /* 14 */
    { { 0xb91d6bea,0x638063bc,0x923ecb96,0xae263a2e,0xc627aca6,0x9d7b0992,
        0x77af9e7e,0xc6ed001a,0x24aafebb,0x9214accf,0x78055a90,0xa3564b96,
        0xe027499d,0x00999b1c,0xe46a06a5,0xe413a4e1,0x2e51efe7,0xa05d13f6,
        0x9ba843be,0x35e87d34,0x3183159e,0x0a633825,0x54601923,0x6023e8ba,
        0xb7fd1cf2,0x9b107721,0xfdf2fd53,0x46b5542b,0x1c18af38,0xb314f4f8,
        0x60ac8965,0x086f9876 },
      { 0x8cbb9850,0x76701954,0xa20d2c8c,0x6210b730,0x5335670c,0x4084d057,
        0x0324baea,0x3ecdc595,0xc76ee9b4,0x607fc5f2,0x440ffa64,0xf393d00f,
        0x2dc1463c,0xe0111796,0x9c7725e7,0xf00b8251,0x5bd1d186,0x35e60736,
        0x2cf72aac,0xf3d8554c,0xefa3497d,0xb4dd0fde,0xf646ad11,0xd712268c,
        0x9f7b8ead,0x07c20afb,0xfc06dfe5,0x630969d4,0x7245549a,0x76b7df1c,
        0xe61ae810,0x681f9403 } },
    /* 15 */
    { { 0xc9a0623b,0x7cad5163,0x67fab8d4,0xdbf82957,0x81af7c7c,0x2ccab0ec,
        0xe966d5c2,0x469e38c8,0xf0d4e41c,0x34430d52,0xa52b359c,0x426075a2,
        0x33bd0127,0x242dd3e3,0x9fed2341,0xcda3f635,0xd7d52ffa,0x4df33730,
        0x7640c3ef,0x5fff56f0,0x1bbde57c,0x4783c21c,0xeb8bb336,0xd8784a2a,
        0xead08405,0x1ec7c533,0xf9b62bd4,0x4b7f1423,0x7075d4af,0x5543145c,
        0xba60590a,0x0c9de94a },
      { 0x95d5682b,0x8ed72735,0x2ec276ed,0x711c4283,0x8b36a0d2,0xd1f4aed5,
        0x8498a88f,0x62ab40c4,0x4480f451,0x58c8fc62,0xb79cffe2,0x8bc8ca4b,
        0x701a359d,0x90ab583c,0x3fd5d15d,0xaee31a73,0xc912333c,0x02a5597b,
        0xb6c3e3c2,0x1019cae4,0x29938088,0xe513042c,0xf47c8199,0x0e00283d,
        0xf2a00e92,0x90d68e58,0xa775ae3b,0x69e2df41,0x871c30b2,0xb8d2eca5,
        0xbb1de396,0x733dca0e } },
    /* 16 */
    { { 0x4b59213a,0xf5b495d0,0x8d70200e,0xca672039,0x2b6771c1,0x4bcb09a6,
        0x2b9eb0cb,0x26adeed4,0x8cdba212,0xeb544754,0xf08890d1,0x0e1abfcd,
        0x698e46b4,0x52509963,0x82e9c138,0xe1bff0b0,0x51099a71,0xa189e4cd,
        0xc9b91cc7,0x2360c9bc,0x137ec4be,0x9bd4d7dc,0xd1519f6e,0xd0356521,
        0xcf832503,0xbf5f6d78,0x8deea2b4,0xe4301031,0xef4c319c,0xc3132494,
        0x0f1fa7d7,0x2ab3bd47 },
      { 0x922c9fbb,0x5753b680,0x0f16c6d1,0x869e7dc8,0xbac16efc,0x83445135,
        0x846d1d9b,0x4326a3b4,0xb2d62c21,0xb517fee3,0x0b292ad5,0x6905afa2,
        0x2cadac13,0x2a57131a,0xebdbca8d,0xcd904d8f,0x3f365fb2,0xdfeda86f,
        0xdc7eaa1c,0x7097b208,0xa45e77c0,0x89a35a84,0xcf5d118e,0x417a062c,
        0x1f6e99e8,0x3c0c04a8,0xba7a087d,0xc44704b0,0x3ea22ad2,0x6f8a27d1,
        0x4c27d229,0x93a4b416 } },
    /* 17 */
    { { 0x1f1efb7a,0xd4271bc1,0x33fccc0d,0xae4e68e6,0xb11f50a8,0x9d9bc8f1,
        0xaf076089,0x5430398f,0x443d0e03,0x45e242fb,0xf6e3d4c1,0x73ec2519,
        0xba9bad09,0xab70f790,0xf9add10f,0xde612ad5,0x14e942b4,0xb837e54e,
        0xddb8b68a,0x175a56d3,0x1ac2a408,0xe85b233c,0xf0c80f94,0xf8ff6c30,
        0x898db4f9,0x4b7f3fb7,0x45a7dcdd,0xa2c6044f,0xfe3d3895,0xf3abb2f6,
        0x32ee7763,0x342ce0d7 },
      { 0xcf491b1f,0xeb261394,0x1909e395,0xdcaaeed7,0x9fe4dbea,0xdcc4055a,
        0x493d604d,0x17a6611d,0x1ce5ebef,0xba445a3a,0xe3989cb5,0xe82e2858,
        0x83f58406,0xb96f4282,0xa156cf55,0x99877b99,0x4e166a0e,0xaf906a66,
        0xb2976d13,0xcea1d353,0x36c61a01,0xefc16f27,0xb0f55d86,0xdb04c433,
        0x8eb34c01,0x3cb4b269,0x2ae60280,0x38d07f78,0x43be3ec5,0x43ac3bcb,
        0xe156fd20,0x455f4af3 } },
    /* 18 */
    { { 0x754ec21c,0xc057f262,0xe3a1ba38,0x3eacd4c9,0x116c1fe9,0x3a0210d1,
        0xeacc8ab6,0xe4ea4e94,0xea6f32ca,0x31c00c9a,0x86b975ce,0x5cb6239d,
        0xa14ea1e9,0x654d5d8c,0x5067fc8b,0x230d31f4,0x6355fecb,0x48bb90cb,
        0xdc172e8e,0x78f81ece,0xcb006737,0x288380a8,0xe162d012,0x19b02e01,
        0xc5af145c,0x0e087a06,0xb72dc354,0xf04dc8b7,0x8de3c066,0xf70ef214,
        0x13009fb7,0x4f148243 },
      { 0x6e2055e2,0x5e004fce,0x86c32067,0x89e247ea,0x5f9daaa2,0x4ebcbd95,
        0xceb7f63b,0xd15f212f,0x863784a0,0x5ecc5c1f,0x75760251,0x53b3800b,
        0x8a6a2954,0xeb9301c3,0xa13cdd19,0x0f16ba18,0x887c2d24,0x8313d251,
        0x9a9413f6,0xf9923585,0xfe3fd7c5,0x423405e6,0x16e0ee05,0x678aeb34,
        0x3fadaab0,0x1f3be7bb,0x82884471,0x7901fa2c,0x4d662ff6,0xc950db30,
        0x3c01170b,0x74d5d2d4 } },
    /* 19 */
    { { 0x2b5bfe11,0xa3002dc0,0x52d321e7,0x0733410d,0x9679ba89,0x15920f65,
        0x685b236e,0x0e248c14,0x346f6040,0x8cfab594,0x40c717f0,0x9f57afb7,
        0x66044576,0x0dbab28c,0x9cdc3247,0x0fa09968,0xc230ed05,0x41e02ae2,
        0xe45bef74,0x0d961554,0xce4d7b6f,0x9688a982,0x5e62d22e,0xfadefac7,
        0xbd2cba28,0xaf1512a6,0xbe7c749f,0x78868e62,0xae9f5a6b,0x88048d81,
        0xc5857a29,0x6b1a5442 },
      { 0x43242066,0x9f5ab9ad,0x2ccca2ae,0x0afef1b5,0x988edc4e,0xb1b43ec7,
        0x0341b0d5,0x0d0c00f1,0xb50aab37,0x4d68b8f7,0xf3a64a99,0x9a8e4e6f,
        0x7f1a684e,0x198338fb,0x351a0f5c,0x8bc0e748,0xdac44515,0x2cacf2cd,
        0x5e9ff76b,0xc14d3999,0x16393055,0x54a01b3f,0x888d8376,0x6ac3eea5,
        0x723277b1,0xb84d9a9a,0xe11dbbbf,0x99132691,0xabb67178,0x597717ae,
        0x8bb14ac8,0x4c213526 } },
    /* 20 */
    { { 0x95532833,0x2e6fe0a6,0xd626d067,0xabca228e,0x649e73bd,0x22aef3d9,
        0xf03c4c0c,0x2083a87a,0x35169b45,0xe954e75d,0x74506a89,0x577509ee,
        0x2aeacf90,0x49cb276e,0xfa409f91,0x08275d77,0xf0bbd6b9,0x61eb6f3d,
        0xe4132704,0x948202cb,0xb1c498b1,0x35f3fc21,0x361fee59,0x76c68ba8,
        0x50e051f3,0xa18cbbd9,0x318e7042,0x2384a879,0x80dd1e8b,0x292abead,
        0x5c37c334,0x65713c29 },
      { 0xceb77b9a,0xdccca8e9,0x23b69469,0x2f97e727,0xa01d6b28,0xc76abee6,
        0x5abecdfe,0x3925203d,0x29290d70,0x89448082,0xb0314438,0xf9931424,
        0x7cd447c3,0x04209df1,0xc855c827,0x7c6f2059,0x56c0e069,0xd97d7862,
        0x412d94c4,0x5a9db6fe,0x994c41dd,0x19a64591,0xc89e21a3,0x12348aa1,
        0xc6a03f0e,0xd6904b50,0xa616feac,0x55c15156,0x7cc7693b,0x4e36d1b5,
        0x3bae3c38,0x6b0e996c } },
    /* 21 */
    { { 0xcceced00,0x32789fab,0xe5b7aa66,0x3237e71a,0x2ddebcdf,0x87b2e269,
        0xb61dad8f,0xb7245120,0xd35f803c,0xe11e5e48,0x98e50f0d,0xfb4df5d7,
        0xbcd2ab92,0x60ee68b4,0x1ce3363d,0x98ab2f5c,0x7cd42647,0x15ba39da,
        0x83f4fb3f,0x1a6572eb,0xe56f08db,0x0f77de88,0x172562c2,0x1743761e,
        0x8a58f0f4,0xbe349ff8,0x84d1d6e2,0xe04da71b,0x9e9ff3b4,0x368f0342,
        0x678223f8,0x4022a205 },
      { 0x83847375,0x527bbd05,0x3f451af0,0x3ae56b62,0x4b2c7f18,0x6198f24d,
        0x4525b98d,0xee323f5b,0x0e0884b5,0xa9d8d39a,0xfb12c776,0xd005d7f6,
        0x708bc154,0xd71c483e,0x742541bc,0x8ca6fd28,0xf8397ddb,0x0af3dccd,
        0x3eccf243,0xb80d3125,0x58d81b8d,0xc743a108,0x71391f68,0x3f48eb21,
        0x33bb657f,0x493aff88,0x07e47e31,0x1d15ed66,0xe08279f6,0x10159b11,
        0x24a6a956,0x312179cb } },
    /* 22 */
    { { 0x07615ac2,0xa94cc3ca,0x121ad581,0x85865e64,0xa7986b79,0xae47616f,
        0x9d5e0f1d,0x395a40eb,0x3d9457ea,0xa9143264,0xfa2865d9,0x8de6d6a3,
        0x1014ae8c,0x0771db96,0x976a87cb,0x77a7cce6,0x143a0f60,0xa7de42e1,
        0xd993d934,0xe203cc09,0x98ec4c3d,0x92018693,0x3a25df4b,0xd77546d8,
        0x62b02d6b,0x0ad9eb47,0xd05a7189,0xfaaaf208,0x431221bb,0x5238181f,
        0x733511ea,0x417d6c78 },
      { 0x0e91e9a8,0x3cbd81b7,0xc370d6b3,0x73340418,0x8eaa2373,0x825db10a,
        0x6c7d6756,0x8f2b09e4,0x94c33ded,0xe288ee9b,0x1695e3fb,0xcd8426bb,
        0xdce9e888,0xa6176c86,0x6165e362,0x3f4c8922,0x6063fb09,0x514e411f,
        0xc8f9e04c,0x6907ac20,0xdfd2ad61,0xcef7469c,0x8452199a,0xba30bae4,
        0x12ac3462,0x30681293,0xc92d482d,0x011be873,0xe8330995,0xff4cbf89,
        0xd1470a0a,0x02189d52 } },
    /* 23 */
    { { 0x92599c69,0x73e419dd,0x7fec32ca,0x5b94221b,0x09bbfbfd,0xb2bf9bd2,
        0x63ed895b,0x61ea97a4,0x3f486f79,0x6609146b,0xfd141a39,0xbd1c7a05,
        0x83d64135,0xc79ec8cf,0x9883507b,0x7f8fd42f,0x17b3d027,0xafcb53b7,
        0x67ca5a21,0x86658dcd,0xcd149786,0xa6a6c0ac,0x34b95067,0x16f3d70e,
        0xdf44958c,0x371208e3,0xec280212,0xd2dd64e6,0x30782c71,0x33b2c4ab,
        0x521176fa,0x7bbf8abd },
      { 0xa78b981a,0xbe9e4aaf,0x304ec828,0x788b4e36,0x3959dea3,0x0c45cf39,
        0x240b39c7,0x70a9bdd3,0x28383b7d,0x499cd7dd,0x307a1026,0x30690b2e,
        0xee92f1b3,0x2262d598,0xb4725a48,0xc62d77de,0x7bc3aa0e,0xa16f25bc,
        0xd15ef7fa,0x62dd8b65,0x0b96d68f,0xd979221d,0xa00f1906,0xb92885c3,
        0xeb74c740,0xfa476b9b,0xc7576222,0x217ddbb5,0x5788504f,0xc2782c30,
        0xf812716b,0x860d096c } },
    /* 24 */
    { { 0x4d79bbf9,0xfebc337d,0x69f74f80,0x5d53eab8,0x33104d53,0xff36a095,
        0x196f8b97,0x2ab820da,0x75ce6909,0x961d3d1f,0x04683754,0xb197ec04,
        0x93a6cb9b,0xa68ce1bf,0xc5f021a3,0x503456ff,0x8940ffdb,0xb50a2db1,
        0xef004209,0x77c50f8f,0x04965875,0xd635d177,0x8bb8770a,0x725766d9,
        0xa078e53e,0x8e19b028,0xf9fc8378,0x364d4cca,0xf0dd39a0,0x1a3df411,
        0x03adf920,0x7e80e442 },
      { 0x539a1ddf,0x4b5f8a57,0xee486562,0xd248e7ae,0x816021e1,0x1c7b491d,
        0xfd36d2c4,0x2e7b871b,0x0aec00d9,0xda38b504,0x6193f1b3,0xf2827612,
        0xfb1f78d6,0x69c3fe86,0xe827ac33,0x56c8b786,0x3487c8f7,0x1687f6c7,
        0x19dee5bc,0xab8f2217,0xff399418,0x04e8473f,0xa9027c80,0xf384c014,
        0xaa1d2e28,0x9967be9a,0xe065eef1,0x869686d3,0xc7bd837c,0x737c6b08,
        0x9e8bd863,0x5dcab5d1 } },
    /* 25 */
    { { 0x9a7d772b,0x0784283a,0xe540959b,0x6b49e525,0x86414ab5,0x546bb008,
        0x9d74b2a9,0xd4448162,0x203b0b1b,0x267890ad,0xc8d3f86b,0x1e7a82bc,
        0xd85a83c7,0x1352bfb5,0xfad07ccf,0xf29f16e3,0x41e0c43f,0xc02a63b8,
        0x6b379fef,0x904f22c5,0xb1244f26,0x19d8a653,0x3a28bdea,0x6635b6df,
        0xf6d455ce,0x18b68851,0x9cff3735,0x74ac2818,0x8b2cbdab,0xad40f9df,
        0xadc9d498,0x08cc2d9e },
      { 0xc170c84b,0x2e6a6866,0x5a49a484,0xbb989e8b,0xd04c8992,0x7b0e00e0,
        0x61b3a423,0x55ad3478,0xb0d01899,0x3c952450,0xe3100cb3,0xe3922155,
        0xf03276d0,0x19265b6e,0x76d42b53,0x0fe8595a,0xfc6353b6,0x0a96dee0,
        0x246f893e,0x761e0dc8,0xf0a74cba,0x4ec902be,0x3fdfad9b,0x61008684,
        0x4fdb6975,0x5d6a60e4,0x7ef7590a,0x3f53aac8,0x12870a37,0xd29e6be0,
        0x55aa55b0,0x991fadc1 } },
    /* 26 */
    { { 0xb4844ffe,0x82bc4b0f,0x60f8b871,0x73922714,0x4ce3f1f3,0x8ac000e2,
        0x163519ec,0xf0d548b4,0x88288b5f,0x7aaf842b,0x2bdc9a70,0x9e8b0c4c,
        0x4ba5fd67,0xa06d5152,0xf93cdec3,0xd0b1afa0,0xdf89f8f0,0x280955ba,
        0xeea32c92,0x86cbe92d,0x3fe05be4,0x0cae3f99,0xfa6919aa,0xf2607095,
        0x6e0f1b8b,0x0f54741e,0x30ecf988,0x2aed1f74,0x734991d7,0x9296f76b,
        0x259f0fe9,0x66cf8d28 },
      { 0x226f5868,0x9b01905b,0x16909e9e,0xc102e88c,0x4a37eb54,0x2bd08916,
        0xc9816323,0xf72253e8,0x86bac53c,0x37f84e9d,0xafeaaaf7,0x2e352454,
        0x2ca0046e,0x67c86f77,0x6663372e,0x86bce50e,0xb6950a04,0xf6a3a960,
        0xfc1aba93,0x61f994d7,0xc1326e6e,0x1957c12b,0x2e56b005,0x9b658fe4,
        0x8592740c,0x9cd297fc,0x177f26a5,0x7654ce9b,0xa79d2ebb,0xaaa699db,
        0x0ecb6448,0x5fca0c5a } },
    /* 27 */
    { { 0x569a6663,0xe26e25f3,0xe6aa4ca7,0x09597ee7,0x8d18b80c,0x25a4cda6,
        0x22926730,0x450602b5,0x07387209,0x9af5f650,0x26733a53,0xfeeedb34,
        0x86572951,0x0f5ce768,0x8398ae9a,0x872a360b,0x2b30f6c3,0x60347a80,
        0x1a162158,0xd2113b23,0xee6c6dec,0x6fd9cf92,0x5cbcf9e6,0x85f0a5a8,
        0x2ba3fe84,0xd7a5a6e4,0x51ecd727,0xaafe6720,0xa2081a10,0xe09c6bb2,
        0xb973b0b4,0x657acbf0 },
      { 0xc274c8d4,0x3130466f,0x30a994d1,0x42765176,0x7079435f,0x217258ca,
        0xeb897a06,0x44850406,0x561ee130,0xf38dfeee,0xaa1778bb,0x11f4facf,
        0xb9abb9e9,0x765c6617,0xd8f10932,0xb135499b,0xa73b9159,0xc0eb6337,
        0x6f7e8b6a,0xf2c1ccf1,0x187def53,0x5b32c03a,0x830b9c62,0x89ad1d49,
        0x2f10e538,0x1735eae3,0x9d5f55bc,0xb1cbd9c2,0xe539db0d,0x42428c47,
        0xc852b3bb,0x3d2da412 } },
    /* 28 */
    { { 0x871f2865,0x97702b6e,0x142920d6,0x56cb639f,0x45b58611,0x328522a0,
        0xf3b13812,0xf3943ad1,0x712206e8,0xe6c2200a,0xa34d59ea,0xc2890e5a,
        0xf6b7f759,0xab52fd40,0x180bf567,0xf522c8de,0xaccee396,0x181e97b2,
        0xc4ea5cbb,0xe0375819,0xab51d3ef,0x0d9985e8,0xbcb50fd8,0xe26c96ca,
        0x97e1c80d,0xfb9d6b13,0xf796357d,0x582b1814,0x07f4c7fb,0x89a78221,
        0xc0357e61,0x02aeef2d },
      { 0x2c7ec9be,0x2ba7926f,0x7258b201,0x292f307e,0xc6fa6b4a,0x74e62a10,
        0xe2bcc5ab,0x80c08549,0x7bb8c073,0xb4160db8,0x329f194d,0xd5ef0529,
        0x6dda4a9c,0x0eb8da14,0x15ea23d1,0x0b5d43d2,0xfc34bfae,0x6cebef02,
        0x848757a7,0xacd364d0,0x2d34cca3,0xc1401368,0x1d2d95e2,0x09ca6742,
        0x786eaa28,0xc3fd1d6e,0xa2965fec,0x9eb1136d,0xc0779203,0x48871baa,
        0x4b15aeb0,0x6b446c01 } },
    /* 29 */
    { { 0x25e8fe80,0xc819eb2e,0x98238a17,0x2b5f7906,0x81e41849,0xd6f1e996,
        0x98ea6d45,0x58ad8ad6,0xbfd02e40,0x5bae5ad4,0xa812416d,0x016dc327,
        0xa3347ca1,0x8b31a985,0x82a65391,0x0b4da610,0xb48c35fb,0x1cb91b2d,
        0xd2aaf8c4,0x9e96817c,0xcdfdcdc0,0x1a630483,0x12b69254,0x70559361,
        0xf8a2a097,0x5fdcd712,0x35cc5281,0x59ab623a,0x932b6095,0x30c8ebe0,
        0xb08e052f,0x8613424b },
      { 0xb2231d8a,0x28902063,0xd9a61667,0xb0f62329,0x071a9f27,0xaafa0fe7,
        0x603f047e,0x6bcd8960,0xfd92a1c3,0x118cca76,0x71d483b6,0x3414e62b,
        0xba705262,0xa123ccdd,0xfd9b5c5a,0x1a576437,0x4c8d0fa3,0xa5301bc2,
        0x102427cd,0x96f0ad44,0xd3aa6c02,0x0e6fb5e0,0x072a3996,0xcd8c4880,
        0x840d3fad,0x4dafca12,0xde91d541,0x29f4ca3d,0x8441734d,0x0037c598,
        0x9ccfe57c,0x86333a99 } },
    /* 30 */
    { { 0xecf53b40,0xd213a751,0x2f78a542,0xcff2c6f2,0xf13ae56d,0x0f59f0e2,
        0x0e61748e,0x91f8ccbf,0xd72c4145,0x0aadecb9,0x4c9cdcb7,0x6b2ed852,
        0x1eaffc70,0x8e00b72c,0xaa728102,0x89b24285,0xb679cafa,0xaa7ea7e0,
        0x4f0a6f6f,0x5d2b8c26,0x0e804397,0x7ed7b173,0xc8573049,0x5a93eb45,
        0x0986e93e,0xc92bf5d4,0x6a20c0af,0x526b5a9c,0xb99dc3af,0x0adf47c9,
        0xba202cc9,0x12b25fe2 },
      { 0x33eea395,0x09b8d78a,0xf633fc5c,0xc7a93618,0x270eceef,0x7e821629,
        0xc628ed0c,0x524779b8,0xa1d68939,0x91db5ca1,0x586edc90,0x8626e18e,
        0xfeb3f3bf,0xfe023e8b,0x0250171c,0x6279fde1,0x55e172de,0xe52ec7dc,
        0xc6d4ca45,0x445e8695,0xbdbc10f1,0x42de3878,0x6fc3835e,0x2b114de8,
        0x7e10b652,0x9faba456,0x390e78fe,0x4111d82a,0xaedf0aca,0x576b61c2,
        0x74accb74,0x216279a9 } },
    /* 31 */
    { { 0x4047f747,0xc14cdabf,0xc1315a1e,0x03ca233d,0x40e5d0a7,0x59e7cbd3,
        0xbb413869,0x1fd0c4e9,0x0f01fbd8,0x189d08b1,0xa76b823d,0x50449c42,
        0x398b00a1,0x81c224a1,0x8e8179e4,0x08084e4f,0x698e41e9,0xfd8af994,
        0x5610bf2e,0x1e30e37c,0xa7d2790f,0x4e6a043f,0xb3195388,0x9d96e60c,
        0x03799dfd,0xe75f986d,0xf8ff902f,0x3b4a8f11,0x7588416e,0xfa945378,
        0x9827535e,0x20683e3f },
      { 0xd0378878,0xcb582e26,0xa7945787,0x9e214c23,0x8f6688b3,0x13d000bf,
        0x40515270,0x7548d4f5,0x40111f5d,0x7113c15d,0xa8bff902,0x3bf5a526,
        0x9b4945cc,0xbda6b010,0xbc2f3a05,0x83dcc74e,0x43efdfa1,0x2aef6284,
        0x565c5bf4,0xd2e60ee9,0x592f243a,0x4f0fa10d,0x1bc3bf51,0x6ae58b32,
        0x60576a74,0x813b0868,0x4d73081a,0x0bc023f8,0x32dcee59,0x9fd03aa0,
        0x27d6c795,0x5e416bf5 } },
    /* 32 */
    { { 0x026cc23c,0x24313760,0xb5b29058,0xf819aaee,0xc5d2ee17,0xa92272f8,
        0xee5cc402,0x8048e7cb,0x77def07d,0xdbc7d6ee,0xf6af821e,0x61d69244,
        0x996cbb89,0x5f7966ed,0x96a155a4,0xf81b17ea,0x03f3ed56,0xb2d9ef70,
        0xe882a5b2,0x5e6e5906,0xae947180,0x86fa1072,0x658c76f4,0x34d9fc51,
        0xcb035aa0,0x9f603dc0,0x75be6481,0xb7b39feb,0xcf04a9ef,0xca87554a,
        0x87b4fde3,0x4ff682ec },
      { 0xd0a10ad5,0x3125627f,0x968e6f45,0x7fd45c72,0x806a1163,0x2981bd6b,
        0xde5033e3,0xb92de1cd,0xbf4f8988,0x3b44b45e,0xdae7e1dc,0xca1b9896,
        0x0778d878,0x52166e5a,0xa5116847,0x82d472be,0xf2895445,0xfbdd382a,
        0x5d6ec4c9,0x22ed1602,0xb6552b02,0x3614eb1c,0xa1e6210f,0x63c5df73,
        0x021a74a7,0xe9160285,0xc65cbd4d,0xa44ca400,0x0f15e299,0x48cb187e,
        0x3402507c,0x51eb818e } },
    /* 33 */
    { { 0xb92100ab,0x1fc1d178,0x9605b839,0xdf2e3d60,0xb71e59d0,0x12a7c255,
        0x14fcbe04,0x3f8b6675,0x59fd06af,0x0e8a3935,0x12020d07,0x56326502,
        0x528e7be5,0x6696fcd1,0x0c7b7654,0x6588514b,0x5912a5b5,0x0cd80f8c,
        0xf324cb7f,0x8bafef04,0xc6da3d75,0x6b53eecf,0x31d1df2f,0xedef48d8,
        0x73812b6d,0xf336b965,0xee626031,0xc82eae4a,0xd244f09b,0x300abd32,
        0x31d9647f,0x8b0af955 },
      { 0x2e603544,0xb770180a,0x221acd9e,0x2b573ac3,0x62407032,0x3a17f665,
        0xb89abc3d,0xad3e74ad,0xd793225a,0x8a3d2e3a,0xef02564b,0x457bba04,
        0xfc2dd2b5,0x8875652f,0xe67143e8,0xd2905d15,0x02e48d70,0x6d884b42,
        0xc7636a57,0x06f99219,0x35e378df,0xa8dc3421,0x10c64a02,0x95c1d73d,
        0xcc157a66,0xcd6a4ece,0x8e24a354,0xbadcc1c8,0x9839329d,0x8024f1b2,
        0x4da48ad0,0x5363e549 } },
    /* 34 */
    { { 0xe23fc641,0x1f5523b7,0x86667063,0xfe54e72f,0x8e009d2f,0x294a15f5,
        0x8c57f5e1,0xf203997f,0xb16d64dc,0xa229724c,0x4baa2ffb,0x697be4fd,
        0x0a6e8ed6,0x3f507e46,0x78508536,0x0afe3a5d,0x95408208,0xeeef6cdd,
        0xf2c4237c,0x701fd889,0x5c385253,0x496d883a,0x72a212f1,0xe25c67ed,
        0x1ff78fcd,0x4b416783,0xc16f4146,0xe9967004,0xc45b0697,0xfa45c3a1,
        0x3fbd30c3,0x63334018 },
      { 0xa2fbbbce,0x39c9a0cc,0xaa0cb744,0x876f6e5c,0x3438ece3,0x9ce6010e,
        0x13802d82,0x0aad148e,0x9cd45a1b,0x9c3e5c60,0x7bcfc1e0,0x875cb859,
        0xd8584dd0,0xb19ff790,0xd81c2a2b,0x2598b81e,0x02be07e3,0x118bdf2f,
        0xb9765ce9,0x074fc8ee,0xb24f95ae,0x125e9d88,0x0c98f09d,0x3bb12cdc,
        0xa0b74b27,0x4a6aee07,0xc08077ce,0x4723d2f9,0xbea8026f,0x959447d6,
        0x16280b73,0x93a7075c } },
    /* 35 */
    { { 0x715b27f9,0x26bbefe2,0x2a280923,0xa935a5e2,0xfd58a26a,0x5ddf23af,
        0x7c138694,0x54c83e16,0x892a2153,0x44799bc9,0x9b8d09f5,0x4e6e4710,
        0xd588ea68,0xc63af616,0x883ab1b6,0x5e896706,0x3d209336,0x3c1393a0,
        0x92c23dda,0xd02f2921,0xdcf6ea43,0xab70cb7a,0x791559e1,0x12434ea8,
        0x6d70ff0b,0x040680db,0x2832ba45,0x1a10fe52,0xe5f0cb8f,0xd69f9c08,
        0x44b141fd,0x1a7422ac },
      { 0x9f40b675,0xc3a9dd2e,0xfcc71f39,0x2a7c6603,0x1948e342,0x18939a61,
        0xed0ab484,0x8f3b6158,0xee31ca6b,0xa3aa7d97,0xf7a8db63,0xbc1e865e,
        0x2c7c62e4,0x315f8c09,0x9f5c6d0f,0xa260788f,0x4b6f3ec5,0xb1833129,
        0x36b4d849,0x73adbcd6,0xbc699a9b,0x66e14890,0x2a1175e7,0xbf3790d8,
        0xfc53ca4f,0x7f43605a,0x87ff6091,0x577f6c47,0x600c82b6,0x827c7552,
        0x9d25599c,0x0944d630 } },
    /* 36 */
    { { 0xe6ab9620,0xcfdeb63e,0x786cd808,0xdff4fa6d,0x456320b3,0x145edd82,
        0xc4943915,0x2ae5f862,0xb73b3f87,0x9508e813,0xe52f97a9,0x3bd805f3,
        0xc9829b62,0xf71b5c28,0x86e0cefc,0xb394c70e,0x23bdb36e,0x534fb1a9,
        0xdbe27e5a,0xd64f5862,0x83ab6169,0xbae23df3,0x27c828cb,0xdd6df1b1,
        0x3a307a8a,0x1901899f,0x811ddf66,0x36cc8659,0x79943b77,0xa3cb7774,
        0x6fd86576,0x7d89f383 },
      { 0xc9f92b2b,0xf8564242,0xc46e32bd,0x700c6a75,0x7f99a5c5,0x93e768b7,
        0x03149568,0xb6efe858,0xc2ce6709,0xbbfe8a19,0xee6ec493,0x721a3b1b,
        0xc371c28d,0x26eeeea9,0x15177e1d,0xd798115e,0xb068a5a5,0xd7bf3bce,
        0x46d2b4b2,0xdf8da220,0x59be9dfc,0x3df0995b,0x77640b79,0xc96897bc,
        0x5a2bd3c5,0xce0cf4c2,0x89afe744,0x16f45d6e,0x3a8509bb,0xb53f3acb,
        0x63f2a6e6,0x449af81f } },
    /* 37 */
    { { 0xa16d9377,0xc2fcf132,0x7e1a2f9e,0x9ab377b3,0x86d19ae5,0x72e1a12e,
        0xd013bbb1,0xd2b12e66,0xcb5f66ba,0x0972e055,0x399eab50,0xd11de1c0,
        0xc65f5ec2,0xc1f314fd,0x8a9ff593,0xfc311841,0xe05246e6,0xdf73c1ec,
        0x1625056d,0xc28d1363,0x6fb25e19,0x30a9dbd7,0x845cd2d7,0x049ed244,
        0xd36e852d,0xc779b83f,0xf68c8a83,0x85a35fc7,0xc95e8033,0x299bf1e1,
        0x20891af5,0x0e8617c3 },
      { 0x67c81b5c,0x53720602,0xe737873c,0x2fa89dcd,0xa8144fd0,0x2a7430b0,
        0x26208c83,0x3006c5a7,0xd8ea40f5,0x4e066660,0x896413a4,0x9dd025f9,
        0x46b9149f,0xbdf380cc,0x0a125cc2,0x80156619,0x52793c37,0x04d6a3b7,
        0x6b7a62f2,0xb6001374,0x585d5978,0xa9cfe268,0x8395fe66,0xdcad0cb8,
        0x46b261f6,0xbab468fc,0x9d9d9218,0xca0ef5ef,0x5e452402,0xc507d4a8,
        0x326cf687,0x6f4404f1 } },
    /* 38 */
    { { 0x4febd3ff,0xa3e1920b,0xfdfd2bba,0xca6234d8,0xe19a9829,0xb7d1af2a,
        0xc6f5bc20,0x23de1610,0xdaa39ca9,0xe204dbf3,0x6d8c70ab,0x2a2de9b8,
        0x7c9d370b,0x272e0c37,0xe565510e,0x80914c06,0x57cbb6b0,0xb611e7a8,
        0xd8266a6e,0x076fc6ef,0x3095801c,0xdfac34ee,0xb9e24063,0x69ff40a2,
        0x787aa5c5,0xa7ba31a9,0x33c70cd2,0x0e4d1fdf,0x6895f074,0x903e3132,
        0x7fb671e2,0x905771f8 },
      { 0xa4062bee,0x5199ba0d,0x94d7d9f9,0x18e7238c,0x1e0922c0,0xf53f29bc,
        0xb12d855f,0xde9b2a81,0x6d68ca29,0x649f3eed,0xc50c097f,0x64adfc34,
        0x9db398a0,0x81964ab9,0x7a587224,0x00d59c47,0x74c5903a,0x09fea396,
        0x15043dd0,0x6aafd8ee,0x5f1ecc20,0xc5721a6e,0x0db9b7b4,0xb6d6a483,
        0x66c8d52a,0x06ffc617,0xacc82a27,0x3de241d6,0x27f2f7a8,0x0605f052,
        0x6404decc,0x6a22953b } },
    /* 39 */
    { { 0x74fce389,0x92452d8f,0x2afa5564,0x059634c0,0xf0ed7825,0x9377ccbb,
        0x37718e0d,0x89f4045b,0x9fa69a4d,0x11074e7d,0x7295b0ba,0x5d70bb07,
        0xf107ede6,0xb22d54ad,0xa1a29c7b,0x5c39a3d8,0xd795e3ab,0x37236c02,
        0x2b589951,0xf7282d00,0x5790bee2,0x5e2265be,0xa8e65ea2,0x91e0ea11,
        0x6001cebd,0x0e71a708,0x2c1c5402,0x16900f5a,0x357f6981,0xc3b2d5c0,
        0x619e3427,0x528c9ea0 },
      { 0x5f26c577,0x1edc86b4,0x9438bd45,0xf8074708,0x792582a7,0x2dfe1013,
        0xde1e569f,0xe08eaca0,0x9a55a356,0x5f952efa,0xe4976216,0xa4d80b53,
        0xcd5d71f2,0xd2b65855,0x66cea3f0,0x246704bf,0x492323ca,0x193f641f,
        0x9adb1325,0xa681855c,0x2d19d652,0x86d522ce,0x5b82ed7b,0x53609f10,
        0x8e150d29,0x3b0f0094,0x0b13e891,0x23ad8bfb,0xf794b449,0xcbb1556c,
        0x738bcf57,0x200f9093 } },
    /* 40 */
    { { 0x8388387f,0xf9b22fc5,0x28e883c5,0xcf26f170,0xd1b7973c,0x447cab90,
        0xf6ec9171,0x8d5d4ea2,0xc30cdbc0,0x2e16f498,0x48623c2b,0xdc92910c,
        0x30dbc545,0xeb1491b0,0x14de21b0,0x631deb2e,0x2fe830f4,0x04a21066,
        0x379c1f3f,0xa4c6979c,0xfb06a795,0x8a732b68,0x1619dfa9,0x3a44327a,
        0x8dbe2c9b,0x91a307d3,0x03989fea,0x939bc8d2,0x0f4a331f,0x3daabaf2,
        0xdd0f55dc,0x5c307e98 },
      { 0x35b233da,0xbbc4e0c4,0x22f6f985,0xe3d29085,0xa8b02468,0x99dd2d21,
        0xa96916e7,0x978f40e9,0x614bcced,0x0327d86c,0xb290762c,0x95e95502,
        0xa879f2ed,0x0ffd2197,0x50e0bd33,0xc4365137,0x0827c4c4,0x26c3148a,
        0x3fcfc0b2,0xc79812a8,0x31928589,0xc3d8d17e,0x8830f42d,0x8b572cfe,
        0x4b07f83f,0x7cd9ff92,0x0a51148f,0x331ca950,0x4c59f9ac,0xd0c53968,
        0xc1434785,0x1df16dfa } },
    /* 41 */
    { { 0x68bcacc3,0xcc7bb4ac,0x430f58cf,0x06ded34f,0xd461855a,0xc59f9f4f,
        0x45c9f0bc,0xf5491994,0x4375c892,0xdc5f7ec6,0x3c85983a,0x1b8708f1,
        0x82fcd087,0xb32a5cc4,0x2d6b4c0f,0xefdcdc35,0x8ac6fb2d,0x4bb24f04,
        0x33906471,0x5982d4f5,0xb83a3ac4,0x162eb52f,0x2337a223,0x7130df28,
        0xcbc3dbd3,0xdce7b802,0x2467ac0e,0x8b395959,0x1b56717e,0x21d3d2e8,
        0x46512617,0x729a7f50 },
      { 0x8420f90a,0x874ed1aa,0x0fe4c855,0x6368e19e,0xb0be74af,0xb62d4aaa,
        0x8ca60ca9,0x76fcc480,0x7645a867,0xf310b5a5,0xddb1b24c,0x131bac9b,
        0x2dea5b44,0xef77d71d,0x72fcc64e,0x4706d210,0x673d77f0,0x29b92691,
        0xe89e0663,0x22e00bf3,0x74077d40,0x472d0cd3,0x829232e2,0x3e21040d,
        0x38dc8533,0x2f916dfb,0x14b8f667,0x48bbb59b,0xd44be19d,0x19de9f4a,
        0x232d9d5c,0x7f6d3649 } },
    /* 42 */
    { { 0x6e794819,0x3bd064de,0xf82ebda1,0x5a6b694e,0xb91e2804,0x1f017fe0,
        0x07a43cd2,0x190d31f3,0x630433e9,0x6c26f226,0x0abfdcb4,0xba488aa7,
        0xa46411c0,0x418d9085,0xbffb5880,0x1b934fe6,0xe200f849,0x75d1e237,
        0xa55413db,0xdf04d63f,0xe23b3f77,0xe216ed75,0x0f91bd30,0xa05866cb,
        0x7729c509,0x84c395d9,0x452ab2d7,0xec97e188,0x0093d686,0x8cb7c1f9,
        0x628f086c,0x2d032395 },
      { 0x4a44b4c5,0xa81c9407,0xcc702c98,0xb9846879,0xceb0dc97,0xcb502287,
        0x6e3aa321,0x30301126,0xe4c256c2,0xc0ac8763,0xe55b4845,0x65034d20,
        0xf240f35b,0xaa96a040,0x7cf7eedc,0x046d26d3,0x3b810656,0x62a5a8e1,
        0x83d70c2b,0x86044b97,0x59e4da8f,0x2fbaff88,0x5457f5d1,0x929d901a,
        0xb531b757,0xd29e1eb2,0x9e4e9739,0x214dabdc,0x4eaa9bd9,0x5bd724fc,
        0x1ef9bb9b,0x734c12b3 } },
    /* 43 */
    { { 0x92f9b086,0x98fe3c2e,0xb3fd4544,0x4641b93e,0x5c02c65c,0x47ce208b,
        0xc4f03242,0x8a52dca1,0x679d29f6,0xb5ec17d9,0x9406f5f4,0x11d2fed0,
        0x0d9ba811,0x260f63dc,0x15472a3f,0xde2b056f,0x007290e6,0x1b170d9f,
        0xb6b5c8f9,0xa2e23e8d,0xcf34c3ee,0x345a2839,0x1b973ee2,0x9bdc5461,
        0xbb24d1c5,0x65bda6c2,0x3c6141a1,0x97d52ba3,0x9d2eb201,0x47bb1612,
        0x21fbe49f,0x7c558a87 },
      { 0x3f350fec,0xb9485a52,0x6a38d4c0,0x016678c5,0x0d5aa64d,0x8ef346a2,
        0xd96da2e4,0xb85daa02,0x4f647b3c,0x845ec4ea,0x0d5e946c,0xc0d1a6ca,
        0x4fa9f4ab,0x41d8d1c1,0x9c8b1303,0x43972cc5,0x434ffbfb,0x67e1f48d,
        0x819d2318,0x350ce93a,0x6ddef23f,0x49f53090,0x200cf12c,0x3c2e6cf9,
        0x640432fc,0x42691cc1,0x72496b52,0xbfff74b4,0x020a97be,0x44527c9f,
        0x7b3c4348,0x34cd7dca } },
    /* 44 */
    { { 0x59e7fe87,0xf031761a,0x0047cd72,0xb1eae31a,0xfae30f62,0x27902e68,
        0xb71db143,0xa666f48d,0x0e0038f4,0x75ee6678,0x02bdd76d,0x3b45ac67,
        0xa0d6cd5c,0x0d2fb828,0x9d8c5b11,0x27ce7f1d,0x120b5e96,0x141fe0e4,
        0xb9267c37,0x95a1b984,0xd60312cd,0x5206e589,0xda549356,0x1867342e,
        0x070c74ac,0x374520b9,0x9557b0b3,0x2703cbb5,0xa6ed8c14,0xf621f59c,
        0xabf7b887,0x7ceb1cc2 },
      { 0xdb7fd65b,0x0647a5bb,0x36c9457c,0xd8d45cc0,0x9e12718a,0xc6da99db,
        0xe93a7fb1,0xed1dbbf4,0xbd1566a1,0x4512c95c,0xdbc0c919,0x4861ba00,
        0x9e7f5269,0x3c6cc298,0x0941aaae,0x67196150,0xc8c538e3,0xbfcf5d0f,
        0xa25a551f,0xad6e9929,0x17ca0f26,0x90710985,0xfa89ef7e,0x743b78ea,
        0x71ab4549,0x39d5ea31,0xe6d1c36d,0x7442f3f3,0x059d568d,0x25a683e0,
        0x227ced5c,0x1f629a99 } },
    /* 45 */
    { { 0xe45a1c3e,0x8925ddac,0x41f7545f,0x72d29365,0x37e7f828,0x45622fcb,
        0x3e4c79d2,0x88234513,0x9c2645d6,0x5dffaf84,0x994802b9,0x3078f4dd,
        0x9d339fa0,0x566927f0,0x9fd91dcc,0x9a500a1e,0x0ab0abd7,0xce008180,
        0x8194e5df,0xd97135a3,0x98adf088,0x9e876307,0x9a45a2a7,0x3baf01b8,
        0x788b4399,0x6fed6154,0xe77a997d,0x980e5722,0x2a378eed,0xaac90ffa,
        0x8bd805a2,0x4a75fda2 },
      { 0x55e74cbc,0xd09a8fbb,0xfab18f25,0x737738ce,0x9764ec3a,0x0fc23ad6,
        0xe7e0ad31,0xc5a7d35b,0xe481cc9b,0xe75e068e,0x3d4aec34,0xf0c2ea99,
        0x0d4a63c4,0xf1324fe8,0x99b0592c,0x5dbb7c16,0xa7e0f46b,0x442d674d,
        0xa300faea,0x5a5d66c7,0x3333ac83,0xe83dc821,0x8c408496,0x70ef812e,
        0x99ef5fc1,0x96e1dcb6,0x1734e862,0x6e2b771b,0x583507d8,0x04629cdc,
        0x23d8179a,0x5819f9ae } },
    /* 46 */
    { { 0x6aa78811,0xd9969121,0x2103e7c3,0xf64ee8f4,0x22b9e698,0xddf01070,
        0x4f582cde,0xe6001f9e,0x2ecfac1a,0x24a608af,0x06393009,0x6ef4c784,
        0xebf72911,0x5262eae6,0x8c4ee5a0,0xddbd0af5,0xecd87bc7,0x875aff90,
        0x6f24f114,0x2fddb34c,0xe865f172,0x48104281,0x886c1b9a,0x95692426,
        0x9ef4231f,0x6f5f3208,0xd0a7e82e,0xaf587acf,0x9ac395c8,0xd6571917,
        0x1364a750,0x7459603c },
      { 0xf41ae519,0x1c2475bf,0x4af8f251,0x34401fb1,0xaefb2c3d,0x70ddfcd2,
        0x51cdaf08,0x9b2d385b,0x8208bb19,0x8531c256,0x4c33f3f6,0x16c89df6,
        0x24571769,0xc23cfa99,0x86d010ba,0x2339b51e,0x22638313,0x08db0e8d,
        0x00fedeb7,0xf769e179,0xa3687ef1,0x3fd96dcb,0x91476475,0xcd046b23,
        0x0c45c8dd,0xf3ff2064,0xb8343d78,0xefd167bd,0x4b77ee90,0x493ccb6d,
        0xb3cf7b45,0x33025513 } },
    /* 47 */
    { { 0x35eaaca1,0x36f00469,0x89119102,0x0c384b75,0xe6d2954c,0xcb375665,
        0xb1e9d6d7,0xcb9199b9,0xc29c2757,0x75852349,0xb8e738d0,0x89cbd1ba,
        0x5923a427,0x9b8dbe90,0x18fe1889,0xa237793e,0xa742e083,0xa4271757,
        0x4eebd613,0x8c4979d2,0xd4f2cf77,0x40325054,0x958705de,0xa3b8a091,
        0x33d999ba,0x1b191bd9,0x3b0fee1e,0xbafefba4,0x3facdf14,0xb3bad184,
        0x4387561c,0x9328adb0 },
      { 0xf906b872,0xabe84e80,0x78262665,0x705523a0,0x3398ccf7,0xd89c6a7e,
        0xf55b5323,0x2fab551d,0x0554dea8,0xa0578eca,0x375589cd,0xef26523d,
        0x864ad750,0xd8fd6242,0x178fe1fe,0x93f27fc5,0x9df87422,0x7b3e6f30,
        0x3750d054,0x2862e49e,0x5dc038a1,0x7d90c6b2,0x84db682b,0xc1a1ae22,
        0x9881930a,0x47f3dab7,0xbaf3e0a4,0x30e6bd52,0xf62d25c5,0x0680025b,
        0xadd0d5e7,0x0aa1f3cf } },
    /* 48 */
    { { 0x22a10453,0xa9822190,0x2a03a10b,0xdd1eb91c,0x96646f3b,0xafbb5d95,
        0xf38b6fc6,0xa58de344,0xb8cfca1d,0xce47c3e5,0x0f70da04,0xfcd8e16d,
        0xda262ed6,0xac44349b,0xc56e2f8e,0x9320d87b,0x19138e58,0x9ce3ea08,
        0xa2b236c0,0xa5862dff,0x8e7efb0d,0x6b0f9a5c,0x16ac78eb,0x4b53432b,
        0x709b51af,0x6ff43105,0x8f519628,0x08e236f8,0xeed403ad,0x1f93f176,
        0x9636545e,0x559337e0 },
      { 0xd8fd807a,0x30ddf738,0xab131222,0xf4e0ec9d,0x625afbc3,0x14a2f4db,
        0x9f12f895,0xd5b70604,0xac3044fd,0xb46f3c23,0xf540148f,0x1b232d1f,
        0x39b4e554,0x61b458f5,0x0dd70b75,0xf694b24a,0x289581d9,0x0fc64299,
        0xee5fe22d,0xc05d49be,0x6a18bf63,0x7af3447f,0x7f1929d6,0xe96a1dc2,
        0xc1551e8c,0x6afe6028,0x2b5d4fa2,0x27dacaf3,0x545c2cb4,0x4a1631bc,
        0xb0c914d3,0x930070f9 } },
    /* 49 */
    { { 0x69a9bc05,0xd2f32c5e,0x589c4b73,0x0a5c19c6,0x94665f9c,0x095c9e5e,
        0xbcfb4c39,0x8ab0f293,0x1ddb7c31,0xb9070877,0x66b38048,0x894e9658,
        0x606bd9bd,0xf19a90cf,0xb6fd2d69,0xcc1d58df,0x461d8a69,0x886dcc4e,
        0xf9ce4831,0xc455c277,0x765f8a82,0x749a5996,0xc3badc8d,0x2ffc668c,
        0x9112cdab,0x38018396,0xb243c7cb,0xa98795c3,0x010a2224,0x8775f310,
        0x587b5e14,0x043a2141 },
      { 0x3a873752,0x7bbe9dbc,0x2f442fee,0xee1493f4,0xc18c2181,0x981ca2c8,
        0xe29769e7,0x00ce3090,0xde768c5f,0xb4626ac8,0x34d7677e,0x33e9ce46,
        0xe0fa94e6,0xf89c2cad,0x41f5b5bf,0x04f5cc11,0x2228c12c,0x2565f736,
        0x0c05cce5,0xf1bf706a,0xbe487c4f,0x5d07ffff,0xa499f1a4,0x3ec43c09,
        0x98d94800,0x4f4e79bb,0x073f12f8,0x8a335a16,0x0f970d6d,0x4bb5eaf7,
        0xf24d0ae8,0x18d0747b } },
    /* 50 */
    { { 0x84601faf,0x58d3c77c,0xaf1c1f72,0xc9465be2,0xd116d806,0xff626798,
        0xd5b0d93c,0x3996c0c6,0x5ec6723a,0x2fa1ad75,0x03ba5349,0x966a8144,
        0x2ac34d8a,0xdc4c9422,0xed675865,0xddf471de,0x953d528f,0xd8aca597,
        0x24ebf67d,0xb2e463b5,0x7e25b4d3,0x25824871,0x43159daa,0x23c5adba,
        0x83357540,0x5458f9c6,0xf938b1a6,0xcf685da7,0xcefed231,0x981a4fda,
        0x08bb5e59,0x711093ed },
      { 0x401f161a,0x12aa3fc6,0x974c5e87,0xf7358560,0x17b5df82,0x4aa252fb,
        0xa48e6299,0xb0b82b07,0x29dd847d,0x00234157,0x4529c5a6,0xf1e54d00,
        0x6d98f538,0xcc1c539e,0x28d3abcb,0x36162b53,0x2a84f0cd,0x75a37938,
        0x4dee7484,0xf717a81b,0x4c23bf1b,0x16cf35fb,0x787e8b3e,0x7fd1c29f,
        0x59b79ab0,0xb7da7e68,0x85f6c60b,0x072100a0,0xe7ed48b5,0x31840159,
        0x4d9c97d4,0x17898bda } },
    /* 51 */
    { { 0xae1b8cf8,0xcd8483d8,0xe9a28856,0x323d4b42,0x204a4bc2,0x7633584f,
        0xca7a69fa,0x4e0b2228,0xf757bab2,0x8afbda8b,0x6cc5f9ca,0x85b24088,
        0xd41a95c3,0x47fb4813,0xc2aabe6b,0x3f1bc53c,0x1ad1599d,0xf22cda3f,
        0xc31ea9b1,0x1b2ec081,0x01614ac1,0x048f304b,0xc6afa7ab,0xce31cee9,
        0x4140dc3d,0x55af7633,0xdce8abba,0x84b7ab37,0xc7cf3efe,0x50de7648,
        0x15356ab2,0x73a88dcf },
      { 0x06e83b39,0x3f868288,0x9f44037d,0x477a4413,0x17dbc841,0xf9058b0f,
        0x54d17549,0x2db64f4f,0xf2307ffe,0xa23cea6a,0x4f126261,0x393efd55,
        0x10f37f26,0x2f4e658a,0xf4ee1e35,0xa4437ce3,0xa93cde8b,0x64ef42a7,
        0x939aa901,0x1debc9f4,0x3d7b5cd4,0x44223d6a,0xf88a3acc,0x789a6a11,
        0x2c608a2d,0x56fb9df8,0xbbf56c06,0xe79db8e3,0x668fa300,0x73c56af2,
        0xae396a1e,0x52f32b17 } },
    /* 52 */
    { { 0xe714f71a,0x56f524c1,0x9add8519,0xc1be1262,0x65cadbe3,0xad9189d8,
        0x5a0fb649,0xd88bf5c8,0x21d192d9,0x9efa6a92,0x6f724b6f,0xe3fe8389,
        0xb250119c,0xec3fae24,0x2ae0d3c0,0x4b6af9f6,0xd619624d,0x8fceba0b,
        0x2fdb6e3a,0x7dc3092b,0x3263cd29,0xc91da376,0xf95c43bd,0x30c0761e,
        0xcdeb44d9,0x89136400,0x43c0d31d,0xfd7dce84,0x9871899f,0x78fec3b1,
        0xefdf58c1,0x79e14d28 },
      { 0x9bb40c55,0xe3822235,0x0ed07a42,0x0a27202d,0x4838c1f4,0x48e6c1a9,
        0xd864a78e,0x2b5f24a7,0x0c6c55c9,0x7e7f140a,0xce12d508,0xe62c104a,
        0xc11b1e10,0x9b0a1a7e,0xafbb3dd5,0xfd8a275f,0x9a3b6b30,0xdff354fe,
        0x46602a01,0x5a105d9e,0x93bb65f7,0x3d371b4d,0x0f82fdeb,0xda5cbf0b,
        0xde468545,0x4601229b,0xc73d517e,0x505e10b9,0x672ff492,0x77cfa541,
        0x99566ce2,0x0d8ec28a } },
    /* 53 */
    { { 0xcbeee995,0x014cf73e,0xd491e80c,0xb2eb88bc,0xd9aba5d4,0x615a6cad,
        0x9304c84d,0x2f7d4633,0x8ab03c9a,0xba0501d2,0x91babb94,0xc8f723de,
        0x50405772,0xc885f977,0xc7fcb094,0xb5e1d2b3,0xdf96c71a,0x61ee7995,
        0x3464499e,0xb8c8daab,0x5f607932,0xdb425ddd,0xb1243587,0x70251ca1,
        0x9fc74340,0x26d7d3be,0xc902ac89,0x8c179310,0x4559a74f,0x72522c15,
        0xc3734afc,0x86001e27 },
      { 0xe7693947,0x13b00ba5,0x012c062b,0x6478641e,0xe85490a8,0xe1a438e0,
        0xd9574d5e,0x5173dbbf,0x9bd3ba61,0x9532eb8c,0x5f3ea075,0x1f41bcb8,
        0x8cbb92b9,0xac1cc247,0x1ef901b4,0x0f34648e,0xd2b3b2ee,0xdd929d1e,
        0xc3d75bfc,0x470f1eab,0x139cf4d2,0x5cdbc6f7,0xf0424953,0xcd86454d,
        0x47fcb383,0x1e079812,0x17df930c,0xb9f209b4,0x114ebc00,0x4225fc31,
        0x347946c1,0x020591cb } },
    /* 54 */
    { { 0x275e0af4,0xe3003721,0xe78a4a4b,0x721141ef,0xd1757485,0x666cfcf6,
        0x168e659e,0x5fa1d737,0x0e2842ee,0x263e3e54,0x948bd5f6,0xadecc3d4,
        0x246b104a,0x019de03d,0xf343d818,0xf8a9e903,0x5b0c0d31,0xcb57ba4a,
        0x51e2765f,0x8246c506,0x6519bf67,0x80c5751f,0xf2119a01,0x5f05c200,
        0x7821d4f4,0x7e6487b8,0x261c3a06,0x262f94aa,0x72146052,0x56cfe489,
        0xa1df05ef,0x5119985f },
      { 0xb18586c0,0x5819497d,0xc6eeaa62,0x004415d6,0x97cda28b,0x7c6a46b6,
        0x7c194594,0x9a149b28,0x4ed3a506,0xb56369fa,0x43c94cb4,0x7092aa66,
        0xa9e9eee2,0x55bce73a,0x77893509,0x34bb2870,0x06eb5326,0x8af95fb0,
        0x9638f485,0x87cd0323,0x5ba75bf8,0x29376268,0x9d42d581,0xf32d6f3d,
        0x65c6d64d,0xa4cad574,0xb2cded41,0x985f50fb,0x9006a067,0xcf34ce0e,
        0x58a57f9a,0x59eaf265 } },
    /* 55 */
    { { 0x6ec3876f,0x7b407efb,0xf0f48648,0x780c6123,0xbf893039,0x2abb56ff,
        0x45a91ab0,0x9592eaa0,0x78811b82,0xce5b84d7,0x1f9f3fc9,0x86a71a34,
        0xf0e7e13b,0xc17fdd86,0x655a0880,0x88ed8297,0x81d5e666,0x75d6dc74,
        0x1d171797,0xeffc9df6,0xe3f79e1f,0x36ad4c8d,0x2046192e,0xdb15317d,
        0x274fda62,0x78c9fa7a,0x82dd9914,0x04ec924f,0x3a64971c,0x059d1e38,
        0x2620bbfb,0x3b4450ea },
      { 0xc776dcdb,0x3db7a955,0x81c8ba47,0x35c4a57c,0x505760fb,0xae285003,
        0xb3aec353,0xe3e80691,0x47117be5,0x380335be,0x056ccf61,0xe1c47e3a,
        0x33977916,0x253cfdeb,0xf5cb7ee1,0x3decdfba,0x7cf4b704,0xf3c9794f,
        0x9ff81462,0x2401680c,0xbe3daa9f,0x4e440e11,0x69f91d8a,0xc5d04377,
        0xcb5e9c5d,0x4106c7a8,0x33b7d24d,0x191909a1,0x3764b4a2,0xe893c838,
        0xc429b614,0x4a7fe30c } },
    /* 56 */
    { { 0x2455c7c5,0xe78f3a70,0x70157754,0x5b7636e8,0x7623262c,0xf32c4524,
        0x1bc780c7,0x2c98b11e,0x915ed877,0xd48eaeac,0x199265f4,0xbb04d3c0,
        0xcfa5200f,0x6b52b19b,0x93ea3fe8,0xc46a0981,0xba758059,0xd82c733d,
        0x1896aacc,0xd324bbd6,0xce8ecd51,0xac09a2fc,0x02fc44b3,0x529918fd,
        0xaaa1784b,0xf0c45e4a,0xfe22085c,0x35626340,0xc50c7d61,0x53cbb676,
        0x65126b23,0x83fa1ea3 },
      { 0x10ccc646,0x60ac86da,0x7b0451e9,0x2ce0637f,0x8a088610,0xbbbcf630,
        0x20349982,0x23c19019,0xfc0bcda0,0x707fc39c,0x1bd4fd7d,0x7f4d1f15,
        0x44713bbb,0xd6a64e74,0xc5ac9e60,0x57bdc676,0x37b61169,0x456c5303,
        0xdcf40a1d,0xd3451396,0x4997d2c7,0xf3edec25,0xc2c4a739,0x534ae9a4,
        0x6a6ad2e2,0x1401397e,0x23e95f81,0x20769d4d,0xde98fabf,0xcee007c6,
        0x931c51e0,0x61409779 } },
    /* 57 */
    { { 0x15156623,0x3ddb32db,0xab7a67c2,0x68137fbc,0x6f19e3c2,0x26011f50,
        0x89924c61,0x34218b02,0xc6804c1c,0x492a0b0f,0xafaae6a7,0xd65be706,
        0x0d01be61,0x3b13d23e,0xf87f4c69,0x44545b47,0x04dc1aa3,0xd42236e2,
        0x3c5161ec,0x6135261d,0xbd88bc07,0x1eb46a63,0x1599d720,0x78c6d836,
        0x69baf0f3,0xf6955fe1,0x17072820,0x467eebd6,0x3e3a340a,0x2f1b8a2a,
        0x2d0b5f88,0x636dac76 },
      { 0xb4c80af3,0x94280db9,0x4e3892ab,0x9a189cd1,0xd1477ddc,0x26e702e0,
        0x68f9f14f,0xe91aee38,0x80baa0b2,0x2864f63a,0x8b714a29,0xacd81f73,
        0xc5fe7cb6,0x30e1b870,0xb10837fd,0x883ea1c3,0x6b20489f,0x2da27953,
        0x58a2da5f,0x3aeb2a68,0x03a8fa14,0xe2330bf2,0xdc70b1c4,0xb5c488b5,
        0x299678f4,0x0a78c4d9,0x25df675c,0x233bd098,0x7b67d368,0x37b5c076,
        0x4d0bef3f,0x2f6dbdfe } },
    /* 58 */
    { { 0x2e4da7c7,0x2f8472fd,0xae677932,0x708cfc91,0x3dc268e2,0x364af08a,
        0x799a2424,0x0f10dfe0,0x71d58bff,0xef912d58,0x988962e6,0x6bf35dfc,
        0x5f47ea0a,0x28b96fa9,0xaad308c1,0x734a79ea,0x9f437bba,0x95730337,
        0x6cf54f75,0x002cbd8e,0xe7632eec,0x47606dcf,0x53193104,0x404b5ecb,
        0x0acf729d,0x0ae0897c,0x3bddf1de,0x89628b86,0xf87d7448,0xeced154e,
        0x458d5d4e,0x5cb6e197 },
      { 0x008c75ed,0x98cef197,0xf6eeaaf8,0x7cf49d3e,0x1875e96d,0x1d6f9e02,
        0xdd9b0d8a,0xfcec2cfe,0xb9576daa,0x38a61cfe,0x36a7dbb8,0x10003f39,
        0x23b814f4,0xb37c3868,0xb80e3153,0x9fb66dcb,0x059847a8,0x9e7e2eba,
        0x35a72770,0xa4ec63fd,0xfc9e0ed0,0x311f3d91,0xd515baa4,0x3c1dc094,
        0xa08cd4e3,0x75a06ebc,0x2ed5eeaa,0xab617238,0xe1f52c1f,0x2e82bbb0,
        0x5175d6e5,0x2149d630 } },
    /* 59 */
    { { 0x5f9311f6,0xee1a8e6f,0xbabc1f85,0xc97e3c9f,0xb494209a,0x4fa7c52e,
        0x19774fe1,0x04c2f51c,0x8555844f,0x5cefd122,0xb5873ab3,0xb53862a3,
        0xcbed19fc,0x768efdd6,0xee58469a,0xcdc12479,0x3d80c09c,0x11237e31,
        0xc044c28c,0xdd74a290,0xbd47e287,0x9ee6517a,0xad0ffeef,0xc2421228,
        0x818d281f,0x4273088f,0x43ec0de1,0xebc744bc,0xb415bd73,0x5b26eccf,
        0xcb07c26c,0x14e2f350 },
      { 0x4216946b,0x548d2a10,0x7a4bd92d,0x6e801f07,0x43695160,0x5996d0a3,
        0x63a197c9,0x0f1b5c2f,0x061f77c9,0x79da3c4f,0x93ff7b22,0x1c1cd634,
        0xa234123f,0x5e61b650,0xf284033c,0x826b34c5,0xc2f34214,0x718b90e8,
        0xae806ec5,0xa5f35620,0xe324a9b4,0xa2fae345,0x8b53cb51,0x8c0bb95e,
        0xf9965778,0xc94f6ac2,0x6b9def32,0x07ec607d,0xd0ed8f27,0x63bf1dba,
        0xdcb61e4f,0x58537e02 } },
    /* 60 */
    { { 0x64f80ba2,0x1f64b064,0x0559a45b,0xe8e055e7,0xf1f4b634,0xc3262b34,
        0xde8c8482,0xef4f7d5f,0xc30c780a,0x9d55dea0,0xcfa1e693,0x1740afb9,
        0x7460c34b,0x2cfe6a66,0x1187c1ee,0xf6695941,0x5f974d94,0x1382f277,
        0x004549eb,0x1ca0ace4,0xbabded02,0xf8244b3f,0x4e3653ea,0xc36f4d06,
        0xc55c5f83,0xeab9f0dc,0xacebce90,0xd93b9cef,0x19061425,0x16658e72,
        0x82d7970d,0x4857835f },
      { 0xd2576210,0xdcd525bc,0xd51b5443,0x9f378aa7,0x1bd83994,0xfe97bf17,
        0xf38ac621,0x930d0f63,0x818408cc,0xaf8f2c17,0x260f53f6,0x2692c87e,
        0xdb0a75e4,0x0ee45407,0xffdb1b37,0x0ec47ae5,0x7aa6a44b,0x769129dc,
        0x2e40b75d,0xb6f932b2,0x95ef3b77,0xe06764d0,0x68bc63e8,0x28fd47f5,
        0x9c0014c0,0xd1810494,0xd7995d8e,0x90e2d3fd,0x6c2a85af,0xeb39a05d,
        0xa21f3128,0x6c0277bd } },
    /* 61 */
    { { 0xb509e7ef,0xe41b7086,0x3d7f9f91,0x8842ec7b,0x5526b88b,0xcd285f94,
        0x051dd0ab,0x6e44e064,0x774f1ceb,0x90198c10,0x123e661b,0x6ecabe98,
        0x32f647d9,0x44811136,0x26c52aee,0x1dd82b45,0x939dc9d5,0xd650907f,
        0xfcd455bf,0xbd5eeef2,0x8d2e5d7c,0x7815a4dd,0x88bc9f2a,0x5ad4ec92,
        0x57a3b322,0xc6f10d0b,0x20b9cbdb,0xe8d0c1e7,0x9b774ee8,0x5a0b071a,
        0xf22fcf8f,0x3067bc9a },
      { 0xb7ca9326,0xe0e589f2,0xb1224f63,0x17a106fd,0x747a57bd,0xb2354521,
        0x62b0882e,0x2614982d,0x4391ffcf,0x7f3af544,0xa84e440d,0x1aaa337b,
        0x941bb071,0x28ea37b0,0x2e4a7f54,0xa957dcb4,0x1a6ad5fb,0xe7ab662c,
        0xf7c36a20,0xd135e381,0x9baa0b6b,0x42e7980c,0x94e4671f,0x4237030c,
        0x8b0922e3,0x24cc63ff,0x445a589f,0xd10d5279,0xa870ff6c,0xbb99d316,
        0xa996c195,0x390c83ca } },
    /* 62 */
    { { 0xffc4a73f,0x50d3fa82,0x3bd53303,0x2665d635,0x264bb77d,0x80a06f8a,
        0x22d73d84,0x81c04a6e,0x0323b8aa,0x2409cff5,0x8c4c4d5a,0x31dce217,
        0x0c0f9c19,0x374aa80e,0x00186bb8,0x0b25a387,0xaaf1487f,0xd0b77a10,
        0xab498de1,0x15f39ad5,0x1aa0c116,0x92e32da6,0x96e25ce8,0x228e3dbd,
        0x5e8646d1,0xb57c88dc,0x267b1c68,0x672b1164,0x600bdec5,0x5d0d807f,
        0x223e573a,0x3ea4007d },
      { 0xa595d0a3,0xd76debd0,0xaff0b3b4,0xa6bd76cb,0x9b1bdb97,0xbf2c154f,
        0x4c714c71,0x62b19ab4,0x221af663,0xc9bf33b9,0x8c941ef6,0x23d87c49,
        0xd79f0f6d,0x255804c3,0x2a7acbc1,0x6f1a1005,0x550528af,0x5dab79d9,
        0xc8d16213,0xfd77a6f0,0xde5e1029,0x40508b6d,0xf95da12b,0xd95ac0f2,
        0x758a8ba1,0x8860af71,0x7160c8fb,0x0b194c83,0xce004d34,0xa40e6c80,
        0x6b14aaa0,0x09f82a17 } },
    /* 63 */
    { { 0xc21366dc,0x60abe588,0xaf75daf9,0x729c0a4f,0xacb93ed4,0x70501fd9,
        0x87a16d70,0xb97e744e,0x98e7361b,0xa42e0a7a,0x28b54cf3,0x1acdaff2,
        0xb7bd9078,0xf087ccbb,0x663250e7,0xda6f3983,0xbaf07c09,0x66d693ee,
        0x8cbaf157,0x79baf4c3,0xdfca99d0,0x5a984e07,0xf26d8dab,0xab4d3247,
        0x7eba36f9,0x4d0be701,0x0e8dd216,0x37bb9e65,0x531c4f03,0x72aa4e24,
        0xb753d85a,0x77d1e984 },
      { 0xd8e62367,0xd9373239,0xb9820cf1,0x3361848b,0x5a9c97c4,0x00c7e344,
        0x14f960fc,0x9a0ec9ae,0x740474b5,0xcf41f0cf,0xece065d5,0xa5eede8f,
        0x9e808610,0xb1de5a4e,0xae0cf75d,0x17c44ae4,0x6b148d0b,0x2fa56323,
        0xd29ff2dc,0x64fa740f,0x88cb212e,0xc605eb8a,0x6a863016,0xf2c771ad,
        0x607b4c17,0x6d6112e7,0x40d49785,0xfe90ec07,0xe256e0e5,0x599be18b,
        0xca54adb0,0x4e6eabec } },
    /* 64 */
    { { 0xfb99cfe6,0x950323d3,0xc9334178,0x7b09bc26,0x7cbdfb6f,0x64111e41,
        0x89a75760,0x91141744,0x10919cb0,0x4c633df9,0x396bfd2f,0x715fc7c7,
        0x8cab62db,0x8ca19512,0x4db81aac,0x30672473,0xb4c4c54a,0xe67a246b,
        0xbf229646,0xd77ea0fa,0xfa5b5d70,0x5bed15f1,0xc2f192f3,0xa5686da5,
        0x7f6690ad,0xdecac72a,0xcaa50b7d,0x0c4af2a2,0x6049ad2f,0xf44631c1,
        0x04ecf056,0x325d2796 },
      { 0x4848c144,0xee11fb55,0xb6a7af32,0x4e062925,0x369e0f9a,0x125b68e1,
        0xca53b21e,0xad9bdae6,0x2e98ea1b,0xf50d605c,0x9f2fa395,0xbdb9e153,
        0xe91532f5,0x4570e32d,0x46a250d7,0x810698ae,0xad9d9145,0x7fd9546c,
        0x11e97a5e,0xabf67721,0x249f82e9,0xca29f7d5,0x9851df63,0xa9c539a9,
        0x71d0e3e5,0xfd84d54b,0x041d2b56,0xd1e0459c,0xfd80096a,0xceb3eb6e,
        0xe32a79d3,0x19d48546 } },
    /* 65 */
    { { 0xb540f5e5,0xfe19ee8f,0x04e68d17,0x86d2a52f,0xadbdc871,0xd2320db0,
        0xd03a7fc8,0xa83ad5a8,0x08bcb916,0x54bf83c7,0x2e51e840,0x092133ea,
        0xcb52dddf,0xbce38424,0x31063583,0xd5c7be40,0x458e3176,0xc1ebb9df,
        0xbc4dabbf,0xafb19639,0xc05725a8,0x36350fe4,0x84e1cd24,0xac4a0634,
        0xc145b8de,0xadf73154,0xb3483237,0x0aa6dd9e,0xcbff2720,0xa3345c3d,
        0xb4e453b0,0x1b3ace6c },
      { 0x90a8bdc5,0x0343e5e9,0x6306a089,0xa203bf9d,0x8e48520e,0x98489a35,
        0xde7d1d06,0xbd17debe,0x5f795d3f,0x8fafa6d7,0x387b0a3f,0xa4ceb630,
        0xffddeafa,0xe0166b32,0x7e764e02,0xa2fe2054,0xe871f304,0x55ab9824,
        0x952ec45e,0xa2bd36bb,0xa90d20ca,0x7b4c1484,0x75bcfb53,0x5319f387,
        0x6982c4e5,0x34238a4a,0xa102921d,0xa2bb61c7,0xdb3ab17e,0x1e061b64,
        0x192f0a14,0x538ec33e } },
    /* 66 */
    { { 0xa19b56cf,0x193496fe,0x7bb99acd,0x663d77f4,0x57d0a881,0x8f04afa8,
        0x082835fd,0xcced3da2,0x5d82cec7,0x7e21faed,0xf8009c85,0x6e175b99,
        0x2d05a307,0xd9c6e31b,0x81487d82,0x96948d4a,0xd46f6655,0x86ebd3f2,
        0x773ccc49,0x86851aa8,0x8b1640a6,0x3e220f22,0x41a20b75,0x9f06e3a8,
        0x90ac0a6f,0x2cfffe5e,0x8ebeb3fb,0xf5a9b1da,0x6e08e2c9,0x2587d997,
        0x03e9f401,0x6fd60298 },
      { 0x8eb7516a,0x54709f8d,0xbdc598ab,0x83058a74,0x87e801ce,0xd234dd98,
        0xd17b8a96,0xfd0f9d90,0x6e90f6ab,0xaa1e549f,0x5a7ed55b,0x2496ff80,
        0x6c254c19,0x0d9f657a,0xb8962575,0x3cdea49c,0x2dff27de,0xb685a3f0,
        0xdb8bc04b,0x3c50e7fd,0x987236b0,0x904ff0ff,0xbb0d5055,0x494298fd,
        0xe14be8d0,0x34b3386d,0x7c3d30d6,0x7ad34e9c,0xe159fdd9,0x1f2b32bd,
        0xc761e5c0,0x84cfa23c } },
    /* 67 */
    { { 0x8b99b964,0x13bc11eb,0x58e2fc47,0x8e280c0a,0xd4c9a54b,0x870fbc49,
        0xbf6e20fa,0x37a334a2,0xd7c88cfa,0xee583d0d,0xef4af1da,0x05e029a8,
        0x0c2ef8a6,0x6d55e234,0x209e9b62,0x61b6fdfe,0xbb8e080f,0x3b1dad26,
        0x9392fc1a,0x5adbc162,0x0aae3f4e,0x02ac0fe6,0xc2bf4d5b,0x8d99801a,
        0xc282fed2,0x2333f93f,0xb52db33f,0x16dcb10c,0xc55752e7,0x09f90f84,
        0xc84a0d8e,0x287d4c51 },
      { 0x0e9867da,0x5fa58201,0x1a874cda,0x614589b3,0xfbdee22e,0x005e27c5,
        0xe612bda8,0xe357fef5,0x2d3635f9,0x4e0dbedf,0x6f125a86,0x62be70e4,
        0x0d94a2e5,0xa09b9884,0x28b5e5d1,0x7eb99a15,0x751028b5,0x21b9416e,
        0xe06d2cc4,0x1b137fd7,0xfea09845,0x6fa1f517,0xffcecbd7,0x3ba1e966,
        0x832f453e,0xd4c89a4a,0xeca68fa1,0x07b1e2af,0x4bd395a3,0xd0fb4453,
        0xd8ef9e13,0x0132a3dc } },
    /* 68 */
    { { 0x576374c2,0xe53c7785,0x84727040,0xe60526d1,0x228ca044,0x8a066dc8,
        0xf1ce1313,0x1fe1c1b2,0xcdeb0c5d,0x2aeec832,0x9cbf826f,0xa7596699,
        0xde77a589,0xcd188e81,0x118d1254,0xe5ce0fe0,0x0790b86a,0xa142a984,
        0x39ac28ce,0xe28f043f,0x87de5804,0x4eef8290,0xf639a8c5,0x83c31b32,
        0x5887794f,0xd70454a7,0x18b1b391,0xca635d50,0x31d9c795,0xcefea076,
        0xb6f8aa25,0x13cbee76 },
      { 0x8d3f34f3,0x79cabe0f,0xa3617fe3,0xbda9c31c,0xdd9426a1,0xb26dee23,
        0xf29c9104,0xe9dd9627,0xe2c6cd3b,0x033eb169,0xfcba2196,0x8a73f492,
        0xb858c83c,0x92e37e0b,0x23b3fbb7,0xe4f2aca6,0x64be00a2,0x8101fb1e,
        0x948f6448,0x91a7826a,0x907260e7,0x414067b4,0xe30bb835,0xf774aa50,
        0xc999c06e,0xf922ca80,0x0ba08511,0x6b8635b9,0x25fa04f0,0xbf936b5c,
        0xe02e8967,0x4e0a1ada } },
    /* 69 */
    { { 0x8ba29c4d,0x00ca6670,0x22988094,0xc08240ce,0x16dda752,0x21c5ca67,
        0xabbbfa34,0x689c0e45,0x3ed28b72,0x1d7545fd,0xd7c56ab4,0x5f221198,
        0x38759d65,0x4b3d8f74,0x8fe50b89,0x93490dfb,0xe80eba16,0xb641f5d7,
        0x79acb537,0x7b0da5eb,0x0c1d5e5e,0xab6b1497,0xa5da429a,0x2338e68d,
        0x2f6d2f25,0xe010c437,0x6530f3a7,0x226f16d2,0xcbef08bc,0xefb0f7b6,
        0x9f99c999,0x733e30d9 },
      { 0xa42a38f9,0xecfe1582,0x4730b500,0xaec2d58e,0xde976b2c,0x2ee2f2a7,
        0xa969c1bb,0xf0539db5,0xfcecdb4a,0x31954168,0xe7a8e902,0xf2f7348a,
        0x3121541f,0x1d58d7cc,0x2202ae52,0x5d25b75c,0xf40835a7,0xdea9965a,
        0x529b4e46,0x3feb6a41,0xbd27ad9b,0x5c97fb6f,0x261f900b,0xd87554c0,
        0x04d5b19e,0xb43031d9,0xcb219b9c,0x33d5e9b8,0x3ee00bcf,0x7a43d492,
        0xb79a5c0c,0x56facb39 } },
    /* 70 */
    { { 0xa3018bfa,0x019165a2,0x9ffad984,0x100c6b24,0x55341a9b,0xbbf1b1f6,
        0x25dc4cc9,0xe6bd1d97,0x2bfffe60,0x52850ed5,0x7e5509ab,0x24e992cc,
        0x4ceb59f1,0xff6c502e,0x1aa7d148,0x2f0b3573,0xe7e3aa46,0xe90c1ddd,
        0xd1142880,0xbaec9f45,0x65be5dd5,0x475cfd26,0x1febce13,0x83abb14e,
        0x80942d30,0x6aba4829,0x297e82c8,0x1e1b235d,0x50d8218d,0xb771cdbe,
        0xd94d6cbb,0x88599266 },
      { 0x155ccaf2,0x08847290,0x7c5b773e,0x8679ebc7,0xb2dd08ed,0xa88b2dd1,
        0x87d475db,0x960a180e,0x6694d02a,0x80fdb6b7,0x3f3f9e96,0x3e8758c9,
        0x4ad836c4,0xbda3f6fa,0x32fb387d,0x9400c581,0x2550200f,0x25a78542,
        0x776ecf18,0x2a97c351,0x566db59a,0x03ebf46e,0x26545eda,0x4743a280,
        0xcf74ab44,0xed169d84,0x88cb3f69,0xbaab931d,0xd8257196,0x70ae932c,
        0xa0c09719,0x797224a6 } },
    /* 71 */
    { { 0x441f3567,0x632923f8,0x2e24bf1d,0xc11c3168,0xb7671fff,0x4b97726b,
        0x7a5e1a22,0x601746a7,0x3addb417,0x53dddea0,0x7f59b846,0x57867a3c,
        0x56cd7ff7,0xb012a987,0xf19ba9a8,0x1bd5fec9,0xf8306748,0x750379a2,
        0xab8c05d1,0x7763445d,0x7903f42a,0x5d7f441b,0xa903e46d,0xc011674d,
        0xadd126c1,0x1b1d3c4d,0x61455b40,0xa2752aac,0x555c356e,0x4da42a68,
        0xd820852c,0x3ff09c15 },
      { 0xf9cb7784,0x4c0a1bce,0x2422f305,0xaec539bc,0x0c414aa7,0x5f40f9fd,
        0xffd42bc4,0xd3aa316c,0x2f358e15,0x42f5a4c3,0xd6e27682,0x00bdcd9e,
        0xf8a5ecee,0x069f789f,0x05e14f5d,0x8078018e,0x8b40c741,0x2bb3e493,
        0x7917f72d,0x5dbc8c1d,0xcc57150c,0xe0eea664,0xc3fa8920,0xa25ecc5a,
        0x1c797164,0x3c21b0f5,0x634ad16b,0x8f09a2f2,0x58391d9a,0x8e730fc5,
        0x4fdfae4c,0x47ef1805 } },
    /* 72 */
    { { 0x3da285e4,0x9965f3d1,0x3a01e3f4,0xba7d4dba,0x61214ad0,0x4738413a,
        0x22397549,0xd3b7d535,0x5a730b92,0xa53dbdcf,0x332d165d,0x3130d92b,
        0x82f97ef4,0x44a28541,0x44dce1b6,0xbf62221c,0x7e2a0ec9,0xbba13858,
        0xcbfad998,0x33f32c8d,0xb5fed44b,0x409e5f3f,0xc66217bb,0x5c328c65,
        0xfcdf71a9,0xb00db69f,0xb8920788,0xa23c2a21,0x3ae6464b,0xf8ab28e6,
        0xb8de0861,0x1a6b6e9c },
      { 0x06af77aa,0xaf6ec2b6,0xa887f065,0x2e60f5cd,0x9f498c56,0x87d21400,
        0xfcbaaf4b,0xdb595b59,0x271ab855,0x0fb592a1,0xd4349b0c,0xa0ce10e5,
        0x887d8c9c,0x9d6187d8,0x154bd6db,0x03ee95f9,0x5d06c999,0x8fe53213,
        0xfb6a64d0,0xf4a7bc30,0x66a4cb60,0x3d22af0d,0x5d37367c,0x16952cef,
        0x997d8e55,0x6f0ea734,0x731732d0,0xb447c70f,0xa9cb3942,0x00ab3034,
        0x28510fd0,0x79dd0180 } },
    /* 73 */
    { { 0x3ac7424e,0x04e0033a,0x60fda4d0,0xdb06b688,0xbcb772fb,0x236a9766,
        0xf297cda4,0x294a8e2b,0xdb013c6e,0x4b0aab85,0x8723a3ad,0x3d2aec98,
        0x13c84a6b,0x0cae32cd,0x70ec169e,0x21888f5e,0x42a88262,0x739633bd,
        0x7b60d9b8,0x68ac792e,0x10769fe1,0x89f2b722,0xd24bed34,0x8f3fcfe6,
        0xa3eb24aa,0xd35efb88,0x484c706b,0xddecfa3f,0x929ece0d,0x7cc119a9,
        0x8d405436,0x87e5ad45 },
      { 0x7d1000a7,0xba99aa9d,0xae823833,0x8b94affc,0xdfb83dc5,0xc8229628,
        0x845a418d,0x2f59fe11,0x5d417054,0xa8b970f8,0x72b71581,0x8918c265,
        0xc0d1dd17,0xe4ef477d,0x3afad7c0,0xb50b4cf3,0x01870a5b,0x21baea79,
        0xbb3a2868,0xc77087f9,0x124a59cd,0x7857531e,0x57f43239,0xed74c26f,
        0x0164c94a,0xd5f5ae25,0xf094bf74,0x6608b7e2,0xfdceea32,0xf4cdb5ba,
        0x990cc045,0x0b712519 } },
    /* 74 */
    { { 0x88d5c64d,0x5a290ca1,0xa7492534,0x0596d749,0x2a00e925,0xa04b0d3d,
        0xcaf7b66b,0x082cd02c,0xecdded83,0x912b50c2,0xff31646e,0x813ce9de,
        0xc75fff95,0x62ae70c7,0x7e2a4615,0x6f6852e0,0x03804fd1,0x320fd7d0,
        0x8218e8d9,0xb1a2a4dd,0xafc645d7,0x4918a6fb,0xe8d9fdbe,0xfb080fa1,
        0x4470b6ee,0x33d4d08a,0x6d974ef7,0xd2ba2077,0x69dae5d2,0x8ecb95a7,
        0x7d69596d,0x7a3f423a },
      { 0x9a929387,0x362d2ca6,0xcb1c1fff,0xabdb7581,0x7e51b6cb,0xd892ec9f,
        0x3a4e131f,0xee8d8632,0x5bd87561,0x4680e3f1,0xd4e7e732,0xe3a597e1,
        0x5581fefe,0x3cc72b7c,0xca8cae0b,0xf3e77f8a,0x5e2fd4af,0xfcc7d7dc,
        0x21355b79,0xdd3a4552,0xa2c07177,0x546b24f2,0x0689621f,0x415b532d,
        0x3f78163e,0x2be9af51,0x33d7ed21,0x27d63b9b,0x96802943,0xab019ef2,
        0x1623faf4,0x2da5fc55 } },
    /* 75 */
    { { 0xc8a5c600,0x62429cf3,0x3fe33e7c,0xa7a80c22,0x0a57ddcb,0x9ffda740,
        0x925b0c74,0xd1ae156d,0x6b100eb0,0x097a43f9,0xef943c81,0x169e945c,
        0x1128cf24,0xa1f734e5,0x419f0133,0x04387c4a,0x01044024,0xc007868b,
        0x90359cf2,0xe5416abf,0x478d54e3,0xf9c76fee,0x42a2173e,0x66219da6,
        0x9fe30141,0x61e03156,0x93ef247e,0xa0ff5ce3,0x072b6592,0x811792ba,
        0x70c854d3,0x855f0219 },
      { 0x847314c4,0x61fbfb6c,0xeb45b96a,0x97906155,0x6ba2afac,0x7102e146,
        0xab949781,0xed51f975,0xc110c4fe,0x9d2f5b17,0xaff57667,0x7ac8ce70,
        0x6eb244e7,0xe7366a21,0x551c65c7,0xdd1bbcec,0xe1a859de,0xb525060a,
        0x8ba7d2e7,0x7a048174,0xab8ea8c4,0xe1a2c541,0x6fdff078,0x6e7824c3,
        0x14874b04,0x79b49fc7,0x06b1f733,0x22ae337f,0x6f8fe6cf,0x1c352192,
        0x525d0797,0x292236cf } },
    /* 76 */
    { { 0x7d8b29dc,0xcdb8d80a,0x08ea648a,0xd17a2024,0xae92be91,0x7db12c5e,
        0xfda72fbc,0x1f347d18,0x9e760c6f,0x11374b40,0xd8e38d91,0x7361e8f1,
        0x739ac1f4,0x7714be9d,0xb4df5c4e,0xc1f9701c,0x6f72cae1,0xd9138ed8,
        0x6ad180c4,0x1c7fe1f7,0x9e2dbf9c,0xf8c185be,0x7c70c44d,0x835db269,
        0xb0d15b5f,0xf997cfea,0x61e6545e,0x5101445a,0x25184e5e,0x16b06884,
        0x7521e7aa,0x7cfac359 },
      { 0x3c0bc53a,0x81182167,0x7e751367,0x84b5ede3,0xa3657a18,0x3ca255fd,
        0xba1fdd98,0x096abbf4,0xc5da77d8,0x9ce8369f,0xaab342c5,0xf27b9ae7,
        0x972059f1,0x06c91bd6,0x914ecfe9,0xee0dab30,0x93f53f12,0xbb647fbb,
        0xffa57e0e,0x30c38a7a,0x9f2ad607,0x517d06ef,0xbb99dcc9,0x49728d87,
        0x446080a1,0xb0034af1,0x12b9c17d,0xcc810c3f,0x772a22a0,0x7225f14f,
        0x1ddf82bd,0x6ce3dc7f } },
    /* 77 */
    { { 0xa4397830,0xc07cd835,0xf4733306,0x4dd9290c,0x29989e8c,0xdd35d3a8,
        0x563d8152,0x79902559,0xe87de61b,0xf278d911,0x1024e35c,0x9c7340c7,
        0x4a0d0e59,0x2d444461,0xf32626a1,0x63e7608f,0xc4c9baa9,0x627a37e9,
        0x76fffd25,0x0c56dc51,0xcef2a1cd,0xcb6defc8,0xefc559d9,0xcbcc0d56,
        0x041cb692,0xe45f3fc5,0xe5161e09,0xcd05c239,0x5c3b559c,0x2a731ee9,
        0xa3d0a16d,0x85151122 },
      { 0x86ff19e2,0x782d0335,0x1da28603,0xc2c60daa,0x557c7eed,0xb2e78cfe,
        0x1bc4e8b0,0xa8f6f984,0x3df35c67,0xcc1f9b4b,0x4764462a,0x96e13603,
        0x7c7ae0b0,0xbf910b97,0x51435956,0x27c7f305,0xf631eae5,0xc14db15c,
        0x7e69b34c,0xa51d6142,0x5fc12ff2,0xdec82851,0xfb887162,0xfcceae13,
        0xde1488bd,0xda332ac1,0x2ee3e74c,0xa20374e2,0xf0ae069c,0x597ea1a1,
        0x77bdec04,0x8b1159f2 } },
    /* 78 */
    { { 0x2f961d30,0x4af71a44,0x7ac7248f,0xbdf968a8,0xb1a906cd,0xd32df87c,
        0x04abf925,0x00c10e26,0xb9f04d4c,0xb8711759,0x939705da,0x00d54e60,
        0xc9f80849,0xf7587433,0x6a7a2375,0x2e9abade,0x94ac17ac,0x5676d478,
        0xc202d99c,0x4ca0525b,0xabfae73d,0x95b8bcad,0x3405991b,0x2371ed38,
        0x458a99c3,0x2b69e47a,0x2b78c866,0x7cac0b18,0xe0232c7c,0x6ceaa79b,
        0x588f7459,0x0bd86433 },
      { 0x7e734189,0xdea1a8b4,0xcfe5fa17,0x52c5ac88,0x11437664,0x444a4d4e,
        0xaf9e9750,0xc2522308,0xd30c6b3b,0x78b1d0c3,0x4c6df477,0x2edae5f0,
        0x2ee88dd7,0x53131d9a,0xacc93e34,0xc4e380ee,0xa8db0e8e,0xd499b1ac,
        0x7f5d49d7,0x77348c16,0x1556ccd7,0xc9663257,0x2611d13d,0x65ce0e8c,
        0xb5a2fdcc,0x2c95fe66,0x8658faa1,0x26698832,0x31c32c98,0xda87d1f4,
        0xfcd91907,0x46650598 } },
    /* 79 */
    { { 0x6b4a5efa,0x4c6c13cc,0x1d07b265,0xc481989b,0x8bdc69c0,0x10b966ce,
        0x2c2531d4,0xf54cfaa2,0xcad0a100,0xcb5f1808,0xee5da449,0xbeb52538,
        0xbedd83cc,0xa6240085,0xd6255c78,0xe792dacf,0x2062058f,0x88371906,
        0xed1658c1,0x96615e83,0x7d28d542,0x4b549b27,0x83b75df3,0xeaf127db,
        0x17fbb942,0x4f60df6d,0xf6f7c930,0xd08631db,0x6018789f,0x17c38f98,
        0xb9a9280c,0x0c43574a },
      { 0x1d20cad0,0x76eb324c,0x8c61108a,0x90decb09,0x6f06d36d,0xa6e9d39c,
        0xbc0da197,0x6cd978ba,0x507ac5ce,0x5948b1c0,0xc5497eb5,0x2bd47164,
        0x4d5914e3,0x2a9c4c0f,0xa759f03c,0x772c5046,0x69ac847e,0xe7d7328a,
        0x3048b330,0xa8d57d0c,0x40f7bace,0xe60034e0,0xa85f1790,0x823d9193,
        0x5c859736,0xa6e9b66c,0x679e1022,0x22ca2c7a,0x09023fa4,0x00e7a19c,
        0x2726d5b9,0x324999f1 } },
    /* 80 */
    { { 0x7c834915,0x667eaed6,0xbc5eb64d,0x9f77aa6a,0x25d62011,0x729ebcb6,
        0x699fd9c2,0x0aee24f2,0x2b8d4f6c,0xe1eb5874,0x14c976d6,0x7f12710c,
        0xf6d9ea65,0x91390335,0x06b50064,0x668b7049,0x0876ee4f,0x65969a0e,
        0x2f9d9360,0xf901bf3f,0xb499e3ce,0xfb1a8651,0xf2dbcaaa,0x80b953fb,
        0x973b06b6,0x312cc566,0x3af36c64,0x3534d9c3,0x10ffd815,0xe4463a52,
        0xf18c2b91,0x57ea2b4b },
      { 0x8aa0f2f2,0x00f5e162,0x0e46bcaa,0x8c7e75c5,0xa4a2c42d,0x97ab479a,
        0x14baa202,0xb4f308ea,0x6943cc2e,0xa901bd14,0xeed58804,0xbb125fee,
        0x9d180f7c,0x6502c8f9,0x1580c61c,0xe5353919,0x27101ee3,0x7e278069,
        0xfaa72717,0x7a0a40a1,0x4c75b153,0x32edce02,0x538f1c22,0xda23660b,
        0xbe307d2e,0x4d511e98,0x9baee0b4,0x24276e40,0x7ff1f307,0xa78c3927,
        0xea7935c9,0x60480b46 } },
    /* 81 */
    { { 0x3872ece3,0x31087d66,0x955b70f8,0x5f29be7d,0x9cf95bb8,0xb50b4fc7,
        0xdbffa621,0xbae3b58d,0xe022ba5d,0x0e61d280,0x4181449c,0x78ae5117,
        0xcf555485,0x0b132840,0xb8ce0b0e,0x800ed1b6,0x78d5de3d,0x35dffdd5,
        0x69a56b47,0xf7e42374,0x8d910ae7,0xd5e32369,0x6313c7c7,0xb6ff52a0,
        0xa92de9e5,0x5a2fe20d,0xd12110bb,0x41b347d3,0x40c16f23,0xc5905edb,
        0x9a8f88cc,0x0774a0d3 },
      { 0xe3b6c106,0x3ae181ab,0x8de150b7,0x4ebe163f,0x6f354836,0xcf75b82f,
        0x3ac7ac16,0xaa0d2063,0x291722af,0x5c680668,0x11545553,0x73941e61,
        0xbf5de3f7,0x17127e38,0x1afb41da,0x32cfdf03,0x87bc8663,0xc6893c91,
        0xa62c9c99,0x75046744,0x962c1947,0x96866e2d,0x378cdf4c,0x489ec8df,
        0x3407fa32,0x3a60709b,0x551290d1,0xd37d2159,0xbab92273,0x9623d303,
        0x2432014b,0x08151954 } },
    /* 82 */
    { { 0xfb7b2108,0xf9236d89,0xad75f9aa,0x3ecc83cc,0xb4e1da11,0xf7c72b15,
        0x0315c362,0x552aeaef,0xf272fe3f,0x11e140ed,0x87843ee8,0x99d79bf6,
        0x1d9bb25b,0xce6b54fd,0x5b1bad74,0xb20b0e21,0x5b84c90d,0x54a0214f,
        0xfca6cec9,0x459bbf52,0x9e4df76f,0xe363c48d,0xd64cf17e,0x3045f84e,
        0xf62ada48,0x8402a167,0x6a74ca01,0x2c9e1bf3,0xf691c42d,0xe8cf9d41,
        0xc2c4b874,0x5abf2178 },
      { 0xf3b3bccd,0x4777966b,0xbe3e0caa,0x0047e0f0,0x8c7d5043,0xcb8383b3,
        0x946fd5fc,0xe77e3baf,0xe9ec0e87,0x79baa785,0xc8a18d25,0xd83c557c,
        0x25befcfe,0x9b96e5af,0x98c71b61,0x4f05d15e,0x77e62da1,0x081f991a,
        0xcbaa3821,0x1c6ec781,0xe54d9bfb,0x7522f65d,0x44ed1430,0xf5d05573,
        0x95cafdda,0x3035b31f,0x6378f5bf,0x47e67f43,0x5270b9d9,0x029f7cad,
        0x4d916a48,0x15ad1587 } },
    /* 83 */
    { { 0xaa588ae4,0x00de2ece,0xa371a232,0x552ebc58,0x71230444,0xd00ea934,
        0xe4b1832d,0xafbfa67d,0xb689e843,0x29216341,0x61f4e2e8,0x1f96bbbd,
        0x04c29dc5,0x95420684,0x42317fd1,0xc7fe3827,0x63483162,0xe0a0aec6,
        0x0700184f,0xfc2b94d1,0xfe1fbd85,0x07219973,0xfb074352,0x648b6ab1,
        0xc46e5392,0x23bbdaad,0x00fa56ff,0x0db8dd1f,0x866725f6,0x104815eb,
        0x52e81963,0x3f9c4cca },
      { 0x32ce637e,0xff36b297,0xf5d25cdd,0x81a15f2d,0x8b02ad97,0x1a1d052d,
        0xcfbab3e9,0x2e5f3bbc,0x614eeb75,0x60d2cbd7,0xcd5a793a,0xd4491843,
        0xcdba2144,0x2242cf75,0x88b99766,0xa20705e7,0xec77e132,0x64e12cc0,
        0xb61a9b05,0xb1c14df6,0x74825b5a,0x8fd97f04,0x3da31223,0x95604821,
        0x4d30c70d,0xde486727,0x1c12ee69,0xbcab8f15,0x668d893d,0x5dc638b4,
        0x223f574b,0x6479dad6 } },
    /* 84 */
    { { 0xb05f2b26,0x569044f3,0x80b9f76c,0xb35a294a,0x4290f6ae,0x8839fe28,
        0x026a5877,0x761cfb23,0x2e5ff9c3,0x768926b6,0x0b11c576,0xbae6cd20,
        0x72a03efe,0xdc857756,0xe1bad63a,0x0cae074a,0xd709d99c,0x3fe491a1,
        0x6501d9c1,0x76c5ded6,0xc32aeff7,0x1da6eca1,0xc57683e8,0x50849d55,
        0xdf98d847,0x9e392e9c,0x64d9a564,0xfad7982f,0xa37b98b2,0xf7c3bdb7,
        0xf0860497,0x1fe09f94 },
      { 0x7648cc63,0x49a7eaae,0x67cfa714,0x13ea2511,0x653f4559,0xfc8b923c,
        0x81a16e86,0xd957619b,0x3c864674,0x0c7e804b,0x1616599a,0xfc88134a,
        0x0a652328,0x366ea969,0x4bc9029e,0x41532960,0xae2aad2b,0xef9e1994,
        0x7f10bef5,0x9e2a8c52,0xc67bf860,0x73dcb586,0x844cc25d,0xf61a43fa,
        0x74eb3653,0xd74e7eea,0xdd240f02,0xf3356706,0xfd83bcb4,0xeec7694c,
        0xdb62526a,0x4de95786 } },
    /* 85 */
    { { 0x3deac2f7,0x4867d315,0xb61d9a8e,0xa084778a,0x0ab7b2d5,0xf3b76f96,
        0xcfdf4f79,0x00b30056,0x31ab8f4b,0xd0701e15,0x9c779d01,0x07f948d5,
        0x82675371,0x7c994ebc,0x48bad4c0,0x1104d4ee,0xbfc9d058,0x798ce0b5,
        0x309fa80b,0xc7ca898d,0xacb33eaf,0x0244f225,0x5b2f3175,0xd51e8dfc,
        0xa4d7be34,0x3e49ba6b,0xbda02b43,0x1760f4c7,0x4435275a,0x37e36a7e,
        0xe636980c,0x1c94418b },
      { 0x09dc1414,0x43a21313,0x43c93537,0x060765fc,0xdf5f79ce,0x6ff3207a,
        0x85d4cfca,0x6f18b1fa,0x63e995ab,0xf5c4272e,0xa82b3002,0x121a09e4,
        0x97147f16,0x82b65d1b,0x20a7fe26,0x4993c20c,0xe6716726,0x99c9cb98,
        0xfeb440a0,0x5a02d673,0x251b4bc5,0x3f3fa9e1,0xa05338ea,0x75dbc474,
        0x7b09f6cb,0x3cb4044b,0x80434609,0x6767da18,0x098ceac2,0x97851422,
        0xb55235ba,0x611bfbb2 } },
    /* 86 */
    { { 0xf00ad2a1,0xbdbaa55e,0x14a290d7,0x29efa85e,0xe92b1694,0x3b4a4768,
        0x11ec8130,0x67111bcd,0x88bd27b2,0x0e425702,0xd9a03c06,0xf28cf2a3,
        0xf318884a,0xbb7c8d2d,0xe3aaeb20,0xe2ea1462,0x43b85d77,0x33535804,
        0x554ee9bd,0x81ee4482,0xe6aa198f,0xeb2eee9e,0xc26c5944,0x7a5aa804,
        0x82ab167c,0xa0ef2da5,0x02fe21a5,0x5a2ab476,0x3370298e,0x169cb3b8,
        0x0eb3aa8d,0x86e6c544 },
      { 0x0b793d9b,0xede03321,0x1ddb5ece,0xf79fade1,0x68930b64,0xf73fda92,
        0xfe4fd1b2,0x06aad97d,0x92a4dc88,0x073a5b1d,0xbc976d75,0x8af8cbd8,
        0x63ce26c0,0x60b4abb1,0xdcb1fb06,0x9c8300a9,0xda95b3d3,0x335a594c,
        0xb37eac87,0x1f97d7d4,0x20eefaab,0xa3d2eba2,0xf3e828c8,0x3258c906,
        0x85ab7781,0xc832616f,0x8c28b617,0x72597192,0x3233b82d,0xcd7196bc,
        0x19fa126d,0x83867eb9 } },
    /* 87 */
    { { 0x22474edb,0x774fe73e,0x1a84e1ae,0x2a766394,0x9c6dd6e3,0x270329ad,
        0x14f8bf5d,0x00c4a415,0xd2267b90,0x3ce2ea37,0x11d24fae,0x12753015,
        0x263a1b78,0x7c14d854,0x1ae0b206,0x20c8401b,0x081f49fc,0xf32a011b,
        0x959c6df8,0x1e8123fb,0x800e1d06,0xa328dc7c,0x24259a9a,0x5876a378,
        0xb7ef6c37,0x23ada8b5,0xa93d4c9f,0x023f6b6e,0xffb6389f,0x89f5414d,
        0xe628b39e,0x4b26bba2 },
      { 0x5d318454,0xd30b1cb4,0xd7436cb6,0x123b749f,0x568a7461,0x3110c726,
        0x1c84fd1e,0xc85de123,0x08403d55,0xa5f8d6e6,0x9b1fabf8,0x395b6e13,
        0x3cfedce0,0xfe6d68c3,0x94b91110,0x1d90381f,0x2dcc6eb7,0xf0a8ea81,
        0x7e90ca2b,0x59e80413,0xc8a25c5a,0xbeb5fc07,0x5d84663c,0x009c253a,
        0x910b6a7c,0x00b15073,0x4108f8d5,0x8607da4c,0xcb901e65,0x02c3d9c3,
        0x2c9615c6,0x4d697bc5 } },
    /* 88 */
    { { 0xefa8fb40,0xe0db1ef0,0x5ba3989c,0x29021c5b,0x809d19df,0xa8d6fb15,
        0x4c1219e1,0x6b787b73,0x14ef05e2,0x6417e168,0x8f9796e2,0x449342db,
        0xbf84421b,0x2f878a5e,0xe94a4536,0xe71916d7,0xae119693,0x9818bba3,
        0x5768804e,0xec674be9,0xf8424f8a,0x0a26074c,0x466ce6ab,0xdbc93b9d,
        0xc920078b,0xb3f15a98,0x3870f1a3,0x9d10fd0d,0xe4e785a7,0xa61241d9,
        0xe6c8cd80,0x76ca87a1 },
      { 0xe02e48b7,0x4357fb56,0xcc09e9c6,0xfbd14b13,0x24069cf0,0xdb5f2435,
        0x2c3b01a9,0xf878165c,0xe6956dad,0xe549e7c4,0xbbd60b68,0xf2fe9538,
        0x059dc653,0x952f856b,0xb377fe9b,0xd3f60225,0xbfe908c4,0x6a0c7328,
        0xbc8f5f2d,0xce6aa2d3,0x24425050,0xf7213443,0x3d3b3ce5,0x17e1266a,
        0xc1677512,0x75b5e43f,0x37fb894a,0x15927062,0x2be3e375,0x15260753,
        0x6da3b7be,0x27e7f2c6 } },
    /* 89 */
    { { 0xe6a15883,0x638f65ad,0x66afdb33,0xd4a7e68c,0xd3f12de5,0x6207b6ab,
        0x37b87810,0x1c6ff950,0x64acf6d3,0xc0d44cb2,0xf2be78c2,0x163ac601,
        0x1636980e,0x1c63cc5a,0x95c9349b,0x3e92cfe8,0x41ec7220,0x7738e0d8,
        0x2d5fa961,0x6169d764,0xc3e028e9,0x2aa776c1,0xb16d5409,0x93dc5646,
        0x706df4d9,0xa0b27fb5,0xce9c6b97,0x9e991170,0x53c85f40,0xea8e42be,
        0x83246528,0x02e96437 },
      { 0xae78ea1f,0x91540add,0x7b670e96,0x51a1b74d,0xf7006826,0xf9936441,
        0x7d7520c7,0x8f97d6ea,0x69ce12e1,0x0faa6a02,0x79208342,0x2590aca8,
        0x75614436,0x7a483863,0xf381408f,0x07c6149e,0xd7853406,0x733bf584,
        0x9abbb6f7,0x8761b010,0xf528a09a,0xe4eb249f,0x2e00ae3c,0x08781ed8,
        0x2178effa,0x864c1b25,0x9d513a7e,0xcc1e62a2,0x1919062f,0xedb8b94e,
        0x4f16527d,0x739f53da } },
    /* 90 */
    { { 0x924adc5f,0x7a5f4a88,0xa818f56d,0x95646c16,0x7795f954,0x0ec49129,
        0xd19c5400,0x2b48753d,0x205912b4,0x16fa236b,0xe87a4946,0x6b3d65f3,
        0x045fd066,0xa7174a01,0x12a5e140,0xb6350313,0xa96b8623,0xa79c4b44,
        0x9ab003d5,0x7a339d65,0x3826f31a,0xc72f30c6,0x6f7090cd,0xb4e7390c,
        0x906ebe24,0x59ac6c36,0xbba4505a,0x39a7f06d,0xc58c413a,0x839991e1,
        0xa20e0e84,0x020c23ff },
      { 0xafc74661,0x120e4ada,0x277fc065,0x37bbcf63,0xb6dce799,0x41049cf6,
        0x7b161ba1,0x5b8d6b53,0xa9610fb2,0x22218431,0xdfdde769,0xde9ec9d1,
        0x42d80630,0xd32bfa4d,0x6244df4b,0x3885702a,0x45592dfb,0xcdedd1ed,
        0xfb4e01b8,0x0e1df45b,0x86e215b0,0x8f4bded2,0x6a937e6a,0x80935487,
        0x8130f723,0x415278ba,0x38a821f8,0xc6dc4692,0xfd8b4f8a,0x2207b119,
        0xf9269cef,0x76e7bf53 } },
    /* 91 */
    { { 0x27ebd187,0x5f128428,0xb65aadbb,0x8d3320ab,0x72258695,0xb042765a,
        0x8f0986ab,0xda3f33f9,0xaebff503,0x411807a7,0x825f71a5,0x25c776ca,
        0xff7df24b,0xc0de7bed,0x165f1fb4,0xda8b0f42,0x731f3ae3,0x5f3ff737,
        0x193e0a52,0x4cd1d7e7,0xb6b3ba46,0x8df84aa3,0xaa1f3782,0xba84b897,
        0xe7733ac7,0x6e7960cc,0x50981a21,0x4d46d6ab,0x7cbb80ed,0x1ec12c25,
        0x2b96ef09,0x79e7ad27 },
      { 0x8f30caae,0x3cd970dc,0x0a6ebef4,0x85cabcf1,0xc714616d,0x63c1863e,
        0x519e3a98,0x1c50db0b,0x64cb13d6,0xf39b8963,0x22547b69,0xdf67d81f,
        0xd67db0cc,0x7157abb9,0x889491b7,0xccca25ba,0x7a27e0dc,0xf689207c,
        0x0fd43281,0x34ae8fbe,0x5720ec09,0xa5d91f73,0xcdfd7bed,0xb2f61909,
        0x4a039e32,0x1ec10232,0xdb0d8fdc,0xd3c3d65e,0x4fe5005d,0x32c916c8,
        0x4c0bea94,0x7f8c37ac } },
    /* 92 */
    { { 0x43ac05e5,0x33ec1e54,0xcd8d3825,0xda4a4da4,0x88bf9e2b,0x86d88c0b,
        0xb53811dc,0x34d71dd0,0xa3c3aba4,0x655040d2,0xb61611be,0x2bc40949,
        0x279a4fa0,0x1c2d426e,0x3b065ac3,0x535a5aa2,0xc52ea890,0xdaa8a32f,
        0x9fddad22,0x5a5deca7,0x2ab3b26f,0x911f05fd,0xf37cd81e,0x5dace7db,
        0x90d16b8c,0x0e0e44e7,0xe4f5894e,0x15e68aed,0xfc92a74f,0xafe04999,
        0x970e7c2f,0x1d7703aa },
      { 0x3f0062a9,0xa8a4c81d,0xd96a20ba,0xe31eb2b8,0x864bd101,0x66dd98df,
        0x4413b614,0xba05f592,0xe9a555f8,0x51a67a0d,0x2e4b52d1,0xacc2f097,
        0x7184ab23,0xab5daaec,0x7c7f691b,0xce08b43e,0x76c427f4,0x520e530b,
        0xe423ebdc,0x7d352069,0x34df14ce,0x6b5e39e8,0x446305ac,0x3dcbf295,
        0xfe34cdc1,0x682cb2e1,0x111f5afb,0xd4ac45d1,0x47f296f9,0xc5ef63cd,
        0x93c20871,0x0a2c40ec } },
    /* 93 */
    { { 0xaf5747db,0x09bc384f,0xc06ab86b,0x3bad6086,0x9e7c1547,0xa406882e,
        0x55977abf,0x2d5326d1,0xda81deb0,0x063a9a05,0x524b6111,0x9a86e4a7,
        0x4ab2eb90,0x1402f87a,0xd5c600ba,0x7d0721d4,0xf289fdbf,0x1a2fd9a9,
        0xecde6f07,0xf5dce66d,0xdab9fa73,0x62171277,0x6c474bab,0x6d2dc49f,
        0x76eed033,0xdc017e1f,0x4da825d3,0xb97175c0,0x54b05e43,0x6c297e3d,
        0x56c9c87e,0x2efb4546 },
      { 0x8b21c064,0xa4712b00,0x4a70629e,0xd186fe42,0x9b74f0af,0x6435b340,
        0x7ec9e629,0x6965aa43,0xc4c60d08,0xdda14673,0xbf3057aa,0x0b656670,
        0x3ce86f60,0x7f05e840,0x04401a16,0xc05073a9,0x294e607e,0x16b1e638,
        0x69cf7046,0x20783252,0xe8ce7d3a,0x2941141b,0x7577053d,0xd38ad8d3,
        0xcaa6630d,0xdba68fb3,0xe9504350,0xecbeaff1,0x1d2d760b,0x9f5166d5,
        0x462891e4,0x337532ce } },
    /* 94 */
    { { 0x3a00bb9b,0x3f111853,0x45f66685,0x2d2ffbae,0xd4aee24d,0x9ae11a85,
        0x0341856e,0x18ba1e1b,0x2731349f,0xa9ac8178,0x545715b5,0xc13dfd4a,
        0x5daad2ea,0xa5f7423c,0x535b76a7,0x30a483b9,0xff873e9b,0x92e9ada4,
        0x723a1055,0x15662d84,0x8edac4e0,0xb935497b,0x39d8fa70,0x61b6441a,
        0x40d1589f,0x1541d756,0xf0a05f0a,0x62994237,0x6bb28908,0xfd8b0034,
        0xd4cd32bf,0x192a2b5d },
      { 0x365ced07,0x63576628,0x05de1d1f,0x029f32fb,0xbf40a7aa,0x6d17b9bc,
        0x9bb50a47,0x1b1b2a08,0x795a6278,0x9389abbb,0xb34fc19b,0x52cff60f,
        0x387d8739,0xf3ab9492,0x6920ccd6,0xa8f053e6,0x63a9b4f0,0x3ef2dd4b,
        0x51e82129,0x9ab0ede1,0x0838bfa1,0xafba0c0b,0x9ffc11be,0x2bd5a7ac,
        0x95cc0878,0x058bfd95,0xf8c2f0c6,0x686d48a3,0x1d9b31ba,0xc33abaaf,
        0x3bc0c268,0x632e2289 } },
    /* 95 */
    { { 0x15a1ccca,0x1c851d20,0x7e522bc3,0x4efe290c,0x18eab053,0x0b741d55,
        0xbc85e217,0xae656197,0x01cf8b29,0xae13141e,0x66948478,0x2e2cb593,
        0xc31bd8ae,0xeb57bb0f,0xc264e788,0xdecef5d6,0x9cb96d86,0x6fa856cc,
        0x279183da,0x2db16813,0x383d796a,0xf03f3820,0x1d0c6fed,0x58a456ff,
        0x8a6abd9b,0x25589805,0x83f96f19,0x339f52c5,0xda7e9ea7,0xcf6ded8f,
        0x5d1ccd45,0x68c3d9c1 },
      { 0xe6b392b7,0x67e26265,0x775d9509,0xcec1d9bf,0xd76514f7,0xe16abcd4,
        0x0de72e1c,0xd86f59b2,0x1adfb033,0xa66e43cd,0x05e457cc,0xdb344340,
        0x5681daa2,0xb67a7916,0xf0114731,0xc32e7bab,0xd3b1e961,0x066fe16e,
        0xf63d26e6,0x924e298e,0x541add6d,0x9bea0dd8,0x9982f971,0xef9500df,
        0xc5f076ac,0x5c876e63,0xb23d396b,0x55e12ae5,0x2ec6747a,0x09efbb36,
        0x233286a5,0x8f2055ee } },
    /* 96 */
    { { 0xb82c1af0,0x4a4ab9e3,0xf2cae264,0xfc65e9e7,0x60187d46,0x4feaac0a,
        0xe393b363,0x27d3f335,0x819bacce,0x9c9f7c00,0xb8aa6611,0x3f7418b5,
        0x372aae95,0xffa94557,0x8db38589,0x937d7804,0x6f1fbc1c,0xd10c86df,
        0xa2f0a0ce,0x48aebd89,0x367439eb,0xae5d5fa2,0x3f17d2d8,0x103a6a0b,
        0x411d9894,0xf233f68a,0x218b67a2,0x7fece8b3,0x2319bf06,0x0422540f,
        0x340d322e,0x1292c8c9 },
      { 0x0386463d,0xf5eb5587,0x0371d97f,0xd4bbc2b2,0x0b819c5a,0x1b364571,
        0xcf04ad41,0x0cbb42d6,0x66939ec1,0x5d819c76,0xa01847e7,0x8745ac13,
        0x1c7232e4,0x4f704b02,0xacb05780,0x2c9e58a0,0xb561e295,0x9523b8b3,
        0x79f9ba35,0x3384df00,0x1eaa9628,0x78231fc2,0x8aea2b90,0xa2eac54f,
        0x30d1c263,0x8075ed77,0xfb339000,0xacb44ed5,0xf011293a,0x92546ac2,
        0xeb821764,0x7c78762b } },
    /* 97 */
    { { 0x067902b6,0xb8f7d6fb,0xd1735980,0xb2823a43,0x59741ddd,0x062cfb12,
        0x4033f95c,0x6e391b07,0x68589b8c,0x3831d0a3,0x522290f2,0xe3474d49,
        0x222e1f3a,0x4dab14d6,0x53f08d39,0x8f00fcde,0x707f28f5,0x559917ae,
        0x068e607c,0x166aa0ba,0xd7e1f824,0x602713e7,0x4d6a328f,0x7c255540,
        0x9890cd2a,0x0d2e3264,0xeca0b20a,0xf2207944,0x52f4e09c,0x5c98dc07,
        0xd84de81d,0x69403504 },
      { 0xe5407206,0xf8b7b366,0x0d88fa8c,0x1ecf54cf,0xf7272e6f,0x6fefe548,
        0x81ab4468,0xd6531372,0x4e474408,0x52cb5f0e,0x6490737f,0x9e426b3a,
        0x4980d071,0x2576c19b,0x0f272caf,0x91f34628,0x468f31c9,0x78e60a4f,
        0x90844d89,0x8776a329,0xb951582b,0x8a55700c,0x14b1adbf,0xab1af365,
        0xfbd343ef,0x22ebff92,0xb7d81f34,0x32f9fb01,0xba6b30e1,0xad850e06,
        0xbc5f9546,0x6da9e027 } },
    /* 98 */
    { { 0x5c9490ce,0x21eee4c2,0x0df68381,0xa96ec4a3,0xa4a9368e,0xe6c607e0,
        0x4bc262f3,0xd8b0492a,0x460c34ff,0x0846a210,0x28df33cd,0xf7ff7a64,
        0x21827612,0x10c55044,0x149bcd01,0x9d25fce9,0xcfc613dc,0x725611cd,
        0x97f51ce5,0x159f7e88,0x4e8c08b5,0x3fa3bf31,0x75e7538f,0xea156115,
        0x91c84020,0xd1e0a951,0xcf02ad0a,0x0d2268ba,0x058b8e5f,0xa04c6ac4,
        0xb3515912,0x773b40b9 },
      { 0x3631cfd2,0x00ff2cdc,0x807737bc,0x14c4c2d3,0x338a5270,0xd600616a,
        0xb32cabde,0xd0e3306d,0xa70b17ca,0x336738ea,0x79f353ee,0xf2f4aa8d,
        0x576f3ad3,0x712f6ad9,0x89b2bce0,0xe4279852,0xda92ca30,0x05d8f94d,
        0xd8492dd9,0x9891d475,0x4d15e4bd,0x3e06a5ca,0x254eabbd,0x4725d4eb,
        0xc0ed513c,0x31394ace,0xbbfaae6c,0x7e0f9859,0x833fd137,0xdc125546,
        0xc56c4f75,0x12b46385 } },
    /* 99 */
    { { 0x932951de,0x810dbebd,0x5aa69c94,0x96959d42,0xecb2f08d,0x5fc49c04,
        0x2250b82c,0xac74f0cc,0x3aec4e1d,0x96a439a5,0x90499acd,0xc33cab9a,
        0x54d9b3af,0x2fccde66,0x3863ae8b,0xf4af285c,0x46febf88,0x2373373e,
        0x3c9ab7ed,0x751d672c,0xfe12020c,0xc1c51130,0x52f3e56e,0xad82402f,
        0xa4a64a81,0x3489ab7a,0xd9f163f2,0x0a1fb661,0x0e553317,0x17c69be1,
        0x7d88d417,0x61c1935e },
      { 0x3492ae43,0x2e722d9b,0x0538f05a,0x1ef89d95,0x200aab63,0xae77e588,
        0xeba4b117,0x2872c120,0x3a461cb8,0x5c2432c8,0xcb938f26,0x315b3434,
        0x8c4c7dc0,0x05bf2ac5,0x596b378d,0xd2e501dd,0xcb890c30,0xa8506c9f,
        0x7c361f0c,0x3d0af461,0x5a35cbae,0x21f7b718,0xf3fc0138,0xbd1035f1,
        0x8b248edf,0x74628af5,0x48c9cae0,0x8d6421d0,0x2ca18773,0x75e3da39,
        0x71d3db94,0x27ad0df2 } },
    /* 100 */
    { { 0x305b5aed,0x9e3bda79,0x5998d6a7,0x2c67d4a4,0x0f7eb700,0xc855e1d3,
        0x147d1c44,0xc18a7e9e,0xc89540ed,0x3ea99618,0x7e6bfd20,0xa53be20a,
        0xecc14437,0xc9487e64,0x34ef85c6,0x72979207,0xd5e1ebd5,0xfa0d4e71,
        0x4d48d6b6,0xfda2b1e6,0x66e200d4,0x782a1e05,0x5a5366a1,0x2a3c70da,
        0x1a473738,0xfe3fbd2b,0x7fe020e8,0xd7ef8c06,0xeacfb665,0xec686fde,
        0x6dd1542f,0x5d9b5e27 },
      { 0xcb3e472e,0x3637c5a5,0x30a1405e,0x2153d927,0xb4498558,0x009992e5,
        0xf39a0851,0x18f00ccd,0xb5c6c560,0x26237c11,0x1343540e,0x418ed408,
        0x7e7f3184,0xfef7cbf0,0xbf48576b,0xecd92366,0xbc94c91a,0x1b75be1a,
        0x4a162276,0x8e1778de,0xc5c6bcb8,0xc52e57d3,0x5ab71858,0x5cc382c7,
        0x3f6e39f9,0xe12c2c28,0xd62735fc,0x4c7e0ef2,0x835a5996,0xe071deb1,
        0xcbb8c766,0x24f891cd } },
    /* 101 */
    { { 0x6778c1e2,0x24ef60bf,0x00d5be5c,0xff49c03d,0x2f01a09f,0xec11986e,
        0xae096e58,0x59a728a4,0x7077984c,0xaabbcedb,0x870ca5a5,0xfb473bd2,
        0x4de30e3d,0x8c928c61,0x4f67abca,0x3fae7f9a,0xec21a9cf,0x83c2b2eb,
        0x9cd9b5de,0xafa70d62,0xc60b18df,0xadeaea59,0x4049b54c,0xd5fef7be,
        0x6dd310e3,0xfceebc76,0x8f6321cc,0x7748efe3,0x18ee8af5,0xfe9c32b1,
        0xd42df612,0x863ac3cf },
      { 0xb85a2fe2,0x0a36fca7,0xee429dc6,0xf3e70d08,0x141c3944,0x8c9ba209,
        0x67272a0a,0x306a8106,0xf968bd06,0xe69a1555,0x153c603d,0xb86f7e47,
        0xef56e4fa,0x9706614a,0x98780b4c,0xc0dc36b8,0x3a1d3263,0x43657fe2,
        0x435522c9,0x01f97a86,0xedfef679,0xd91897f6,0x6daa17a0,0xebbe31d4,
        0x85accfbd,0x6f179100,0x8f9fc1de,0xe0da6e32,0xe1e7142c,0x1c9d53db,
        0x8b86725a,0x3e3f1b1e } },
    /* 102 */
    { { 0x7b7fbf05,0xb7ea15c0,0x1f1a3882,0x992f11b6,0xd1dcd1bc,0xc9ddd95a,
        0xad0f7e8b,0x31f5b7fa,0xfca7ab79,0x2936e5eb,0x19a55be6,0x30f417dc,
        0x43cde554,0x1f6f4e43,0x82f044bf,0x971f5e65,0x4288c408,0x73c3b8e4,
        0xb807f575,0x61aac59f,0x818b58f0,0xa64ee2dd,0x97a3b0d3,0x6f7a0a60,
        0x0394b058,0x8b85ecc8,0xbfb3517d,0x9a059474,0xa79c3f06,0x89ad5977,
        0x700a8025,0x81208ed8 },
      { 0x14c4ce37,0x10935099,0xa1aa48a6,0xf34bb843,0x580d58e8,0x86007024,
        0xb375b8ba,0x6db42c49,0xed3bde83,0xac365524,0x649233b6,0x5521e1b4,
        0x64dd946f,0xbc7cc5d5,0xbfb5b6ae,0x9c14b035,0x0146c1a3,0x7f22ba18,
        0x872214f5,0x0b62fbbc,0xb4921764,0x3acfd7f7,0xcb4d6df1,0x5ff10da1,
        0x62600a91,0x660e2620,0x81d9167f,0x7ac7da9d,0xb6e7a199,0x6e8e260c,
        0x80deb3c2,0x44383fb8 } },
    /* 103 */
    { { 0xe44f9af6,0xe107f01d,0x8cb1fa1c,0x36381a4d,0xfb7dd493,0xe65be3ec,
        0x26a8839f,0xd0b8435a,0x3ec789d8,0xee60f915,0x2bcc5e1f,0xe25fea50,
        0x7e44a81c,0x0477c0c5,0x230ba5b8,0x349e9f83,0xde180dd9,0xdd42f32f,
        0x64a3d11c,0x8b039eaf,0xbeb7083a,0x80ef884e,0xf12742cb,0x288e60c4,
        0x720a0262,0x44156cc5,0x7253b77f,0xcd547de6,0xa6013a59,0x9829a6ec,
        0x0d548445,0x8aee708f },
      { 0x32c54409,0x18f22d9c,0x75ebaac4,0xa9ebfa46,0x86284981,0x90e2e928,
        0x6b3a8e0c,0xd0201f6f,0xbd77641e,0xc973016c,0x70170575,0xf926f2f0,
        0xfec0ce01,0x4984048f,0xf319d304,0xbf696211,0xc91a88c4,0x74b5c844,
        0xe0030a82,0x4c40fbce,0xe4f6d521,0xbed67525,0x29d67d1e,0xaf7e47cc,
        0xc21d3536,0xfa307db8,0xbbb29405,0x56b6c46a,0x033e805f,0xf059a7e3,
        0x6096a5a0,0x970f61fe } },
    /* 104 */
    { { 0x1bec8e4a,0x1bc53d23,0x35a6034c,0x8809ac14,0x509e464d,0x4ee081da,
        0x8a488235,0x496ae1fd,0x325864b6,0xa1ae9863,0x74cd069f,0xbaca13e9,
        0xb1d8a6b4,0x3738cc58,0xe76b9da4,0x5fa71f58,0xc7eb16fb,0xc919be88,
        0xad4e429d,0xf5c8f13f,0x2499f9ed,0x4583b671,0xa10d8bd7,0xbce20115,
        0x5790bb7e,0xf66d7605,0x482b78dd,0x9316aede,0x75f855fa,0xe0d8fb2d,
        0x5a7dcca7,0x404b5b94 },
      { 0x517a15c7,0xf9ee682a,0xef880202,0xaae4cfbc,0x5106a354,0xcee2c139,
        0x170febe7,0x5de60192,0x73d0c54b,0x589e39fd,0x8c9092b7,0x195c7135,
        0x0a7bfe5f,0xcb7ed53f,0xf61cc979,0x2bd9242a,0x5395f7d9,0x8d2ef16c,
        0x70b32f09,0x0d4ac1ca,0x52d185c1,0xa587526d,0x942d6195,0x2932b04a,
        0xa500b0ac,0xfe25a979,0x562fd230,0x5fa1f4ae,0x20da253c,0x60f55af2,
        0x83146002,0x7faa11b5 } },
    /* 105 */
    { { 0x6e402149,0xb0ba4f0c,0x963cc119,0x3584cc1d,0xa6527476,0x7740dc1a,
        0xc95715f2,0x3f77ff75,0x3f89fb0e,0xb2f234ad,0xef9be3ff,0x55159032,
        0x04237e82,0xfc9fb21d,0xa153ed93,0xeb2eff38,0x10041d13,0x89d53ae0,
        0x7f1bd828,0xcf2e545b,0x43953ea5,0xdd4a27ce,0xd85e75c8,0x00d2e5d4,
        0x241be1c3,0xeb93ed62,0x0242032d,0x1e53f25f,0xc3a4e701,0xb9957636,
        0xed98febf,0x14b63a52 },
      { 0x71c43336,0x7610b553,0x23a4824b,0x19dfd4a6,0x0286051b,0x7b97a2e0,
        0x8f5f1edb,0x86abbb9c,0x9b67daad,0x67a57d77,0xcd5ffafb,0x8ace506d,
        0x89ac3c63,0x85da9f95,0x75a3d150,0x081cbaa8,0xe9346ed2,0x03353d8f,
        0xa1f9a02d,0xb2ab61f1,0x3a659c71,0xb0cb0937,0x4f5df8a1,0xb7e0e30b,
        0xeb7d5a1d,0x77c4c741,0x728e5cf0,0x8f046c9c,0xf7c171ac,0x32dd0bc7,
        0x836d2655,0x02485873 } },
    /* 106 */
    { { 0x75a4cd8d,0xcd40dd23,0x97bcba78,0x132ca433,0x258d61f5,0x30c5cd84,
        0xda1e8e68,0x0a7ec059,0x1d65d40a,0x07a8f171,0xf4350d76,0x869e655e,
        0x5983ae42,0xb98ce6f0,0x9d8bebd0,0x7b61391d,0xb1ba5d49,0x3a529e25,
        0x1f6b2cf6,0x46f732e9,0x3fa3b629,0xbd66ec6a,0xc3ef0ed2,0x397950ec,
        0x5f08b476,0xee9008cb,0x965a0e2e,0xfd6be425,0x1177bc87,0x78ed513c,
        0xfe512dae,0x6798cedf },
      { 0x1b97c5c6,0x49e3f8fd,0x78c3b33f,0x39fbab3e,0x40f595ba,0x44274412,
        0x5d7d4376,0x174225b9,0x79c44777,0x880b3fcc,0x3296b245,0xdc3aca83,
        0x1734e184,0x55913df7,0x9c934472,0xa4db23d3,0xd1420a11,0xcebb3733,
        0xf3608bdc,0xb9d20cf9,0x30cfe13f,0xa618acf6,0x5f30874c,0x75f06b31,
        0x9f0005a5,0x506efe7f,0x01bfc9db,0x8aaea78c,0xf78e7c41,0xf9179255,
        0x52e96395,0x3ea7aed2 } },
    /* 107 */
    { { 0x5b06ae25,0x98617e04,0xcb5750ef,0xbcac148d,0x604c2ba2,0x91ea2f0e,
        0x76b78975,0x00c19f6b,0x651da181,0x79b9b6d0,0xc945705b,0xf3225beb,
        0x5c005bf1,0x30b435f3,0xbc24d86d,0x440b4482,0xd6373777,0x2b8f0996,
        0x1c44b4dc,0x65fd6c56,0x30906999,0xe9405ee6,0x08aa1ec1,0x19ff0924,
        0x3d2f2895,0xeef3246a,0xbc746797,0x016c3765,0xd0705f7e,0x62d2569f,
        0x05250044,0x6a8ad39c },
      { 0x46be7282,0xe45f020d,0x21380f12,0x9405afed,0xd5da6ad0,0x4cdca5bd,
        0x7f8be61e,0xc2d6f184,0x596b8178,0x20132953,0x7a8df954,0x8d3b1e7b,
        0x39572b4d,0x757c61bb,0x80cc3b56,0xd749b57b,0x37b3ffec,0x9590ff93,
        0x145dc94d,0x39bbb653,0x2335e573,0x70c1c606,0xf763feba,0x9c2e72d7,
        0xcc61b732,0x4768e424,0xaa73f2ca,0x777d2fa6,0xc5cb58cd,0xdee4dbaa,
        0x9cfae1aa,0x1a181179 } },
    /* 108 */
    { { 0x77575ed0,0x6f6ff62f,0x7d1da99b,0x18f14fa9,0x69efd7f6,0x2e72aefb,
        0xddc28633,0xc45ab4cb,0x586c5834,0xb0e20d48,0x39775dd8,0xd397011a,
        0xf4134498,0x0130c808,0xf5115ed8,0x2d408eba,0x0260ded9,0xc506a05c,
        0x19cab911,0x9e5b7362,0xe8693a86,0x4cf508c6,0xcc773617,0x4e71245f,
        0x95d89ca3,0x2f71aa1f,0x607bbc98,0x4bba7c6a,0x212b7fd2,0xf3a515e7,
        0x9230f5a8,0x7d2ddc75 },
      { 0x4ed2cae8,0x3d05816d,0xb9c00377,0x4cf6bc7d,0x646b08d4,0xc23e98e6,
        0x4b9c0180,0xf9ee6c61,0xef9179c1,0xe11c9a13,0x8ed9688a,0xa5b6147e,
        0xd06670a7,0x7afeb648,0x17685275,0xd670333c,0x75f9e8f2,0xa89dd969,
        0x37a68ade,0xbb57228d,0x454cb186,0x21a05d5e,0x063dd550,0x4810158f,
        0x4cb6caf3,0x92dd4f08,0x7854abe7,0x70c4d852,0x6e729d76,0x845969dc,
        0xb1bf40ba,0x5a52f87a } },
    /* 109 */
    { { 0x09ecacbd,0xed019e91,0x7b89bdea,0x6544023d,0x5707371e,0x7cc51f0b,
        0x16c8e217,0x14832b04,0x81259ab5,0xb1aa6682,0x23e361d4,0x6e100f92,
        0xe3a95c2a,0xe593eee9,0x16c10e26,0x699b6bbd,0x9473a13f,0xad487873,
        0xb274987c,0xf1c14dc5,0x2559e2e9,0x57dc0075,0xc3d47ad2,0x8449849d,
        0xdd527793,0x83df278a,0xeefd5b99,0x770e3ec8,0x76bd02a0,0x2ae58446,
        0x3e705ffe,0x17f02764 },
      { 0x29abea1f,0xdda4010d,0x2407ac4c,0x636b9695,0x0433218b,0x96a60129,
        0x163d534a,0xf221fc3b,0xccc20565,0x05ba15be,0x96285577,0x1238e54d,
        0x878804d3,0x1b144257,0xa89a9fe4,0x96fbf304,0x4be642b1,0xc8a7f06c,
        0x6e2b085e,0xdd1a20e8,0xff4a591d,0x8f7f27c2,0xa4a343b8,0xc17b0753,
        0xbb173d4d,0x684b1e88,0x3dc07bbe,0x3accea44,0x4c441d77,0xdb15c88d,
        0x53e5957e,0x0ef0309a } },
    /* 110 */
    { { 0xfa8e5b60,0x4fc25721,0x691c0bb2,0x646938ad,0x0b0a2248,0xe46d4b76,
        0x7de16877,0x863f9ac2,0x2721c630,0x503bb6ef,0x0b67fb02,0xf8c199df,
        0xe07abd39,0x78c1ed72,0xb32f0dda,0xcf9deb7b,0x6c3c89f3,0xaff726f0,
        0x1972225a,0xb7008b2d,0x4f145f5c,0x8f5a6117,0x457c4f37,0x4e0e6f8c,
        0x1c453c64,0x8bbdaa44,0xa6e92c80,0x57be326d,0x5d773561,0xa9bc3fd9,
        0xbb37b72a,0x3d3b6cc6 },
      { 0x9722c880,0x6e6f12cc,0x286b6889,0x3a1b6ae7,0xad2fafec,0xba1cc09b,
        0x43bb8bef,0xad64ad7a,0x97c3f4c3,0xa5af6a00,0xc353a91b,0x2afcb0d9,
        0x69ccbf6b,0xca13fcab,0xf2abc190,0x699a1391,0x23a247e5,0x2dbd5542,
        0x95488d9a,0xe206180f,0x1244cc3c,0xba9e7bff,0x87d3a365,0x29297abe,
        0xfa4ca5e2,0x4054fa38,0x67be1b6c,0xb390623d,0x78f41a44,0x1fa67c57,
        0xc7b544e7,0x2e946e43 } },
    /* 111 */
    { { 0xc60934ae,0x2980fddf,0x164206d1,0x2c3e7eff,0x416ed75a,0xf75e7f96,
        0x5cd0b2dc,0xfac60cf3,0x1faad87b,0xddc4bece,0x9849e5dd,0x753fa87c,
        0x2c1bf1ae,0xc5d516a3,0x14732b4b,0x565dbea8,0xce48696b,0x007ebe3a,
        0xcdb97694,0x40ca74d6,0x65e4e7be,0x3f5cd270,0x3aac4ebc,0x74847c01,
        0x43d6c3a1,0x6762e034,0x467a076a,0x690d8c95,0x1eda677d,0x768d78d6,
        0x0181d8c2,0x0997ce55 },
      { 0x965a0b81,0x9297746c,0xe5e12dfa,0x48b58be6,0x715f437f,0x5573b3c4,
        0xb565c459,0xe425e907,0x1582797c,0x4f43f512,0x8ea5474f,0xe5dafa6f,
        0x13de04ac,0x2aeb8fbe,0xe8a07c83,0xed7f95f0,0x662c09fe,0x3e012a6e,
        0xc742cf17,0xbf96e9b8,0xe28a1c45,0x8ea5759a,0x5cf4e2f3,0x475941b4,
        0xf901a019,0x7dd3c02d,0x70916b2e,0xe7a4deea,0x2fa9b988,0x50b272b5,
        0xd0917fe6,0x96f9f09f } },
    /* 112 */
    { { 0x2c310a96,0x78e8aac4,0xf7a2a734,0x32a98303,0x23962207,0xc46ca83d,
        0xd9541280,0xad131e6e,0x2cabe911,0x5791fc5e,0x841b6c68,0x50cb77eb,
        0x3d3c8878,0xaff93dea,0xf1007bce,0x06541f1d,0x55cdf1fd,0x4ee729c2,
        0x323e3972,0xe0f71317,0xad4d08c1,0xa2de7a41,0xa35e22bf,0xa9912abf,
        0x89b03325,0xa050122b,0x06514d4e,0x8b9e51f4,0x79d3e0ab,0x423c7aad,
        0x40b8fea5,0x71998e26 },
      { 0xceb6ed78,0x40140fcd,0x18534516,0x653cf377,0xe8d60dcc,0x0450b65a,
        0x9dac55f8,0xce6c1a76,0xae05686c,0x8a96a92d,0x12712562,0x2fe44762,
        0xa4f39425,0x747bcb50,0xfc531fc2,0xf0ec6ff2,0x10fe9ff0,0xc97c3447,
        0x9c792cff,0xfb488783,0x026fb019,0x552c5248,0xd804c290,0x4001a29c,
        0x35c8ca73,0x742b5ad8,0x6ee5dfa0,0xc3781f17,0x3dfa4ab1,0xca6b85f0,
        0x0b0d32ac,0x8389941a } },
    /* 113 */
    { { 0xde067dff,0xc0f062a2,0xbcb80162,0xd4f32690,0x0707a2bd,0x98cd990d,
        0xfae4a391,0x5afc63b8,0xb32ad814,0x684f1b7b,0xf199dfb1,0xb0a2dce2,
        0x48f25848,0x2260e17f,0xc2d5e862,0x7393db00,0x338cf171,0x9e88f854,
        0x02acf522,0x00679429,0x6835af3d,0x19157cb8,0xb8a2614c,0x2faa6f92,
        0x134ec46c,0x04ff95f5,0xfb7a8135,0xcf00626e,0xb37a4704,0x454b3d05,
        0x2694ec25,0x1fbfda31 },
      { 0xc8f69c77,0xfdebb657,0xa3df88fa,0x92a8278b,0xc1fb78b4,0x463b5571,
        0x11c71a33,0xd2066a1a,0x089958b0,0x10c88143,0xcf9d67a6,0xb975c7e0,
        0x73037b8f,0xdaa5d208,0x40bf5861,0x5ee5005d,0x7dba69a9,0x300e6ce7,
        0xc962cc74,0x893c3cb3,0x4cf84055,0x0ac98629,0x225c9d70,0x0a7ef63a,
        0xb91e47e8,0xfe184869,0x8c2f84be,0x1b9d7deb,0xc0e278bf,0x67788915,
        0xc426f19e,0x4f9488ca } },
    /* 114 */
    { { 0xdd51b8ce,0x610dfcd4,0x36230e80,0x08579278,0x36599562,0xedc7ff1c,
        0xe2cae877,0x905ead4b,0xe7967608,0xa1c325d9,0xbd38926c,0x3e39eddd,
        0x5f6f0a4e,0xda92c868,0xf47a0fa4,0xe16f800a,0xe5f60aab,0x50b4db5b,
        0x983853d3,0x3665412f,0x9b79789c,0x64b62250,0x4e0e72b2,0xea560058,
        0xe555c2bb,0xabbd4901,0x17292e11,0x378419a7,0xe174218f,0x6e0b5aaa,
        0x8f796b92,0x688e0684 },
      { 0x313b8f64,0xcdfef641,0x942c7462,0xaef11b7b,0x5c0d8abd,0x067cfb77,
        0xaf4041a9,0x608ea5f0,0x6935210f,0x23d5bd82,0x27917a08,0x5ab904fc,
        0x45d22d21,0x85dbb1fe,0x4d36159f,0xc3d5e509,0x1d39b8f2,0xaebb528e,
        0xf44acef0,0xdd5ca828,0x20c57a54,0x24209adf,0x78f95f44,0x5742b433,
        0xa9337d37,0xd11fa7d9,0xc64cfdb7,0xd66a0c09,0x9bb817ec,0x56e55b8f,
        0xe4c41265,0x1723c7e3 } },
    /* 115 */
    { { 0xdc8b43f3,0x9a6486d8,0x26409e68,0xfc3e0e61,0xd9b46003,0x1889c437,
        0x6284ec7b,0x3a850335,0x6a9dbaea,0x5a3665c4,0xe978933c,0x7bf6941d,
        0x69341490,0x1ed5a510,0x8cb8002d,0x664a7b7a,0x60ed0a59,0x603f76e4,
        0x1f4ebf27,0xc3e06ba3,0xf2c38a7f,0x296ced41,0xcf1db08a,0x2ac18f79,
        0xcde7a3b6,0xc919e882,0xdbf68b06,0x15e77d29,0x4e947cb5,0x21978baa,
        0x7630993a,0x84bf542b },
      { 0xe364f21e,0xc1decda9,0x012e557e,0x0d6cf345,0x588f90e1,0xba246848,
        0xe3b104b8,0x9f6dda4b,0xe3aef57a,0x6bf7a346,0xe8327ea9,0x210299fe,
        0xda95e6c7,0xaa99f487,0xd2cdf645,0x24ff813e,0x8bd414b8,0xd1dbb2d2,
        0xcafa1a61,0x065101af,0x9cdebda4,0x7d9f4b9a,0xe41039e4,0xaf41b395,
        0xc50adf42,0xe3e9e6ba,0x341e9e49,0x4f2133ae,0xcb157f23,0x4968c0f3,
        0xda068153,0x383f827b } },
    /* 116 */
    { { 0x6583ff4c,0x2ec46a21,0x4ad709e7,0x4e645a29,0xc04ca12a,0xdc66e9cf,
        0x9160a7e5,0x82f128f4,0x569c762e,0xbfb227b1,0xc2edb8e7,0xf80c7963,
        0x49a0f688,0xa7dafe06,0x2d14b8cc,0xb7e41754,0x86de40be,0x3a0c5c53,
        0x1db79331,0xf0d05286,0xfbfe071b,0xb902ce69,0x210e9903,0x61e46956,
        0xf703ebb8,0xfaef874e,0xdd5f78b6,0xf668947e,0x5af5ea3a,0x6fe86547,
        0x43f94625,0x3b121f15 },
      { 0x659275e9,0x5b26e847,0x6d0fce50,0x47581cfd,0x8aa3f1ef,0x55f5cbfd,
        0xe484e60e,0x1e7be315,0xfe9698e4,0xd8f1a20f,0x7ab04784,0x25d46da9,
        0x834cdb3e,0xa526db75,0x8d08a009,0x1fd408d9,0x5b5ca816,0xfc004b20,
        0x65e4bbe8,0x5b3e3bb3,0x759bb6ef,0xf50cc125,0xc2fac737,0xf05fa817,
        0xd273951a,0x9ee102d2,0xfecb3367,0x2a8e540b,0x2a6a515f,0x673446fb,
        0x37290c83,0x5505e1d1 } },
    /* 117 */
    { { 0xd15e68a6,0x0c3014a1,0x64dd35e5,0x6f9f0b26,0x03ad67f9,0x18c3742d,
        0xd2c14484,0x74818c0e,0x0d41a3cb,0xc5181169,0xc49f3e9e,0x65c8c83f,
        0x2c279386,0x9b260c61,0xced04e9c,0xf6086fae,0xfd7c4758,0xa7b2cceb,
        0x90297fd8,0x4b3c3133,0x09701ac8,0xca8264e8,0x508b3762,0x9f976a87,
        0x983a8dfe,0x5d582714,0xd9d598e9,0x350d2669,0x0f6fd348,0x85cb89cb,
        0xa574317c,0x617d80d4 },
      { 0x70022b67,0x4cef267e,0x3768b94a,0x80536bb5,0xd2784462,0x3153a566,
        0x38243919,0x49054d44,0x5df78c4a,0x8d11e172,0xd5a1e35a,0x9b252a71,
        0x8171e31d,0x07866c80,0x1b38a00e,0x0a8501db,0xce770236,0x2ed932b8,
        0x8edaf7d0,0xa2d77609,0xb93006e9,0x3aee5dab,0xbbfeb036,0xfaffc8c4,
        0x4e21b38b,0x077b9678,0xdca8e069,0x491fc59f,0x0e938471,0x3f624f55,
        0x7cd1780b,0x5156f508 } },
    /* 118 */
    { { 0x0206e8d0,0x58234e22,0x7f15af32,0xf5f6f5d4,0xd638950f,0xafab7289,
        0x7d4495f4,0x66ec4d09,0x68da80a9,0xad890c5d,0x64f8a36b,0xe4aa0920,
        0x0f4d5c5f,0x799e257e,0x24495e31,0x44c677ae,0xa5b8e352,0x720387b3,
        0x75a287b9,0x703790f4,0xc3c1f2f7,0x54895cc5,0x41a7fa41,0xb8680f9b,
        0xb00b008b,0xfcd47458,0xba6473cb,0x149cc838,0xac9be19a,0x78ed5f7a,
        0xb33765ba,0x5254599c },
      { 0xa21b54c4,0x08739679,0xb6497d9d,0x029ece2a,0xc8488640,0xf14f1a92,
        0xe9fa79d9,0xae48dcff,0x46c208db,0x14b911c2,0xdae3f69e,0x5ab0fbf2,
        0xd1edb838,0x180ac87e,0x188586bb,0x146fd718,0x5467cbd0,0x210eb654,
        0x1667cfee,0xaa239408,0xb73d1a60,0xdb125c1a,0x881c1cbe,0xde685300,
        0x37c30232,0xfe34c713,0x6f3c8d18,0xc6c6070e,0xb4af4e83,0x07e365ba,
        0xdcf82b45,0x22f0a7ed } },
    /* 119 */
    { { 0xea7f1b7f,0xe262791f,0xdcff09d4,0x9c3d8c5d,0x39c7dc58,0x86c2a9c3,
        0x4276e8c0,0x4dad4017,0xe9fe1d56,0x0a918f59,0x2aa810c9,0xb8d79670,
        0x4aa5cdc4,0xeb7a8836,0xe7afa72e,0xfc4c23bb,0x4ac86908,0x4dbb5c9e,
        0x6a0c7e6f,0x37e39013,0x49c218d2,0x855d7001,0x94b324a2,0xe475bc67,
        0x6287a071,0xc98a8dc6,0x5fb4323c,0x395a299b,0x0c0389e9,0xe186c3ee,
        0x16734c46,0x79f81e6f },
      { 0x364f3c4e,0x83f2c1f3,0x1367e14b,0x536b2ac5,0x5933e43d,0x44a6dcfc,
        0x10d961fe,0x34e59475,0x7e3f2aae,0x08234ece,0xbdea7f25,0xcb92e00a,
        0xa791a124,0x1efba4f0,0x1192d53a,0xc2086fd2,0xb51c8af6,0xfec0d0fc,
        0xdc0f1b5f,0x48d1b2ca,0x812dbe19,0xb07a388f,0xdedbdd45,0x40873a6a,
        0xd702589a,0xbc2a1268,0x17e27b64,0xbbf6e3a8,0x6d386e85,0x73ee5663,
        0x9de7c000,0x442ecd37 } },
    /* 120 */
    { { 0x8a2f90a6,0xb4cd1ae6,0x6f5ad0cc,0xf277d41d,0x401d4b8e,0x6a3828c4,
        0xd8376631,0xe817a134,0xf5e1124b,0x142b758d,0xfd6b95e4,0x25fbc69d,
        0xd74a9e3e,0xa30c9f5f,0xd89663ce,0x5ac0f163,0x0ce6386d,0x32a9eef7,
        0xd8ed5544,0x7a690ea5,0x9889427a,0x5de23ff0,0xeaaced58,0x75ad36a5,
        0xd3e18465,0x3514a6c1,0x7f093910,0x3d9162c3,0xe33d56e8,0x5c10add9,
        0x06aa691e,0x85176b73 },
      { 0x28a21e38,0xa32110fa,0x5773d538,0x97b6379d,0x2d020dc4,0xd3697bbf,
        0x961833cd,0x59177593,0xe5fa8516,0x6d7045fa,0x786ab5d2,0x3390f29a,
        0xdc4f5b70,0xac0bda30,0xdcc615c6,0xcca0240a,0xc5146d91,0x8e1f1702,
        0xa72cef87,0xceb472d0,0x0b669ba1,0x84840708,0x7e61aa0a,0x79b08f9d,
        0x4669560b,0x388160be,0x948eb71e,0x23935c2d,0x9431590c,0xd7fd83c0,
        0x6e5768b3,0x8ab154bb } },
    /* 121 */
    { { 0x353c4a96,0x28686003,0x905cd835,0x4e5c60e8,0x8f66f8cc,0xbd591364,
        0x9faccf9e,0xb6b80b98,0xe32639e5,0xbc1c1fae,0x278aadeb,0x2f6396d2,
        0x1898202d,0x00a796d0,0x3a474835,0x18ab548f,0xb31b0e3e,0xacd056c3,
        0x0164512d,0x15ba68dd,0x4b03f3bc,0x203836d9,0xd8f206c5,0xd64eca6b,
        0x9f1779b6,0x931a361e,0x52ab34a8,0xd82690fc,0x92922e22,0x342bb8e0,
        0xe00b02a9,0x1bfcdd84 },
      { 0x75a365d9,0x310b9a43,0x08d8fb03,0xd4ade15e,0xd742df83,0x9c9753d7,
        0xde318742,0xcf7309d4,0x3360ace0,0x1228e212,0xf7669643,0x1043d238,
        0xf90f5a53,0xfc2adbed,0x7b5f9397,0x41d64cb7,0xc446d010,0x5200b30a,
        0x231720fe,0xc3c8642d,0xb9aa2075,0xfcc0122d,0x041eae47,0x856e3b12,
        0x68c876a4,0x45864455,0x233606b1,0x1a1c7842,0x227757bf,0x9b766d1f,
        0xf7b9d4f1,0x25b78a3b } },
    /* 122 */
    { { 0x156707ce,0x90835718,0x4314f90a,0x9bdc2398,0x8be57dbd,0x017c885a,
        0xad63a4b8,0xd4bba225,0x15aacffd,0x5ce71b86,0x72954722,0x5f266475,
        0x4f0ad3dd,0x0a80f1f7,0xfc352ed7,0x010538a3,0x4203c6ca,0xf8a64045,
        0x330c73b4,0x2b2c7a88,0x02dcac1b,0xb3433ee6,0xed2b17c7,0x2e0499cf,
        0xbd6329c7,0x9f8681a4,0x36fadc37,0x38979946,0x92b7895b,0xdc5650c8,
        0x65a51cf0,0x70ab9570 },
      { 0x7b585d93,0x46778ec4,0xa633fe4e,0xca6d3610,0x4ea0311a,0x21da154e,
        0xbd64002f,0xaf22190b,0xd91cb7a9,0x9e633ac7,0xee6837d7,0xed13c31f,
        0x1616ee8a,0xda4a07d7,0x3afcd616,0xd78a2732,0xba14d694,0xc06696e5,
        0x4df58420,0x733754d7,0x2778e3c9,0xe85e504e,0x55b5a5c2,0x3055aa0c,
        0x8a3acb5c,0x313df538,0x2a088eda,0x5896acb5,0x84c85dde,0xfc8842a0,
        0x51dde6be,0x5fec9f79 } },
    /* 123 */
    { { 0xfe519f99,0x5ebc2c7c,0xe5410353,0xe396bd80,0x8a3988f3,0xaded9402,
        0xd601bda1,0x1c03b735,0x14ce64ac,0xfd302036,0x01240290,0x5837ebe9,
        0xa554097d,0xcaaea1a3,0xb0b88139,0xdce73d25,0xecb090b9,0x35ed412b,
        0xd63dab3c,0x99029ff7,0x062db071,0x555437d9,0x42a4c11d,0x277d2f56,
        0x24fc9109,0x477fa645,0x2799254d,0x7b12e9b7,0xd84c618c,0x7ad2ae22,
        0xce8ed195,0x0a8d5663 },
      { 0x0a21fde1,0x43ac5163,0x6903d849,0xcfcf5dd6,0x5fdd6281,0x6d2499ee,
        0x77a49a34,0x4dedc6f0,0x2875c06f,0x46bda2c0,0x347b8046,0xd0e0e0f6,
        0x5e67836f,0x1058169b,0xde8a8042,0xc961912a,0xa93b3d32,0xdf3fea0a,
        0x0c576bc5,0x9f138edb,0xd8d37e47,0x7971ad6e,0xcce5e7cb,0xeab85739,
        0x1d202b40,0x88a4b434,0xe3a1fd26,0x5d842557,0xb3a86f91,0x872fabd5,
        0x6aa4629f,0x95b93493 } },
    /* 124 */
    { { 0x99f951de,0x9998a701,0xf058db45,0x8fade596,0xf3d03dd3,0x4d479c1e,
        0x33b141d3,0x6e928d5d,0xacfe8a40,0x9a465800,0xc1cefa3d,0xd108ad2f,
        0xe013726e,0x64b96921,0x8e83bb9f,0xb9b6a6b6,0x1242e544,0x29f1e6dc,
        0x2f65966b,0xd3f8f676,0x5e105b41,0xa34dd096,0x16011e1c,0xd4e9139a,
        0x2515541b,0xeea4dc68,0xc822166d,0x6f8030ac,0x31d16124,0xbdc7ae1d,
        0x621afa7d,0x2e25ef51 },
      { 0xdd8e7357,0x2533cf8f,0xeaceddb8,0x333ba218,0x0784d2ac,0x68e3e31d,
        0xf2804ae2,0x1c927f36,0x77e7ad7e,0x01433d22,0x587f78a0,0x0b401cf0,
        0xaa0027ae,0x9dfcf036,0x1d9a46b5,0xc9e46c8b,0x1f288d32,0xaa6de486,
        0x1b8a043d,0xdd56da2f,0xf2d0bb56,0x346230e5,0x19defb56,0x19f0b6e4,
        0x21d2c874,0x55ec37cd,0xb70e45b3,0x3dbf0397,0xac7ce852,0xf0862a8d,
        0xe141f3d6,0x87979ea7 } },
    /* 125 */
    { { 0x7f1c747f,0x9b7e7b3f,0xc6e63369,0x151a4c1d,0xb372dba0,0x4273ff70,
        0xd3ee54fe,0xca6d2234,0xd33cae0f,0x12fc8e0c,0x5dd6f10c,0x27328538,
        0xf01a9cf9,0xc86f3fbd,0xe36cae91,0x5322677f,0x2fefea44,0x39a70033,
        0xce8af217,0x2c9ca328,0xf6a731f4,0xc0256776,0x66a96813,0xc687b3df,
        0x8db2eda8,0x194aab12,0xeec4febd,0xde30dc5a,0x979241b2,0xc052236a,
        0xc23d4c16,0x3ec98802 },
      { 0x4072f74d,0x0f9e760c,0xab594059,0xe78eb0de,0xc9b009c2,0xdb3dea40,
        0x38b59ae5,0x47e875f0,0x2b4daa06,0xf40eb436,0x090f3788,0x9a6a4f92,
        0xedbfaf8b,0xefebe9af,0x9867e256,0xf87f96a5,0x75ab6aeb,0x1e6fed23,
        0x3fdb13cb,0x17f2782a,0x70fa2621,0x5102c71e,0xfd4c0dbe,0x5d2b06ec,
        0x30347297,0x537cc268,0x2b67e780,0x8dbf5e2b,0xba25da32,0x2f633f3a,
        0xefaec914,0x3e9315e8 } },
    /* 126 */
    { { 0x239a9ea9,0x9255cfa5,0x0be33a62,0x20f3c690,0x9cb642bd,0x759eeb4b,
        0x00bae718,0x3316c546,0xf3410f84,0x874a76d5,0x90f129b6,0x123b502e,
        0x12851f1c,0xadc8f9a8,0x1b62408c,0xf57b764a,0x1a80777b,0x116ec01f,
        0x1f0ddc5c,0x746ecef2,0xe5a6a5a7,0x3c49d47c,0x06e955ba,0x1e15dbe7,
        0xb45d79b0,0x629c0c79,0x778d1087,0x11278308,0x8c6a22d7,0x22585dc7,
        0x0a682791,0x2ed02a0d },
      { 0x4daa2682,0x53043416,0x01359625,0x0e26d32b,0xbd867097,0x449c834a,
        0xee77ae2e,0x11a19d2b,0x3af6c169,0x39bd529a,0x5cd61054,0x36cca5c0,
        0xdc6c0fe1,0x6370a59b,0xb93d5135,0xca420d27,0x554c451a,0xd8730d45,
        0x96cdebf2,0xebd258c9,0xa50f9a05,0x0cb1b990,0x7b0f0151,0x69a8c97a,
        0x11d217e1,0x2cc36d34,0x752f75e8,0xf117688a,0xa09b2a61,0x1db01394,
        0xa9efd7dd,0x14627844 } },
    /* 127 */
    { { 0x232803cf,0x6bca3aed,0x9a96ff34,0xc1e4398b,0x74ab788b,0xcaf6757f,
        0x7e68c04d,0xc3a53e00,0x5cb7cd20,0x5f969c19,0xdc068bca,0xf28b65a6,
        0x1d863032,0xe3ca01d3,0x87808e14,0x9b733b81,0xefe618be,0xb5d704d9,
        0xb01b946d,0x276f3542,0xfbedddbf,0xe057e19e,0x903275ce,0x7d182f2b,
        0x880f7bc6,0x3cdc5f77,0x78476c14,0xd6f03d3f,0xa9ba5072,0x035f5557,
        0xb4029628,0x7acb57b6 },
      { 0x44e6b07c,0xd2413569,0xe1c7345d,0x451c4cc9,0xe273b9fb,0x407444d8,
        0xb88e34fc,0xfe496079,0xf152776d,0x77d184cf,0xc742299c,0x6d1033b9,
        0x77bf2897,0x29a0a684,0xee8f0420,0x59ffdf10,0x44bb56d6,0x4e17146c,
        0xfb9ae855,0x831d06c2,0xd93e7cd5,0xb2cb82db,0x3c96b607,0x83381c46,
        0x7549e2a8,0x06aed251,0x774a21d4,0xef97891c,0x8675fbdd,0xae9807c7,
        0x6363516c,0x6a5a05b9 } },
    /* 128 */
    { { 0x6a8f4f33,0x92e71ea6,0x4dea8f4a,0xf2fc6fc6,0xfee88461,0xd356252c,
        0x08954d08,0x59b0a83e,0x468ab766,0x5bd68c23,0x900f8d04,0x40281357,
        0x52b867ae,0x181c19c0,0x18764c41,0x986a5169,0x13575d24,0xcb01dfae,
        0x593677b7,0x17269ae5,0x46dc9b19,0xf6d17025,0xc40097c8,0x8de68499,
        0x259c407b,0x76df0032,0x17d29d8b,0x4091aad9,0x4a7ab5f6,0xa7f46d21,
        0x70ece48c,0x688054b4 },
      { 0x51a5b86c,0xf0d168aa,0x95777247,0x2437e4d8,0xf1720329,0xae844076,
        0x9647a54e,0x0a7ac87d,0x0405622c,0x1e597a4b,0xf0a79f2f,0xedefe5c6,
        0x4d55156d,0xaf3ef0c2,0xef047cf6,0x917fb04e,0x54b62137,0x3792799f,
        0x314be0b8,0x875ea32f,0x0c466b0c,0xe157c65b,0x7e218978,0xd28c90ce,
        0xcde587af,0xb90fc3ba,0x8b877bed,0xdd32d71c,0xca8e10cd,0x3b432200,
        0xd94f6e53,0x0021f419 } },
    /* 129 */
    { { 0x43519d26,0x2191122c,0x40a51845,0xbdafac1d,0x548bb89f,0xcc6f71e9,
        0x16844bf9,0x9ef3375c,0x178e8d55,0xe7789f79,0x1f8be1c5,0x04f599b6,
        0x2cbbde40,0x8088c99a,0x893206c9,0x8939a260,0xfcd30851,0xa1ae4bff,
        0xe08feafe,0x664cb3fe,0xff14aabc,0x61f38099,0x2a841ef9,0x0d8394cc,
        0x17f01db6,0x75fad8ad,0x6debb773,0x6fc34576,0xa4252512,0x1e716b05,
        0x29e1ed9f,0x79855880 },
      { 0x95106473,0xa2cb3aaa,0x5a61da04,0x95fafa41,0x539563c0,0xfd3c9362,
        0x95312b87,0xbaa48091,0xbf885c76,0x6c7e7582,0x230c78d5,0x70f6dab6,
        0x7747440d,0x8ce3051c,0xffdb6186,0x6dbebd14,0x190e4096,0xb0e041fa,
        0x6ee62e2a,0xba10c466,0x74f333d6,0x93d57e2a,0xfe7b9b66,0x006aadc4,
        0x06d2837d,0xfaf72f6c,0x910741ea,0x318cc5e6,0x65692477,0x9c502609,
        0x1d0fb08d,0x95d823c3 } },
    /* 130 */
    { { 0x140528a5,0x6aeebd86,0x53979bc8,0xf268c2ba,0x4ec144ab,0xb1bc9b8a,
        0x82a7d7ed,0x1efabb0d,0x4e0118d8,0xf12c70d1,0xa1c1558e,0x31607168,
        0xe4b7e73e,0x33e428b7,0x83aec9dd,0x63176637,0xe12ac35c,0x5172ffbe,
        0xbc17b2a4,0x37df0bfb,0x741f812a,0x4212f870,0xe2888f9c,0x3dcecbdb,
        0x756ca55d,0xa9dc15aa,0xb9028e41,0xf31918ec,0x6aeadb03,0x7ede0285,
        0x78654f54,0x0e2708d5 },
      { 0xcde20f88,0x2270cc53,0x5f5b1039,0x9338272c,0x5dcb1dbf,0x5042e19e,
        0xb72d74c1,0x4b3de219,0x2aaaaa55,0x16c49a8b,0xbba86ba6,0x008443e5,
        0x20cf1695,0xee6bcd72,0xa89abd11,0x59ffac6b,0xf115639d,0x2831217b,
        0xf34cba52,0xe4d28af2,0x0727a906,0xf27f03e7,0x69017766,0x6842c79f,
        0x7a81123e,0xcb3469bd,0xa42973b8,0x48c0f346,0x23990dbd,0xfc5784a6,
        0xfb299678,0x0d3dab3b } },
    /* 131 */
    { { 0xce29c3cc,0x8f8376e6,0xf016cbc6,0xcb0507ec,0x5e394ce1,0xdebff996,
        0x73c50d41,0x24fc526f,0x2d16ce3d,0x4edd5a54,0x91c13141,0xbb37bdd9,
        0xe33a8606,0xe3442ef2,0xc0629da8,0x2ae90337,0x592ab331,0x57faec64,
        0xd82b857b,0x1a938997,0xa3373176,0xad6c8cb9,0x9086751f,0x82595de2,
        0x18c17196,0xa81e97fb,0xbf697357,0xe4f48a13,0x5cb89f69,0xa1387c2e,
        0x5874b426,0x530b4eeb },
      { 0xbab7b5ae,0xe9f275a1,0x03a57bf4,0xbb69dc4d,0xa45c505b,0xc974dc4a,
        0x416ac402,0x726369f3,0xaed985dc,0x735e4e78,0xcdd446a1,0x0548d879,
        0x9e16b02a,0x84ceb069,0x789b11a6,0xf73f6fa4,0xb2a4e784,0x6aa0c41f,
        0x93a9b697,0xb1f76902,0xf03a8ab2,0x814cce00,0x844d66c1,0x64cb255b,
        0x30952201,0xb794e7d6,0x3da32271,0xe052d4e4,0x08b6a4d9,0x5278b2e7,
        0x80c6577f,0x90942552 } },
    /* 132 */
    { { 0x0d5b4c2f,0xd269a14d,0x5c8a649c,0x2b8fc59b,0xb0e37d4a,0x95becb3a,
        0x9111037e,0xfda1a768,0x94e35322,0x5810e05a,0xa178fafc,0xa24dcc12,
        0x8e3dce62,0x5c2c63b2,0x9452c444,0x995c3f17,0x42d45161,0x35330ec3,
        0xb4ef8129,0xa025a60a,0x8bae9c13,0x85493252,0xe2e3caf8,0x25d1a606,
        0x3649bf47,0xd44091ab,0x704ec5f1,0xc7d0afbf,0xbd8b3333,0x27bd1d62,
        0xcfe616f5,0x50570111 },
      { 0xf534356b,0xd0084ace,0x4b4b0fbc,0x9df1de05,0xcee04dc1,0x021afe05,
        0x361b78e1,0x64bde688,0xef78d38b,0xa324fcc7,0xeb0a5e4e,0xfeb372ce,
        0x65811996,0xef04fcb3,0x5eb0ab4e,0x7dce5d50,0x238c586e,0x1e29b588,
        0xbcd80037,0xde5e3197,0x4806b9cf,0x8bf5e451,0xd18e67ab,0x4330968b,
        0xf9f63fad,0x26a7d04e,0xb5c18bb4,0xa1c7f123,0x25dce22c,0x485b8482,
        0xd540e79f,0x8ff0b36f } },
    /* 133 */
    { { 0x3ff42cff,0x99f2e2f4,0x1c35317c,0xa3c19f9d,0xaba1b545,0xdb749392,
        0x4afa9a32,0x84232b05,0xd7dcd436,0x0b855d46,0x45cf9915,0x8ac35e20,
        0xf001a218,0xd7cf22c7,0xed408305,0x057d35ae,0x553ccfcd,0x25a4a519,
        0x93e2b939,0x5e565793,0x3422ec27,0xa20332b0,0x3ac53958,0x9b09005e,
        0x79e9b163,0x628051a3,0xfc6618d6,0xb4a0dc09,0x6748e7af,0x9e0e857f,
        0xc577d63e,0x71b28eee },
      { 0x99726bf8,0x4942b0cd,0x1c208f3c,0x1290a3b9,0xb0598eaa,0xfd7290e7,
        0xa25a9128,0xc6a7791f,0xc037d7da,0x2d33db24,0x70e2837b,0xc21efeb0,
        0xe3dae2a0,0xbf70d96e,0x85076027,0x43ed8191,0x4d4ad7e3,0x4aeb0aa8,
        0xe8c5b74c,0xbc75101f,0xad26ebdd,0xdbfb2a6e,0x6b78aa4e,0xba812068,
        0xe1159848,0xc94aa8f2,0x3eba5c4e,0x0d10d9db,0x6318295a,0xce7fec47,
        0x330d925a,0x7294711a } },
    /* 134 */
    { { 0x32bbd495,0xfce45904,0xbe54973f,0x330f4dd1,0x5d9c3f4e,0x006bee1d,
        0x59ba7204,0x40ee6078,0x42c2c768,0xc194fd3f,0xe9fe88be,0xa0e76b12,
        0xec2b0210,0x17cddddb,0x00811ec7,0x689d436b,0x284be9e4,0xa6a6ba37,
        0x007d4114,0xabc395b2,0x0f11e744,0xf8cdf9f3,0xe9396402,0xc5febec8,
        0xeeb46285,0x8a751743,0xc6e0d137,0x99bf8782,0xbeb292e3,0x3965e170,
        0x5801fd5f,0x001c39d8 },
      { 0xda4a0912,0xf4805cb9,0x4410bca4,0xd27cb76a,0xec71d65b,0xef3dcb8e,
        0x4816849a,0x780fbb2b,0xa8b24635,0xef6a7026,0x12c44e68,0x15625c88,
        0x4d7a74a8,0x624c232c,0x4b1631e4,0x81a77037,0xdb917c2e,0x04e4f7f1,
        0x1f61ed95,0x1d0465fd,0xcbde6e3d,0xb1048049,0xd7131fcf,0x637ce0c1,
        0x8ada4715,0x22e4dbc2,0xace99726,0xf7530c5c,0xee287450,0xa0160dcc,
        0xbb91af13,0x9132e670 } },
    /* 135 */
    { { 0x7996099d,0x8057efe2,0xa06e608c,0xb72344db,0xd0958588,0xeb4a8740,
        0x79e5aee9,0xe53daf06,0x908a2fad,0xc9560a9a,0x107e706a,0x7f4be131,
        0x2830246a,0x6d5f3d9b,0x27cca3e6,0xa5f8e8da,0x4c28f292,0xeb51dca6,
        0xf31dfd78,0x4cfa310e,0x2ca073e5,0x92e0c7c2,0xa40da683,0x102f1694,
        0x750d38fc,0x16bb07cc,0xbadae035,0x703e83e2,0xb4d3c9dd,0xea93c066,
        0x79940ed1,0x7d0b03e5 },
      { 0x4dd94c63,0x5fe7ea30,0x738b0b3a,0x57ef01c5,0xa14e6b4b,0x9534a78c,
        0xa5353276,0x07622cde,0x7c22d006,0xaf696a07,0x7d46b209,0x733c1886,
        0x626c2b4a,0x9654ccbb,0xa84f3c4c,0xa098d3a1,0x2d734b74,0x3596f9ed,
        0x5d551c90,0xdfd3021a,0x1ec5123f,0xe2ba7d2f,0xb2c1aa39,0xf9726925,
        0xf8eb2927,0xd2e75d0e,0x19192a6f,0xfaba712e,0x9b83e50e,0xa606b43a,
        0xdab5de60,0x31b1782f } },
    /* 136 */
    { { 0x4034db92,0x878dba45,0x8f34dc4d,0xa3977901,0xdf754c33,0x8d004f2e,
        0xcd563a88,0xeaa5954a,0xbb5ffad1,0xa29d6c89,0xb0d8bdb8,0xa8adf655,
        0x8cdbdb47,0xf7fb842d,0x80d3205b,0xb72e3a03,0x7cac7ca9,0xc335b0b2,
        0xd8a5475d,0xffc60bcb,0xeba4d25f,0x736f7719,0x0c50fca6,0x3d901c38,
        0x80c01900,0x1fdacf7b,0x5681f84d,0x75cf658f,0x5cefbbc1,0x57a7e634,
        0x3e07ed1f,0x6fc0fbe5 },
      { 0xb81b0e5f,0x496d116b,0x2ac853b8,0xd82dd2a5,0x327387f0,0x357e22d4,
        0xba912c59,0x3e332a84,0x49d5dcc1,0x8b71c643,0x438d85d3,0x0c982ee9,
        0xbf7fcd4e,0x90b9553c,0x38fed5e3,0x2cb39bbc,0x5ac42903,0xa2c67c9c,
        0xbf07da55,0xebf21217,0xa0b9e4ee,0x55ac05ad,0x8ee9e0c6,0x10bb12c2,
        0x48bb6e3f,0x5cf3aee5,0x8b046e91,0x4ae7269c,0xaa0e553f,0xcb266012,
        0xa94c8fc8,0x701935a1 } },
    /* 137 */
    { { 0xa4626dea,0xde58d41d,0x15b9039f,0x25ef66ca,0x3164e65b,0x99a810a4,
        0x748cfccf,0x9fe6daad,0x2f142fa9,0x7ab9a6bd,0x5d471796,0xa4cba168,
        0x6bc3a39b,0x12d30b36,0x8bf45076,0x1f46a5dc,0x1421ac0e,0xb868e529,
        0x59bba1c4,0x7a686206,0xda698b90,0x2b4b552e,0xe5453707,0x5039dcd4,
        0x9e90165f,0x42a07a9e,0xd7d45dfc,0xa838fff3,0x3b5ceb30,0x41991e5a,
        0x969ca600,0x6c961ec8 },
      { 0xc4e7eb46,0x703bdc1b,0x596c7b48,0xd6bac557,0x66afd74d,0x4f9917cd,
        0x656ce6f3,0x56355105,0x32497175,0x3d1fb50c,0x63effb2d,0xfda6783e,
        0xeefaa2bd,0xbd79f1f3,0x17af9ef7,0xa4efbe54,0x5a55b7a4,0x6cef6462,
        0x1a713304,0x116f3238,0xb95625a3,0xdb2a2a7f,0x0b027e96,0x6a0aa43a,
        0x4832b3bc,0x458fe5d2,0x5adfaac0,0x523418df,0xc49e7f9a,0xc05a89cb,
        0x69e24b53,0x830883d8 } },
    /* 138 */
    { { 0x02557389,0x959b1c62,0xadefc0bc,0x5fe5ce97,0x8330f383,0x893bbe7f,
        0x16cfb81e,0x27e0c6af,0xd04428fd,0x6f64e65b,0xb79e6182,0x53de9245,
        0x487e11ca,0x08a313c1,0x445bce93,0x65cec3b9,0xd67ed49e,0x33bc0314,
        0x30782352,0x69f36b24,0x93ad31d2,0xd78e5daf,0xc780890c,0xf2682b70,
        0x9e45efe9,0x7015c34f,0xe6cbafea,0x135d4ba4,0x7e3fcc6c,0x43a378a4,
        0x96638f8c,0x2376f97f },
      { 0xae575b99,0x0a6e1ec0,0x81b970dc,0x7e14cb4f,0xd3a73947,0xf00a3824,
        0xfb235a9d,0x0b4b9c81,0x5bf62944,0x8d15115f,0x1e165d7a,0xcfd35b43,
        0xb2ee3e3b,0x5d12fea2,0xf5182e7b,0x629984a6,0xc365d08e,0x4e43e2f3,
        0x30f36e72,0x99327091,0xfd345401,0x698b4a00,0xbaf96dce,0x23c4fd0e,
        0x23675554,0xa60ba0ae,0xb0325784,0x51bdac2d,0x215464a1,0x8ab4190a,
        0x6bf10296,0x8c461661 } },
    /* 139 */
    { { 0x2d1f36a5,0xeffca258,0x894c5f2d,0x0eded2b2,0x43ced84f,0x35a5cdb8,
        0xdb0e3b9b,0x290f8982,0x0719a112,0xcce0eaf0,0x39a362d6,0xd0e657e4,
        0x62697e47,0x5516a55d,0x8e636514,0x269e1f77,0xd50269bc,0x5e3dedcb,
        0x441c57c5,0xecec2300,0xc705578d,0xdb83f31c,0x1e489eab,0x1bdefb73,
        0x395fcdb4,0x20b678cf,0xff9db001,0x908cf91c,0x55f52cc8,0xcbebc6f4,
        0xb4c61162,0x155ea622 },
      { 0x876fa42e,0x94be2f1f,0x7fadeee7,0xab5e8749,0x38c865af,0x692e70f5,
        0xdf8059b0,0x16e99b84,0x8b5a7ac9,0x0ceb606e,0x2d463d2b,0xced23357,
        0x2a9a09a0,0x2d0f2623,0x3861fbdf,0x2529998c,0xc1be310b,0x711888a7,
        0x0d8aade3,0x9b1229c5,0x3b13533d,0xdbcf9b78,0xff029708,0x3ca746f8,
        0xda83ef88,0xa5a013a1,0x4ab28444,0x8e904d18,0xbcbd4aba,0x2fe84b3d,
        0x259058c3,0x8f570f24 } },
    /* 140 */
    { { 0x2ca9c508,0xdeb66c8a,0x69d6b780,0x2dc5bec2,0x88ead600,0x16d61266,
        0x49d72614,0x61841b97,0xce472e6f,0x41e40e6c,0x1fa7a876,0xada24264,
        0xcc3997a0,0x45b9fd33,0x7c15dcf4,0xb25e8fa9,0x12e9629d,0x0124ceb2,
        0x7db3d956,0x3a8c72c6,0x7c1a7844,0x8e2ded2b,0x6dd027ff,0x94ab09c6,
        0x7e7a2bc6,0xf89a057d,0xcf70c763,0xad8bf226,0xc8a26212,0x4cb268e7,
        0xb2c44c1d,0x3d171e87 },
      { 0x8ce49820,0x382ac16e,0xc0c44dc9,0x24ee45e2,0x73e858c4,0x0ec67912,
        0x46327cf9,0x918cb25c,0xc6159c1f,0x43e3876b,0x37545cb3,0xb6b6e0e0,
        0x5d12347e,0x64b839ab,0xa300d541,0x72e09274,0x881c1169,0x26ab28e6,
        0xeb75a843,0x4a580fff,0x359120df,0x0a5802ca,0x3209f4a3,0x7fee82d0,
        0x8e6a9380,0xb518016b,0xc2ee11ca,0xb99c6c70,0xab9d4ec7,0x16105af1,
        0x34cd9004,0x234e98f8 } },
    /* 141 */
    { { 0x14db9cda,0xff435208,0x96adec90,0x99cfdc47,0xaf458b6d,0x843aaa6f,
        0x743eaa31,0x3f1f7415,0x61735d81,0x915e192e,0x0ac595d5,0x3441a22d,
        0xc044bc8d,0x704bbf67,0xbe23a236,0x2f960471,0x15d1d557,0xcc326388,
        0x76b1dd94,0x9410230b,0x0c1c8a67,0xf2e5439f,0x833c910d,0x56b141ac,
        0x865b84df,0x467c999f,0x21f02b7b,0x1b0251fa,0x96216950,0xde5b5260,
        0xce3a1e93,0x6a2130e3 },
      { 0x4b3ca1a7,0xd21b67a0,0x00c0ce80,0xaf42ed53,0x932cf07a,0x22ccd368,
        0x5c25c35a,0x36523a81,0x8dd04d06,0xecdd3958,0xb2f93a3b,0x73da3502,
        0xd5e5b530,0x4c5e0c3c,0x13268777,0xef9f5486,0x1e742292,0xed87fefc,
        0xa24e5ede,0x6d9ac29e,0x33849f1a,0x08abc9f0,0x40f23905,0xb09b2292,
        0x7f934353,0x6791072c,0xe6aeb550,0x102a6381,0x96feb870,0x3ee07409,
        0x9c4d2830,0x34f06faa } },
    /* 142 */
    { { 0x2348f005,0x869dc79f,0xdf4920b1,0x9b5c5d71,0x6dee64a4,0xfd1b57ca,
        0xe82a4fb4,0x21b7f734,0xb9578366,0x637cb834,0x7d287d96,0xc934101b,
        0x0392ecab,0x1590f8ac,0x7f75f4e3,0x280dc373,0x6a61ac62,0x8b36f50f,
        0xa65568da,0x74f58304,0xd930870a,0x80d792a9,0xfc8895cc,0x6d17b192,
        0x4914939f,0x498392fa,0xd41d5b9e,0xaf36027d,0x5caa82b5,0x452d79e2,
        0xf4115d1a,0x764d47b1 },
      { 0xa2ee8b9c,0x5df22303,0x85dfcd48,0x1b9f72d3,0x10813a37,0x6b42b983,
        0x3de741f5,0xe28c523b,0xf303bb5b,0x0857625a,0xac9bf9af,0x926f299a,
        0x0d445b34,0x21beac08,0xd6ba2c0e,0x6a523a02,0x7fce2864,0xe302a1b1,
        0xe300c1ea,0x4516a235,0x7b4a9311,0x4543736a,0xc0cc89f7,0xd3c0b9e8,
        0x40ed88de,0x0481904f,0x3cb7fc70,0x4f269b56,0x321b9738,0x09a1d53a,
        0x230a3810,0x1c0dd9c3 } },
    /* 143 */
    { { 0xc46a7d9a,0xffaa1f67,0xbedf91cc,0x64743334,0x47a42f2e,0x45833a74,
        0x241ffaa9,0x67980051,0x335efe6b,0x70979a84,0xf08b2403,0x5f0613f5,
        0x64f211dc,0x6bb22fcd,0xa0572cfc,0xe1b8b2a3,0x7950a14a,0x19e0eb41,
        0x3eb6cd4c,0xe634bb29,0x470a25ff,0x31a04b25,0xa3d15a0a,0xa41f7ac9,
        0xbf2fede9,0xefed85ec,0x81b94a00,0x1f581f5f,0x9ef4a15c,0xaa3996b0,
        0xb06041bc,0x52d8be39 },
      { 0xfd631a2f,0xbd1536f6,0xb351a8dc,0x91fae7f0,0x9b126212,0xd1a590c7,
        0x2bd0f435,0x52d4875f,0x92b0ea70,0x9aedb6d3,0xb83ab89e,0x0bd0abdc,
        0x89fe192c,0x827a1062,0x102a0bda,0x6566a960,0xce036814,0xda083037,
        0x58639405,0x30bed79f,0xdbca8df9,0x972019b6,0xefdaa3f5,0x89201286,
        0x5236b892,0xb337b996,0x28fc2e73,0x11d3e38e,0x880e8da3,0x70787f41,
        0xdae4a45d,0x6cff6367 } },
    /* 144 */
    { { 0xf89a8bb4,0xbd3d0433,0x93b98f71,0x42144c33,0x03470a2d,0x82b616c8,
        0xe5da089e,0x98fcc757,0x7bf5fda6,0x542354ef,0x9ebd34cc,0x1885c253,
        0xbec5dd0d,0x2e20b285,0x782a1bca,0xe71bbbe1,0x9b854ef0,0x959ded30,
        0x8997fa6a,0x17249979,0xd81f3c45,0x50cf8fa8,0x60c11152,0xa9a3b517,
        0xecf845ea,0xc9b0ef7d,0xb9fed11b,0xc9339e23,0x28256080,0xc93e9c5c,
        0x613ec1e7,0x1d2c8217 },
      { 0x987cfc93,0x7381347d,0xf187f810,0x047603bb,0x1250ca31,0x3fa6bc9d,
        0xbb055bf3,0x480091e0,0x3a3af87c,0xbdf95f1a,0x140540ab,0xe2687770,
        0xd7fe045b,0x998df730,0xb723bc2d,0xb398135f,0x15ebec46,0xac230f8c,
        0x5f5561c0,0xe08e1830,0xda60a47f,0x7c0fbf4c,0xe16d4bfc,0x06e95c24,
        0x74617e92,0x74163495,0x4ae0c20e,0x39719869,0x2131e2b6,0xfe269312,
        0x0a537722,0x25486e36 } },
    /* 145 */
    { { 0x53572806,0x618795ca,0x656968e1,0xb2c89449,0x3fb323ae,0x149c2c97,
        0x409bc7d6,0xfb15de26,0xc79121b3,0xa90cda72,0x204cabbb,0x6d2fa14e,
        0x91604125,0xcbcda6f7,0xb435f947,0x25086261,0xc282eb10,0xdb686c38,
        0xf1a791cb,0x51016d62,0x61a2266c,0x6b1c7ed1,0x271d74a6,0x26780666,
        0x824287a4,0xb5ffeda1,0xbbe4f0f3,0xcbe503ff,0xb9482a74,0xd7f7f0be,
        0x088493f1,0x751b2358 },
      { 0xe9c9be68,0xd597b9d6,0x67d10c6c,0x1794b5c4,0x7762b2f4,0xa88cdc3d,
        0xa1b44e11,0x6d94a63a,0xaaa8eca8,0xfb0bbbb9,0xc963d87f,0xf4b0f2d0,
        0x5dc7075d,0xb753062c,0x49933989,0xfed726ac,0x57f9ccde,0x5da60638,
        0x75f8c766,0x221c392a,0x5dc672ca,0xcd264d95,0xb66ecc8d,0x7004ff22,
        0x18a458ba,0xfb1aa9ae,0x8babd653,0xea9644df,0x2ba0de7c,0xa9378e80,
        0xca2c6c75,0x144cc12d } },
    /* 146 */
    { { 0x2989aa3a,0x593a0a1d,0x59e6e64d,0xd83f2283,0xd32e732e,0xe938b0cb,
        0x3c3cb249,0xf4c464c5,0xf89ea6ac,0x9750a5f8,0x346cfc32,0x467e5bbf,
        0x37b2b809,0xc9bfab9d,0x3b339c6d,0xf8eb7453,0x3b766dee,0x3fe01fbe,
        0xef6aea27,0xb3154254,0x7be61b10,0x555c3df2,0xdd818488,0x70fb6d81,
        0xbbe714f9,0xda1af3a4,0x9d18f693,0x575f2017,0x2465b839,0xdc08fc6b,
        0x6b84a951,0x874ecf33 },
      { 0xbbb3f6be,0x624af83e,0x08bb423d,0xf578fbb9,0xd7873527,0x5623b0ba,
        0xa62e0442,0xc3659bd8,0xfe236f79,0x2903b167,0xe53f26a6,0x55a430c6,
        0x3ad712cf,0x222547ae,0x76eb272b,0xb73890d7,0x3d628df9,0x95b4f70b,
        0x53eae4ac,0x9f0e13b0,0xe7f2174e,0x5b4f5138,0x98dbae17,0x75482cf9,
        0x44518480,0x2b69bbde,0xcafef15c,0x4f279652,0xb6bcaf19,0xa0a3ef2b,
        0xce4c634f,0x31fb8581 } },
    /* 147 */
    { { 0x615cd607,0x398306d1,0xaa32c3a6,0x680c9faa,0x7779131d,0xe87a705b,
        0x36708b00,0x1031013a,0x9445297f,0x814fa0e1,0xa6a79b56,0x70c5583a,
        0x4b16bed4,0x03039cbf,0xaaaaf8d3,0x18a7ca8d,0x5cdb68a5,0xf33159e7,
        0xd23814fa,0xdea0e738,0x8d0f4f9f,0xeb352718,0xdcdff032,0xb0b76609,
        0x3d48338b,0x65ba8ea9,0x55dd507a,0x18044d82,0x4a4a50b4,0x844a223e,
        0x18e19e54,0x98323000 },
      { 0x57f3d5a6,0x28a21027,0x6e8cadcd,0xffce5648,0x02551f3b,0x9590381b,
        0x935ebdf1,0xb26cc64f,0xc083aa6e,0x60611291,0x88e4cf41,0xcd988a66,
        0xdd53b1b5,0x581c3f73,0x77fc621d,0x78c804a9,0xfadca2fa,0x31874330,
        0xc83ccf02,0xf7008da4,0xa79a4707,0xc4122a1d,0x4a915eb5,0x9a8e0d3f,
        0xd0123660,0xa2de157d,0x65ead2a0,0x45ef43b2,0x188db285,0xd0a22ade,
        0x922e0caa,0x8abbe39e } },
    /* 148 */
    { { 0x3a2d2f01,0xb4446905,0x5dc6685c,0xd27c3193,0x1d74a027,0x6a908bbf,
        0x5b50ec1d,0x01da350f,0x3f3c2e26,0x1d3dd45e,0xb836ee92,0xf66e11d0,
        0x474b979c,0x7e03908f,0x98b87834,0x19e7c5b9,0xbd3d1de9,0xa741d3fe,
        0x1ef6059b,0x63c68e8d,0x3674e247,0x9b9ff939,0x3e7e67f6,0x1d7d53e7,
        0xaee9e248,0x698dc326,0xb3bd984c,0x52f23eda,0x6f8fe8a7,0xf95e31b0,
        0xc3d0ba95,0x0f15b4d0 },
      { 0x790a8d85,0x8f2f6635,0xe2595af1,0x51bffbae,0x24b51287,0xd15b7ec6,
        0x3234715d,0x7639b6ab,0x2bc5441d,0x0cdd5299,0xf6d05833,0x54800ea4,
        0xf6d6e360,0x21efd752,0x19290613,0xc0b7ffe5,0xeea898cd,0xb68a5825,
        0x22982266,0xecedba92,0xbbd06bb2,0x678a91b0,0x4bb6b0cb,0xb2436dc0,
        0xcaf8ea98,0xcf7a99e7,0x71aa05bb,0xb92d0e6e,0xf5993eb1,0xbf8d0471,
        0x20385ddb,0x515db378 } },
    /* 149 */
    { { 0x6f5bef22,0xee43eaaa,0x20348712,0x952d2698,0x7a3af6c6,0x1e4c484e,
        0x9a8c9403,0x18d434c6,0x5001899a,0x63e5d741,0xfe8ea40c,0x5238dbbc,
        0x96798721,0xca6cc8d2,0x04acbde8,0x73db6aee,0xb7f993ce,0xbf69328d,
        0xad45e334,0xa3f79bbf,0x7c1f1630,0x8c51ec93,0x9b00a6de,0x4907325f,
        0x12d82bc3,0x49e6acb4,0x0ec59fc9,0x5901b36d,0x9cf34e3b,0xcb09b710,
        0x1abf4c02,0x2de0487e },
      { 0x8dd9d484,0x18b722f3,0x7c77bacc,0x83349393,0x93d92b8a,0x58dbb8f1,
        0x8e3fac25,0x80d78d50,0x745f4a7d,0xf0500981,0x877cc29d,0xd072bfed,
        0xc30a89f8,0x67abf8f2,0x9a0820d7,0x92c567ea,0x8a3a5738,0x425ab12e,
        0xf055521b,0xc162faeb,0xb94ea5e9,0xee1c4f26,0x3d71e546,0x1e414994,
        0x43e8be1d,0x258183b8,0xef9eae0b,0x44917c82,0x73874a30,0x6813a457,
        0xcc42f86e,0x6f6ac071 } },
    /* 150 */
    { { 0x4dd6e3b1,0xd38822ad,0xad620869,0xfc78e1cc,0x2cacde80,0xe7843845,
        0xa8469fe3,0x121cc14a,0xe67e8ef2,0x8e8f3da7,0x4d347448,0xdb83d16e,
        0x798631f4,0x3ba1dd98,0x0a4c4c17,0xdfab5977,0x3edc701f,0x1f0a1306,
        0x6cd8ff28,0x4649d601,0xbcc55bc9,0x2267230b,0x5760412a,0x02a19c60,
        0x328faef6,0xc719d5f1,0xf67eaad9,0x27cb969e,0x719bafb5,0xf342530e,
        0xff5a82cb,0x6e2c24cc },
      { 0xadaf8793,0x6313024b,0x035c948e,0x944bccf1,0x953500bf,0xe9a066b7,
        0x1d116765,0x7991a946,0x9fd93c78,0x95addb2e,0xe92e5495,0x05d2c037,
        0x9f03e5cf,0xcb145b18,0x95aa1f72,0x81ae48ca,0x135a6e4f,0x203f2702,
        0x49b2a7d5,0x2bcef5a2,0x02d7f2a3,0x0687a900,0x6c6745b0,0x2f7d3228,
        0x86507305,0x3da8a875,0x2e8dc58f,0xbe38b884,0xdbf11185,0x6b48bf34,
        0x97c08f91,0x5af7fd0d } },
    /* 151 */
    { { 0xf4a224a5,0x55f9b950,0xcc50273a,0x41904574,0x643f1fd5,0x34f81330,
        0x0e50f783,0x996801bb,0x89581712,0x866d7403,0xa4091d36,0xdb9a405d,
        0x16a46fe7,0xf1e379df,0x83bf9168,0x8d04a93f,0x32b20bca,0xae4c8335,
        0xf72a1c10,0x99d334b1,0xd8195db4,0x8fbc9977,0xfba14b5d,0xcaeb3dff,
        0x76daf476,0x60fef022,0xdb5b72f4,0x4b948dfe,0xb6dfb062,0x5185c925,
        0x9609d4ae,0x27a9c381 },
      { 0xf12a93af,0x73c37346,0x5536634d,0x028b707c,0x498193d1,0x8efa58d5,
        0xef21b69d,0x4f83a5cc,0xa788a0e2,0x05cbb0a3,0x65b13c98,0x01031781,
        0x2b73784c,0xfea20e58,0xe50361f2,0xdf9713a0,0xd0cc22d9,0x31449a0f,
        0x7c5e2e1b,0x183752e7,0xb67044cf,0x6e44d6bd,0x733e177a,0x012dde95,
        0x08ee2c23,0x68b49669,0x1f5f1949,0xd9bb0541,0x6acd886f,0x95182c71,
        0xfbde9244,0x1c690694 } },
    /* 152 */
    { { 0x3a880026,0x5db67d17,0x125d95f2,0x89c4f0a0,0x3f6cb7a4,0x29050551,
        0x5cbbdca5,0x3eb231d1,0x972bcbd3,0xf8cffc99,0xad55a03a,0xcb4ef4d4,
        0x22867c2f,0x944d47ca,0x0ead1aa5,0x96d88548,0xcbc8b045,0x76a57cf8,
        0x005e55a0,0xdfe5844b,0x1d18a097,0x5e9e7e19,0x52923c74,0x957a26e8,
        0x7f5db339,0xd0867b79,0x63bed0c8,0x2553408e,0x689ad23c,0x1596e5d5,
        0xa504c339,0x7b8c13d6 },
      { 0x52fb6901,0x2fc43aad,0x16ca253b,0x1c0313f9,0x515aadc6,0x1475830a,
        0x7f577dc2,0xc93d1926,0xf723c0dd,0x26e52e8e,0x3eb9f6da,0x2f1e0eb8,
        0xf180376d,0x9979de82,0xb0834939,0x43e28ecb,0xa39c38e7,0x9a2d51dc,
        0xa8e3f6b5,0x6e6063a9,0x4b9b3270,0x4cf1da3a,0xd2f8915d,0x6e5348a2,
        0x50507912,0x5e75e3e0,0x20d383fa,0xaeffce57,0x8fd2fb29,0x1d6d53cc,
        0x696f4cd0,0x0e3c3ef6 } },
    /* 153 */
    { { 0x21ee1d83,0x3bc337c1,0x787b7788,0x97e08f6d,0x138fa4ce,0xbf709fcc,
        0xa0348e58,0xbaf77647,0xa55e672d,0x04f8babc,0x7d5ec5dd,0x0ed2919d,
        0x33e99218,0x8ce64bff,0x24b059af,0xac09fc57,0xdc5e32ba,0x506831f9,
        0x465af6a9,0x26a22677,0xc97f1ff8,0x3c5efe66,0xbc6087fd,0x1515e0d6,
        0xaa8edc6b,0xb1a39c5e,0x0e79ed29,0x3dd816bb,0xbc3788b8,0x6cc13769,
        0xc092a51c,0x463098e3 },
      { 0xc8bd0fa7,0x3a6408c7,0xce6bde49,0xd1764311,0x283ef7be,0xe315e108,
        0x99b5d938,0x8213cc77,0x45a49a6b,0xaf7f1581,0xe529e4d1,0xd00fdb0f,
        0xce66c9d6,0x55d38f77,0x1bd4b952,0xb4f7ccc0,0xaf71f986,0x8d975b49,
        0xcd64d00a,0x12b59fcb,0xa5a3bad7,0x1860e504,0x2b5c89f1,0x6d976044,
        0x7a3e231f,0xfed0c659,0x178cba92,0x58114c33,0x6698e11e,0xe2e74c06,
        0xa348b85a,0x7f8fd093 } },
    /* 154 */
    { { 0xc19428af,0xf24592ca,0x3a308665,0x192a1c81,0xe30bbd7f,0x42589812,
        0x836c6bb9,0x10db0723,0x598e4987,0x9c7a41e9,0x6ead6f4b,0x8aff179e,
        0x75862c44,0x70f8f9b9,0x6f21983e,0x6b3b0237,0x98e65152,0x25d83e9b,
        0xd751218a,0x3b2d26a8,0x9d6f1da6,0x9508281a,0xa5a81f74,0x8df78d05,
        0xe4687471,0xd79ee559,0x6787d8cc,0x2060ca57,0xa8476c95,0x427a84ff,
        0xe6435131,0x87b64c51 },
      { 0x4b30d3c4,0x87f46f65,0x23b4ef14,0xcdec4c5c,0x63ca4d68,0xb3b74766,
        0xcf3fb56d,0x1df34269,0x0fd7d46a,0xd4f139c4,0x6a69a8bd,0xa3b7c7c7,
        0xcbadd7d2,0xee56b4c9,0xac942334,0xb28ff342,0x786f1da3,0x0046fdfa,
        0xb700c82e,0xce5d149c,0x50966597,0xca30ef81,0xfcff4bdd,0x44a20609,
        0x44925268,0x0f2f65e7,0xd4021f38,0xe5b6552c,0x042dbbd0,0x77ea9c2a,
        0xd9c062f5,0x8c95267c } },
    /* 155 */
    { { 0x5fc1abb1,0x6655032e,0x12fe4743,0x2215af54,0x29f05ef5,0xfd657560,
        0xdc191be9,0xb0e73325,0xc08639b0,0x7ab3c65e,0x1c3e6673,0x67507f51,
        0xc8615555,0x638befc3,0x42f0c4ad,0x5d0188cf,0xd896186d,0x843a301c,
        0xb2c6741e,0x045603f7,0xfa3cd1d0,0xf7545c0c,0x4a40672e,0xf612affd,
        0x45b9e8dd,0x56197c9f,0x87922d74,0xb453237d,0x4b2d59bf,0xbf132e3a,
        0xb84a6a16,0x8afa1b73 },
      { 0xe793ac70,0x6b3596ea,0xeef6dd10,0x4c94ef8e,0x70422e40,0x926b4fa2,
        0xe9e5d763,0xc8c71dce,0xf512aadf,0x352fcb70,0xa883975f,0x1b7ba138,
        0x058c3b13,0x57991390,0x97740fd1,0x9692092a,0x160b0697,0x19ad945b,
        0x10837ab2,0xbc634388,0xf174bb71,0x76ee11c4,0xab1b80eb,0x6111bfc1,
        0x70ec458a,0xbc82bac8,0x312d3325,0xeee60127,0xb240adc8,0xb4118b1a,
        0x2b5a093c,0x67211191 } },
    /* 156 */
    { { 0xf55cf9bf,0x91e99306,0xa46b96d9,0x9b045308,0x9e7a65df,0xae3c1e1d,
        0xc731bcbb,0x453cb151,0xa4d58a61,0x14be5227,0x97c74cc2,0x39dac922,
        0x822e00d6,0x4d0f7a45,0xc62b03df,0xafeb1d51,0xbaa18b2d,0xbb1dc3a4,
        0xdf2b74f0,0x7f3c7178,0x896b6a33,0xfcd328a6,0x1dce055f,0xe95ed454,
        0x6a4e2b87,0x97fbc76b,0xfa59dce9,0xe5ec67f1,0xcc0367c1,0x052368ac,
        0x54e4a3fe,0x7c863916 },
      { 0xca7388cf,0x55e94b5e,0xc0335d38,0x17cc0a60,0x616f85ba,0x9b69b78b,
        0x10122980,0x705d02ef,0x1cfd0a79,0x565a6e80,0x7d1ee352,0xeb74a96d,
        0x427b9dad,0x5c8832ed,0xe6d5330f,0x96ea8528,0x18d24ee8,0x30d8862b,
        0x9ff939f7,0x9cd38ed5,0x01060252,0x690fc9a2,0x2303b3ff,0xc62d88b8,
        0xdd52b469,0xfc42d7a4,0x8cad2d93,0x06f8dfa2,0x60920438,0x50236090,
        0xfce855ad,0x32582758 } },
    /* 157 */
    { { 0x359e8c60,0xeb20e45f,0x364ca186,0xc71bb8a5,0xdff8e110,0x02b15071,
        0x4c93e578,0x074e91d3,0xb829d0d8,0xc0326e00,0x626a83fa,0x3c192258,
        0xfb29a09e,0x387a64d5,0xe5ac5c82,0xcaaa3d34,0xada2da29,0x8ed685e5,
        0xeb29650e,0x92720267,0x763802f3,0xf7184b19,0xdf6b1aea,0x23f5dd0e,
        0x25e6125d,0xbe1fa347,0x0c872a1a,0xd6287f9d,0xac57c3af,0x49aa93d2,
        0x5bda7656,0x1a4e6a71 },
      { 0x554d1267,0x1a126ede,0x1cd02b48,0x37f94533,0xce31fb1d,0xd70af04c,
        0x097dc012,0xcf410b0b,0x36c7b6c5,0x930e1d17,0xc6891085,0x902fee41,
        0x79fb638f,0x349ba4a7,0xacd6f8df,0xa16c5821,0x2e076ace,0xfb3b83c1,
        0xe501d14d,0x6b8d033b,0x20f2d2da,0x0593d452,0x99df1880,0x3752526d,
        0x9feb33a6,0xca32351c,0x1f6ef456,0xd91343bc,0x35b9dc8a,0xc74857db,
        0x85b4e832,0x856a7c93 } },
    /* 158 */
    { { 0x0d0a5583,0xa007d002,0xeda4658a,0x2f1301dd,0x34d939be,0x91c07964,
        0xa70c0836,0xa0cb6780,0xbe81e540,0xc0b4df95,0x5d4ac8b8,0x6cbbcd34,
        0x54756239,0x57c52ed0,0x1805ceb6,0xcac2dca4,0x79344255,0x915ee6ab,
        0x24c9a2a6,0x366def31,0x8c12c674,0xbd3b962f,0x7dbb7c3b,0xaab64f1b,
        0xe22bb95b,0x3c0e4553,0xc4c63b74,0x2408feba,0x2a4da631,0x3ca77312,
        0xc636da40,0x62889084 },
      { 0x8cb8d208,0xa457fd53,0x543f06d4,0x7a8f8009,0xf2eff2ab,0xb66de154,
        0xf72517e7,0xfddb28eb,0xf9389d2c,0x0149fe66,0xd85b88ce,0x79e8773f,
        0x0ba543f7,0x452e090b,0xb0b03fc0,0xdeb9b5cf,0x6c5ed77b,0x3113448a,
        0x8ffc0372,0x3609f3cf,0x5c1b4c4a,0x2bc9c46d,0x8fa59be9,0xe66f3bf3,
        0xcdb02691,0x1396bf5f,0x009f88f9,0xf1ec59d4,0x2ad9dfe3,0xc2903456,
        0x5ada4d58,0x79d8122c } },
    /* 159 */
    { { 0xaa529507,0x14d4e4ce,0x74655d00,0x056a0814,0x4f0fc474,0xc0d30a38,
        0x3443cb8e,0x8a8203ea,0x97f1728d,0x33c62fb0,0xb520ef52,0x8a38dcfd,
        0x7cac9d3e,0xa0f90d5d,0x873cea50,0x28a7b0bf,0x6c6c41cb,0xd115ae3a,
        0xa13812c1,0xa35171da,0x624d507e,0x25d4bba5,0x7e98f42f,0x91dad289,
        0x96a41371,0xffd6b1e9,0xb69e5b77,0xd46c2125,0x20c4f707,0xc7d2b424,
        0x8142557a,0x2ab3af95 },
      { 0x6a5372a6,0x86ca074c,0x56292ba7,0x728fb83e,0x77741cf5,0x745596dc,
        0x520ef49d,0x70b4cea1,0x61e46472,0x1472fe34,0x3fb8ac5d,0xf4d6bd66,
        0xc10bc071,0x46e52cc9,0x371a3461,0x28794efe,0x276fe877,0xa4850718,
        0x9bef5ab4,0xedad5773,0x3f15c815,0x24c2d9ff,0x8f8395c3,0x188950e5,
        0x80b6a855,0xbae40996,0x8a8803e1,0x4f53e22c,0x039d25ee,0xaf233f61,
        0x250409ca,0x07db2c35 } },
    /* 160 */
    { { 0x037d4703,0xc7f3b8db,0xc5f488b9,0xe83708df,0x8471d402,0x1fba830f,
        0x5a2faae9,0xa55ee8d2,0x5404fc1e,0xc2e5bf10,0xaa2d5651,0x647d5027,
        0x7ebaf5f9,0x37a53c0c,0x95b30abf,0x7adf0bb2,0xd64c93ba,0x5a62e1fe,
        0xe2ef4a78,0x7ffc18c0,0x4d2cd04f,0x139dd9d9,0x5ea0af02,0x253fbab7,
        0x0fef9acf,0x7c8100ea,0xc8615aa7,0x74c5384d,0x9fe52069,0xcb28682d,
        0xcf7dd759,0x08b6ca8f },
      { 0x036c3b5a,0xe04e5bea,0x7f9f2b4b,0x38726102,0x29797c0f,0xa9fca570,
        0x82879ea3,0x1656180b,0x607f0ddf,0x153389bb,0x67b0e087,0x99a1223c,
        0x9d897fc7,0x0d1808ec,0x916edf19,0x9470711a,0x07217118,0xf8f52f2b,
        0xd18888b6,0x5d8b29ff,0x4cc6f900,0xef1e22c5,0xeb24877f,0xc4036165,
        0x35479525,0xfda95233,0x6861468a,0xd622a421,0x74faba08,0x5d043b07,
        0x0d31a7d2,0x2c337b02 } },
    /* 161 */
    { { 0xea22fa65,0x7b2305bc,0xd159f63a,0xbe183ef4,0x3f35923f,0x3473d87d,
        0xc11d7753,0xb27fb306,0x2a054cff,0x702e7e6b,0xaf185619,0x3ce9f97c,
        0x4e7d51c5,0x83550243,0xf356ac5b,0xa63e3d82,0xd7645131,0x867b7caa,
        0xa671fc9d,0xee85e6af,0x2b07cd77,0x3b985ede,0xffda5193,0x07d598b0,
        0xa942dc36,0xb10eca39,0x506218a9,0x17f3dcee,0x06b7d5ca,0x3d94e8d1,
        0xed8831c9,0x509b2634 },
      { 0x48caed54,0xb1b9414e,0xcbf51e97,0x77a78c6c,0x4de9b258,0xa4688c8d,
        0x91ee3d78,0x0024137c,0xe30ee64c,0xa68f9234,0x88190d78,0x573255bc,
        0xba80690b,0x41e8e05f,0xec354f4c,0x50038d84,0xdfa52816,0xb18f02d6,
        0xccb63fda,0xc47f9007,0xe98ae455,0x29d480fb,0x5d0e319d,0x4ac45d22,
        0x026db719,0xd06f3575,0x2c3587b9,0x733b9e20,0x2c317727,0x22483992,
        0x54bb8752,0x1592d5a7 } },
    /* 162 */
    { { 0xcf7453f0,0x5778d9a2,0xed83c1f0,0xaffb899a,0xe0a82ba7,0xae6506d3,
        0xea3d5081,0x32c84e1a,0x810aa38b,0x9ad528c0,0xbd37d041,0xb1fdb020,
        0xd06ce41f,0x78d6cbe1,0x2e74b7f6,0xd287f0f0,0xc43bb022,0xf5cd2575,
        0xf81a71b3,0x6d28f2f3,0xc633e7f4,0xe65bb1f5,0xc4fc580e,0x32e5fc1c,
        0xbb7b07a5,0xcd55539f,0xc3caaf3a,0xb5a94471,0x4cc22d2d,0xb958bdf4,
        0x77a2777c,0x1614bdbd },
      { 0xed0ab04d,0x4c1f0230,0x6e2082ea,0xae347b00,0xc42c5b5f,0x9f10bc63,
        0xde019935,0xb0539e6f,0x65dd0825,0xd89bd4e7,0xbbceda16,0x92260fef,
        0xe62aca32,0x8aaa755c,0x5ec82c5f,0xed762fa9,0x18650768,0x99e64c01,
        0xc92e348c,0x57dd6245,0x31ea6d68,0x0db88a77,0x07b44736,0xef0012ab,
        0x171d70fe,0xb9356b94,0x03f891b0,0xe68b0628,0xb79c20a2,0x3a54a53a,
        0xb00b0728,0x489656c7 } },
    /* 163 */
    { { 0x71353c25,0xe43649ba,0x13f67e24,0x517f27a1,0x1c1eb9e3,0x10bd333a,
        0x78e29bf9,0x94e1c05c,0x4743f15d,0x84fe7d97,0x90da2df0,0x9c874908,
        0x53673be1,0x82403fa7,0x1baea1b1,0x7ebf5db4,0x24180ead,0xcfe0ae35,
        0xc2f50c3f,0x1d15873f,0x70661cd9,0x16851ad6,0xa51e8c2c,0x802968d9,
        0xe0161099,0xe7d1a9cd,0xa8a7ea56,0x2b153c89,0x06e3c498,0x6d41b789,
        0xd6769dcb,0x082bb2e9 },
      { 0xc4d6615f,0x6180ef46,0x01b9829c,0xfc629dc1,0x0fb264ca,0xde222ec0,
        0x10ecc2c4,0xc5457e06,0x1eea2c4d,0x95ce599f,0x8f9c5b2c,0x0433fa72,
        0xcd6310f9,0xee035462,0xce2e2253,0x84c57c3b,0x96d87e44,0x6c8ec31a,
        0xa452c5a7,0x30bfe393,0xa047b235,0xc592b140,0xc018545e,0x7bd8be18,
        0x5c178c46,0x794e0107,0x2e23005b,0x48471946,0x622a54f3,0x2665e237,
        0x901c9042,0x36451a46 } },
    /* 164 */
    { { 0x19893e71,0x17802d18,0x539a2082,0xa1765d8b,0x2302ecfc,0xfc6aea01,
        0x365bf59d,0x8d4cf51b,0x0d232a80,0x87741d72,0x18e80427,0xac343eb3,
        0xe74739ec,0x553ecb2f,0x1a8b07ca,0xaeca79a8,0x56f4ab3a,0x089ff322,
        0x3fa1d1f7,0x5e95d729,0xf62a9a16,0x260569ae,0xaa08ddc2,0x5e776232,
        0x1b7bb54a,0x93fabec3,0x743d56e7,0x48a20956,0xeb0ebeff,0x749cdb12,
        0x69b8fcf1,0x705307a4 },
      { 0xe488310b,0x7a8e4c04,0x5325cd7b,0x12726e32,0x4983efac,0x5d0fd8b0,
        0x02ddb913,0x796e552c,0x77b9685c,0x0eeca3f7,0xb15f24a3,0x9b766e89,
        0x48efc979,0x7c2736d6,0xa8021c6c,0x3d619685,0xa0b2f1ea,0xfe33e278,
        0xb676d6b0,0x95c69879,0x1af4e0be,0xa0747319,0x36c4ee55,0xa2fab5f1,
        0x59e5f3b9,0x6938b8ff,0x39cafe6e,0x1e114da4,0x6a6ad120,0xc9595ec3,
        0x57e62aec,0x80f79bd0 } },
    /* 165 */
    { { 0x60af09b3,0x3cef42a7,0x933dfe14,0x3c016ebd,0xed85eaa8,0x720cf1e0,
        0xceaa3bc9,0xd4f5e99f,0xb7106f97,0x7216b9d2,0xc9668ad2,0x65f34c36,
        0x5b0c651f,0xa8fb82bc,0xf2fda4de,0x20f42f1c,0xd21f659e,0xeb31ab2c,
        0xa13d1618,0xb7a776c7,0x38662be5,0xec441022,0xcad08e0b,0xc825da70,
        0x022c0180,0x99299079,0x2aef9ffd,0x7623bda0,0xf5c58b50,0xde84f4f3,
        0xd824ff19,0x5f5a5da4 },
      { 0x7e8311dc,0x5737257e,0x466cf136,0xdef94f51,0xb05ca21a,0xa73e1645,
        0x02e4ab37,0x38ea9b3c,0x8579165b,0x7760eac9,0xc24b01a4,0xdffdd047,
        0x3fb95584,0x188d4fd1,0x25548bda,0xfaac38b8,0x59e9dcac,0x1a79a6f0,
        0x09a2700f,0x983f720f,0xfb8a7e48,0x8cbba554,0x47a1fad5,0x38a19968,
        0x5abd6b5e,0x11856547,0xf3716ec2,0x75113d31,0x4212907b,0x1391e781,
        0x0dc15889,0x5319c801 } },
    /* 166 */
    { { 0x6b61c3af,0x2320136e,0x07b4bb68,0x1d40f2de,0x380c97f0,0x651dee7f,
        0x6a8c313a,0xa978ba70,0x2011ca10,0x22c587d6,0xab1f445b,0x48bba218,
        0xe50444e6,0x8c5eaf07,0x442fccf9,0x5549f02a,0x3d80493d,0x2564746f,
        0x79c04591,0x42d24f61,0xabdc8887,0x1600fa18,0xded38f8f,0x5cb8600a,
        0x923aeb46,0xa4bf9b90,0x1e1c578a,0xd63fee35,0xebb9ea14,0xf3c9c5ac,
        0xf11a4ff0,0x3d13314d },
      { 0xb4513d1e,0xe5cc662d,0xd55952bd,0xde78a8c5,0xe7f86d0a,0xe8a37a3f,
        0x7a04f0c5,0xca2d12a4,0x2e25d06c,0x4c6696e4,0xb2136071,0x52614698,
        0x89f6e1cb,0xf4d2701b,0x80efd95e,0xaafd6177,0xc5bb6907,0xe6d73ac4,
        0x420db35a,0x49e874ac,0xf2751fa0,0x11631de4,0xa1fa2edd,0xb29f7336,
        0xb7fd794d,0x4c406864,0xe22f92a6,0x73cb21d3,0x2043cc76,0xeae904e6,
        0xb322c6ad,0x67f28a9f } },
    /* 167 */
    { { 0xca148ab5,0x7c17b258,0xb3c60051,0xb9a1976f,0xc8f28df9,0xea260698,
        0xe8d45017,0x87b2cc74,0x0578a422,0x37257329,0x17bec732,0x81d5ee25,
        0x1d48bbc4,0xd7411fcf,0x487f5cfe,0x46217e6b,0x41eb8e1b,0xcb007ac5,
        0xe05a00c8,0xc41c57a6,0xd2f9fa99,0x1f954d2b,0x40941cad,0x370bd5db,
        0x3829509d,0xe487879c,0x5ceca5ee,0x4c137552,0xfd3efb9e,0xe8ef7fa4,
        0x1bd1bdb2,0x5ff09174 },
      { 0x579c6632,0x791912a4,0xb8a20815,0xbb19a44f,0x535639d3,0xf4f97b84,
        0xbc3c9bce,0xe57e2bcb,0xf19e6410,0x122b3f2b,0x1357d9ad,0x1f0189da,
        0x79e5ff66,0x675573bb,0xef2f3c4c,0x444e5c98,0x04d10731,0xd6f61e20,
        0xac75d635,0x0dfa366f,0x2c854f23,0x9fc47c86,0x0ad0850b,0xc04ae43e,
        0x2f720c32,0x5ce94f64,0xa753bc9d,0x67efae65,0xb0373a63,0xc27d30d3,
        0x29721646,0x6681013a } },
    /* 168 */
    { { 0xe84509df,0x1385d913,0xcf339376,0xe978bedd,0x3423a148,0x2df425d3,
        0xee8cb579,0x43fa0ae3,0x31c4553c,0xf015369d,0xdfbf1d48,0x05cf08bb,
        0x9444244a,0xadff4be6,0xa35dda33,0x01635f81,0xe76fab7c,0x085c8949,
        0x16737783,0x4bd7fcde,0xa254f8d2,0xfd8cb52c,0x413ec985,0x62168a66,
        0x7a9026cc,0xf2db9741,0x50e1e1b7,0x3962ee56,0xd3beffde,0xbee0a346,
        0x0bdfab1f,0x3b35b72f },
      { 0x535c3749,0xbff8de9f,0x8add9c48,0x23c1f20f,0xc8f8f663,0xa975b37b,
        0xe8f3ae49,0x2529e475,0x1d5e2628,0xc32f10d5,0x67862f1d,0x5ac0d297,
        0x854cbe36,0x13c79338,0x4b67e462,0x48f004ef,0xe5d10ee1,0xfa37a150,
        0xd28288a0,0x4974778d,0xcfb73f4d,0x96830a66,0x07804952,0x9f444013,
        0x9760b694,0x8233c709,0x25b75c99,0x8340cca5,0xc771f99c,0x3f62e40b,
        0xcd95c685,0x47d0a1eb } },
    /* 169 */
    { { 0x652811f1,0x266f4fff,0x62ef3002,0xeaacaa93,0x50cba0ca,0x6c387a55,
        0x007f5467,0xa350142a,0x202f2673,0xc7fd102a,0x33dc6e65,0x5daee570,
        0x064a63d9,0x60682ec3,0x462b251e,0x46cf0bb0,0x5da936e7,0x0e030ca5,
        0x434265b5,0xc87a60f2,0x69b4e8f5,0x9637b2bb,0x7ad7770a,0x601fb58c,
        0xed3a15a6,0x1f2147f6,0x2995e961,0x05b47d5e,0x83213a16,0xcb0ca9b3,
        0x4995a85c,0x8f4b614a },
      { 0x4b4eb3c1,0x5aa8ec19,0x20323a70,0x8c549ac4,0x4f6cc6aa,0x00d49322,
        0x45f9a5a3,0x0e53b9bb,0x0897abbb,0xe46ef110,0xd7acd7d0,0xfe873e57,
        0x0f7cb588,0x7cfccfe5,0xc85557d1,0x0ea53d65,0x7288f2e2,0xfdd9eb44,
        0xc0eb68a8,0xab2dedfa,0x08603a0c,0x58221470,0x00feb06c,0x69464689,
        0x25e5caac,0x804cf5bf,0x9fc91ae9,0xd8559858,0x73c45eae,0xed9378b1,
        0x524c9801,0x8f942d02 } },
    /* 170 */
    { { 0x8e845808,0x1f1ec302,0xb77abfc5,0xc302bffa,0xf8d97dc7,0x26afd4b9,
        0x3aac594b,0x3d3a83c4,0x674d94dc,0xe3b74bd1,0xcaa5911c,0x4464b737,
        0x871c2cd2,0x62925773,0x3b4440fe,0x419f2485,0xe052ad7d,0xdda6a0f3,
        0x846c86c0,0x645280d6,0xf8324f42,0xa25689fa,0x07cf117a,0xc74ad1e8,
        0x8ddc9db7,0x5626dea0,0x966fc85d,0x52620373,0xf3b1eb53,0xe0ad57c3,
        0x949c1acb,0x38300252 },
      { 0x5e744723,0xa0ef5a40,0x1ae08481,0xdb5bcf75,0xfec1f76f,0xabfad8cc,
        0xfab37fc6,0xfba5d831,0xc8fedb78,0xbe39e248,0xad93f310,0xa5cfad5f,
        0x913d5c24,0x747fdb1e,0x4518b7f5,0x052a47c9,0x7cfb4327,0x9e208d6c,
        0x70e538be,0xb135cb9c,0x5bb17916,0x36352759,0x5b3106c7,0xa2c07880,
        0xc209bb06,0xd2d42a06,0xd3c504ad,0xb525b471,0x822ce034,0xc9f4b368,
        0xeb4185a5,0x15f18796 } },
    /* 171 */
    { { 0x0aee4684,0x094dea06,0x7cdbdbc8,0x42b21f06,0xb1931319,0xa439e149,
        0x81a7dba6,0xea4bdd41,0x3c2ae80f,0xc6213706,0x12823dc2,0xb58b0967,
        0x832611b1,0x7443d515,0x13c20384,0x2e16f831,0x2bd992d2,0x0ce204d6,
        0xf419388b,0x499dbcd6,0x1d3778c7,0x492ded1d,0xc5ddae73,0x9d5bd74f,
        0x994b6259,0xd4813d52,0x0e86ca68,0x191d9cf6,0xf3e9c2ac,0x562179ea,
        0x9fee1238,0x6146f1f3 },
      { 0x078e2aa6,0xbd06d33e,0x9dee9265,0x693af7f7,0xdaa40e84,0xd56e0f81,
        0x9b9a407e,0x05fbbb88,0xede99519,0xdcf44adc,0x092dba39,0x7f71f8d3,
        0x4231774b,0x675b5da5,0xa5f605eb,0x7456a251,0x87a39a9e,0x9031d4af,
        0x05b474bd,0xdb430006,0xb665aa91,0xbda5dbf2,0x6631eeb4,0x5d1a3df5,
        0x62377c58,0x028149ef,0x685d0bff,0x2e1af4e9,0x82a465de,0xe0ea0875,
        0x06bd0050,0x95543f9e } },
    /* 172 */
    { { 0x85d7c6ef,0xf7cbc6f4,0x63b1bc24,0xcad8084d,0xbf8cba62,0xdf90ce88,
        0xb455c192,0x98e4b686,0x774fc6ed,0x6146b8d5,0x7ae20077,0x70e2389e,
        0x61c22529,0x5241c479,0x3884e5f5,0x7d221510,0x17e28273,0xd6d20ce2,
        0x4f2674f8,0xe3119f51,0x70c011db,0x85459055,0xfcfb760e,0xdfab75d9,
        0x9e8c2a19,0x9546362a,0x4a7d4b27,0x4b6d3f8a,0xee5d698c,0xa5c87104,
        0x2ba296ff,0x6db43478 },
      { 0x5c3f0d95,0x06486493,0x4e748895,0x8917db82,0x6b2f3e44,0xf73fdf62,
        0x2b7f574b,0xc60edc54,0xaf732723,0xbe1c09a2,0x7cad114c,0x7d34669d,
        0x321aaff9,0x9646600a,0xed0cd61c,0xb94e2bba,0xdec4750e,0x866e1a41,
        0xb1a89f58,0xa1be990d,0xf2759693,0xc39e4d6c,0xc0e0dddf,0x11cfb780,
        0xd99c8a41,0xf0afcd7f,0x6e1c3050,0xcebffadb,0x96d2c6e4,0x4f3981b0,
        0x2ae27a94,0x07a791e7 } },
    /* 173 */
    { { 0x1e9f0300,0xe70e9047,0xbccdf904,0xe0253ad9,0xff053078,0x51c0289d,
        0xae893462,0xf1ef092e,0xa4846845,0x2c90a91a,0xf1dad4b4,0x1946eda0,
        0x33df67b2,0xf07650f3,0x0b15a014,0xc6e988db,0xb542f0f9,0x72e0c66e,
        0xe0c0378f,0x5d4b6311,0xae86950d,0x548badaa,0xb35f1c8f,0x6801638d,
        0x944d1ad4,0x129e3216,0x40471d32,0x9951bac8,0x85e94dde,0x03cc29f3,
        0x4543ecac,0x6d6acc2e },
      { 0x57b2d299,0xeb999e95,0xe3d721cd,0x3a2bcd9b,0xbb4cb444,0x2e60384f,
        0xdc060faa,0xae177709,0x8c987cde,0x74f0e6d3,0x1076fbed,0x9a237cf8,
        0x7983fbff,0x69af1513,0x323f9584,0x6c3f7a1d,0x6db64398,0x3e21cacf,
        0x96703d92,0x7cd8134f,0xb8393f76,0x0755898f,0x2e825222,0x1b5b28bc,
        0x7924aa7c,0xb78799c1,0x81427a8a,0x1db378f2,0xff289492,0xd5a451b1,
        0x3d3c46ee,0x79d18212 } },
    /* 174 */
    { { 0x109d5589,0x1a3edff9,0x029b4499,0xded52eb4,0xb4b54adf,0x13eb9d30,
        0xa27bff67,0x4f9214c1,0x67f0f460,0x4c817ee7,0xc3a50e28,0xbadf8d83,
        0x94026237,0xc5dc03c9,0x966647c1,0x5f29581b,0x8a0687f3,0x10b6a089,
        0x31634517,0xae787cec,0x62e75188,0x2001dba5,0x45e2c3fb,0x55d4e1a7,
        0xb67d3395,0xbfcacdeb,0xbc6842ee,0xa1a0af9c,0x3e88580b,0x50590a2b,
        0xa784cdc8,0x73104491 },
      { 0x2648d676,0x44ca2cdf,0x4f1b12b1,0x9a85eca5,0x2980e1eb,0x1b9dac94,
        0x1ac8aa89,0xf30d3709,0xc719e195,0x73072ab7,0x2f703797,0xba518c82,
        0xac0067f6,0xac090e14,0x8dcd2927,0x0e6cfc70,0x21e7da63,0x4f5889e2,
        0x8371c7c6,0xb4aaa40b,0x8f7878c9,0x1f9dabe2,0xd84caf3f,0xf78aed6b,
        0x9e0e1d92,0x3c39dd07,0x122424dc,0x680be5fb,0x0bdc0099,0xf41b214d,
        0x5180c54f,0x6a8f8fc9 } },
    /* 175 */
    { { 0x53235132,0x62a1ed63,0x59dba88b,0x1db233f1,0x291efdd8,0x85625452,
        0xb25111ae,0xc7505297,0x1d701bd8,0xb5921af9,0x9774f45d,0xb4d05d72,
        0xf18e73ff,0x6e3d4c5e,0x899b3038,0x897d985f,0xc89b1558,0x8a9c30fb,
        0x4d13181c,0x3c92d1a3,0x2223320e,0x292e86ba,0x01ceed02,0xcf2454c2,
        0x583f309f,0x27a45f74,0xad0fd1a3,0x75a6102c,0xcb9c7538,0xdb4f45d2,
        0xdb283fd7,0x4752d8c1 },
      { 0xd5dff4d5,0x514d6cea,0x45a827f4,0x74cd5fdb,0x4fc7135e,0x1070a60c,
        0x1be5778e,0xdec0bb78,0x58dc6b08,0x271e12cd,0x54bc2496,0xb765089b,
        0x619098ac,0x6ddf2c63,0x67528832,0xfd6ebac6,0xc2508af1,0xeaa2d025,
        0x4dcfc1f0,0x13c2cda8,0x45510be0,0x1c7836a8,0x1a886801,0x3904688d,
        0xafaf2545,0x643132aa,0x2830a88d,0x49685577,0x8744b470,0x569491ca,
        0x75fb8552,0x3a6518f3 } },
    /* 176 */
    { { 0x224042a0,0xaaa8ed50,0x2452f1e6,0x6cb4e3b0,0x768211d8,0xedca5f4c,
        0xef4d5d3f,0x4e0fe3f9,0x522d46e5,0x33a8e2a4,0xf1446775,0x5998e21f,
        0xf592d01b,0x1496c50e,0x83a67739,0x69104c2f,0x472bbf00,0x28670bcb,
        0x503177bd,0x8ea883b2,0x7d2712a2,0xc5d8bc05,0xb439c994,0x41ef9317,
        0xdcda1aff,0x9801d3a8,0x7038f6fb,0xd686eeb5,0xfbfbf820,0xe80c5cd0,
        0xedc25817,0x540ac363 },
      { 0xfe7f43df,0xa71969a9,0x2c1b9e4c,0xe6653808,0x859c2917,0xad9677d8,
        0x96aa4404,0xbaca9545,0xff1297da,0x0e9d855f,0x22aea7de,0x1f61897b,
        0x36f13f8e,0x96edccfd,0x16e200df,0x627d3070,0xc98988a4,0x729f0736,
        0x97f231d2,0x95e25e60,0xf6048752,0xaf7f221b,0x4019b299,0xd6682609,
        0x26b4b1d9,0x1d99de09,0x1acdd7a3,0xec47cf66,0x6ebe15e9,0x4de9f2b3,
        0xfa16974f,0x17db32ec } },
    /* 177 */
    { { 0x6cf40599,0x75ef6919,0x00c020ea,0x7ea10dfb,0xfcaaf679,0x3da5ae7b,
        0x88ddd678,0x0d663ca3,0x255bcfcd,0x5a21f8fe,0xe344bc7e,0xe9c3f538,
        0x548e0632,0x35f62b1d,0x43c6e64d,0x654f2425,0x26993627,0xc755a7a6,
        0xb0f41324,0xa3b7c5f7,0x3a2180f3,0x05697f79,0x1e81675b,0x6cf85fb1,
        0xe53428f5,0x6d3cdb35,0x52d28b02,0xe3aa1591,0xf7a3fb78,0xa8470255,
        0xa194445d,0x460bd01b },
      { 0xc24d8077,0xbc34dc23,0x4c720d2c,0x82f4b580,0x6f5d1ffe,0xa29da911,
        0x92783ce2,0x578af520,0xb5904af3,0xe29f51ab,0xf7aa1190,0x46c570d7,
        0x571bddf0,0x4a522fba,0xae89bb51,0xbf4e2a06,0x59f3444d,0x799b35cc,
        0x26cc2557,0xc3028367,0xafcec177,0x94a4e985,0x7c36cbd0,0xadaf7dcb,
        0x75d39077,0xed31b787,0x2d3e24bc,0x52d6904f,0x1f95421b,0xc5ca2669,
        0x1734878d,0x7d342c3c } },
    /* 178 */
    { { 0x11fd127f,0xe5cf2c0a,0x119e4c5e,0x66d36bb8,0x6ef56ac3,0x621ab252,
        0xe5430675,0x30cfeaee,0xac3e9619,0x2ede27d2,0xf8fce671,0x6413513a,
        0x075f4c3d,0x6159c61b,0x59069d98,0xd447efe9,0xea76aea9,0xaf8d6f68,
        0x0f5bd164,0xac5dc61b,0x1e88bb98,0xdbab446e,0x1ba92320,0x618b8b16,
        0x78989865,0xa0eafb3c,0xc08b7e82,0x0c7abcc2,0x20d160bb,0x10f09b6e,
        0x8e4c63a7,0x5be0afa6 },
      { 0x1bbbf49c,0x82ab6d38,0x8c0703fe,0x3e09ce49,0xe10f4263,0xeca58b5d,
        0xda5a4532,0xd9cc6581,0xf618f7b7,0x07e18876,0x250f7fe7,0x0419a5e3,
        0xde6b86be,0xbb1a9e90,0x37359169,0x584a7deb,0x5149db2c,0x38eb3489,
        0xb0ebabb8,0x14546a33,0xc2f88a92,0x0067f0b0,0x0a2db019,0xbde0dfe7,
        0xc63e6f3e,0xba51b06c,0xe9206fad,0xa19127b9,0xfe80dc0a,0xe4eb5e87,
        0xd4de30ae,0x1e6fccf5 } },
    /* 179 */
    { { 0xaa8ac924,0xb57dff66,0xc298b3e8,0x06e9ad31,0x65fb080c,0xd140e329,
        0x1d95c93f,0x7dab211d,0x8a180caa,0x6d68d842,0xa20ded69,0x1a929408,
        0x38df461f,0xa8151753,0x60eae932,0xff5604ae,0x7dae4c0b,0x901b9e49,
        0xde262e89,0x4573a97f,0xf1084983,0xed69d9a4,0x64724f1d,0x8ffa022f,
        0xea85a15f,0xd5f1c2e4,0x01453794,0x4c626ce9,0xbf0907dd,0x80440cd6,
        0x5ddaa837,0x4522d461 },
      { 0xebfbe7c5,0x8895f079,0x84ef3446,0x30ea1ded,0xd4a1ab96,0x716a9eb6,
        0x50a30c68,0x1a4a5d22,0x0043bbaa,0x5a16631c,0x5010e5f5,0xbd107502,
        0x3d8c0556,0xbffe3e9d,0x07772419,0x31b30b18,0x84b82297,0x90ff7ef0,
        0xf21a18c3,0x00c37d75,0x565bb8f8,0x18d0a635,0x45e3bceb,0xbac1da2a,
        0x23f0b08d,0x1c38e90c,0x5fbc5ac5,0xf1ba1aa2,0xdda71fc6,0x09d5256b,
        0x6d7e40ba,0x346501a9 } },
    /* 180 */
    { { 0xcc2b0f1d,0x86be448c,0xac4c3703,0xe3eb45c9,0x9fc96bbf,0x5387f65d,
        0x5ae27fda,0xcef3c4e9,0x1bc18089,0xa008f776,0x22ca18a1,0xf374a084,
        0x53b73371,0xee882842,0x7cc09354,0xcb6fc6d8,0x61496d6b,0x8489ec1b,
        0x49e325c4,0xa92c29b9,0x7bdec166,0x15c6ca52,0xdcea2813,0x95444eee,
        0x3a21154f,0x34683eb3,0xd39061cf,0x8fb26f98,0x06c940bb,0xc3b08aa8,
        0xe554c96d,0x7c1d42cf },
      { 0xdc110aa7,0x766e703f,0xf362e378,0xab7b79d7,0x5aadca3c,0xd259c75d,
        0x60be3373,0x2a6eca79,0x06c4e8ff,0xf4744a4b,0xf3b705bf,0xb2842cce,
        0xae304b53,0x1a3af5aa,0x1b2d31b8,0x7bbfa201,0x4bee88d9,0xc4ba6eba,
        0x565cb839,0x2d3565ce,0xdaf7ece8,0x24808696,0xe6959745,0x2c7ccce7,
        0xe94f9837,0xefd6eb3c,0x3811a326,0x0a33b4cf,0xfffa93a6,0x14203f43,
        0x73c31d90,0x031e9828 } },
    /* 181 */
    { { 0x765a17ff,0x4fefecfc,0xd1290a65,0xa09f3888,0x938da038,0xbf265c46,
        0xa169ad46,0x4bb6145d,0x23a62fe8,0x33cf8214,0xabc860a5,0x562df571,
        0x815c38c4,0xbf2a90fa,0x17eda875,0x45ba1d6e,0x946fa5e1,0x799d881a,
        0xb90f5a3b,0x6c1be784,0xb10ff52a,0x0910a37c,0xa4f4fd36,0xc38c1fe4,
        0x8e2d3ba0,0xc3180fc5,0xb17a6187,0x3e2ff050,0x943a35c2,0x3a00059b,
        0xa28cc51c,0x494d3645 },
      { 0x4ba021f8,0x398426b6,0x796deb6c,0xd14c9083,0x7e36c762,0x6d2e5395,
        0x751cf216,0x8f556eca,0x19b24a19,0xdaca1e00,0x4b20c2ae,0x47887da4,
        0xff41a733,0x93ed4ccd,0x5c7c0cd7,0x8d717c44,0x91bf7009,0xcc48634a,
        0x3b59bbaf,0xa1f146f9,0xe5624f15,0xdd38bb39,0x303f8443,0x96d41aad,
        0x4bf104fc,0x6b670f03,0x29706582,0x0503f9ed,0xb34200f5,0x768e1f47,
        0xbbd4c6f3,0x3cfdcc5e } },
    /* 182 */
    { { 0xb523e13d,0x536c2a86,0x2920d0a0,0x1014a458,0xe7571296,0x3d52b478,
        0x7eb51bea,0x05746066,0x87b0e919,0x709f7861,0x686888e8,0x028aed88,
        0xd94afcd4,0x79a809d7,0xe2129af3,0x50c6032f,0x983c4082,0x75e4be72,
        0x7ab3be8e,0x98331bbb,0xb618c728,0xd31a032c,0x3f59c4a4,0x36dd85a1,
        0xed4f61e2,0xdbece345,0x1e571715,0xba7aaccd,0x64a1ebd7,0x138c58da,
        0x3d1aeea1,0x89296d0f },
      { 0xcca82c97,0xb165288f,0x1427e8dc,0x26c6c12d,0x4c3edda9,0x66a94f07,
        0xeaa01ebe,0x94600e1e,0x30f5e86d,0x14abce7c,0xcb456a31,0x741d7020,
        0x279f42c2,0xab05aa13,0xd4238468,0x70b60faf,0x318d39e6,0xa18efec1,
        0x8920b318,0xeb07f1ac,0xd8399e03,0x01e3cba8,0x3c81a301,0x65f8932e,
        0xccc667d8,0xae8bca7d,0xa268607c,0xcee1ae79,0xcac0a12c,0x3182e64c,
        0x2b1a4c54,0x9233a2f7 } },
    /* 183 */
    { { 0x0acbee17,0x717e8df6,0x5c24fcdc,0x0f0959c2,0xe54ffcb0,0x46f09887,
        0xd285116b,0xb993deca,0xbba1fa51,0x0bfaa4f8,0xd0f2183e,0x9c9249ef,
        0x96847779,0xf93cb358,0x2322d421,0x284bfb7f,0xd42af009,0x40cc709a,
        0x9bb1d615,0xc69f2274,0x717c3c6a,0x76f50b3a,0xbb9c5eeb,0x8b21e985,
        0xa4783b5f,0x58fb19ae,0x52e1c3e7,0x04c86b9b,0xf2971ac8,0xaca59092,
        0x21ed8291,0x2bb26a69 },
      { 0x15f81416,0x98a34435,0xaaff5bb4,0x086e72e7,0x0317261c,0x3d1f64de,
        0x5c0a1cfe,0x31c0786c,0xb3683401,0x542ea4d8,0x1a39b4cd,0x2f77273a,
        0xcbef27f1,0x14fe7ee1,0x16bb27dc,0xee7fc09e,0x410e5dc7,0xc0dccc17,
        0x1943b3dd,0xa3466742,0x3f31c1b7,0x92934b60,0xc22c1070,0x0186ded9,
        0x799f966b,0xa37ee8ba,0x249b0893,0x0f3bfcb4,0x2e92d4de,0xbae61447,
        0xe196eb08,0x937cb3f8 } },
    /* 184 */
    { { 0x16fbfdce,0x57c0e77c,0xc98d4cc0,0xea034cc9,0x42572d20,0xe7606d72,
        0x0019a83c,0x9861b55c,0xf1597162,0x80ba2803,0x05a0fd7b,0x0f4141dd,
        0x4b0daaa2,0x8865913b,0xaa3848ec,0xe6685746,0x3e0485d2,0x16d15a5a,
        0x3b6905dd,0x81c0c774,0x818af2ba,0xcec31b7d,0xd2b74b78,0x80d8f194,
        0x543e2f28,0xca659db2,0x9fb07c1c,0x31b83a7d,0x1f1048c0,0x86537fdc,
        0x78586a11,0x4d57bb07 },
      { 0x53b396b6,0xbc4b768a,0x93b51dac,0xbc8b24c4,0xa30ae1b3,0x33e511eb,
        0x945147c5,0x893bbd95,0x179fe3ce,0x6cc86031,0x3f920bd4,0x34b0a167,
        0x6b256160,0xb32912eb,0x9d168d83,0xbc69a2a4,0xef0dd128,0xb4949e7a,
        0x872699e1,0x2613419a,0xbf21376b,0x06c58477,0xa4f97147,0xe55b1909,
        0x7b9b745f,0x63d6eb75,0x08df3c85,0xb5365b29,0x55fcfae3,0x0e257e43,
        0x979f2aa8,0x1067c118 } },
    /* 185 */
    { { 0x32bf8883,0xc8455084,0x6fd06667,0x4755286a,0x77c2335d,0xd70b0f8f,
        0x2f4a2c94,0x678e60da,0xd118acf5,0xa468d8ac,0xbf5b90d9,0xce93830b,
        0xed4e9104,0xea4b1c74,0x27776ea4,0xac67316d,0x361bab12,0xb98ad75c,
        0x99122451,0xc323d482,0x530a43ae,0x26440220,0x3292d5a5,0x3a44532e,
        0x5fecf1bc,0xdb48694b,0xc667b8b8,0xe4e0516e,0xa4306ade,0xb3aa595f,
        0xf34e9725,0x7e4f7091 },
      { 0xb7f70919,0x3f3816e9,0x16b003f5,0x765216ed,0x778c99e5,0x46c6cff4,
        0x30a51810,0xe6a5abe8,0x45e728db,0xef6f49e6,0xcaccefd6,0x6fdd73ea,
        0x8c37f3f7,0xec394e6f,0xb6407fc3,0x73320802,0x96625cbd,0x988e8f7a,
        0x7cabfb00,0x83292363,0x407f359a,0x258ba9df,0xccbfae50,0xff01aee5,
        0xfe251813,0xfbeaeace,0x83f1cba1,0x9c69f161,0x9eadcdb5,0x512c58ad,
        0x6ccce8bd,0x2ae49cd4 } },
    /* 186 */
    { { 0xc40849f2,0x1239b0e3,0xa441098c,0x5136a4cd,0xe547f649,0x61535a99,
        0x7a9bbac6,0x92e4bdc4,0x53547af6,0x195a1646,0x8b47a74a,0x85ecb319,
        0x9de6a2b2,0x278553fc,0x0e2ba52d,0x471c038a,0x35bcba93,0x12ba1b88,
        0x6f31eca2,0xd4bf50da,0x802b32c6,0xd146e3f6,0x3c64c8c4,0x0c9c0131,
        0xeed21297,0xad30f12d,0x9c68530f,0x9b75bffb,0x8918de51,0x23c0ad3e,
        0xa73771b7,0x180e9d52 },
      { 0x29ab77b0,0xc316542f,0xf7aee628,0xdd411d9c,0x353c2f40,0x044c0685,
        0x4b0ae4cf,0x638dc7e4,0x95fc266f,0xa0924185,0xfd2feb7d,0x639da671,
        0x5ea39798,0x56858ed5,0x58f3832a,0x7a694f31,0xd316d831,0xa94233c6,
        0x30a35a7b,0x2fcacb26,0xf1ff713b,0xfef8f7dd,0x59eee2f3,0x8b9b4525,
        0x156d064a,0xd1b4f91b,0x2f5cfcfc,0x177866c2,0x3777eb41,0x12bc2566,
        0xd8ab85b4,0x21ca6f3c } },
    /* 187 */
    { { 0xa3e66635,0x0e162b13,0x2a9f76af,0x1ef20a2b,0x46db3356,0xab473a30,
        0x7802bb8d,0x0840bd77,0xa699b44c,0x5b6baf5e,0x1b2207f1,0xc6e11900,
        0x790b0105,0xe5de16a9,0xdb67f004,0x22b12f15,0x8a025d25,0x185fad45,
        0xdf0a1142,0xbccf6953,0xf45034c0,0x4c42129b,0x1c277bff,0x0f740400,
        0x280a9e18,0x6e440b4c,0x842aa2b4,0x767de8f5,0x05e8d94f,0x3de20ab8,
        0x20227635,0x5aff5859 },
      { 0xa8458e40,0x805acd20,0x149732bd,0x5a5557d8,0x5f1ca72d,0xc7074131,
        0x952b5323,0x7f2e269c,0x6494fadf,0x5c592556,0x1a7d2666,0x153b7acd,
        0x86fe2865,0xa6df063d,0x57d53b6b,0x1e91db13,0xe93ead01,0x9195bb89,
        0x2963bfe6,0x3d71e1af,0x88278886,0xfab2b9c2,0x3b859b6f,0x77836692,
        0xf7029dd1,0x6e695174,0x7b984561,0xc7987876,0x5907d849,0x64fb4f1d,
        0x88d8a977,0x3eab7e1c } },
    /* 188 */
    { { 0x52e5718b,0xc73a94b6,0xf4cee1e9,0xe3aefa54,0x553eedea,0x654e9e63,
        0x5f3aca1a,0xf2541e1b,0x0d083316,0xd7129489,0xfb7f950e,0x7965af63,
        0xc74e3e4a,0xd8fc9e0d,0xeaf79ebc,0xb4ee48d2,0x8b7787e6,0xa458a86a,
        0xf7cceaf0,0xd8c7621f,0xdf67980d,0x8228eeff,0xf9106727,0x210d4742,
        0xb07e3629,0x91f63501,0x7971e29d,0x441761c6,0x03a3b8a5,0xc0ccc65f,
        0x38e09544,0x3491da4f },
      { 0xcb062eae,0x6706d046,0x5d08776d,0xee7db735,0x292315d2,0x80de8052,
        0xc402bbdb,0x40785662,0x26ed3337,0x5f93525c,0x7d568ed3,0x6cea14d6,
        0x66888b1e,0x916a1189,0x5dc71675,0x0fbd5205,0xe4575df2,0x833d1077,
        0xec092335,0x4e93100a,0x6cd85389,0x2f9e1d01,0x43226368,0xeebd3725,
        0x1ba4cfd7,0x401d172b,0x574c5838,0x377dab9d,0x80d517de,0xaeaa6958,
        0x6ad15a18,0x0c843dfd } },
    /* 189 */
    { { 0xc9373300,0x455811ff,0x99fdc300,0x1c39332a,0x353cb655,0xe19bb81c,
        0x96a83d27,0x774b924a,0xb2ee3f1a,0xcbfc8fcb,0x010d56c7,0xaf278ec4,
        0xe0abaf79,0x6fde682f,0x7339aebf,0x7566d072,0x71205db6,0xbd35ad5d,
        0x7051c9d0,0xb5bbe694,0xd3a3067c,0x577db480,0x572d7530,0x2c70ff54,
        0xe06d853d,0xe8615aec,0x05abfb5d,0x71999ccb,0xea0a8ed7,0xeeefc96b,
        0x35f6df69,0x2dcc469d },
      { 0xc65f0e77,0xcca6cd06,0xbd71b14a,0xddcc7980,0x3c93cc00,0xb6221f8b,
        0xae8cbf57,0xddfcd5b3,0x76f8e63f,0xbc92973f,0x06e132b7,0xe9848a34,
        0xd51ec9e2,0x4cc59a03,0x3a33081a,0x9c9d32bb,0x80e8466b,0x00121052,
        0x1bbe7295,0xc2b0032a,0x24938448,0xdbfc6572,0xb6bba0ff,0xe972a0ce,
        0xc0a94802,0xf60c0a4f,0x599d8bc7,0xf62c41cc,0x312da0b8,0x820c96ee,
        0xcdbdf9fc,0x5a1a65db } },
    /* 190 */
    { { 0x42485684,0xbfba691a,0x29c470c9,0x613116b9,0xe62a0519,0xb4b01971,
        0x5ff499da,0xf3245aa6,0xa5238eff,0xc2ef87f4,0xcc9d5515,0xc16dc6ba,
        0x2dbdacac,0x5a7f227e,0xa9bbaecb,0x8dedaac4,0x2e7c9885,0xff308a6d,
        0xe6895593,0x4c6f2fc2,0x177e0611,0x3655f285,0x300b1bee,0xa63e8d06,
        0x13c17b54,0xbed0ce79,0xc4974262,0xca4abe35,0xbc4e4037,0xf4b44a17,
        0xefe5fbd9,0x5ae95099 },
      { 0x804f7455,0x122e5ee7,0x22066682,0x341a4997,0x7795e333,0x97d24c31,
        0xe48efced,0x12f4123c,0x19fbc21c,0xe8738d92,0x0663a3ae,0xbb3bdc61,
        0x8593a6db,0x3603d8c2,0xe3c1ac75,0x926227f2,0x5eaae519,0xfea92ac0,
        0xfd6812ac,0x5b596f0b,0xfc2a82dc,0x3ce7e844,0x63522b27,0x3840481a,
        0x52867895,0x836088b1,0x26588688,0x21ffb7cc,0x2f4a7cac,0x0ca33161,
        0xa3edd298,0x4110667e } },
    /* 191 */
    { { 0xc2d04b63,0x81830357,0xf4929a18,0x3fc5a34d,0x22d195df,0xc73bf6da,
        0xcb432473,0x14df2f89,0xe997f138,0x345afe5c,0x8b9604f4,0xd8e3f5f9,
        0x50c10ae5,0xad7942e9,0xeed25ff3,0xcefd5447,0x0e73c0cc,0xbf68e51e,
        0xab54fa4c,0x5b1ad591,0x12b61c8c,0x8bbc1105,0xb5abf760,0xbb932913,
        0x01e79649,0xdb1231be,0x040ccbe7,0xd0a83e91,0x90a96db9,0x3dde426f,
        0x34df11ea,0x1cceb645 },
      { 0x0c6d0f55,0x2d210c4f,0x9c673c9d,0x6cadf61b,0xa9ce3fbb,0xdd7f9919,
        0x93b063e4,0x135f494c,0x145a93be,0x580bdb3c,0x0f52ef7c,0x4d872332,
        0x8814bb6a,0x74d876e8,0xc7a97dee,0x4f6f723a,0x3e3cd833,0x7de2b8f0,
        0xae720270,0x6162f082,0xddfa486e,0xe88ec2d4,0x8d3a17c6,0xd965c859,
        0x3980171a,0x62e59e54,0xbbef6b22,0x0ab6285d,0x4d48b203,0x3cf45195,
        0x4ea25ea3,0x1f175233 } },
    /* 192 */
    { { 0x3467ea91,0x808a765b,0xfd2d9c45,0x3f4632ee,0x9cf2bc6f,0x7b75dc6d,
        0x359813ae,0xefc8d240,0xe44cbd8d,0x23ecb209,0x21525622,0x59ba10e3,
        0x3f1ee19a,0xfa14d934,0xfb0c48f7,0xdf97c21b,0xea30d437,0xc4e62890,
        0x651475c2,0xb286e2a4,0x126672a5,0x291f01e4,0x31aab3b8,0x9c6fda5c,
        0xe17d22ec,0xb7277a5a,0x914f0bad,0xbd88ed83,0x6a2392e1,0xd0b05d1b,
        0x65893c2b,0x4cb8af90 },
      { 0xbb4b1953,0xa2b02057,0xf597f6ee,0x4ce08b44,0x5e6412c8,0x854f5d9b,
        0xb3cd4919,0x1913262d,0x6e42bb5d,0x902762e4,0xd78e7f60,0x8355c8e6,
        0x38b6c16c,0x8efaa824,0xe550f618,0xd0173790,0xe57d778e,0x118af462,
        0x715b4714,0xa16ad5e8,0x41dea4f9,0x900596c3,0x280ca610,0x2a957c32,
        0x374c65a1,0x2faee800,0x50080414,0xdb105127,0xff080fa1,0x8c1db931,
        0xd79878fc,0x486a5c25 } },
    /* 193 */
    { { 0x941b4f36,0x0521e213,0xf803b4f9,0xbaacfb14,0x52a54ba8,0xfdf1e22e,
        0x8fe4796c,0xacfabbba,0x58dbacb6,0xae0788db,0xc19dfa51,0xdf98d736,
        0x35a716ee,0x155c286a,0x9c86461b,0xbe7d4676,0x63a64a5e,0x50b6380f,
        0x9f609262,0x14b41914,0xa2dfc5b3,0x0919a7d0,0xcef466ac,0xc454da55,
        0x6986aaec,0x93fa4a24,0x71a49ced,0x5090b171,0xc1fa75ad,0x602f1d6c,
        0x78e4c054,0x5d269f89 },
      { 0x14920419,0x3a74030c,0x90968739,0x0845d868,0xeeb70fa6,0x81b994c4,
        0xd9fc5bcb,0xabcaa06d,0xf58f8f2d,0x06539427,0xb1dc52aa,0x35c85f67,
        0x2c911baa,0x5a7d8d72,0xaec2d834,0x4041005c,0x7a8e5347,0xb5868a44,
        0x8de512c3,0x04ee180b,0x211168eb,0x4daa66e5,0x2317cd8a,0xc0bd5dab,
        0x61164df6,0xa1d4185d,0x1dbad7c9,0xacedca26,0x09b02683,0x0fe4b5ac,
        0x26d9550f,0x8ac9995a } },
    /* 194 */
    { { 0x2640a39d,0xb2c8dc9b,0xede0c9f9,0x21ff0b38,0xa1ecba0a,0x74f469bd,
        0x080d0417,0x8a902ccd,0xf4994604,0xe956fa32,0x9776ab15,0x348f85cf,
        0x0066f492,0xc21fc6ee,0xfeeef367,0x35b1ebfe,0x4613e5ed,0x7804581c,
        0xea6ba071,0xcbdfe8e6,0x950d73ed,0xddfcaa32,0x1da48889,0xc9747936,
        0xdbaffbd1,0xce867c8c,0x1cbaeae7,0xd267431f,0x897912c8,0x68255045,
        0xd7ea1e4d,0x0c7c1ddc },
      { 0x1ce963a7,0x53aa30cc,0xc4c5fade,0x7352f64c,0x2828afbf,0x2b9aa2f8,
        0xca212107,0x64273c56,0x85a576dc,0xaadd7654,0x90b5c77c,0x6196ac3e,
        0xd1aaf39b,0x20d43e9f,0xcd05cbc4,0xfc392062,0x4c0ff2fd,0x14163872,
        0x2ae821e6,0xcf32b8d8,0x3fa7a3f0,0x5f58f943,0xf644ca92,0xaebf1d2d,
        0x1918a75f,0x0c061563,0x6b876118,0x7989b5ed,0xad412441,0xbf342445,
        0x1df633ab,0x24ffc9ae } },
    /* 195 */
    { { 0x93c7cb2b,0x89fcdc05,0x590053fb,0xc1243b95,0x6182343c,0x601debcf,
        0x66c18a63,0x364546ef,0xec913287,0xa5290701,0xf9788c31,0xc35b8026,
        0x92d1f7d7,0x852b862a,0x0aa79728,0x1809cb05,0xa3cb2005,0x897d467c,
        0x9ef5b946,0xf20c77c0,0xf2241984,0xc3372c42,0xf35bb206,0xda053e0d,
        0xa9c140b5,0xbc26c6d0,0xcb56fb33,0x61cfcc0c,0x299b3968,0x1c3cf9ef,
        0x40621ba4,0x89e4d3d1 },
      { 0xa45a9be3,0xd35e80e7,0x07356fbd,0xc4daa578,0xb967bc2f,0x0186d62e,
        0x47cd16e3,0xa702679e,0x5f30ce9b,0xca2f1c02,0x1f864f50,0xf1205b46,
        0x85061d66,0x7fd6d797,0x8a08809e,0x47edc4f6,0x9a4d3ae2,0x5dac0449,
        0x6d1f9da8,0xf844664a,0xd7a83a71,0x9f30ce84,0xeaac33f1,0xe9382bac,
        0x948622ab,0x1f033831,0xf7681eb2,0xb037a4ba,0x99a1b5c7,0xd156a908,
        0xe6f1d0fb,0x675d3e6f } },
    /* 196 */
    { { 0x707193e5,0xd9767ffd,0x810358e5,0xe478aa91,0x328d8ef7,0x5634f9ff,
        0x6dbbd9a7,0x913a0ee8,0x7e215686,0x379b2968,0x89d9da38,0x903f410a,
        0x1b1334d2,0xd9f8d7b9,0xbd82efb5,0x9fe74229,0x3803c778,0xdb568b62,
        0xd3d25344,0x93e9a350,0x724497e8,0x559c35b0,0xa169e23b,0xc472d436,
        0xcc5b4c69,0x09864632,0x83c7f531,0x9f6d759d,0x1e497888,0xa91cf1db,
        0x60af1a4b,0x5f7f92fe },
      { 0x0545167e,0xf18a1cc6,0xaffa88e0,0x55ee2e02,0x432a7bcf,0x24cdff51,
        0xa7510866,0x7382da42,0x40511af7,0xe894c11f,0x2aaf1423,0xaa4e4e31,
        0xf63dd2ae,0x8c3d36f0,0xd7660635,0xfc5c9550,0x37ea7eab,0x01253731,
        0x39b950f6,0x2a5cd598,0x40e63442,0x95a0f601,0xf2ac7045,0x905e238e,
        0x446b0f73,0x44bacc0e,0xc448578a,0x4cd4206e,0xa5bd7803,0x367b1aaa,
        0x0a2b458d,0x25beced9 } },
    /* 197 */
    { { 0x0c33a8fb,0x079a7382,0x0f25dc1d,0xcfbf6cd1,0xc6d482b6,0x4ffc73f8,
        0x07bf844a,0x3e51f18c,0x599162f0,0xa7651236,0x14013811,0xac59a74e,
        0xe55018a0,0x957a6865,0xe3ca09b1,0xe1ec51bd,0xa960253f,0xbc0c7eb3,
        0x7de03f84,0xe83bfd14,0x52fbdb09,0xc0540ed1,0xcea15ec1,0x6ba52edd,
        0x4b261307,0xf3d30ed5,0xe8397206,0x9bd7bae8,0x096373aa,0xf20d8692,
        0xc3b0bf63,0x0a616a4b },
      { 0x6e1339c9,0x2075f3ed,0xbf8b00a6,0x7afaa072,0xbccd9b47,0xdfafec82,
        0x00ca54c7,0x4713158f,0x38bc31ae,0x449102f1,0x310dfc8a,0xaf98f158,
        0x59e954d4,0xc9ef2075,0xc527a0c4,0xe8021af9,0x7a192023,0x6e801277,
        0x7fb02377,0x635f538c,0xe8c9e951,0x5df1974f,0x15cc9097,0x0287faed,
        0xf7a5115c,0xfa0728f0,0x0fac623d,0x90dbfbe6,0x0311ba09,0xa8d40fd4,
        0x07c6464c,0x876d154e } },
    /* 198 */
    { { 0xc2d3ea8a,0xd3a4d6d2,0xa842600e,0x36be681b,0xe4070672,0xc53f100d,
        0x6a7d7a7b,0xe3e5b6fe,0x5d5e1a83,0x6e6994f9,0x76097c2a,0x07cacd22,
        0xa6791011,0x12d98dba,0x102e0e24,0xddfc4461,0xd493272a,0x4815dbc2,
        0xa9436696,0x7e38e64b,0x32b2bf90,0x4960eb1a,0xd928e28b,0xda457525,
        0x2a077c9e,0x72f75b39,0x7fd61d00,0x27760cbb,0x0f4b1456,0xaf235d1b,
        0xe76d1700,0x3040c23b },
      { 0x4efa9a70,0xb10dc55b,0x53e86610,0xd4de414f,0x09f8a27f,0x3d95c113,
        0x06661d3c,0x505109a5,0x60eb513e,0xcaa2994a,0x1e7d338b,0x3ee41537,
        0x4651e71f,0x4fd145fc,0xcbc313b4,0x51bbf838,0x1eb92150,0xb039e078,
        0x14bf5ac7,0xe8696b44,0x8be0d48c,0x2d667188,0xdd8f2b6f,0xbe93b2f5,
        0xeb8a7f8a,0xc1dfd1e7,0x90f751c5,0x862b3dd9,0xa32a74be,0x1eb1ad58,
        0x1ebbc9a2,0x5486d79a } },
    /* 199 */
    { { 0xa1359e13,0xcb2e34ff,0x28196051,0x202d8dbf,0x23564b5e,0xe95e023d,
        0x42f6ac12,0xfb1340b6,0xb653725d,0x543ba852,0x8d2466ad,0x81aedcd6,
        0x547c728b,0xbf780224,0x9569fb65,0x559f8a11,0xdfb22ec9,0x505b7a62,
        0x9eed5e52,0x07107540,0x299f6f11,0x9c899288,0x3db6f8c7,0xa7d69261,
        0xb3ca79a9,0x30eb7fb3,0xfb2160b0,0xcab99bb8,0xd28b409a,0xd2012568,
        0x5ac45f8b,0x380f1b0f },
      { 0xe6a0068f,0xc0b99e6b,0xc8a73753,0x4b67cf2a,0xb2faeb7c,0xa6c9a548,
        0x340260c3,0x7f417f99,0xcc0f739e,0x8ee56855,0x780949da,0xf08b510f,
        0x8d5c6eff,0xb1770fc2,0xfd96a7bb,0xb4f5abee,0xf2665a2a,0xa07b1136,
        0xb601dcf9,0x2fb380a4,0x162becc6,0xcc803614,0xee6b83b3,0x3498fb96,
        0xa8c17eeb,0xea9b0fd6,0xa177efc2,0x5834b5ba,0x5b110b3e,0x929044f5,
        0xebd7285e,0x4abedded } },
    /* 200 */
    { { 0x700ef376,0x3355e1b9,0x66cdabff,0xd56e5d9a,0x47e87646,0xb3dc2575,
        0x00f79369,0x28f44b8a,0xa0c52e29,0x08c32b1e,0x3729b392,0x5a78de12,
        0xb26d239d,0x4184519a,0xe0ce4a6b,0x23f6b4b7,0xacb2a9f9,0x235f6f8a,
        0xe2064a59,0xbb8bc454,0x1bf3062e,0x37efd034,0x94dff6f9,0x6bac683b,
        0x8aa7fa06,0xc3364b1e,0xce0b3745,0x0616772a,0xd1e3fb0f,0x46f08d08,
        0x18e132d3,0x6a20abb3 },
      { 0x6a85cbc7,0xea831016,0x934f9aa7,0xd0990946,0xe778f1b3,0xc2211088,
        0x2247b799,0x7ea4ff8f,0x454484ce,0xb3171d71,0x4f98c364,0x29403949,
        0x97df1458,0x5da911f3,0x09439116,0xa6b58093,0x174238bc,0x75f9509a,
        0x8209758d,0xfeb51821,0xa47925d0,0xae0c6021,0xaf8a315e,0x0e946694,
        0x6bad04b7,0xae7af8a3,0xf072447d,0x44c15e7f,0xa5456ffe,0x5184668a,
        0xbf36b977,0x45e353a7 } },
    /* 201 */
    { { 0x93092f71,0x76056764,0xf5b92d71,0xeb66b6c2,0xe2c8b6c5,0x9db3149b,
        0x20c0363e,0xf62f583a,0x03cd7097,0x688acd33,0xebb916ac,0x85d0c0f8,
        0x84c19b0e,0x1bf7462c,0x7c4a6ad1,0xc76ed5f9,0xd119f369,0xec8b88ba,
        0xebe50b83,0x59b8371b,0x866706a6,0x0cc69508,0xf8373d2c,0x531c75a3,
        0x2a5a02fb,0x4e1cd3a3,0xda39a1d0,0xe8274778,0x75da333e,0xedfc5bbb,
        0xca79bd36,0x15941f24 },
      { 0xa77dd512,0x42e8c0f8,0x1dc365f6,0xa91b59a7,0x08753862,0xe80d14cd,
        0xd272faca,0x1624230d,0x4027cb5a,0xeea3ec16,0xc1ef9f03,0xc1700b59,
        0x0da3148d,0xd411c127,0xc4181af1,0x801ee448,0x9e3a900b,0xedf28559,
        0x0d09affd,0x5d67b0bd,0x8b370024,0xd839df96,0xe6f836b8,0x3b6307e0,
        0xbd3201c9,0x5382e588,0x7a1d02bb,0x636d8a6b,0x968641e9,0x70b7db76,
        0x118fad03,0x6d17c34a } },
    /* 202 */
    { { 0xc181c99b,0xcf608841,0xc87bdcaf,0xb65dc901,0x3720dabe,0xb460b447,
        0x5377515b,0x4c79c396,0x0a96c277,0xd447f22e,0x2ac0f440,0x0d952130,
        0xc90583ad,0x8330b26b,0x928904a0,0xe25e977a,0x85c50b18,0x1deaffd9,
        0xa5ad5f6a,0xcf4dbcb7,0xc8a37ed5,0xcbcd0019,0x1e9850b6,0x7846dd90,
        0xb0b8e605,0x1ac8194a,0x34132f90,0xb9728571,0xf56ee28b,0x4ce9f149,
        0x3e9e1d4e,0x1ab9b5a4 },
      { 0x314fa7a3,0x206dab92,0x478ff963,0xcc4af0f0,0x904d9fdb,0x4cce1713,
        0x12c045fe,0xac20a2eb,0xfd8f6d7d,0x44fc5478,0xca7b6ffa,0x886e72c5,
        0x6fd6f758,0x7fa4529b,0x92a820d5,0x4df1d1b1,0x2789f149,0x3d812f9f,
        0xaabb53d2,0x9842f083,0x2a03ab32,0x2648539b,0xb1512502,0x631ce090,
        0x731f6bd5,0xe1294d15,0x9436e634,0xb229361d,0x3ca966af,0x8c4281c4,
        0xc21ab3ed,0x24b34956 } },
    /* 203 */
    { { 0x659824e2,0x49bdcb86,0x4e13e74c,0x6dc4ce48,0x6bbe1eea,0xa4c01a26,
        0x1e3ec457,0x47b2b8e7,0x2f5a8e4b,0x7e8b15e0,0xe333530d,0xe81eb6e6,
        0x17a45202,0xacba369e,0xd70e4c9f,0x81241431,0x3e12beb8,0xc190af4b,
        0x11f486fd,0x53270523,0x29fb2bce,0x9f6c41e1,0xb70f6c08,0xbe6287eb,
        0x3feb4477,0x1479850a,0x9bcf18bb,0xfcfdfb11,0xda80d040,0x925c292f,
        0x7e3c5bf9,0x212d65e5 },
      { 0xca15cf08,0x23adb386,0x81e172eb,0x4dfa4ac4,0x4d42d0c0,0x9d1dbf93,
        0x74404dc7,0xd9cf6073,0xe932bfcd,0x60508441,0x1c682a98,0x9ae910ca,
        0x41ac1cc0,0x9528fc18,0xdbbed630,0xe6a120ae,0x30ccf250,0x94e0e1ec,
        0xe58bbf2f,0xfe84ba54,0x9faa4415,0xc66d0b4f,0xecee7ce5,0x0c58f1e7,
        0x6fa6873a,0x7a1d43eb,0x399f1348,0x96c6c5a0,0xe6727ab7,0xe6ef9aaa,
        0x9a5c2447,0x66afa554 } },
    /* 204 */
    { { 0xc980e91d,0xda5aaba8,0x6ac98efa,0xa93cf509,0x8da32662,0xb0990e0a,
        0x0081453e,0x01d21530,0x3d71de84,0x2bb0d33e,0x3e19a012,0x465f6d80,
        0x78a838e7,0x5902ff4c,0x1931348c,0x74e2afb7,0x9cfb057b,0xa4932757,
        0x3ad03f8f,0x761ea642,0x58ffa40a,0xb7d4c245,0x77a87e30,0xb5e9c0d9,
        0xc9c84d26,0xd1c5edba,0x3d1963a0,0xeca8839a,0xebf6bf0d,0xbc6f2f35,
        0x0d58abdf,0x01ef0631 },
      { 0x3ecdcbb0,0x2bf90316,0x27c1c955,0x19e2d728,0x9575c930,0x9e527030,
        0x96983930,0x0dc1c5a9,0x7cd082df,0xef9f80ff,0xdf97e051,0xcd915075,
        0x9cc61b55,0xf286fffe,0x80f24cc4,0x352db38f,0x36523ae3,0xed9b99ec,
        0x10b104a9,0x109a8ca8,0x305203ad,0xc2700fe7,0x769400f5,0x2a2ee24e,
        0xee0c452c,0xd595d399,0xf7f02a41,0x0ab75d6a,0x0db730b7,0x34108099,
        0x5e8d1202,0x0e4f5ffd } },
    /* 205 */
    { { 0x0ff14c38,0xbd1c6444,0xaece11f2,0x9a5b59fa,0x22af6330,0xaa4605a7,
        0x82af24ee,0xddc9f65a,0xeb9a1159,0xf4ee4bfe,0x74e84eaf,0x2463d076,
        0x0e0baace,0x88cbe1e0,0xd5fabdcb,0x7ca568ea,0xc57eb99d,0xbd80d524,
        0xe9be9873,0x9c46572c,0x7300b85e,0x918a1dcd,0x40f54176,0x49221312,
        0xb5b14236,0xf7e324ff,0x2434f16a,0x40dda501,0xa133d97c,0x08833421,
        0x0876f020,0x33d41161 },
      { 0x9878e5ec,0x7531a36b,0x46918232,0x5de3e321,0xd0a30464,0xd15f9a33,
        0xaa173659,0x734c1b87,0xf925d4fe,0xac2094a2,0xc262b0f4,0x43c965a1,
        0x447d5cbc,0x759c903e,0x05239300,0x92af215e,0x1f593f34,0xfffb6d5f,
        0xc3cddb5f,0x65943b4b,0xbfdd5408,0x9d03a29c,0x198d76c0,0x8f7cda6b,
        0xc0f27b59,0xc0790a22,0x8cb58ccf,0xba557a84,0x76c54fdc,0x5922052d,
        0x47b6b466,0x2d3de7aa } },
    /* 206 */
    { { 0x65add3b7,0xaade7462,0xabf24c2a,0xe5888f35,0xe1a57d93,0xd41549ca,
        0x2c76f7bf,0x0e22e18e,0xbe3202b3,0x67f288ea,0x1d1d0f0a,0xb79a66ba,
        0x2881ad18,0x0e0ab749,0xc7adb0e9,0x7d424086,0x2842132f,0x870c32c5,
        0x58f9a09e,0x858477f1,0xec025589,0x422a9372,0xa5098777,0xbe428c5c,
        0x57660058,0x45b79564,0x957f37cf,0x6c7fc631,0xd6316289,0x8b7023dd,
        0x5b1c12a6,0x47003bb6 },
      { 0xc91c1c96,0xd99401c1,0x27a12970,0xaa5dcdf9,0xc3c29107,0x3ab92e17,
        0xa3fe4710,0x26fce8f7,0x4ee998ee,0xb0d09d5e,0x8e3a41f8,0xafa62204,
        0xa26ca506,0xb1c012a5,0x99b57252,0x2c6f734c,0x512f7fe1,0x1093d79f,
        0xacee19a6,0x2f30906e,0x056d1ea6,0x6bff8381,0xeff35f21,0x61c75856,
        0xc1ad2224,0x6e07e978,0x6b20fde8,0x2cca6ca1,0x633fe81b,0xab4d6d2d,
        0xb06a2ce6,0x73dff504 } },
    /* 207 */
    { { 0xd8e20fb8,0x8b615805,0x82b533f0,0x7c6873e4,0x56a854ca,0x5205f001,
        0xcb369211,0x87fec6ac,0xc7f092b7,0x1fa3c0ec,0xe845fe4c,0x5b36647e,
        0xf8b1f112,0xd4781e85,0x8b0f1a6f,0xc6526839,0xdcb8eb92,0xceeb8c6c,
        0x8e5f6d52,0x133f0ead,0xc8d934dc,0x31883e23,0x428ac45a,0x214ed5bd,
        0xdbbfca85,0xf77ca492,0x07e5ae13,0xdf4113fe,0x72ab05fb,0x63e4a0d2,
        0x7148f535,0x7544d0b7 },
      { 0x80797ace,0x4fe8d134,0xaf86d97e,0x216d6aa0,0xef5a68fc,0xdbf0a688,
        0x9f9b2684,0x18b26f45,0x8999d2fc,0x52fefcfa,0x62423955,0xd5af8d82,
        0xf63a3780,0x8f123469,0xdcd4feaf,0x2933454f,0xa73b5d09,0xba8018b7,
        0xe5552c18,0x9af1f276,0xff26bb1c,0xc5d4773d,0x06dd4f44,0x9ef49410,
        0x5f39ba49,0xad8f12f9,0xf66ca4f2,0x5767f6dc,0x7922f59a,0xba8773f1,
        0xc1e42d49,0x220081ea } },
    /* 208 */
    { { 0xba37a0ba,0x3043d573,0xdd176df6,0x05a431bc,0xc42070f7,0x03322cfc,
        0x67c2d109,0x5cabd30e,0xcbf8bcfa,0x362c95de,0x7787b10b,0xd767d277,
        0x6ec05e64,0x612c915e,0xce69c30e,0x9e669631,0x682e2635,0x27c9dd8f,
        0x95ffcc38,0x79021f12,0x8a2adca2,0x06a8ee79,0x4b5d500a,0x8e00e784,
        0x8d80d6c5,0x87746fc7,0x915f10cc,0x246053be,0x219f6fd8,0x844e328b,
        0x11bd3733,0x620541ac },
      { 0x509e5a29,0x0f7fd382,0xb432531e,0x8748d7d0,0xcd3883b9,0x8f749354,
        0x8bfbb17a,0xc6b8ac74,0x05f2d2c5,0xa4616a66,0x1bcb1b83,0xb3d96625,
        0x2fee265a,0xcf753104,0xdb225058,0xc70d73fb,0xf0c2d556,0x1211d434,
        0x54b259b3,0x862061d8,0xc42b3f7d,0xffe4606d,0xe86a4949,0x4c5c8585,
        0x160eedac,0x04ddcc8b,0x568e2420,0x1804ce67,0x42141656,0x91f3855a,
        0xf932be97,0x7f378198 } },
    /* 209 */
    { { 0xdfa6639a,0x9a374bda,0x02ab7391,0x0cbd48d4,0x47031e2d,0x5c5ef236,
        0xd0599d1f,0xb49ee2bc,0xe0d38443,0xd285eb60,0x269392e8,0xdbbea92f,
        0xb8bc538f,0x91455fbf,0xe469b768,0xae259ff1,0x41de5682,0xc1cecb1f,
        0x9952d1ae,0xc876f071,0xe7bf7446,0x1ce25181,0x282ad2f1,0xcb93ad86,
        0x6ba4ef67,0x8fa3cd31,0xe507aa3e,0xfce68a04,0xa61bb608,0xced74170,
        0xf6ac10d0,0x6de716b3 },
      { 0x172d6dc5,0xd4e58d04,0x6397c65c,0xbed2cde6,0x0c9eb4e8,0x7ae77e18,
        0x75fa2edb,0x56275468,0xa91e6738,0x4b30324e,0x235c8b2e,0x6023a856,
        0xa8f92887,0x9df6d6c2,0xf6f5e8b5,0xec2c185f,0x3ad5748a,0x7892e12b,
        0xd54aefbc,0x7aebb4f2,0xee868821,0x14915448,0xb1d9bd5b,0xa26c5f71,
        0x2ff00df7,0xe5ccd166,0xb95b1dee,0xebc99f17,0x3fe1f774,0x90983616,
        0xbb3d25b0,0x51f90830 } },
    /* 210 */
    { { 0xf2922461,0x49376fa1,0x1650d0d1,0xdbb1b1c3,0x0dd8608d,0x92b91c33,
        0x36b89906,0x3e612c4b,0xdf560052,0xe1977b0b,0x636a2545,0xf8afff70,
        0x11723d8e,0xcda7d278,0x81bde7ba,0x0b0bc4bb,0xed2a578e,0x3cb080b2,
        0x171b2e02,0x5bda0d0d,0x941bb9ae,0xf6df38cf,0xc14a65c5,0x85dd81db,
        0xc19dd98e,0x7f98c82d,0x52206f93,0xc613747f,0x5f5bbe78,0x9e13a2c2,
        0x0aa34be7,0x5eed218e },
      { 0x01d4dc0b,0xe1565754,0xf566bb07,0xa1ae5f27,0xb82225d5,0xe985ebeb,
        0x1189ec6b,0x5f3ad21c,0xecce4d9d,0x17da518c,0xd6b65b59,0xc84a2d3e,
        0x8ffa771c,0x7f988175,0x2ac69a7a,0x50d6ae12,0xc6e6846d,0xcb7f30b1,
        0x5bd0bb13,0x8c023a60,0xd73f2407,0x9a10fecd,0xe5f0a996,0x8c5158cc,
        0xbd8f5806,0xd26bf615,0x915a46e1,0xaf32ea87,0x0287d308,0xeaf74e81,
        0xa6264254,0x8c14ba06 } },
    /* 211 */
    { { 0xb17ee201,0x0c877895,0x88e57a77,0xc05aa471,0x97822456,0x19c3e763,
        0xc9c3ba1d,0x0be6f8c0,0xb4389ebe,0xfe85f4ff,0x0ce7fbb6,0x538bccce,
        0x65266c64,0x876eab2a,0xcf9a3842,0x5c9ac690,0xccc8f981,0x9f5cf3b1,
        0x9cf687de,0xfa17be6a,0x83835c15,0xfcfc10fc,0x150ef2eb,0x086b0fdb,
        0x884a52e6,0x9f97ecd9,0xb0cd1eb8,0x416e6fa2,0x3ecc03ba,0xe2bd1599,
        0xeabb165e,0x645c0a5d },
      { 0x50aa7e31,0xd94c4205,0x2f851da5,0xaec8df0c,0x3c726e6a,0x99646909,
        0x2619bf9a,0x72dbdc36,0xe253fbd5,0x1b4260e0,0x8c709e06,0x97c259fb,
        0xcddaec5b,0xfabf7cbb,0xe4b703e9,0xb4d5e8b1,0x0734efdd,0x1b06e56e,
        0x1f55f8a5,0x02d4a4f9,0x3f565c8d,0x7f8608ba,0x816d1d94,0x822f47d2,
        0x5ce7b136,0x0cc36156,0x31d04242,0xe46ee5ef,0x683567f6,0xb2a65f70,
        0xd2fa6c91,0x27e9ff40 } },
    /* 212 */
    { { 0xd7e952e7,0x75251893,0xc735bf18,0x15b30583,0x96fe0491,0x732b5992,
        0x806d2fca,0x27451858,0x1b885ed9,0x71ab76a0,0x6d9f55ec,0xbdce9d97,
        0x48f2ba9c,0x3da60b20,0x592b132b,0x6977c086,0x099051d7,0xb6dca9cb,
        0xd188ae25,0xd9c2ab23,0xe20aaf3d,0x9f469f3f,0x5aad74d0,0xdbd1f7cf,
        0x22a9eb3b,0x3d5efe5c,0x137010c4,0x8c5edfa2,0x57870260,0xada2217b,
        0x3dac9776,0x4feee567 },
      { 0xb5d3d780,0x30e18d52,0x07166744,0x4dadb5d3,0x5a742156,0x320d386e,
        0x8d6bbb86,0x5d8c290e,0x2d263dd1,0x981a4323,0x98984636,0x33d0e7ca,
        0xa519acb1,0x5138784d,0xdddc81ff,0x832e3fab,0x3199a43a,0xfc278594,
        0x32743163,0x5b4cabcf,0x74f94fa7,0x9fa010bd,0x5694a627,0xc28a743d,
        0xcb657a24,0xc1d2a888,0xe86a25ea,0x7eef2503,0x04c561ff,0xed11a5d3,
        0x9c9ede0e,0x4fe818e7 } },
    /* 213 */
    { { 0x7fc1c7ff,0x00252c9d,0x9fa89ad1,0xa9bd419d,0x4064e9cc,0xc93a124a,
        0x43942ecc,0x384cbcb8,0x8749695b,0x004c21fd,0x421165bf,0x69c81d9f,
        0xdde01102,0xe2325628,0x5a9b004d,0xec937457,0xf6dcfc21,0xfb3346bf,
        0x4d372c7d,0xac4da64b,0xf20494e2,0xcecb7ad3,0xe867c150,0x562c41b5,
        0xc2b723d8,0x299395ce,0x7ee53231,0xc91adfc5,0xf10b6597,0xe06f1161,
        0xb74d3ffc,0x81915529 },
      { 0x6ed9d4ee,0x8ec12431,0x689aff01,0x3dffa154,0x2a89a3f4,0x4aba349f,
        0xd467efb2,0x2db1e8e2,0x039102e2,0x18dea354,0xe52f082b,0x422ab853,
        0xed36dd47,0x7130a2c1,0x0295d1ee,0xca60e86d,0x7c7f5ad3,0xe6ac6808,
        0xde864658,0x0f83cecf,0x461d1265,0x72e66c21,0xbd385099,0xfeef4150,
        0xa6632289,0x0f183f3a,0x792dc795,0x275454be,0x11367702,0x2744c11b,
        0xe8ea6ef3,0x7d06bcc7 } },
    /* 214 */
    { { 0x7090212f,0x89285942,0x5521e844,0x691b7d4c,0xbe2dbb92,0x4c038422,
        0xbd81f880,0x317721ed,0xac89bc36,0xc136cbee,0x7b8f004d,0x4f71b60b,
        0x4e218ab8,0x269132d0,0xe6cc814d,0xb0e2496e,0x75fadc15,0x0b2ce317,
        0x66d223c5,0x82e3c084,0x4c612f8b,0x9721caa6,0xa4b65355,0x59a751eb,
        0xc7d3d9d1,0x3433aad5,0xe80d4246,0x1e61b9d2,0xfc673caa,0x149f655f,
        0xd0f9cb92,0x48b52b99 },
      { 0xefdc05be,0xa3915399,0x13e095e9,0xde70db18,0xcddb3fda,0x447862e9,
        0x1a009451,0xa2b03162,0x23920ea3,0x4b27980c,0xa23b8feb,0xac5394f1,
        0x3e5616d4,0x163f7256,0xb714219a,0xaa0ff93f,0x93d62474,0xd26f96d2,
        0x7dcfe276,0xdd212ea8,0x47038d15,0xab27bf2f,0xf418168e,0xe58c8325,
        0xb32a989a,0xe3704222,0xbfc9f13b,0xa3694390,0x0d0684ad,0xf16e2606,
        0x9d8c76ec,0x17c0de87 } },
    /* 215 */
    { { 0xdcc01958,0xbca5f453,0x1ce88393,0x7d945954,0x561f5b6d,0x5e6350a1,
        0x7e2d36bc,0x291c3c86,0xa5ac3a6c,0xf6c7ed84,0xd98006cd,0x7913c40b,
        0x5671ec3b,0xf78bb087,0xb43e89a9,0x1c928f6e,0xae1ea1ed,0xfdf28df3,
        0xb924b2b5,0x62bba5b1,0x1a116e05,0x491d2705,0x167ed3e3,0x08ec02b7,
        0x5bc0b046,0xe291cf7b,0x8c5d7f59,0x30e50169,0xf5c799b7,0x0c7c350d,
        0x0ac6e1d7,0x6862b9e2 },
      { 0x9ffa1f64,0x56c6f4e7,0xa1e24349,0xfed6a91a,0xcdb75232,0xe9a0ee0c,
        0x0322d607,0xbfc90b37,0x462fef87,0x29480ad2,0xc2bfcf34,0xfc214969,
        0xa539e38f,0x6e5211e0,0x12a5149c,0x2a59ec26,0xd706b532,0x195fe212,
        0xe99c8429,0xf77fb108,0x5dc80482,0x74ceaea3,0xbd92d298,0xa5a6030b,
        0xaaea15ee,0xad42dca5,0x4987109c,0xd6ac3bc7,0x290af649,0xc64e1c40,
        0x51f8de6c,0x5093fa2d } },
    /* 216 */
    { { 0x4c2d553b,0xc4cf3280,0x3b966c29,0xdc1abe22,0x2296914a,0x556a549c,
        0x999976c9,0xd8c9f8b5,0x776e83f3,0xc22c57bd,0x7c85ec57,0x4f2942ab,
        0x6e2c61f5,0xef3407e5,0xf213db48,0xf005e8ca,0xf32698c7,0x470c853d,
        0xcac0a54b,0xe6f488d7,0x60b7501e,0xb6bd6bed,0x714a4bd9,0xf0103106,
        0x6e098894,0x5285bc3b,0xf5f92a00,0xec06741a,0xef7ef24a,0x32f16426,
        0x6c77a438,0x12f9c44d },
      { 0x83313a1c,0x1951e964,0x33c58b37,0x98edd3da,0xc7ac4044,0x4edbbf52,
        0x0dcb5ee8,0x866ca6f7,0x6dd422f8,0xec0ae8f5,0x0661ec2e,0x1077bc54,
        0xd422523c,0x6d39913a,0x58e7cb3e,0xd105e1e8,0xc979bb45,0x47c9397f,
        0x0997b592,0x3221d4a9,0xe8952fe7,0x0ef628a3,0x4e946241,0xd08d5827,
        0x59780f40,0x64cbed0f,0x08e110ec,0x13d7c227,0x7679b1a3,0xd186d866,
        0x26ae1d18,0x02f75e4e } },
    /* 217 */
    { { 0x47f307d7,0x1b637ebf,0xd0141477,0x6b644a6a,0x2e05a80c,0x82a33d65,
        0xfed07b31,0xc8f1a0f3,0x3696e597,0xc09ee7f9,0xc7ffc01e,0xcdaa7ec3,
        0xf8f373b9,0x549f88fe,0xc3bb8989,0xc88d1961,0xdfcaa7b7,0xd92a4fe9,
        0x3ae4ab20,0x12ff9ee2,0xf5ecb1a5,0xf5aea641,0xe32fb47d,0xe769237f,
        0x25d085c0,0x96a5c420,0x26c755a2,0xdc912558,0x9bce9723,0x580b985f,
        0x63961941,0x72b1b566 },
      { 0x790e5558,0x9d708a08,0x0689af80,0x98536041,0x42313b5f,0xe85e7b8a,
        0x55a49d1a,0xe6ba1292,0xac371b0b,0x5e76c4b0,0x938e6e19,0x58504f39,
        0x60ae9a21,0x8dd41422,0x968485ce,0xd8b04e9b,0x887efe43,0xf94c4ba5,
        0xf11c5e73,0x11268e67,0xcf6b99c4,0x92623e28,0x7a0a9662,0xf2d0aaa8,
        0x4ca02ed3,0xb266772a,0x2d63b551,0x68ee8e4e,0x2e78b5b5,0xcdebb299,
        0xe17225ad,0x5df19216 } },
    /* 218 */
    { { 0x8df2e7e3,0x20027e1e,0xd8da07de,0xb183cc68,0x4b4ae694,0xce35ba69,
        0x3ca62e88,0x896d97df,0x52efed2c,0x3de4713b,0x26bd084f,0xd006c40e,
        0xfc81923b,0x1e9b71bb,0x1aacc6b0,0x9991c7b6,0x8f656840,0x650c9364,
        0x87f47524,0x138561d1,0xbffd3ca2,0x610f2b11,0xfa191418,0x96915faf,
        0x955e5309,0x8f1236de,0xa1872d79,0x613cbeea,0x66a2a48b,0x7f7b44ea,
        0xe0a89c32,0x452265c2 },
      { 0x25430010,0x4ad5ec79,0xebd090c0,0xcac786ff,0x20a9d3f5,0xa5f9f4ff,
        0xa3edc65f,0xfcbf4112,0x0cf3eb11,0x8824839c,0x8aa5b700,0xb8dd6d4e,
        0xb7568ab8,0xe2271dfd,0xb744560e,0xe43ec373,0x1cf75296,0x78eaf926,
        0x3fa96d9b,0x1809ae0e,0xdc25dfd5,0x0b312d2d,0x6bab7711,0x6b8f78b4,
        0xb5ecf1e4,0x069efc8d,0x609fecaa,0xc1952bae,0x5f4dbde1,0x43e302ed,
        0x1e078555,0x14b02bf9 } },
    /* 219 */
    { { 0xb87e5b57,0x2c71c768,0xf531a557,0x0bcc78f7,0xf7597dc8,0x4ff93f8b,
        0x139e175f,0xb28e026d,0xcb94ca6c,0x6b83b727,0x0079f7fc,0x2eafe3b2,
        0xcf3bd170,0x2aca54de,0x6af0dc6c,0x17c4133c,0xccf5e35e,0xbea1e665,
        0x345505c6,0xa6691a48,0xe6100b89,0x2633abd0,0xc17d0388,0x966c6706,
        0x1a0cf90c,0x7aefffbe,0xd0add64c,0x4d847be7,0xaea2aa46,0xd49bcdfb,
        0x2cc7d0a5,0x85e07e74 },
      { 0x0bc25bca,0x23aae0a6,0xe44f64ec,0x6e8e55f1,0xb607b773,0xe1e696d8,
        0xd3005909,0xaa90a746,0x2cbc4990,0x072b1ccd,0xc68e2f5d,0x0d0fe6c6,
        0x53e28ec9,0x920ec5f0,0xf0040cc1,0x79b21fb4,0xfcc4a2c7,0xa7375bd3,
        0xe1bac7dd,0xf5f5def9,0x35c0f8d3,0xdc315d79,0x2cacd318,0x7117c170,
        0xe926f71c,0x6f2823c4,0xed02f39a,0x38db58bb,0x7db69323,0xe5b49231,
        0x8d49f430,0x0964039f } },
    /* 220 */
    { { 0x56999eba,0x21774f16,0xb1de6305,0x3d8ee287,0xde0b2669,0xd81af726,
        0x3f8942a1,0x37446939,0xea03e13c,0xbcf6b615,0x94e273cf,0xd30c0c35,
        0xc6725c56,0x4fd33a56,0xa8be97a2,0xa57534ad,0x7c22a251,0x799242a6,
        0x9d0c5c49,0x4e51bdb5,0xc6a42768,0xd7cd76cc,0xd426bf59,0x914097ac,
        0x66e9beb2,0x59404a2c,0x5c96e3e9,0x4738fe98,0xaad666d0,0xbcbb3e0e,
        0x63bc5e56,0x626b0fd2 },
      { 0xe1a1ec42,0x47217dba,0xab5acc50,0xaa6ae7db,0x865331d1,0xb7e1ab1e,
        0x3d30126f,0xb8453070,0xdee61851,0x280649e0,0xea689544,0x8806f4a3,
        0xcb56f632,0x4bbe43ad,0xbcaff94f,0x036b9bda,0xbd0637be,0x0d941e65,
        0x686f3abb,0x82179d44,0xaad6afd6,0x1486912c,0xff7e1534,0x9a3b891e,
        0xeb86fd96,0x88c426ce,0x117928c3,0xb56e6a81,0x96399e00,0x933e7135,
        0xa17b6ac1,0x09bbddd9 } },
    /* 221 */
    { { 0xe4fd3673,0x75e39c1d,0xa65c8e07,0xf880d9d1,0x7289c7fe,0x4725c1dc,
        0x3529d200,0x5b6735ee,0x3c747af3,0xc1f8f2ed,0x912efdf5,0x5cf3998f,
        0x49859c39,0xed722618,0x0e69795d,0x23793a2f,0x86b1d2a7,0x8a6ab8d6,
        0x22a882e4,0x00c815de,0xf9db8d7e,0xbe77d6fc,0x02267547,0x0886fb32,
        0x49c10edc,0xb62687d4,0x7c83ed4c,0x9f1c3e17,0x5af366ea,0xe6d5d7f0,
        0xd1efad24,0x2eaa01b8 },
      { 0x1f357c74,0x5e47fb70,0xa9e3b794,0x93085c4a,0x6e85a905,0x4f098733,
        0xbe0244c9,0xf53808ff,0xa3b5660d,0x91dddf93,0xf3b95ed6,0x8b76377b,
        0xbb3920d4,0x91b911b7,0x86a13cf3,0x7ccf08bf,0xea018e58,0x53ed8f97,
        0x78c55194,0xb1ea4343,0xe0d2d5a6,0x8e6adde9,0x9b96259a,0xfc2b248f,
        0xeef17ddd,0x96ebceae,0x557f9c85,0xf694b443,0x07d5bba8,0x48cd150f,
        0xb4c1986b,0x02d31de9 } },
    /* 222 */
    { { 0xde79499d,0xa6bb9e1e,0xfd0fc2ad,0xf6ca8ff8,0x1a7d9356,0xbec0f8e8,
        0xe8f06327,0xbc3d1c9f,0x3b300beb,0x805c7217,0x413c181b,0x00420a08,
        0xf0ca9d01,0x9e9a167e,0x1aeeddd6,0x076c909d,0x8e3a8a72,0x64a1997f,
        0xa77b429e,0x3ce7f7a7,0x5c94d3e9,0xaac0fbf4,0xe6d48407,0xf37694a7,
        0xa91921e7,0xf56679e2,0xee1dbbd6,0xf23fe0f3,0xcbf9fa99,0xc7917566,
        0xe0f4d765,0x965860f2 },
      { 0x7fa5f79c,0xe734702b,0x5af2d26d,0x930bd426,0x6c73e0ce,0x45bd8b98,
        0x4ee44a2d,0x7dbe7bed,0x956c8a1a,0xc129e024,0x77cdf80e,0x6fdc05ac,
        0x589ca59b,0x70a6ba2b,0x999825af,0xfc484021,0x7a23f0b6,0x1d284b54,
        0x28a0a8af,0xb1da10a4,0x2b2af6d8,0xb1eb1b31,0x33935ee3,0xf051443a,
        0x8effa6ec,0x7a07eb26,0xd662654c,0x16ee4086,0x4549ee4c,0x7a7bc501,
        0x1fa98a52,0x65081032 } },
    /* 223 */
    { { 0xb67ed9b2,0x49f0e460,0xc36d93d2,0x0cda0fd0,0x88c75e1c,0xbb5963e9,
        0x614bc0c9,0x757bbe93,0x9a768605,0x9a9b8801,0x48edc544,0xa8b7e2af,
        0xb51a5985,0x9e77ed9e,0xebbf024c,0xdd025274,0x1545c636,0x598b6288,
        0x4800dba0,0x39bdaed0,0x81e2a23a,0x7fc20139,0x550cb4f2,0xdc66fd5c,
        0xb52068c7,0xad27032f,0x8169fa15,0xc9a0bcae,0x3a7ca8a2,0x60606f21,
        0x9862652f,0x98295046 },
      { 0x2e11c128,0x3e374600,0x0e6dca7e,0x80dfae5d,0xd9552264,0xe44016e2,
        0x880b7143,0xf65f88f2,0x526b881c,0xca3d28d4,0xdfb86afe,0xf9c59dd1,
        0x4c74f958,0x548860c2,0x9cb69f4f,0xd06ea43c,0x7334ecec,0x5343c9ae,
        0x35329713,0x5cc2ccd6,0x5f3a6c0c,0xa95ff403,0xb372653b,0x2e01a1cc,
        0xa250523d,0x31510fdf,0xa6227eb2,0xeee538e2,0xca23cd10,0xeadfc8a0,
        0x3e78f54b,0x4b7e6e1b } },
    /* 224 */
    { { 0xdb5f928b,0x79c9076f,0xb7347cec,0xe6250bb6,0xac00ec41,0x54b67798,
        0x9d9619c7,0x900d20ba,0x59e4343f,0xed42c0d0,0x451935d7,0x3df39e85,
        0x64f701ce,0x26391182,0xe1f87aac,0xce8f2554,0x65f91aaa,0xfddd6789,
        0xa324539f,0x96cd163f,0x4bace995,0x5c815f2c,0xa94f9ea5,0xd78c8c2a,
        0xef24e455,0x7ab2aff4,0x1cddc26a,0xf0ed6409,0x00ca2822,0x954a420b,
        0xd3297658,0x0611c4c5 },
      { 0xa9e81829,0xf192001c,0x08a282cc,0xded33320,0x8f9ded9b,0x0bfd7de1,
        0xb7889003,0x6793ac0d,0x3577a5dd,0xbb00d91d,0x802d3c2b,0xe17a23a7,
        0xfb549014,0xff95f88c,0xc71b6e07,0x7cd1bf4b,0x23588c8b,0x2e3b24a0,
        0xa4112076,0x9b5335b8,0xc4056d30,0x2481c05e,0xe916a1b5,0x55c7410c,
        0x850179f4,0xbbe03271,0xb3cd1208,0x15e6c177,0x90cbfe50,0x509a24c0,
        0x1c108566,0x82079529 } },
    /* 225 */
    { { 0x1c7d353e,0x5d2d3cff,0x7de0ce3b,0xd5e7eccd,0x6ca87635,0xb4b1075f,
        0x25f9ad3e,0xda8404e0,0x205cb5ae,0x6b963e89,0x09f221a1,0x9e5ee0d8,
        0xea41aca4,0xd64c85d9,0x34442a34,0x6a46c4e9,0x3cf655a4,0xac6ff97e,
        0xe5417d7c,0x76565c1e,0xeebf9c4c,0x681009a9,0x88da6388,0x95b61d39,
        0xf6b472c6,0x6402b46a,0x0b7f1171,0x1fde5165,0xbe0c05e3,0x94f8f273,
        0xa88344a7,0x7487b036 },
      { 0x9c3e2370,0xa860e575,0xf8048719,0x19d58193,0xa6e2f9aa,0x3a0dbf3c,
        0x6144719b,0xb6c7e959,0xdeffec21,0xa9049c74,0x3f50cebf,0x8ba064b2,
        0x49a1de15,0xb12822c0,0xb1d527f2,0xb654b7d9,0x0ffd0430,0xc470859d,
        0x4f05446b,0x37c74a67,0xa3add995,0xe553251b,0xe33533b5,0x4a3ed6cb,
        0x27e419ce,0x2f2f44d0,0xa5d1b979,0x2d84ee82,0xdb6fa69f,0xcc76b123,
        0x21fa3bdd,0x834f85c5 } },
    /* 226 */
    { { 0x2ce9b31a,0x329347c1,0xfe3fb3b7,0x1d88522a,0x52ff90fd,0x4bcefb4d,
        0x2b1a081d,0x53b17386,0x2a411f08,0x538c11ba,0x141b603a,0x7895b93c,
        0xb10bd741,0x2993b9aa,0x09912986,0xccbbd046,0xeea0aba5,0x669fafb0,
        0x35661897,0xd4844622,0x367ffa54,0x4a63b89c,0x1c3478da,0xcbad5d1d,
        0xaa6034f7,0xc5339227,0xe61b1391,0x0e6d705f,0xf74ff515,0xdd14b660,
        0x5332b54c,0x639d8b0a },
      { 0x162217cd,0xfa423162,0x811c28e6,0x2e0e4a2a,0x21766dc0,0x68d9ce18,
        0x046a06ef,0x51263739,0xdde92101,0x44eea231,0x114298d3,0x0607c8f2,
        0x63d957e9,0x27f272ba,0xa5e8cae1,0xe7ce80cc,0x24f7a63f,0x5816ebe2,
        0x89673e34,0x4dece5a7,0x536babd4,0x13756a22,0xe3bf77af,0x644d61ae,
        0x2bcf98bc,0x60b2bf6e,0x29fa962c,0x3b0b59f3,0xabb50023,0xb0769a1a,
        0x0c75402c,0x40903136 } },
    /* 227 */
    { { 0x1670433f,0x84d2873a,0x25493dfc,0xc9394df6,0x80fcf89e,0xeb05a19a,
        0xdb297616,0xe39e4310,0xd9e63046,0x50742dc9,0x1de9ca9e,0xf31ad8c8,
        0xfb7b1d0d,0x86aabf94,0x1b3c82d1,0x36cda27a,0x39702d84,0xfb1a2ef4,
        0x46081299,0x280bfddc,0xd2396238,0xe4b2b48d,0x7b3c9353,0x2db2c2f3,
        0x12fb8a69,0xd5b5b317,0x08180474,0xf9b87a3b,0x1e952578,0xd8590986,
        0xf37a2bc8,0x80668eed },
      { 0xb39a0249,0xe2edcd35,0xb2f8aeae,0xaf230cd4,0x7223df05,0x295b15e4,
        0xe0e937f4,0xbb66982a,0x8cbc9162,0x019d2b72,0xcf49dca1,0x5c512ae9,
        0x630f07b4,0x11b491a7,0xa03874e9,0x48d4f34c,0x44cb7433,0xc1fd0ea6,
        0xf95b30c3,0x13f79ae1,0xed8b60ac,0x40362d4d,0x61ead81c,0x9e8314ff,
        0x498c3d28,0xed600dd4,0xc2521702,0x5fcb1c19,0x3a9c1f33,0x592329fc,
        0x1bde6ce9,0x04677548 } },
    /* 228 */
    { { 0x39233c96,0xee3de56e,0x80737eaf,0x868c409c,0x201abc68,0xacae11bd,
        0x2b486205,0x0f2cea9b,0x6f19056c,0xe32387e1,0xa5dc2a41,0xea75365a,
        0x12b4be86,0x76c29acc,0x8d63294d,0xa01fcab7,0x0cab9f24,0x81dbe88b,
        0xf414c054,0x76646e5b,0xcb96b7aa,0xfe111893,0x7664e097,0xb649f5b1,
        0x53fcf5a9,0xa196422e,0x0b7ff634,0x5978c9bd,0x3c229895,0xb5feb38e,
        0x0833c456,0x038a49fb },
      { 0x13e93257,0x35e3818c,0xa612741b,0x14cebc9d,0x7caac06b,0x4f6e9249,
        0x3daa1116,0x82278e33,0x4de2034a,0xe7cc565e,0x0a1ba630,0xbb7dc95f,
        0x66956fbd,0x81dd9f23,0xbb132dd6,0xc63e6319,0xfc241337,0x6e22b022,
        0x7e8beb1c,0x23848193,0xd8c938ac,0x83b1994d,0xa6bb5644,0xb54cfaca,
        0x06f91807,0x1a7cd44e,0xa8f8d9f3,0x1dd439bb,0x7f74a8e6,0x660c2a78,
        0x121b5660,0x4bb76e22 } },
    /* 229 */
    { { 0xe6354817,0x7a151e8a,0xf038b438,0x33d494ea,0x85958986,0x4c86c688,
        0x1dcbac12,0x72153827,0xc0edad06,0xf487af8c,0xe500e5d6,0xad33051f,
        0xd6e47f55,0x0a711b1b,0x8c746ad5,0xa68709a7,0x6402f35e,0x27f17262,
        0xfb30c130,0xc6d08efa,0xc06c7497,0x9ef1c041,0xdcc3e2da,0xd0c74ece,
        0x092e1073,0x30c5f96e,0x2aa12b74,0x0f1393cf,0x2107eb02,0x24584016,
        0x7b76f98b,0x8843d25f },
      { 0xedb2a83e,0x4e1501dc,0x2bb8d724,0xbcfe8fb0,0xd925df62,0x09020659,
        0x42ab6fc3,0x3c715dcf,0xa0f09dfd,0x73c05055,0xe3590aea,0x126745d8,
        0x76ff749e,0x5382f4d8,0xa920c663,0xfc69feef,0x9fd711ca,0xde160211,
        0x9075c4d5,0x4219c3bd,0x3ded6bf2,0x3800cbd1,0x6263a116,0x8c7ea0eb,
        0x7d264c37,0x35bd7958,0x7159c98c,0x56e22e45,0xfa7373b5,0x71bf2a2d,
        0x8935c949,0x0503f939 } },
    /* 230 */
    { { 0x71dad4f6,0x65addc66,0x024bea1b,0x238e4889,0xf605d3dd,0xfb76c8e2,
        0xb0d96b89,0x13d5f5de,0x6601b2cb,0xe0b5ba35,0x83e3d254,0xe37d491d,
        0x240c8ea7,0xe8860423,0xe91c99ba,0x374182f3,0xa87ad919,0x26c2caf9,
        0xf574f295,0x4b13040a,0x944000a3,0x5b9bced1,0x06df42e7,0x4ccc57be,
        0x4bd1089d,0x22e8ec50,0xdddbb500,0x0c53177a,0x9ecfeadb,0x690d31d2,
        0x176668f9,0x735778fe },
      { 0x843c1137,0x0f86ee3e,0x3f0b73cd,0x3c1c42fa,0x8ab20e3a,0x0e75679d,
        0x16242fae,0x6f95f1f4,0x39b092e4,0x7b88e11c,0x4c236ac0,0x1629403e,
        0x2dac02e6,0x66105f41,0x862e0632,0x74dc28a7,0xf3b23c8d,0x2118ffb2,
        0x0745ffbf,0x1182417c,0x4c05711e,0x49b55a04,0xcefbe4de,0x2c665b74,
        0x97bf7107,0x1cc4c01d,0xc54f0676,0xb2ca06da,0x7450d0f8,0xfc599daa,
        0x1a3182a1,0x52e637a6 } },
    /* 231 */
    { { 0x6bebc6db,0x481700f1,0xf9503d92,0x4a6b45db,0x5d153919,0xc715cd3c,
        0xe5ad2abc,0x942a1c05,0xab7b466f,0x36a82433,0xba13918b,0xba413bed,
        0x90f4e6ce,0x698a5624,0xf3f1f3ca,0xbb720da6,0x63471ab3,0x2116d41d,
        0x303d3609,0xe00d2227,0x463ba69e,0x7fd4cc00,0x62845fd1,0xac609e4d,
        0x80adc9c7,0x63603b2c,0x45fafbca,0xbf16fc9a,0xc4bc94ab,0x41007f7f,
        0xa74b1698,0x7c916b4f },
      { 0x78bac2d4,0xc1026f91,0x2601a875,0x8a2e8098,0x0073d640,0xad2f276e,
        0xfcc1fb88,0x443610c4,0xca6b291f,0x5727b822,0x88ec60fc,0x0645532c,
        0xed9ad48b,0x51e48899,0xf543f103,0x841b48b5,0xd591ceeb,0xa6ccb1be,
        0x9dcf5a8b,0xfc4adf0f,0xb347ddb4,0x3a7ca020,0xcb44c521,0xaa1accc2,
        0x0527c0c4,0x773b6828,0x7023cf50,0xaa374c10,0x6b74c926,0x733d1000,
        0x77a8d07c,0x1ff3916f } },
    /* 232 */
    { { 0xf997939d,0xaa218fe4,0x791583b3,0x3d4dfbbb,0x87f7560b,0xb3a7b5da,
        0x5da92c98,0xa9c02801,0x46666f4a,0xe1eb4aad,0x14ce9dd7,0x2eb17a51,
        0xef8f3076,0xf46a66a4,0x810e546e,0x900b45c6,0x4baf04dd,0xf7af2258,
        0x5c84d42f,0x3cc1c872,0x8e4c83de,0x3093f225,0x170d88b2,0x62fade41,
        0xac076e44,0xe19612e4,0x32dd141b,0xf48d7346,0x925e34da,0xc1b1f759,
        0x072b90c9,0x19ed1a56 },
      { 0x6c735473,0x9cf7fcde,0x6003bc3e,0xaab88e67,0xfb199bb8,0x12187cbc,
        0x9accccbd,0xbb730441,0xb0f65459,0x214aff3c,0x6f926282,0x6aec81a3,
        0x9f9d20b8,0xaa82cb32,0x5773cc90,0x82f3f90f,0xf62257e1,0x4af60e6b,
        0xbd4762df,0xf18b44bf,0xdb970753,0x3948b129,0x7c22c18e,0xc6e920e9,
        0x57be97ad,0x393d6208,0x46b637f9,0xe8d7382c,0xf1fed1d5,0xf6625ccb,
        0x68681599,0x6f31e0f9 } },
    /* 233 */
    { { 0x82b8f204,0xc45afe55,0xd358b54a,0xac0441b6,0xacd5f5ed,0x7213e7bf,
        0x139bcd93,0x1914c70b,0x96dbcbb0,0x714b4581,0x1ed35d21,0xe9297d35,
        0x6a3e1f20,0x8f640837,0x2f3cd705,0x150a8a9d,0xdcdd9f6d,0xfb36e801,
        0x5cf56d82,0x5a54eb65,0x92aa5a21,0x7610500c,0x3b089f03,0xd10d0ae2,
        0xc42b66e8,0x491b2079,0x0eee8d48,0x4af1ae3d,0x41556f45,0x137e4c28,
        0x63d8a7e6,0x875e3308 },
      { 0xaf6c0acc,0xdc80fddc,0xbb1e7c08,0xd5ad1e66,0x828585ad,0xdc717ae1,
        0x275c7da6,0xbdc54340,0xd26b9e15,0xf4b4c852,0x6a05fa50,0x5f0a1fbf,
        0x817bcb32,0xc6f81e47,0x70ff2e1d,0x2cbd4328,0x67c7f7fc,0x8a249016,
        0xb585a6c4,0xd045acb7,0x4666c057,0x2e972ad4,0xe6d7d63d,0xc74d87cf,
        0x0e274144,0xf7067d87,0x8b2584ae,0xb2ca157a,0x75f0fdeb,0x495c5bfb,
        0xf386e009,0x5abb0581 } },
    /* 234 */
    { { 0xf0c97f57,0x8be62d2b,0x962f28c7,0x0fe04871,0x47b50abb,0xc548a467,
        0x44fa09ed,0xf6b26e03,0xab05a96e,0xfd44c6e3,0x70e6ae82,0xedb0032c,
        0xd7e4899d,0x28bd402b,0x9b7c11c2,0x43f2e963,0xce913716,0x0ec3fc0e,
        0x02fd0f8c,0x769b8bc9,0x7cabc3ac,0x9d9cb3aa,0x06924cc9,0xe88a8892,
        0x42609014,0xa51461aa,0x962e79e0,0xc7f4aa8b,0x8b1b3e80,0x4ef0210a,
        0x1bfee4bc,0x70544680 },
      { 0x121901c1,0xfab3d713,0xfead54aa,0xe90a2627,0xbc08ba23,0x64f6d285,
        0x36ec227e,0x8d993015,0x06c191ab,0x99a16ab9,0xf649ce2c,0x86b1cf5b,
        0x66be3a80,0x59206759,0xccba2cf0,0x18836279,0xeff53486,0x2c157b87,
        0x4b223af2,0xbfac9896,0x0aae7a57,0xcd0fd4f0,0x63218a80,0xdaddb940,
        0xdf88f14e,0x3844bb79,0xb71ed9fd,0xc1b3e3d4,0xd6205036,0x6c634a13,
        0xb8680a6b,0x6f56aecf } },
    /* 235 */
    { { 0xd9205c5d,0xb01dc803,0x67123929,0x68955f7d,0x9d9b6565,0x3debbffd,
        0xd3b1acfe,0xb844395e,0x6094eeff,0x04328b21,0x22991feb,0x6631ffa8,
        0x190dd075,0x0dde66e6,0xe8577c05,0x75b03c55,0x91722407,0x6c91ce5f,
        0x8ebb3a3f,0x9a288a40,0x058a1396,0x1d376f8a,0x9a6e0676,0xf3a59457,
        0x7b71d288,0x103029c5,0xb44c30c0,0x0843f428,0x730e0b9c,0xd8e6aff8,
        0x4ed644ad,0x7b6be811 },
      { 0x3d3aa54e,0x3ec38e4a,0xd83d509a,0x10233943,0x243955e2,0xf84aa621,
        0xf51d3d44,0x29104717,0x7eca4e37,0x62d2442c,0x85fa55de,0x8c5a523d,
        0x851da1b5,0xc6f5ccda,0x20001468,0x044bcaa8,0xe01702e0,0xf7501e68,
        0xe6a0acec,0xf0819359,0xac0ef0b2,0x33dda6ad,0xfd964f01,0x97aeedc8,
        0x530b90d8,0x48dacd0e,0xb84122eb,0x4c5fad6f,0xd700a1de,0x2284ec1e,
        0xdbca5474,0x86f9a835 } },
    /* 236 */
    { { 0x450cc69f,0x0e1d9055,0xc9edf98f,0x50eb14bc,0xee7eba01,0x1bb94e77,
        0x998f8e53,0x5f7a6737,0x1b16eef0,0x588384e3,0xd85c5e15,0xbb928723,
        0xcbd952aa,0xfe51e345,0x7e241674,0xc5d0ee28,0x100182f0,0xfdc146ef,
        0xe7f5be2c,0x0f739e92,0xb656bd3e,0x501ab3af,0x5168e289,0xb1552dde,
        0xb8ee104a,0x940dfe31,0xc4304475,0x42923603,0xc460a913,0x9306f114,
        0x03b51f86,0x5bfa9faf },
      { 0x107b258e,0x2a23f52c,0xd66341dc,0x989e82bb,0x823cff1a,0x54a3ced8,
        0x719b491f,0xf45b7794,0x2433dfb8,0x898c2218,0xc49250ee,0x0f9dd91c,
        0x4fa17655,0x50c2a2ae,0x2c327f45,0xf7aa1ce4,0x583b1e41,0x13a15ad6,
        0xa1bfad9e,0x9aa0d5a5,0x8e1fbdcd,0x9b1caa28,0x915f7f87,0xaf9283b6,
        0x87e81a1e,0xc10e4e0c,0x1080d296,0x04fdca56,0x12755bd8,0x6acc9616,
        0x828feeda,0x1b1266aa } },
    /* 237 */
    { { 0x774ee49c,0x4ebc0a00,0xcb6237d7,0x776f6852,0x5df938a3,0xfc0544ac,
        0xb6fbfbbd,0xc3388ec8,0x745f2eae,0x84ac8bcd,0xb1ece937,0xa9c56609,
        0x7de8fa13,0x656fb6ac,0xa532b871,0x5f8ded74,0xaa889f09,0xab0d428b,
        0x10b7aec2,0x43b27f28,0xfeecb34c,0x26426e1e,0x9e89c2db,0x44431b6b,
        0x39211090,0xaac4bc5d,0x4fd81058,0x926f7368,0x471ef60e,0x452fa691,
        0x218d7a23,0x33517fdb },
      { 0x593c4a36,0xa9c33f46,0x36b1a9ee,0xac69d718,0x4277beec,0x55a20c1d,
        0x7e4f179c,0x3e8ca24e,0xd46d88a2,0x57373369,0x730702f8,0x71ceb1cc,
        0x35eed574,0x8b184d97,0x0704cec2,0x7f4517a2,0xd7062a53,0x7f129d18,
        0xb1d77e1c,0x07a4571b,0x8350d8b2,0x774ac309,0x61fab8ef,0x27b2919f,
        0xb5dd801b,0xa7c4cc13,0x1434591f,0xe7e6255b,0x5a3592b3,0x349937b8,
        0x30c77549,0x31fac63d } },
    /* 238 */
    { { 0x04913fb6,0x2ee8cf1b,0x1769a6b3,0x7e401350,0x783e61f0,0x790ebb71,
        0xe27f2ffe,0x1e5107f9,0xedaf89bf,0x124ba67f,0xe58de68d,0x189200e1,
        0x6df5abee,0x962732a3,0xacbeb4aa,0x72cc37cf,0xe93c5a76,0xb0c5fa96,
        0xde63393b,0x4c2a317c,0x830b2d6c,0x97f65e67,0x1be5b96a,0x4afc3504,
        0x730ce66d,0x0bf40a60,0x9340d84f,0x96a1ba79,0x07626b08,0x3ee18254,
        0x7ab0cbf5,0x01db35db },
      { 0xac0efee2,0x6e0fbc2d,0xd71dbb45,0x8406ebcd,0x19b69abe,0xe72bde3e,
        0x37e01822,0x49cb7e61,0x11458b4c,0xcbb8c01c,0x687c5d63,0x420b4847,
        0x454c6776,0x1847dfa1,0xd1839d18,0xbede911d,0x278df046,0x1b9dc9c9,
        0x881a336c,0x294bd62b,0x93e77adc,0x7f096879,0x43ce3ba7,0x7ac90665,
        0x7764eefc,0x148695fd,0x9ac465cf,0xe0c20f0b,0xa6e2cdb1,0x636e8d28,
        0xd755341d,0x7b6ba98c } },
    /* 239 */
    { { 0xc1881ab4,0xcb1d9e03,0xb3168c88,0x19c25d55,0x282364ce,0xa82d3d47,
        0xf161aa24,0x95994390,0xe1ebb2c9,0x7838bc00,0xbdec7a75,0x8fd5dfcc,
        0x4ff7220a,0x4dd203c2,0x0efeff48,0x5ec173b3,0x16428b35,0x99f1d2b3,
        0x056e813f,0xc06bd9e5,0xc0b319f1,0x929172ba,0xfd223b15,0x6ae0e384,
        0x98d091ed,0xbd01059e,0xa654648e,0x6b3168e4,0x3375e798,0x2211447f,
        0x71eb4508,0x47e81019 },
      { 0xbc8c290d,0x7045d45a,0x810fb33a,0xa33d1355,0x46fbbf2f,0x2baf0092,
        0x385c7cd9,0xacff3f1b,0xe161985c,0xc5b150ec,0x2a888748,0xc6ee0a7f,
        0x5e88dcc8,0x9d888c8e,0xccb86443,0x4dd735f2,0x3c40f6f2,0xcc1e13b7,
        0xf3fed691,0xfc3a25ff,0x257ee5c7,0x4cb43b17,0xf32db135,0xaa654f93,
        0x02dff2d3,0x44f58d0a,0xa8ca6394,0x78e3f188,0xf3e86697,0x39646cce,
        0xe0dce87b,0x785b1902 } },
    /* 240 */
    { { 0xa92f9a20,0xfcce2361,0x9d64540e,0xb7bdca87,0x1d00d7c5,0xd4739a85,
        0x2e97c926,0x067ac8dc,0x78da6a8b,0x2aea3ffe,0x63c51b69,0x6828bf54,
        0x7155141a,0x76f1c479,0x3977d810,0xf4bcbef6,0x541bce7a,0x75bc4949,
        0xd17041a5,0xe01f4066,0x87755eaf,0xd282d5bd,0x59e7ae80,0x6e2107dd,
        0x382ab36f,0xaa56e166,0xb9d1d634,0x65ee8ef6,0xce4ed844,0x99a2160a,
        0xb7712c27,0x6557c367 },
      { 0xd75b6e52,0x561b0268,0x118d0e89,0xb0813640,0x6a2eb1ae,0xcff53330,
        0x6d090894,0x4e462226,0xb5fc1d48,0xbb351227,0x57a3062d,0x9365ea07,
        0xd66e2dc5,0x4caca37b,0xb9095887,0x220d7d23,0x8c4473bf,0x9c0fd393,
        0x6787da4f,0xadff370a,0xd057f4b8,0xef0aebcc,0x1173f33a,0x205e744c,
        0x925a26b4,0xb8d1f0a5,0x722fbbfd,0xa9364f49,0x8227d284,0xc891ae77,
        0xa0e08ab4,0x15c40d04 } },
    /* 241 */
    { { 0x2a0e18d1,0x9baf169a,0x4c0327c2,0x9971c017,0x7bc262ce,0xd81a323f,
        0x818ff379,0x2099db8d,0x4cd3c330,0x663f663d,0x011a0553,0xef5325c3,
        0xf980a470,0x9cd70bdc,0x1c9ed070,0xe64452d1,0xac676e13,0xafbf43f4,
        0xae85c2a5,0x97bec0a6,0x470490c4,0x2faae550,0x491e6ba9,0x0ab97a87,
        0xaafa9914,0x4055f537,0x36726557,0xfc95adbb,0xd119d6bf,0x646343b9,
        0x9d341e37,0x788e94a0 },
      { 0x9c53461a,0x053a6fe5,0x08e3b6ed,0x75ec897e,0x0768d939,0xa8f5d2f3,
        0xcc213d4f,0x9bd6bff6,0x05b0147c,0x590c7b41,0x7c7b8169,0x20a3628b,
        0x5bce78e9,0xc66a086e,0x4dec1d8f,0x3dd4d282,0xc19dcce9,0x890acf44,
        0xd8435a7e,0x6632d875,0xea6381b2,0x590167c1,0xf0dcc128,0xb2259797,
        0x46f8d463,0x91a612b4,0xc15efa39,0x42185d78,0x119f6788,0xdf55ec37,
        0x780dea93,0x91b19cc6 } },
    /* 242 */
    { { 0xcb5d8b80,0xebf2709d,0xfc35660e,0x03b96182,0x055ef969,0xb873d991,
        0xe47c4342,0xd1ea4b4d,0xd54f8867,0xcc4b9244,0xfd8d77ef,0x93b1a2ca,
        0xe8c1f563,0x068d24e7,0x49973056,0x5f5fabb6,0x0542374f,0x83248c50,
        0x3f38e913,0xc36de2b5,0x7bb680be,0xed07e8eb,0xd8f313b5,0x964813d7,
        0xafd2d392,0x7bb6a069,0x0848a31a,0xc06d848e,0xe4f0c325,0x6867fb2f,
        0x067343af,0x3c2ba834 },
      { 0x9d3ad63b,0xab62d775,0x59e0eb1f,0x3f9cab97,0x3885e117,0x70332a63,
        0xe20b2f9e,0xf22cafce,0x49eca947,0xb529ba7e,0x6228d88d,0x24954216,
        0x39239561,0x80ea23ec,0xd4370644,0x1b8907e7,0x563e4e44,0x4b7fa455,
        0xb2a4b0fa,0xcca9829e,0x48060792,0xd0a720a4,0x246991ce,0x8ccdda0c,
        0x348d086b,0x37a2325b,0xf60aee13,0x566ed509,0x147f253f,0x3d30e091,
        0xc1073bd8,0x1fa627a5 } },
    /* 243 */
    { { 0x42478fd4,0xa11222a2,0x670b2000,0xacf4c6f1,0x8359c6de,0xf71bb04f,
        0x7b93cdbc,0x618e2829,0x230db60b,0x96e1bae3,0x965b3b29,0xf17fd3b4,
        0xbc7055dd,0xa58639c6,0x4b817d7f,0xc3ea92ed,0xd23b08a4,0x9082b2a6,
        0xdc17010e,0x8471228a,0x20e89d97,0x753b9e46,0x03ff77c9,0xcf7e4f97,
        0x2bbe60e5,0x6c3f8245,0xb80e017d,0x9e432cbc,0xc0a45edb,0x150a5acd,
        0x4798743e,0x67b8bd05 },
      { 0xf4797cf7,0xe66079b4,0xd03fde02,0xe31c998a,0x54caaef1,0x5aa3763a,
        0xf7649711,0x64d9a1fe,0xaf29b1a7,0x7ce0dc73,0xfb66ca93,0x6661b083,
        0x32fb6a78,0xbf4d74fe,0xdf00a561,0x25f6ef09,0x831d1159,0x2bc4383f,
        0x536bde37,0x6d5cc10c,0x882cc65b,0xd4945f9f,0x451a99b8,0x81f48f13,
        0x6bac11a4,0x140161cd,0xf18a4a0a,0x9d94d4ed,0xa467a824,0x65363165,
        0xa4c9aedf,0x74297aa9 } },
    /* 244 */
    { { 0xe21124ba,0xc49758a4,0xa87ffbd2,0x99bd8198,0x3d6638a8,0x45fbcdd1,
        0x15f7bf76,0x94645ff8,0xc4e6d57e,0x5fa6736f,0x92e61db9,0x1eae6475,
        0xcbdf944a,0x79575c0c,0x25b31d74,0xa3d13047,0x4cab5ae6,0x7881df22,
        0x1a2887f2,0x8dbfd299,0xa26ac459,0x23d07590,0xd8661d4a,0x2e589852,
        0x8a0140f7,0x37b5c13b,0x3fb3782a,0x0f94199e,0x1bc14e90,0x722aa059,
        0xd55bbb12,0x89aab7ba },
      { 0xd656bdc7,0x8b345a96,0xe176cd3b,0x43bdc8af,0x32d64c43,0xd69518b6,
        0x79b82b41,0xfcf364a7,0xffb0cf82,0x907b344e,0x5101287b,0xf3d0c83c,
        0x34cd90ef,0xe9f26a59,0x07082b5c,0xe5f5aaf2,0xece7c165,0x4eb72c75,
        0xbe986cd6,0xe9590a81,0xff1536aa,0xfeef498f,0xa8263d5e,0x04560243,
        0x54ae872b,0x940be14f,0xe3207686,0xbee7bcc9,0xc1bc4d7a,0xd496a27d,
        0x5940ab46,0x002dc297 } },
    /* 245 */
    { { 0xb69d60c3,0xee533937,0xfe972755,0x260be552,0xc0c725a6,0xb11fb78d,
        0xcab2e7c2,0x6982c27e,0xee2322cb,0x4bceedd9,0x122704f7,0x952b19ed,
        0x854a6165,0x2df4c285,0x7b192485,0xba40b5bf,0x0119f52a,0xfcbca950,
        0xe5add86f,0x7467d1cb,0xd9d0f2c1,0x9bf536fb,0xb8d4ebc9,0x3c296e34,
        0x05a81317,0x0495f8f4,0x73335f76,0x8c59e8d6,0xe0542122,0x0b53d324,
        0x3c3bda73,0x4d564535 },
      { 0x7e5c0877,0x7322f800,0x0ca9a764,0x481b43e6,0xa2c12716,0x231f4f4b,
        0xed3136c2,0x09596857,0x38db30de,0xae826322,0x99908ebc,0x652fad40,
        0xaf0d231e,0x0b8d1814,0x09cbc349,0x2680c54b,0x4bf3bf8e,0xfd4562f3,
        0x092b595f,0x2985090b,0x5e15fc34,0xe6f39ca4,0xbc378168,0x70175191,
        0x845a4a87,0x906944b3,0x82a1541a,0xacc6d74a,0xb155c8b4,0xadc9bab3,
        0x77306c62,0x1f2f89ce } },
    /* 246 */
    { { 0x9affefdf,0x8253ef41,0x4cf9256b,0x05d7ece5,0xb444e483,0x377002f2,
        0xcba5471f,0xb189755f,0xd5cbe015,0xc88483cb,0x6a0b8429,0x254f7c69,
        0x61f3f61d,0x18850bd4,0x0a247157,0x7ba21089,0xd92eeb0d,0x35abbc2e,
        0x965dec89,0xfb56cabe,0xbc55684a,0x9da23724,0x6a7a7492,0xd8ba396f,
        0x2ef4ba46,0xfcb90db7,0x9909b27a,0xdd234fe0,0x76f4366e,0xbdf3c164,
        0x17e50d47,0x09c8097f },
      { 0x60050c07,0x6a04b140,0x43a8e37e,0xc29e8318,0xbb55e41f,0xcb9429b2,
        0x2ce60e3a,0xed2fea5a,0xdb9d82f4,0xdc7b1ff3,0x687d37fa,0x48ebecc3,
        0xecb07539,0x79153e32,0x57075692,0x6a60054f,0x800759ba,0x3871cd0c,
        0x30922df1,0x17a7386f,0x83357b7c,0x4e9fc59e,0x39415186,0x1d26b3a9,
        0xd34db889,0x912a0222,0x59fcdb71,0x6672fcf4,0x44ff3036,0x5a3f268d,
        0x6911e16c,0x6f113ed3 } },
    /* 247 */
    { { 0x1836f1c9,0x52a9df59,0x4232307d,0xfa6519f5,0x5ded285a,0x8406c701,
        0xaf627f75,0x0a1545ca,0xace0417d,0xae1111ee,0xa6113443,0xfb28bdf6,
        0x52dbcbcb,0xde9ef0ab,0x7813e658,0xe9dc181b,0x99127225,0x0b1dabdb,
        0x22814c59,0x5f0598e3,0xd934ee7e,0x5c3b966e,0xb99ba4bf,0x4eb84eda,
        0x3c1b55e7,0xb2919a34,0x94aa860f,0xa9addb49,0xf6811ff6,0x1b7220df,
        0xd1a183e2,0x6636a23b },
      { 0x20587283,0xdf5d5a2d,0xef07fc5d,0x0b3822c9,0x0ef6de38,0x1786bd55,
        0x25d1671d,0x163cf907,0x1cdb1def,0x74bf971f,0x0842fc4a,0x5749e830,
        0x27f854f7,0x0e2edbc7,0xbce24acb,0xbb27bbda,0x05bed08d,0xc1b19cec,
        0xf7c904bc,0xaada123e,0xd89982db,0x02429f1b,0x65f6e632,0x49d3616e,
        0xee59fd32,0xa3789fa8,0xfe9f29f5,0x160ba3ba,0xaf5378a0,0x0f2d3b61,
        0x73c2a6f8,0x7aeecc76 } },
    /* 248 */
    { { 0xdc43b0db,0xf3a4757c,0x98119cad,0x3d8a4e85,0x4616c156,0xf8095bf6,
        0x4f533e97,0x3e2a07bc,0x39cfc5ad,0xa9824367,0xcd68052c,0x18a6ba3a,
        0x8a1cec66,0xbd60e590,0x02b1b695,0xae3841a5,0x190a195b,0x986dff12,
        0xad31fd9b,0x2df2beac,0xcc728f7b,0x7d893224,0x0cf0a992,0xc38ea738,
        0x586a44ea,0xa8439a80,0x1615f03c,0xede7f7f0,0x27a1f885,0x48249908,
        0xb78a7645,0x28ec4006 },
      { 0xa2fe0009,0xe1820c2e,0xf13874e9,0xe11ba5d2,0xc524db52,0x97522454,
        0x7fede529,0x4d477426,0x9b2500d4,0x01d3419a,0x1869244b,0xce08a492,
        0xdd1be1b9,0xba169023,0x32a301e0,0x242c3e54,0x70906788,0x9b56f7ba,
        0xc74a8cc4,0xf0ad2a09,0xd76f9439,0x99cd1841,0x621fb60e,0xeddafe0b,
        0xbc397634,0x056bee54,0xff7f0a84,0x4653f860,0x2011c0af,0x6bd4876f,
        0x0c9525c3,0x134f4cc7 } },
    /* 249 */
    { { 0xe938dff4,0x9621a3ec,0x486a79a3,0x7d101a7b,0xde950537,0xf2c4ef97,
        0xe65d87db,0xf3184099,0x373b8cfa,0xb89c7ffb,0xe842916e,0x68baa505,
        0x4ebea764,0xa790fd09,0xe592892b,0x679df6d4,0xfcfed741,0x2023331c,
        0x9880ff21,0x0bf4efd2,0xd0344501,0x7ca78ddd,0x342858c8,0x2cb09ecb,
        0x2575487a,0x9e5eb6dc,0xebcb0491,0x50675a15,0x7381d471,0x09d2e74f,
        0x83d3d6f4,0x6ea37829 },
      { 0x4e5cc40a,0xc65c094b,0x1af37dfb,0x7a2e3f6a,0xf9026e44,0xef677e9d,
        0x93880f53,0xb7878c95,0x7f644aa9,0x4aa30b07,0x2f208c3c,0xa0c51683,
        0x658d663b,0x7c0277ae,0xae1d9130,0xef0b3c38,0x695c3ea4,0x302f37a7,
        0x6a0c5e0d,0xe004c1c5,0x20cbcf9f,0x9fd495c4,0x568a0e7c,0x706d5b9d,
        0x59286454,0x8b225dff,0x8d9a709c,0x527d4465,0x87c08d68,0x47c558da,
        0xbb4ef07d,0x606ee6e6 } },
    /* 250 */
    { { 0x57c621f6,0x02d99fc7,0x7fe83d48,0x292e40c1,0x9ef199b0,0x1bdfc7a1,
        0xe62c7666,0x78a04102,0xe6738753,0x16cda370,0x1e3a65af,0xbc81974d,
        0xf78fe209,0x19742048,0xbf5981c6,0xc83a058a,0x9c89702d,0xf26b2434,
        0x9d1a678a,0x988b2f1e,0xff29ae29,0x472bf9b0,0x1d7cf5ec,0xa143e398,
        0xb268ddd8,0x9c9d7e45,0x5fc4ff76,0x166cda55,0xa4aa7673,0x6044cdf0,
        0xe9148707,0x49dba6f7 },
      { 0xa758e37a,0x20e47fb2,0x2d8eaf66,0xaf6b31d7,0x6f9c2210,0x352ad5f9,
        0x90efc32b,0x0093f727,0x41e4b264,0x435c99dc,0x05b15795,0xbfa878e0,
        0x0e673575,0x99c520a4,0x87eea759,0xca682594,0xf12a348b,0x029f7b81,
        0x2aa2ce35,0xa547cc18,0xead5e2c5,0xa11d874b,0x55682cdf,0x9af0349b,
        0x8bbe8e66,0xf86ebfea,0xf55394ab,0x3dab8782,0xebc8eb8f,0x458bf797,
        0x9b7de78c,0x4890a7a4 } },
    /* 251 */
    { { 0x8da995f6,0xd7299689,0xec6156ef,0xd39eaae7,0x356a82d5,0x6959040c,
        0xc135bcfe,0xb2046b21,0x0f595c78,0xea720b64,0xe7c5fb40,0x02824efa,
        0x0edb3bfc,0x97d8fd4c,0x79f24ebe,0x12f02905,0x187ea6b9,0x16fc47cf,
        0x789d5c23,0xc219fd27,0x89263ecc,0x233a6b6c,0x8b6d30a6,0x823634b2,
        0xc9b33680,0xca352e25,0x40c77456,0x9388d6ca,0x3c92065b,0xf8e55b0b,
        0x02439a76,0x5c17474b },
      { 0x8aaccab5,0xd888e7c2,0xaaced05b,0x18027836,0xccec0f65,0x185b877d,
        0x125c2882,0x93cadc1c,0x67fdc54c,0x45df540a,0xc2788a33,0x4f3c86e2,
        0xe3a0fa2c,0x3e874469,0x273983cf,0xc59daa47,0x4a96d8a5,0x3063c48b,
        0xc2e58915,0xc38d2bcf,0x84e428c3,0x90e78b87,0xf0c4fd53,0x900a292c,
        0x941e6005,0xb7f92db7,0x6ca53a1c,0x95679241,0xb1ab0fa7,0x35f6f31d,
        0x7b58408c,0x5d675eb4 } },
    /* 252 */
    { { 0x870c6025,0xaeee1a77,0x91a2dfca,0xfc4a23b7,0x386b64c4,0x7b0e60c4,
        0xe5ae72b1,0xd5d5b17d,0x9eefa212,0x6dfc88ac,0xd4038b96,0x4feaefbe,
        0x8e2d2ecc,0x099ac356,0x012af207,0x548ea612,0x89c31218,0x4ffed9db,
        0xe0e67331,0x1c1e91c4,0xaf8300e0,0x009bb64f,0x6773c3be,0x8780501c,
        0xc08219fa,0xe0cd6ede,0xf81b06ff,0x7c055e07,0xe080b36f,0x82b63f9c,
        0x0a9feca3,0x02fccbaf },
      { 0xb47cac61,0x9991d4d1,0xab86e12c,0x2e9d1687,0x2b94f042,0x8c6855ec,
        0x48e648e5,0xca400519,0xef89ac57,0x9ba91fb2,0x1be792cd,0x4f419206,
        0xbd0f1e15,0x82d221cb,0xfc444019,0x062eb13b,0x99790fdc,0xf3a97c32,
        0x6067a64b,0x4e796d94,0x6d23775a,0xc46dd300,0xed7f0f23,0x8672c4d5,
        0x3b4f63d7,0x821851dc,0xd26273f2,0x50a3ae0c,0xeac60f6f,0x800e58fc,
        0x13845545,0x56f1e456 } },
    /* 253 */
    { { 0x32c24f3b,0x01ccb3f6,0x06d817e6,0x99eb1c7f,0x6aa26776,0x8dc640bb,
        0x0845d5e0,0x7838affe,0xf81a79a8,0xf34fecb1,0x3e6819b0,0x6a2e282d,
        0x8237a4b8,0xc4b977ce,0x87636439,0x0f46b3db,0x97970497,0xa465f540,
        0x8791be43,0xd7e08762,0x34198ec6,0x00220b6c,0x093d94bb,0x57b38637,
        0x29d690b2,0x84012e16,0x20aad1a4,0x02ec9db5,0x85dc34e3,0xafee2fc6,
        0x25500cf8,0x911d1936 },
      { 0xf5e5af5b,0x13b1bd58,0x7b6a22a7,0xa7ca263b,0xf3af2adc,0xab6bec4d,
        0xa04420bd,0x16651e59,0x4ba36c11,0x3b448b3b,0xff424310,0x3c62bfcd,
        0xf1a96cbb,0xde15c4a5,0xe4d1f980,0xbe0ad8a1,0x36673a3a,0x812bd14e,
        0x9212acdd,0x40303af6,0x576095ce,0x8f6dab9c,0x107f5ca5,0x7df1882a,
        0x8896a3b0,0xb903e63c,0xd863b3f0,0xf5048544,0xc09887de,0x5e5019b9,
        0xa0f53865,0x2be744fe } },
    /* 254 */
    { { 0x5b50f324,0x054cd05f,0x1ea3c7a2,0xb9b1eb24,0x7ff8e6b7,0x4a858a5c,
        0xec040882,0xd83902fe,0xd0cba9bd,0x72b26494,0xb29c9e1e,0xd0176f90,
        0xcebadb81,0x05d4eb02,0x372b8bfc,0x874405b1,0x79ead190,0x5c412881,
        0xec2b48cd,0xd44a3dd3,0x3f4d5033,0x84499a77,0x564c3a09,0xb37b38cd,
        0xf42e803b,0x80e99497,0xb8f518b2,0xc07b47a0,0x3568fde4,0xc710e3c5,
        0xcead0e7a,0x735f542f },
      { 0x38380039,0xcaa9a171,0xf74d19c8,0xadfafe17,0xccbc1a8b,0x92d4393e,
        0xfe029705,0x3c5dbf39,0x930e9b36,0x4552b5ab,0x2afd494a,0x7ee63032,
        0x3f02ac43,0x826a9ad7,0x99356298,0x98c53562,0x7342bb39,0x0c869f87,
        0xe4f9b79a,0xd7510020,0xd34789a9,0x6361d1a4,0xcfa85637,0xf0ded5ba,
        0x88ac07e4,0x407ee73f,0x09ef1cbd,0xfac7d03f,0x4d475bad,0x25d697cb,
        0x14bd399e,0x1e984c9d } },
    /* 255 */
    { { 0x4850c817,0xc76d0561,0x3489812d,0xb08a5b19,0x5e58cbbe,0x7273d154,
        0x4be61e5a,0x8900b5fa,0xd7aeb8e1,0xaa088691,0xd35a3d4b,0xe66666af,
        0x57ec7d3d,0x38a2c199,0x668d6f5c,0xa0648e8f,0x7adc1746,0x1f9fc92c,
        0x843065c3,0x23a116c0,0x61e6ae69,0x36370a20,0x2aa47e73,0x626c3736,
        0xdeff6d84,0x540c25f2,0xcdbed2d4,0x9804824c,0x039a9492,0x4b5bfce0,
        0x76942e01,0x6c474a56 },
      { 0x7d88e3a1,0x3aeb9a41,0xc484742a,0x105d3c88,0x3fe61131,0xe59de8d1,
        0x1a869e8b,0x148f5b6b,0xaa75d90a,0x7a8abc59,0x62146013,0x2f0c9bc7,
        0xc3824cd9,0x43faa747,0x6a5d0b92,0x81763a18,0x9bcbaebc,0xbbc341bc,
        0xf745d1dd,0xe1813160,0xb75ce5f4,0xa53ce52d,0xd50de4c2,0x15eae66c,
        0x75d7656d,0x5ed8996c,0xc4ca552a,0xe4ff5711,0x3c5305b4,0x215e985a,
        0xfa1ba2ce,0x6b258954 } },
};

/* Multiply the base point of P1024 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * Stripe implementation.
 * Pre-generated: 2^0, 2^128, ...
 * Pre-generated: products of all combinations of above.
 * 8 doubles and adds (with qz=1)
 *
 * r     Resulting point.
 * k     Scalar to multiply by.
 * map   Indicates whether to convert result to affine.
 * ct    Constant time required.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
static int sp_1024_ecc_mulmod_base_32(sp_point_1024* r, const sp_digit* k,
        int map, int ct, void* heap)
{
    return sp_1024_ecc_mulmod_stripe_32(r, &p1024_base, p1024_table,
                                      k, map, ct, heap);
}

#endif

/* Multiply the base point of P1024 by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * km    Scalar to multiply by.
 * r     Resulting point.
 * map   Indicates whether to convert result to affine.
 * heap  Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_1024* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_1024  point[1];
    sp_digit k[32];
#endif
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
                                         DYNAMIC_TYPE_ECC);
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap,
                               DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        sp_1024_from_mp(k, 32, km);

            err = sp_1024_ecc_mulmod_base_32(point, k, map, 1, heap);
    }
    if (err == MP_OKAY) {
        err = sp_1024_point_to_ecc_point_32(point, r);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Multiply the base point of P1024 by the scalar, add point a and return
 * the result. If map is true then convert result to affine coordinates.
 *
 * km      Scalar to multiply by.
 * am      Point to add to scalar multiply result.
 * inMont  Point to add is in montgomery form.
 * r       Resulting point.
 * map     Indicates whether to convert result to affine.
 * heap    Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
        int inMont, ecc_point* r, int map, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_1024* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_1024 point[2];
    sp_digit k[32 + 32 * 2 * 37];
#endif
    sp_point_1024* addP = NULL;
    sp_digit* tmp = NULL;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
                                         DYNAMIC_TYPE_ECC);
    if (point == NULL)
        err = MEMORY_E;
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(
            sizeof(sp_digit) * (32 + 32 * 2 * 37),
            heap, DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        addP = point + 1;
        tmp = k + 32;

        sp_1024_from_mp(k, 32, km);
        sp_1024_point_from_ecc_point_32(addP, am);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_1024_mod_mul_norm_32(addP->x, addP->x, p1024_mod);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_1024_mod_mul_norm_32(addP->y, addP->y, p1024_mod);
    }
    if ((err == MP_OKAY) && (!inMont)) {
        err = sp_1024_mod_mul_norm_32(addP->z, addP->z, p1024_mod);
    }
    if (err == MP_OKAY) {
            err = sp_1024_ecc_mulmod_base_32(point, k, 0, 0, heap);
    }
    if (err == MP_OKAY) {
            sp_1024_proj_point_add_32(point, point, addP, tmp);

        if (map) {
                sp_1024_map_32(point, point, tmp);
        }

        err = sp_1024_point_to_ecc_point_32(point, r);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

#ifndef WOLFSSL_SP_SMALL
/* Generate a pre-computation table for the point.
 *
 * gm     Point to generate table for.
 * table  Buffer to hold pre-computed points table.
 * len    Length of table.
 * heap   Heap to use for allocation.
 * returns BAD_FUNC_ARG when gm or len is NULL, LENGTH_ONLY_E when table is
 * NULL and length is returned, BUFFER_E if length is too small and 0 otherwise.
 */
int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
    void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_1024* point = NULL;
    sp_digit* t = NULL;
#else
    sp_point_1024 point[1];
    sp_digit t[38 * 2 * 32];
#endif
    int err = MP_OKAY;

    if ((gm == NULL) || (len == NULL)) {
        err = BAD_FUNC_ARG;
    }

    if ((err == MP_OKAY) && (table == NULL)) {
        *len = sizeof(sp_table_entry_1024) * 256;
        err = LENGTH_ONLY_E;
    }
    if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
        err = BUFFER_E;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
            DYNAMIC_TYPE_ECC);
        if (point == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 38 * 2 * 32, heap,
            DYNAMIC_TYPE_ECC);
        if (t == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        sp_1024_point_from_ecc_point_32(point, gm);
            err = sp_1024_gen_stripe_table_32(point,
                (sp_table_entry_1024*)table, t, heap);
    }
    if (err == 0) {
        *len = sizeof(sp_table_entry_1024) * 256;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t != NULL)
        XFREE(t, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}
#else
/* Generate a pre-computation table for the point.
 *
 * gm     Point to generate table for.
 * table  Buffer to hold pre-computed points table.
 * len    Length of table.
 * heap   Heap to use for allocation.
 * returns BAD_FUNC_ARG when gm or len is NULL, LENGTH_ONLY_E when table is
 * NULL and length is returned, BUFFER_E if length is too small and 0 otherwise.
 */
int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
    void* heap)
{
    int err = 0;

    if ((gm == NULL) || (len == NULL)) {
        err = BAD_FUNC_ARG;
    }

    if ((err == 0) && (table == NULL)) {
        *len = 0;
        err = LENGTH_ONLY_E;
    }
    if ((err == 0) && (*len != 0)) {
        err = BUFFER_E;
    }
    if (err == 0) {
        *len = 0;
    }

    (void)heap;

    return err;
}
#endif
/* Multiply the point by the scalar and return the result.
 * If map is true then convert result to affine coordinates.
 *
 * km     Scalar to multiply by.
 * gm     Point to multiply.
 * table  Pre-computed points.
 * r      Resulting point.
 * map    Indicates whether to convert result to affine.
 * heap   Heap to use for allocation.
 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
 */
int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
        ecc_point* r, int map, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_1024* point = NULL;
    sp_digit* k = NULL;
#else
    sp_point_1024 point[1];
    sp_digit k[32];
#endif
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
        DYNAMIC_TYPE_ECC);
    if (point == NULL) {
        err = MEMORY_E;
    }
    if (err == MP_OKAY) {
        k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, DYNAMIC_TYPE_ECC);
        if (k == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        sp_1024_from_mp(k, 32, km);
        sp_1024_point_from_ecc_point_32(point, gm);

#ifndef WOLFSSL_SP_SMALL
            err = sp_1024_ecc_mulmod_stripe_32(point, point,
                (const sp_table_entry_1024*)table, k, map, 0, heap);
#else
        (void)table;
        err = sp_1024_ecc_mulmod_32(point, point, k, map, 0, heap);
#endif
    }
    if (err == MP_OKAY) {
        err = sp_1024_point_to_ecc_point_32(point, r);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (k != NULL)
        XFREE(k, heap, DYNAMIC_TYPE_ECC);
    if (point != NULL)
        XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Multiply p* in projective coordinates by q*.
 *
 * r.x = p.x - (p.y * q.y)
 * r.y = (p.x * q.y) + p.y
 *
 * px  [in,out]  A single precision integer - X ordinate of number to multiply.
 * py  [in,out]  A single precision integer - Y ordinate of number to multiply.
 * q   [in]      A single precision integer - multiplier.
 * t   [in]      Two single precision integers - temps.
 */
static void sp_1024_proj_mul_qx1_32(sp_digit* px, sp_digit* py,
        const sp_digit* q, sp_digit* t)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t + 2 * 32;

    /* t1 = p.x * q.y */
    sp_1024_mont_mul_32(t1, px, q, p1024_mod, p1024_mp_mod);
    /* t2 = p.y * q.y */
    sp_1024_mont_mul_32(t2, py, q, p1024_mod, p1024_mp_mod);
    /* r.x = p.x - (p.y * q.y) */
    sp_1024_mont_sub_32(px, px, t2, p1024_mod);
    /* r.y = (p.x * q.y) + p.y */
    sp_1024_mont_add_32(py, t1, py, p1024_mod);
}

/* Square p* in projective coordinates.
 *
 *   px' = (p.x + p.y) * (p.x - p.y) = p.x^2 - p.y^2
 *   py' = 2 * p.x * p.y
 *
 * px  [in,out]  A single precision integer - X ordinate of number to square.
 * py  [in,out]  A single precision integer - Y ordinate of number to square.
 * t   [in]      Two single precision integers - temps.
 */
static void sp_1024_proj_sqr_32(sp_digit* px, sp_digit* py, sp_digit* t)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t + 2 * 32;

    /* t1 = p.x + p.y */
    sp_1024_mont_add_32(t1, px, py, p1024_mod);
    /* t2 = p.x - p.y */
    sp_1024_mont_sub_32(t2, px, py, p1024_mod);
    /* r.y = p.x * p.y */
    sp_1024_mont_mul_32(py, px, py, p1024_mod, p1024_mp_mod);
    /* r.x = (p.x + p.y) * (p.x - p.y) */
    sp_1024_mont_mul_32(px, t1, t2, p1024_mod, p1024_mp_mod);
    /* r.y = (p.x * p.y) * 2 */
    sp_1024_mont_dbl_32(py, py, p1024_mod);
}

#ifdef WOLFSSL_SP_SMALL
/* Perform the modular exponentiation in Fp* for SAKKE.
 *
 * Simple square and multiply when expontent bit is one algorithm.
 * Square and multiply performed in Fp*.
 *
 * base  [in]   Base. MP integer.
 * exp   [in]   Exponent. MP integer.
 * res   [out]  Result. MP integer.
 * returns 0 on success and MEMORY_E if memory allocation fails.
 */
int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
{
#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    sp_digit* td;
    sp_digit* t;
    sp_digit* tx;
    sp_digit* ty;
    sp_digit* b;
    sp_digit* e;
#else
    sp_digit t[36 * 2 * 32];
    sp_digit tx[2 * 32];
    sp_digit ty[2 * 32];
    sp_digit b[2 * 32];
    sp_digit e[2 * 32];
#endif
    sp_digit* r;
    int err = MP_OKAY;
    int bits;
    int i;

#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 40 * 32 * 2, NULL,
                            DYNAMIC_TYPE_TMP_BUFFER);
    if (td == NULL) {
        err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
        t  = td;
        tx = td + 36 * 32 * 2;
        ty = td + 37 * 32 * 2;
        b  = td + 38 * 32 * 2;
        e  = td + 39 * 32 * 2;
#endif
        r = ty;

        bits = mp_count_bits(exp);
        sp_1024_from_mp(b, 32, base);
        sp_1024_from_mp(e, 32, exp);

        XMEMCPY(tx, p1024_norm_mod, sizeof(sp_digit) * 32);
        sp_1024_mul_32(b, b, p1024_norm_mod);
        err = sp_1024_mod_32(b, b, p1024_mod);
    }
    if (err == MP_OKAY) {
        XMEMCPY(ty, b, sizeof(sp_digit) * 32);

        for (i = bits - 2; i >= 0; i--) {
            sp_1024_proj_sqr_32(tx, ty, t);
            if ((e[i / 32] >> (i % 32)) & 1) {
                sp_1024_proj_mul_qx1_32(tx, ty, b, t);
            }
        }
    }

    if (err == MP_OKAY) {
        sp_1024_mont_inv_32(tx, tx, t);

        XMEMSET(tx + 32, 0, sizeof(sp_digit) * 32);
        sp_1024_mont_reduce_32(tx, p1024_mod, p1024_mp_mod);
        XMEMSET(ty + 32, 0, sizeof(sp_digit) * 32);
        sp_1024_mont_reduce_32(ty, p1024_mod, p1024_mp_mod);

        sp_1024_mul_32(r, tx, ty);
        err = sp_1024_mod_32(r, r, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_to_mp(r, res);
    }

#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    if (td != NULL) {
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    }
#endif
    return err;
}

#else
/* Pre-computed table for exponentiating g.
 * Striping: 8 points at a distance of (128 combined for
 * a total of 256 points.
 */
static const sp_digit sp_1024_g_table[256][32] = {
    { 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
      0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
      0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
      0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
      0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
      0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
      0x00000000, 0x00000000 },
    { 0x335c1685, 0x170a46d2, 0xe1007a58, 0xeac9e971, 0x43ca4a73,
      0x40e8f3df, 0x82642475, 0x2646f815, 0xb36576d1, 0x3af49bb4,
      0x72bf1afb, 0xd89e2d14, 0x2fd151e6, 0x27be882c, 0x8f88717c,
      0xaddedc85, 0x16ac6c6f, 0xd6d859bf, 0x2d8eae58, 0x0e741a1b,
      0x61c1f30d, 0x6faf7a00, 0x9b67e096, 0x66dbd09a, 0x7d3b4f7d,
      0x21f11c06, 0xc727c98e, 0x6152ba02, 0xe86cb221, 0xafd58891,
      0x6bd3baf4, 0x59e93c6a },
    { 0x71dd4594, 0xe54dd36f, 0x00aef1e6, 0xbbc9cc9f, 0xa19f6530,
      0x9ea5a44e, 0x3f520928, 0x8588aa99, 0x8f5c1418, 0x9753794c,
      0xc11399fa, 0x118bd792, 0xf5cb6ab5, 0xb9bd3afd, 0x2ecb9652,
      0x813d1cb2, 0x40389813, 0xfd456267, 0x4ac8431c, 0x51f7119b,
      0x0a180eb6, 0xdd9f6a91, 0x9f7bfa2e, 0x13946d17, 0x50a9d0d9,
      0x16f18631, 0x6f8373d3, 0x5f19c20d, 0x9b6a52b9, 0xbe85ac6a,
      0x74f62e03, 0x63ef187b },
    { 0x016f45e7, 0x7c376b7f, 0x2bec82f8, 0x1c1bdb57, 0xce429b60,
      0x7392f741, 0xc7afd81d, 0x6fdbf0a2, 0x7241098b, 0xbda41b1f,
      0xbb60f8cf, 0x5b407474, 0xb330bc4d, 0x933e0d41, 0x733fa3be,
      0xae182830, 0x0f5c6cd1, 0xa0ed299b, 0x3f9860c8, 0x7ff3354e,
      0x15559c41, 0xb1360986, 0x129f85cb, 0xab0cb63c, 0x47685fbe,
      0x682ecc49, 0xeb199633, 0x505e8ec2, 0xddac2cda, 0x90dcc794,
      0xf192da23, 0x4fe6791c },
    { 0x05e8733c, 0x94a423d5, 0x1d5717c1, 0xcc845e65, 0xe961b322,
      0x237c7e88, 0xdb4181cc, 0x0c4471c6, 0x713bd721, 0x00c875e2,
      0xb2c17b09, 0x9dfde9ed, 0xe88ceaf6, 0x430a6de5, 0x7b81cea6,
      0xaaa7a61a, 0x233f98d5, 0xea52d026, 0x60689a9a, 0xb55efdd0,
      0x5cac4aab, 0x30cfa7ce, 0x8e950761, 0xfa4db114, 0x4e9a1e52,
      0x309570c4, 0x1a040170, 0x18c21f61, 0xbe78d9d2, 0x555d1ffe,
      0x561db297, 0x04482a18 },
    { 0x73d486d8, 0xe7758ac2, 0x61cdc1e7, 0x8169f946, 0x2188ab4f,
      0x723c99fc, 0xf3373630, 0xa0e54f02, 0xbd8c2260, 0x560bee25,
      0x4531bc60, 0x28fc307c, 0x7e44feb5, 0xd6f21f1a, 0x57128d37,
      0xc8e4499c, 0xd7b2ea45, 0x963b053e, 0x32a3d222, 0x40c27a04,
      0x35459668, 0x5b51854d, 0xd73557e9, 0x66e1a49f, 0x8692077a,
      0x0d267fd9, 0xe7342702, 0xfa1350d3, 0x68ccdb44, 0x1a9c3f25,
      0xdedbf89f, 0x833a0ff8 },
    { 0xab376b76, 0xa8c419c7, 0x27d0f0cc, 0x3b7294f3, 0xa90c514d,
      0xe56bb9e2, 0xa62575a6, 0x931ba51e, 0x098c0a88, 0x56fee07b,
      0xb4c16a2a, 0x04be5aee, 0xe6eb260b, 0xe513350b, 0xa1d5c270,
      0x339edad6, 0xe9dbadd1, 0xf366ed59, 0x2dd06ec0, 0x4213be88,
      0xcb1187db, 0x22d639c8, 0xd8a1058a, 0x1fec95e1, 0xa2b744f1,
      0x03f73ea6, 0xf4f05c0c, 0x741fd51a, 0x85f811a0, 0x2e2df95a,
      0xeb24965f, 0x692b3ce3 },
    { 0xd2a127b4, 0x0ce6cb72, 0x8f92816f, 0x66a46ea5, 0x47a37616,
      0x43ecf463, 0xe0ab96ee, 0x163d9a01, 0xb2edbe8c, 0xc8145c6d,
      0x4de4e665, 0x2f426cae, 0x74e252f9, 0x174d0b40, 0x7d2af831,
      0x54c240d7, 0x3d652936, 0x581fa397, 0xa09d4695, 0x05b9491c,
      0x5452643c, 0x8c4e8533, 0xd4128327, 0x32d64331, 0x70361f25,
      0x64479038, 0x89ef09f2, 0x774191b1, 0x81de5fe0, 0xc0cf0aaf,
      0xf40042d6, 0x333e430a },
    { 0xcf26d3b7, 0x5df04de4, 0xb53f79be, 0x57a77306, 0x1808b664,
      0xa4013c5f, 0x85037360, 0xef291ea4, 0x0b061037, 0x1ffc9d7d,
      0x65c913bb, 0xd9d04dd9, 0xf13b8587, 0x948a37af, 0xfe3ee755,
      0xb5443483, 0x04631386, 0x3fc21e74, 0xcddeb58c, 0xb3a104e5,
      0x6572cd52, 0x94fe1862, 0x15aaa408, 0xeb9a71a1, 0x459ea462,
      0x8adc6fe5, 0x4aeb02a3, 0xbb18d175, 0x2f7791d1, 0xae127636,
      0xd6bbd708, 0x10e8b31d },
    { 0x3ed9f1af, 0xb87f03e5, 0x56676166, 0x03ad2477, 0x74ce15b8,
      0x38dcd630, 0x26b1e85b, 0x1877e2b0, 0x1af99c15, 0xb1654d17,
      0x9382547a, 0x9782e9e4, 0x26d55ef5, 0x6dc7fc7c, 0x2fbeb54c,
      0x9038f95d, 0x036c0357, 0xfe590dfe, 0x4fdc3f7f, 0xcfcb6eae,
      0xf35e1a88, 0xcb1fbc54, 0xda0a5568, 0x3c8e1db2, 0x5b6f5557,
      0x9a87393f, 0xe7ac0a06, 0x38646b32, 0x2a8495ab, 0xfd261c83,
      0x0cdcc4bc, 0x6485524c },
    { 0xc4a6ff2a, 0x1abfb3e2, 0x35a6428a, 0x2aa03fba, 0x89aff742,
      0x884227f0, 0xba5dbd93, 0x2337883a, 0xd2a182cb, 0x38186ae9,
      0x49a01f05, 0xb9f0764d, 0x917b1e7a, 0x92411feb, 0x570cbb5b,
      0x700b1903, 0xb914be7c, 0x5d5181d5, 0x1981182d, 0x135c4437,
      0x574b9997, 0x32758d24, 0x632d28b2, 0xa650a8f5, 0xfa383f09,
      0x24078bac, 0x00a33d80, 0x6546a60c, 0x2df8b449, 0xa4061c7a,
      0xf234563c, 0x1f76f3f2 },
    { 0x44c436b0, 0x9aa2c143, 0x1f69c87a, 0x79070556, 0x5f6db2df,
      0x35f3117b, 0xed56ba82, 0x85761f41, 0x7d0afa48, 0xf831464f,
      0x3adce71e, 0xa99f2915, 0x116b7488, 0xb27bf693, 0x9bb9443a,
      0xa98a5a8c, 0x2ee5fde8, 0x7f878026, 0x1812acb7, 0x3a6f93dd,
      0xdc84bc92, 0xaf92a4cc, 0xf1d4995a, 0x3c2562af, 0x04ed899d,
      0xfd9fc33c, 0x4ed2a538, 0xc028ca94, 0x049ea726, 0xd0f367bb,
      0x3d108e05, 0x04924ffb },
    { 0xc673562f, 0x06548e3d, 0xe2eae48c, 0xd3b33025, 0x5e1c6977,
      0xe61fd32b, 0x6ebe557b, 0x424e2064, 0x41d6e18e, 0x767391c0,
      0x14d7e95b, 0x4b8ebb8e, 0x20991b8c, 0x4ae8b7d4, 0xe01290d3,
      0xf8a0df66, 0x925e5f4e, 0xc97e24a3, 0x1508272a, 0x79a7b2cb,
      0x25072661, 0xb40b072e, 0x9062fa49, 0xdad9e182, 0xf3c53bce,
      0x8780a784, 0x9f142799, 0x58a82b76, 0xc1468426, 0x08cd849c,
      0xc380ae35, 0x4dfce809 },
    { 0xd527b780, 0x45069cb2, 0x977930dd, 0xd52da015, 0xe27d0263,
      0x10cc600b, 0xbb2d1b2b, 0x34102c26, 0x554adf3c, 0x4c652623,
      0x45f0ff47, 0xd6891382, 0xca916e7c, 0x83fa8cc5, 0xd15c8d8a,
      0x1e10f139, 0x81dc56b3, 0xf173dc2e, 0x5c4ed9ba, 0x7fcecb04,
      0x47d01228, 0x307fd7d8, 0x9f3a532f, 0x24a57153, 0xe2153c22,
      0x59e9e81d, 0xe428a408, 0xc562595d, 0x9339bd23, 0xdc7daff8,
      0xb8a06802, 0x0d075908 },
    { 0xde085f2a, 0x870af2a7, 0xbe99b2e5, 0x88fcd24f, 0x59ca413b,
      0x88c0d261, 0x8559f851, 0x1f02a2e4, 0xf622da0d, 0x83b96021,
      0x6dca3615, 0x5c05c2f5, 0x7910c682, 0x0148cf1c, 0x272695be,
      0x392f2896, 0xa8d64ef6, 0x883d0bb5, 0x1cfcbc52, 0xef0d2244,
      0x526117e5, 0xf5dafcec, 0xf04928e9, 0xb68612b9, 0x393f2e2a,
      0x283f744d, 0x700c1151, 0xfbeed7ed, 0xa4360dfe, 0xf2cde215,
      0x2f08535a, 0x24fa961c },
    { 0x616df7f6, 0x0767db3f, 0xfbd90326, 0x643057d8, 0x6e82d544,
      0x174daa90, 0x689643db, 0x2284f345, 0xcc89a060, 0x18b191df,
      0xd6c27d12, 0xbab46af4, 0xc9895145, 0x5a57f486, 0xcc942f9e,
      0xc03214e9, 0x41950158, 0x273e1c8f, 0x39ad43ab, 0x8ceb759f,
      0xe50ee173, 0x5e1b8b7f, 0x8f4d7d4e, 0xf635b1fc, 0x755603f3,
      0x8eff77e3, 0x7752fa60, 0x201f61d1, 0x4a6fb6e1, 0x94d7a03d,
      0xfc4f0114, 0x371cc23d },
    { 0xda90c351, 0x289b115d, 0x364d9c06, 0x6d196ebf, 0xf650b31b,
      0x77a89202, 0x6f57642f, 0xcc28c164, 0x08100127, 0xdc4f7e36,
      0xdc4c807b, 0x8836cd08, 0xe00240f2, 0x1280f156, 0x99cb3953,
      0x3f9a6d78, 0x3a802038, 0x40a494d3, 0xe87d3474, 0x45697e91,
      0x26dde24a, 0x70d97d07, 0x7640c30e, 0x06f6a58d, 0x5ba6e6c6,
      0x03c2c0e8, 0xf1bc13e8, 0x330f6a7a, 0xc9f4d78f, 0x3e602e4f,
      0x0c80fb7f, 0x92b6bca0 },
    { 0x5f00822e, 0x2e3d5c83, 0xb8b16f12, 0x0e825712, 0x92b0a330,
      0x81c329c4, 0xa7cc1954, 0x6b4e32ad, 0x1bb1413f, 0x0bee9cee,
      0x4a92ca27, 0xedfb7baa, 0xea3b9153, 0xcd472afa, 0x00f0c0f9,
      0xe8f09e7e, 0x5cdebb70, 0xa4e1d872, 0x4a9b63b6, 0xfe2bae08,
      0x3fd58f65, 0xf40141b8, 0xa3b62759, 0xd7ec5eda, 0x790e3088,
      0x9aaf6e67, 0x1f277e31, 0x215ad830, 0xcf33871c, 0xe7db4b98,
      0x4f02f89d, 0x71ff62c9 },
    { 0x2a4a84d9, 0xaa4c7102, 0x5ebc71e6, 0xe2ee4acd, 0xf1cd6578,
      0x3b11a8a5, 0xfff120a5, 0x83f5ef9f, 0x09e65033, 0xa4c598e1,
      0xca044180, 0xe1e9f990, 0xf59828c1, 0x8b832d46, 0x33af536b,
      0x753f28a0, 0xb6d4f68a, 0x92edc4b1, 0x72ccd1f0, 0xedde692a,
      0xd2226432, 0xd3aa0f7d, 0xa3d2661c, 0x38dbb63e, 0xfdc37dda,
      0xf1e19fc6, 0x84ef6b4c, 0x6c18b350, 0xdf1bba69, 0xe6a83fe9,
      0x5f958273, 0x40fd47e7 },
    { 0x267140a4, 0x5b88b746, 0xeab6f2fb, 0x6dbbfc1e, 0x69862548,
      0xdd9ec88e, 0x2eb6efc2, 0x69beeba1, 0x8ac8ff88, 0xcfc2214a,
      0xb5a21950, 0x95d5c96e, 0x4171fb69, 0x93389c05, 0x1b468337,
      0x2d85d452, 0x4113425c, 0x14d68a08, 0xec6c2174, 0xe52c0139,
      0xf730084d, 0x20cf0b97, 0x1f578aa3, 0x1ac16a26, 0xf9b6ae43,
      0x18b9fab3, 0xd854a695, 0x68d82111, 0xdffbe286, 0x0b334d98,
      0xe639338c, 0x5b1c1157 },
    { 0x72b6bb8f, 0x90edaab1, 0x02fc92c2, 0x8dc64ed2, 0xfe694c73,
      0xf42ba3c5, 0xcb54dce4, 0x316dc65f, 0x632420dc, 0xcb2d66a3,
      0x056dcf94, 0x16e706e7, 0xa4f32c9d, 0x2809c764, 0xea6edca8,
      0xab18d830, 0x81c65f57, 0x4fd1ace6, 0x7da12c10, 0x1f91651c,
      0xc7791a48, 0x0ac3bd66, 0x785e67a3, 0xb6ad1cf4, 0xda0fd591,
      0xe4d3fc44, 0x6e1c6344, 0xce164801, 0x33e50ab3, 0x84de9cb8,
      0xa756eef4, 0x963ab83a },
    { 0xdf4ea5a3, 0x944b47d8, 0x5cfe45fe, 0x96568815, 0x8a3c3564,
      0xd16e7d58, 0xe7c99e15, 0x84e55b3e, 0xf55071bc, 0x3fee204d,
      0x04057dce, 0x71006f29, 0xbba75570, 0xfe8c390d, 0x3319adac,
      0x3645bcb6, 0x7c20bfd8, 0x8189e8b0, 0x7d7d9578, 0x8e550969,
      0xb99f4e3b, 0x037d1321, 0xa60cfb6a, 0x011b2521, 0x837382da,
      0x66594aaa, 0x83c1dc07, 0xc89b91fd, 0x076b9884, 0x6b82b899,
      0xbe45c558, 0x443480fc },
    { 0x9114221a, 0xf8ffffb4, 0x3e857a7a, 0x4aec4f2e, 0x0fa54787,
      0x42e2d0e4, 0xd6f96152, 0xef3e6b31, 0xfbfe9b77, 0xb2296537,
      0xfb43a86a, 0xc2a9d0f2, 0x24572ac6, 0x241284ed, 0xe721ba7b,
      0xa3868917, 0xc117a78d, 0xdbef7c00, 0xd31605ac, 0x38149071,
      0x065a8ee9, 0xc2dada9e, 0xc442be82, 0xd5b138d8, 0xf6d72b58,
      0x9b6c224b, 0x8eb03e6d, 0xb9d355cf, 0xa1700371, 0xab6d1eb0,
      0xcffaa7eb, 0x97118a88 },
    { 0xcdecb5d8, 0xbf9c59a2, 0xa93a6866, 0x8083c81b, 0x04774fbf,
      0x24e0dd81, 0xa02070b4, 0xe779a3ca, 0x0fbfb781, 0x9d352fbb,
      0x3ef2a1c4, 0xa8b0d820, 0x14b3e501, 0xb858637b, 0x8a882ff2,
      0x5ba70a49, 0x3b06efa5, 0xa2730083, 0x102fee2a, 0xa42c02f4,
      0x8a0223a5, 0xe4e76299, 0x85c3fc72, 0xdba2ba26, 0xfe52eae7,
      0x554fe763, 0x270f45f6, 0x30b5405a, 0xa573387c, 0xd56a177a,
      0x4b71fa82, 0x17c0778d },
    { 0x2735e37b, 0x0e6dff1d, 0x656ec572, 0xc9884e56, 0x9ebba978,
      0xa2f5ac9d, 0xba09f3c4, 0x40fa4518, 0xf5b04377, 0x8c3fa177,
      0x967a2eca, 0xa1a1decd, 0x0528bd40, 0x768bca70, 0x18691c4a,
      0xf224952b, 0xe86d5fd5, 0x16e12c45, 0x37859a6a, 0x7a0d9157,
      0xa0ffce0e, 0x723f4309, 0xa96cc9a3, 0x5a8db79b, 0x1ad23a38,
      0x6dd12ae0, 0xe2bf5d84, 0x9ffec3a1, 0xa452ed66, 0xd6ce84e1,
      0x571fe4c6, 0x1219d5c8 },
    { 0x262969eb, 0x43eaa67f, 0x2f03e773, 0x3a3ab39d, 0x57bb0909,
      0xe6127e51, 0x8d150274, 0x0f82b0ed, 0xe580bdbd, 0xffffcad8,
      0xa9743e6b, 0x51d3d075, 0x8bac11d6, 0x1484bdb1, 0xeb24c388,
      0x95cd9990, 0x7fac67c6, 0x216a61d0, 0xa04e6b87, 0x4308f762,
      0xcba57cc8, 0x2865dd61, 0xd234a07a, 0x3c296b0d, 0x3a0793f9,
      0x76f92839, 0x0be29ece, 0x70b57e1f, 0x7e626f42, 0x1314a82f,
      0xd657f230, 0x2c8d7ab2 },
    { 0x0825e4d6, 0x67cf5892, 0x6ef83b44, 0xdf51eaa5, 0x1310108d,
      0x63e665d8, 0x8dd0963f, 0x229f89f5, 0x9df6436a, 0x8c4b14dd,
      0xd45ebba7, 0x99dae469, 0x5a4df381, 0x118aab77, 0x29e37feb,
      0xda8978bd, 0xaca2d7ef, 0x69ced5aa, 0xc67d6a8a, 0x6c98d05d,
      0x77f84a34, 0x7474bf0d, 0xed8cd59a, 0xd4428b2e, 0xd1d398fb,
      0xb0fd1cd5, 0x94a20b11, 0x596013db, 0x1b404c44, 0x96eb705a,
      0x4b09d958, 0x2299d277 },
    { 0xc64397e6, 0x5b9cd58d, 0xbf6dd31e, 0xac198f1e, 0x3e9f1db2,
      0x5866d8e1, 0x8fcdc68c, 0x405ae287, 0xe53c01fd, 0xa4b280cd,
      0x411db5f6, 0xdc963f2d, 0xbec4f8a0, 0xed5d5189, 0x916ee98b,
      0x336fd13d, 0x042df48e, 0x6925b1b3, 0xace0074e, 0x0cf56291,
      0x25317e95, 0xe8d38b48, 0x821c446b, 0xc7ad1d2b, 0xf0b65934,
      0x71c44135, 0x52ca0d50, 0x971b736f, 0x27b46c26, 0xaf9ffa57,
      0x1936618e, 0x21ac6779 },
    { 0x2d7fbcd2, 0xab420e3f, 0x97bdfc18, 0x12722473, 0x4df5d4b4,
      0x492033f8, 0x3807b7d3, 0x6fcd4236, 0xb33c3625, 0xdfc19b09,
      0xa0f22814, 0x13d6f375, 0x037c19b8, 0x70978a59, 0x0ff27b9c,
      0x4f398997, 0x615a4389, 0xfc0e1a45, 0x3e602f74, 0xffa3496a,
      0xb261ca1c, 0xc3f1c431, 0xee0164cd, 0x612211db, 0xe7f7be9f,
      0x30463ee4, 0x92c2e1bb, 0x015f7e78, 0x24483a56, 0x663d88d6,
      0x0e62d9d8, 0x0e8ec1e7 },
    { 0x8a0878dd, 0xa88ccc29, 0x6640071a, 0x99ac175d, 0xa5173617,
      0x90344820, 0xdd58a315, 0x316d023e, 0x88d221a1, 0x30785bd4,
      0x959c48e3, 0xb74b3de7, 0x4c67a771, 0x42ee0382, 0xe0b91453,
      0x59ef6cdd, 0x9b237e91, 0x7830ae28, 0x495d8325, 0xe1847a4c,
      0xd0773666, 0x67b1217e, 0xa294a325, 0x58192c86, 0x864d8326,
      0x76aa0f56, 0xf4b13e5b, 0xe2a2bd12, 0x1b6b73fd, 0xd850c1c0,
      0x5d103635, 0x653a795f },
    { 0x50dcb199, 0xcfe28985, 0x7fa02b60, 0xb35b8e5e, 0xc97603d0,
      0xbca7d7c3, 0x27f131b5, 0xb0e5288d, 0xe2b12d52, 0x3aa704de,
      0x1db725c7, 0xe206b1d8, 0xc5d1b113, 0x0b12839a, 0xdb45d763,
      0x14f970cb, 0xb2125e8e, 0xc997f93e, 0xee7daa26, 0xbd75739c,
      0x1fef20e9, 0x46ecbd3f, 0x7c6a42b1, 0xf994a114, 0x27fb0fd1,
      0xd289eb4f, 0x9a40da4b, 0x11186d31, 0xfb9d7976, 0x083f65a5,
      0xd444675e, 0x30dfc47b },
    { 0x9eaadfe8, 0xbcfc5ae2, 0xb4d4e812, 0x25027e54, 0x8b533561,
      0xab0702df, 0x56a6a214, 0xa2b9c204, 0x3059068e, 0xb1a3df7a,
      0x9883110f, 0xa3514b21, 0xc4b78e1c, 0xb7be2336, 0x3e2f6984,
      0x17073ce6, 0x2ddf7ac6, 0x86e114a6, 0x07d7c3c8, 0x276192bf,
      0xeb1ae289, 0x5da69e0b, 0x25184939, 0x983af175, 0x407a3aa0,
      0x9ac52a4d, 0xae0fe218, 0x1535c7da, 0x397f2501, 0xe16fe872,
      0x54c212cf, 0x572a591f },
    { 0x09a5553a, 0x49668419, 0x327733bc, 0x3f054318, 0x3eefd690,
      0xf9ceb4b2, 0xf22126d4, 0xbd3cbf9b, 0x2fed9578, 0x6d9671c0,
      0xca0306d8, 0xbba597ce, 0x3d674fe5, 0xb705ed61, 0x67f33f76,
      0xf1d3622b, 0x11cb8c31, 0x15bcf3c6, 0xe53d1aa9, 0xa38467dc,
      0xf908ab43, 0x902fe929, 0x8d15767a, 0x6e3e499d, 0x90afd07b,
      0x8142db5c, 0x6c8b190e, 0x120c6fbc, 0x24919a4e, 0x80c86553,
      0xd8c82c3c, 0x65c2cbe1 },
    { 0xa660bb63, 0x684cda20, 0x86e86245, 0x27dc3b0a, 0x6ba0eed7,
      0x76472cf6, 0x679dd158, 0x79c162e5, 0x08452d44, 0xb6884277,
      0x413f579e, 0x829bc6b3, 0x95011770, 0x92ea15ec, 0x47738183,
      0x5e34e300, 0x73e1d2f1, 0x8c3ca349, 0x229bd3de, 0xa5c4f1dc,
      0x94ef7ed3, 0x783eff1b, 0xdfae7a1a, 0x46db738d, 0x1a099852,
      0x4353d72e, 0xa0dcf4ab, 0x2533ad58, 0x0e7888b9, 0xd8055016,
      0x3ba77f66, 0x831440d5 },
    { 0xf611b2da, 0xf43e2e32, 0xd0fa46ac, 0x5d066e29, 0x820b3c0d,
      0xe897f3e8, 0x1d3e44f0, 0xc45c28e6, 0xdfd27a66, 0x929d7f66,
      0x101e8517, 0x735b860a, 0x3de078dd, 0xea3fce98, 0x638ce11a,
      0xc9977db5, 0x48536b3b, 0x0488382f, 0x64cadfc6, 0x7e0c7a3c,
      0x82147b71, 0x3cd17f7f, 0x1b411e3e, 0xe95663cc, 0x985fb46d,
      0x5739ac8f, 0xbcf119ca, 0x385399cd, 0xe15a2815, 0x4a985a70,
      0x6d5f4566, 0x504c3a8a },
    { 0xb8fa53c7, 0x00b55283, 0x509474e3, 0x985cff38, 0x437ce25f,
      0x234d241c, 0xe5a129ed, 0x29832430, 0xaabcc674, 0x6ad38956,
      0x7ee81ee1, 0xa2dc001d, 0x670b2702, 0x4c23c6b6, 0xa6e8a3bb,
      0xb35e567e, 0xa69673ea, 0xbc70b3ce, 0xe6e28eac, 0x85a7a9c3,
      0x5537b7da, 0x2ae684de, 0x6de937dc, 0x5ecac3e5, 0xf8430422,
      0xbf2ea6c9, 0x77fdc520, 0x38caf7d0, 0x69f56add, 0xc27af0b1,
      0xc71d21d2, 0x496e4699 },
    { 0x9fa93467, 0xba14fc82, 0x0eb2a614, 0xc2e37684, 0x4833e09b,
      0x659bcfaf, 0x3686bdcc, 0xbc859752, 0x81f3216a, 0x40bfd080,
      0x17c081b8, 0xc463bda6, 0xbb04793b, 0xbd01fa86, 0x2cd640c5,
      0x5a21ece6, 0x2203d5c4, 0x97bf6a54, 0x951167b7, 0xceb40edc,
      0x765ba268, 0xd67aacaf, 0xaeab51f9, 0x8ba0d9e9, 0xb0d6863a,
      0xc14b215e, 0xe5f06952, 0x354cdcdb, 0xcb3744b5, 0x4f2b5ccf,
      0x13037fe8, 0x13389173 },
    { 0x45003cd1, 0xee680640, 0x44ae2ac6, 0xfdac17bc, 0xde8e5314,
      0x4bcd419f, 0xc7cea95c, 0x81e34eb9, 0x38f37e01, 0xbb57762d,
      0x260990c8, 0xecc4cfb0, 0x50a34a7b, 0x0bc493f9, 0x543304ef,
      0x68074172, 0x6bc8aa2a, 0xaec0fcb2, 0x3b45fea5, 0x9e7a9b46,
      0x55fbdbac, 0x4bb2952e, 0x0485dff4, 0x50f0c0a6, 0x4dea4796,
      0x02c5104d, 0x695e3a02, 0xd2cefa09, 0x6da1f345, 0x4c8102b4,
      0xf3833fbd, 0x422eb573 },
    { 0xa6ad3f47, 0xac592eb6, 0x9714ba0e, 0xb0861f6d, 0x07281459,
      0x57c1e919, 0x64ea5803, 0xcf7c94e2, 0x54b12723, 0x725376ac,
      0xdafb736a, 0xf2a6ba41, 0xcba03cdc, 0xc89e8920, 0x5b0fd3ad,
      0xf2e20cb4, 0xd66059fe, 0x26ea5a54, 0x889df8bc, 0xee63fa8b,
      0x66a3f2bf, 0x40f1c7e1, 0x747312e1, 0x09febc9c, 0x727999ff,
      0x7d19b9c2, 0xb7fd2b05, 0xa9fbbb4c, 0xa0da2dc6, 0xcfba27d7,
      0x2c252582, 0x368541cf },
    { 0x22799d37, 0x510d3c9e, 0xacfa333a, 0x1b677de5, 0x080f795b,
      0x4e6ae18f, 0xafc8dfc2, 0x69b53c2a, 0x0e842dc2, 0x797541b6,
      0xac067fe8, 0xd5a6f2af, 0xbd07d877, 0xd0208a03, 0x654be2f2,
      0x34b473f0, 0xf515e23e, 0xe67c102a, 0x2ac1af48, 0xb00dbf9d,
      0xb6a13d00, 0xe264fa41, 0x97e94c11, 0x1669786a, 0x86a586f4,
      0x09d8cf2d, 0xc7f927e9, 0x073bf869, 0x2241a566, 0xb8977880,
      0x22261334, 0x59a5bf59 },
    { 0x81347191, 0xe9d1c91e, 0xeb969972, 0x186c1abc, 0xa9d46a7f,
      0x07888767, 0xdaa7d397, 0xda93cfcc, 0xd91b9aa0, 0x08bee9f1,
      0xf8dd3c6c, 0x8267fd78, 0x94228100, 0xf93860d0, 0xdadb47fb,
      0x6a6a71aa, 0xa6156f8a, 0x9caa06b7, 0x39848bc9, 0xaa1b05e0,
      0x2aaa9135, 0x36ddc237, 0xb13f3bd1, 0x77e7e079, 0x4acc5f4d,
      0x8d0b5cbe, 0x984cfd36, 0x04da45f8, 0xd3d3e0f8, 0xf14ef618,
      0x43eb799c, 0x467564c1 },
    { 0xb6fff5d7, 0x8d725904, 0x92dc4752, 0x037f33af, 0x6d20b8aa,
      0x9095d575, 0x43baec39, 0x32235fc1, 0x68a2b9b0, 0xa2feb4af,
      0x94d35c61, 0x61c50318, 0xea877486, 0xac92b6a2, 0x011bc6f3,
      0x8eb48b15, 0xc79edcb2, 0xa28fe128, 0xa5d2a006, 0x9f71bc0c,
      0x2f15b850, 0xf3167732, 0x7a036218, 0xfe8d728c, 0x4f81e09e,
      0x068f39cb, 0x7b7c50d9, 0x1773f016, 0xed6a1e03, 0x0d0f7adb,
      0x4ee984d5, 0x8a0dee16 },
    { 0x47366e6f, 0x504991bf, 0xe86c3005, 0xb8084d9f, 0xa40cce36,
      0x14c4c751, 0x3f1961e2, 0xbbb46aa6, 0x40445e43, 0x56a785f9,
      0xc91e215f, 0xdb8d1b57, 0xc7ee808d, 0x6a8e453e, 0xbbaa1e8c,
      0xc0367ef8, 0xe3e18109, 0x310d91f1, 0x7e20a2c3, 0xf97cfd0e,
      0x554cc277, 0xf1e80c84, 0x7b628403, 0xe89bbc1d, 0x3fe0a17c,
      0x7778a966, 0xc1f00073, 0x9e9db19f, 0xb6f6bed2, 0x2ce7fe7d,
      0xee97ce23, 0x7b04b5d2 },
    { 0x82c5faf8, 0x5b546bc7, 0x8eb81097, 0x1a734c5e, 0xe77851e0,
      0x3d566861, 0xe956d51f, 0x833a1013, 0xc3c3c37c, 0xc7351731,
      0xe0c148ec, 0x607738fb, 0xe1bbef41, 0x2ec6f0bb, 0xcfa51857,
      0x0aa2ac6e, 0x66e3adf0, 0x072902d7, 0xc622d6e3, 0xcd4d5089,
      0xa6dd802f, 0x3ae21b23, 0x33886372, 0xe5465a55, 0xa8d81822,
      0xd85119a0, 0x3786977a, 0x4f14d032, 0x9c7b272c, 0x515b081c,
      0xc99be31c, 0x1c6a95a4 },
    { 0xc2821363, 0xa6b14ad5, 0x4d17de1c, 0x829c1823, 0xccade848,
      0xaef5d2c4, 0x82489e27, 0xf412ab39, 0xf081d927, 0x92c9c098,
      0x75cbad1f, 0x6f87bdf4, 0x1a1d9fb1, 0xf4aadab8, 0xb75f3b76,
      0x475a7923, 0xdbbba8fe, 0x99dd0ad6, 0x4b70ab45, 0x836f6164,
      0x34bd9af1, 0x2a464881, 0xba9abda3, 0x5c91226e, 0xe65625fb,
      0x4cec8709, 0x0818e4be, 0xd4b3919e, 0x14f6879c, 0xa5c09c84,
      0x30a864c9, 0x72708a02 },
    { 0xf34a466c, 0x4f33c0b1, 0x7f9d45ba, 0xa1bae09c, 0x0e28785c,
      0xd70f0fee, 0x90880881, 0x824c7146, 0xbb043da3, 0xe2416c2a,
      0xcec6f432, 0x733da713, 0xc9793e1c, 0x2b590649, 0xb35c9365,
      0xdb62d5b0, 0x3e5c1b2a, 0x355eb6e2, 0xbb16b515, 0xcfe8b5ce,
      0xf709691c, 0x9e081869, 0x61a85bd5, 0xc865f9fb, 0xfae103f7,
      0xf169d3cc, 0x73467e9d, 0x9525c473, 0x43695113, 0x7db55c0b,
      0x73265d21, 0x7491c74c },
    { 0x80d2b94d, 0x312ed5bf, 0xba4b260b, 0x1b8ac633, 0xd62219a1,
      0xac86c58c, 0xaeb82c8e, 0x317ccf6b, 0x59ef9ced, 0x2dfb29ee,
      0xe42bcd5a, 0xdaa7d898, 0x5974b201, 0x93e295c8, 0xd9fc5adc,
      0x69e75784, 0x012aa3ba, 0xd6c4709f, 0xc85d3cb9, 0x1fda9f37,
      0xd3dd4abd, 0xe5487e25, 0x0b3ba22e, 0x00fd4b01, 0xc6e8dcbb,
      0xcb591493, 0xbce68664, 0xb7329fab, 0x68906b76, 0x6829d1c2,
      0x74176841, 0x8bcfd3e5 },
    { 0xd3c8c314, 0x06882734, 0x11870833, 0x95f0b2f1, 0xc068ba16,
      0xb937f7c3, 0x77924787, 0x5365e0d8, 0x1f992227, 0x15527e5e,
      0x27dffd4f, 0x0a069648, 0x2f586389, 0xd58b3df2, 0x6af20ead,
      0x83446b89, 0x50746257, 0x09d7970b, 0x4022a691, 0xd9e8d206,
      0x671ec379, 0xd1e5f8af, 0x057fe91e, 0x6f542509, 0x52890418,
      0xf14dda81, 0x1db932ad, 0xbd78010e, 0x905a9378, 0x3e18d1e4,
      0xbd37ab49, 0x53cadcf7 },
    { 0x5e53d0ff, 0x1bb5edf7, 0x888abf67, 0xd886606c, 0x12206d15,
      0x6491b0f8, 0xe22b6a33, 0xb3018345, 0xb173b317, 0xaba6794b,
      0x7dc9e595, 0x8c1e5867, 0x239624d1, 0x4e106482, 0xda55dd53,
      0x61752e59, 0x9e42879c, 0x018b4eab, 0x491f2bed, 0xcaf6784b,
      0x1e79429e, 0x3dcdb9d2, 0x10f26224, 0x36941485, 0xa650ec5c,
      0x106f190a, 0xb69a9760, 0x7542a5ae, 0xc32d1046, 0x69bd75e9,
      0xbf8c62b1, 0x90849964 },
    { 0x5a93c661, 0xb1390cf6, 0x9db5f056, 0x18486264, 0xa51a1788,
      0x92a93a9d, 0x6772de9a, 0x1b0cbb8f, 0x7c71487c, 0x6e67febd,
      0x4e62423e, 0xf9b4382d, 0xbb5a42f8, 0x96fda50e, 0x6089a4f2,
      0xc921b337, 0x875ec516, 0x49d32d7b, 0xc410124b, 0xbd86d2ca,
      0xc421fb7a, 0xf6862209, 0xf6b7de33, 0x3e1949ab, 0xe93c9268,
      0xcdee18f0, 0x08dc4cc0, 0xd4edbd5e, 0x73580d22, 0xc2b75be4,
      0x468cd7e8, 0x3d7f6ffa },
    { 0xdffbd5d1, 0xea7b290c, 0x970338df, 0x9d759da6, 0x90feedc9,
      0x56680b08, 0x42dce68e, 0xbc690af5, 0xb2ae4d82, 0x8519df2b,
      0x7f195b60, 0x5612467f, 0xd83c21f4, 0x659a342c, 0x55651633,
      0x55771bf5, 0x548ba562, 0x5fc68935, 0x9492f23a, 0xb5419203,
      0x9c9c6017, 0x567528e3, 0x511e6019, 0x3f064ed4, 0x1d16a555,
      0x303f9eb9, 0x2254abee, 0x3e18c4fd, 0xfd434e7c, 0x40994d6f,
      0x6dde74e6, 0x8fb12d3f },
    { 0x293cb7a4, 0x6c6381a2, 0xb87b7e4d, 0x453e09f0, 0x078ac3ef,
      0x4f212823, 0x578cae91, 0xe89ffad0, 0x716ba4dd, 0x4a2b696a,
      0xf6f580a0, 0x14681a14, 0x4c2f1307, 0x1358f97b, 0x2932fb89,
      0x87896996, 0x268a5af7, 0x29dd850a, 0xfe239f83, 0xaf771f6d,
      0x4f47499d, 0x5f20fd2e, 0x867ca0e9, 0x9b643e77, 0x375981ec,
      0xe7858ecd, 0x19ab1c97, 0xbe946a59, 0x06ff3453, 0x4f9303a2,
      0x75d237b1, 0x3fcc6731 },
    { 0xdf21f920, 0x509debd5, 0xc1401b90, 0xfaf70e1f, 0x95a64aaf,
      0x2429cbfd, 0x2c37a122, 0xf2120855, 0x7deb926b, 0x1d4c93f4,
      0x9fb3f1dc, 0x12f3e4c0, 0x5b51bc46, 0x56085a59, 0xf10fdbd2,
      0x2a2f5d62, 0xdf0cb3c2, 0x60dd62cf, 0x6b0f254b, 0x154424a3,
      0x564612b7, 0xc3a5a05d, 0xa1f5249c, 0xbebe30cf, 0x7e62a188,
      0x24ec6903, 0xaf429939, 0x75f0fbac, 0xb3fa8685, 0xd41345dc,
      0xc7151c34, 0x645146fd },
    { 0xba1924f9, 0xecec633a, 0x006326e1, 0xbba6f136, 0x7e50fc17,
      0x203757ac, 0xef3d8e00, 0xca531919, 0x51dc5a74, 0x9545a6aa,
      0xd31412b8, 0x6e21d58f, 0x7bb1d000, 0x01bc3005, 0x6ed1a9c3,
      0xf1789c69, 0x9858fa48, 0x7af2d35f, 0x8197be85, 0x434d09b9,
      0x29aa265d, 0x1dc07755, 0xc058fa80, 0xcad03be7, 0x54ba14ce,
      0x92d70a9f, 0x6c050a74, 0x6dc78505, 0x4d005dda, 0x2a7ca4a9,
      0xabfb9f2e, 0x448d3d72 },
    { 0x29b33989, 0xdc56f145, 0xa9ae815a, 0x868351bc, 0x4b074414,
      0xb3f45613, 0x3cd9f33b, 0x955ce42a, 0x5ff6e4a3, 0x13ade4ec,
      0xa50eaa91, 0xd3aac715, 0x5666efdf, 0x0c61ec99, 0xf6a4470a,
      0x108a28b8, 0xe54844c9, 0x402ef584, 0xd0e2f337, 0xb825b162,
      0xb46f7cbc, 0x3dcd131f, 0x96f2fd89, 0x208178ec, 0x25928c78,
      0x4d8c5d67, 0x9963c459, 0x285a33df, 0xd92a309f, 0x72497175,
      0xcb7019a5, 0x76881479 },
    { 0x91767eed, 0xba43a114, 0x92bf65db, 0x5e11b9ad, 0x03a5e21a,
      0xe8a22ce0, 0x2a335415, 0x63604421, 0x4a9ead62, 0xc2c563b4,
      0xa0b2aee5, 0x4bc06264, 0x8bf2e1d7, 0x75b8d575, 0xd08a265d,
      0x1cff0ee7, 0xb0b712a7, 0x17914e1d, 0x4b18692d, 0xc35925d0,
      0x56cce815, 0xde253f4c, 0x9fff0e3a, 0xa479241c, 0xddabed19,
      0x50b9d06e, 0x59fae506, 0x67135260, 0x532ce180, 0xf37600fb,
      0x5e5a8626, 0x670eb01c },
    { 0x73cdbb43, 0xdf73c0af, 0x7f2431ad, 0xcf08ecc5, 0x2a1a3845,
      0x91780541, 0x9224ddf1, 0x69a104f2, 0xbeac7eff, 0x4352f38d,
      0x7c2d1322, 0xfc3b3b4e, 0xb5e4b476, 0xa69e9430, 0x975a46f0,
      0x7d932340, 0x5d64eece, 0x8093899e, 0xdb2345e9, 0x7b821250,
      0x7f4b796b, 0x23552932, 0x4bb90b1f, 0x2ee9cc15, 0x9112f7d6,
      0x1fa9c8f5, 0x1cbaae32, 0x2d0f2f98, 0x0075166a, 0xb77f0366,
      0x635dff27, 0x504852e7 },
    { 0xa2f392fa, 0x2f0f3ce5, 0xec6c9078, 0x326c076a, 0x84baaaf6,
      0xad01de92, 0xcbe8e993, 0xb01b16d3, 0x2d950908, 0x71305c24,
      0x3853af38, 0xc66fd617, 0xd3c429a0, 0x7735140e, 0x1fabf027,
      0x8a31b12a, 0x058b3177, 0xa0530002, 0xa9c7deb9, 0xabffd9fc,
      0xe8667d30, 0xd05ef69b, 0xe9a9e13f, 0x2f3a7308, 0xb91eae9c,
      0x3f4c9a19, 0x618ce6c4, 0x50d0cee7, 0x5240f8b0, 0xfb24dc40,
      0xf7e90cc4, 0x992fe151 },
    { 0x38f197aa, 0x4454db31, 0x87872f98, 0xa4ded69d, 0x44f0a828,
      0x97b427b0, 0xa31e48c6, 0x9821e1ae, 0xdd98efec, 0xe38cb09f,
      0x480cb3ae, 0x20b84fa8, 0x47475573, 0xba5bb4a8, 0xcd50e96b,
      0xa9be080a, 0xef103550, 0xc4451e9c, 0xc441325c, 0x626ee75f,
      0x38a5e33d, 0x6eea5e98, 0xa2b0abd2, 0x7321beb9, 0x9b6082a9,
      0xca92e484, 0x992bcc2a, 0x1dc8168a, 0x9c8eb9fb, 0x134ecf4b,
      0x4c5b71e0, 0x5a68bfa8 },
    { 0xff0a2bfb, 0xb4ff3b45, 0x5502f8b0, 0xd105fff9, 0x5b1c0c26,
      0x14de5885, 0x0d3b9d04, 0xed16865b, 0x026d3917, 0x2f5a2453,
      0xf4db3c0e, 0x6a22f493, 0xe2418f2e, 0x4871548a, 0x509bef61,
      0x6ab363a8, 0xb8cbbbec, 0x91ca1e3a, 0x4011a396, 0x71e0dc98,
      0x0d5ca577, 0xff982e0a, 0x81897bc1, 0xeb40b045, 0x085ad5e7,
      0x4bc24a46, 0xa6337b7c, 0xd15c8fa0, 0xbef1628f, 0x56ce6ef7,
      0x9f5ef439, 0x78acfdf9 },
    { 0xf8520189, 0x45bf7f15, 0xc77f61c4, 0x954202a0, 0xdfa22e1b,
      0x39edc6b9, 0x1f4a3487, 0xd2d60267, 0x4814cc52, 0xcd933929,
      0x05e9f123, 0xde76a124, 0xae36b6f7, 0xe2306ea0, 0xb83a58e0,
      0x53815218, 0xa041231a, 0x9862bb76, 0xbf31be71, 0xe8da253c,
      0x37de861f, 0x2dfc5332, 0x90ae4890, 0xf25c93f6, 0x8baa6ed2,
      0x66bcb8f0, 0x908b4a29, 0x6f10ae0f, 0xb061c949, 0x8cb4b48c,
      0xd075a366, 0x0ad92d73 },
    { 0xc2ca548a, 0xbfb95fed, 0x80cd89ab, 0x4778c620, 0x3466c280,
      0xbe99154b, 0xd4be8902, 0xea3be093, 0x13e681ed, 0x847b7995,
      0x02f40161, 0xf22a8f4b, 0x4aeb7fe8, 0x3ef2cb4d, 0xb3aed5f6,
      0x9adc5151, 0x98c31163, 0xec1ccfd1, 0xa3d7d88f, 0xdc2ac17b,
      0x46421097, 0x08fa64d3, 0x94b90bcf, 0x5ebf80b7, 0x0b50a9eb,
      0x1b78b4ba, 0x279aa66b, 0x1a4fe934, 0x075b3ced, 0x8ef4dcaf,
      0x70a6e9ae, 0x95bbd8a0 },
    { 0xe614bbd0, 0x59f92495, 0xb823e363, 0x7567a887, 0xfc1bd6a7,
      0xe247c9ec, 0x8e835c42, 0x2bfaaf47, 0xaade066a, 0x314ef4e0,
      0x5c16d336, 0x072baa63, 0xe2f0e389, 0xfa429c71, 0xbd07d90f,
      0xcac1e5d0, 0x514f5c04, 0x69ff35ea, 0xc0554ec1, 0x893053fc,
      0x2a35947f, 0xab1d86b7, 0x2aebe487, 0xe29fb060, 0xdfb9cf21,
      0xa0a10d6d, 0xf20dfcf5, 0xad147059, 0xb8867a2a, 0x480dc66f,
      0xc125a919, 0x375a884f },
    { 0x1217f7ea, 0x178cbe2e, 0x875c6dab, 0x1a161e2a, 0x1bdb1a54,
      0xf7707ec0, 0xe4fd73ca, 0x678864a0, 0xd13a0d86, 0xbaebc664,
      0xc8d30668, 0x40325f99, 0x2f1c5950, 0xb93ed9c9, 0x541e0667,
      0xfdf36763, 0xb91a6763, 0xfd97fbb0, 0x6079c9a0, 0x26aa69ea,
      0x1eaa8c47, 0xc7303c80, 0xafa63c55, 0xdec75c81, 0x4fd12adb,
      0x01cdcde2, 0x1968838a, 0x9fe0dda7, 0x38415379, 0x66bb093b,
      0x08cb84ec, 0x268d818b },
    { 0x41580555, 0x73dae358, 0x473d103b, 0x4fc32e67, 0xbeccc1ab,
      0x240c1013, 0xb24ee9de, 0xda4099f2, 0x9fa8e066, 0x37b0cb5b,
      0x6438d7ee, 0xb5ae04e4, 0x2b720140, 0x7f7d3164, 0x339e4a78,
      0x86ef4edb, 0x3a7d8375, 0xa5e77eed, 0xbd707c2e, 0x883fad37,
      0x0f979189, 0x816b633a, 0x2e7a208e, 0xe24c028a, 0x4435516a,
      0x1171fe3c, 0x4f5f2bf5, 0x3eb93b33, 0x01b53a56, 0x8419ed4b,
      0x056ca44b, 0x8b02735c },
    { 0xe1019195, 0xb89bb464, 0xf3fc28c1, 0x1de4c026, 0x2bfc3b21,
      0xac120e6e, 0x91bdf92f, 0xec71bc5a, 0x0d995bc9, 0x485d7ab4,
      0xe6491ffe, 0x97c6768e, 0xafbce265, 0xd9552d19, 0x8e1b76c2,
      0xbae6c7fe, 0xd7e3ad1b, 0x167d8281, 0x5e989734, 0x3e149af9,
      0x8a0c8182, 0xd1f0024c, 0xc3006c0d, 0xf571ffdb, 0x58773d4c,
      0xb32ecf7e, 0xfd3540d8, 0x5822a782, 0x04365042, 0x5ab45c3f,
      0x4b4d85fe, 0x400e3aa0 },
    { 0x5e46e4a2, 0x47321649, 0x24136074, 0x37a2ed64, 0xc60ec77d,
      0x659223b1, 0xe5e0ac2e, 0x5e13aac3, 0xc5107ab7, 0xda17c41b,
      0x73c253db, 0x65b22ec9, 0xa5012296, 0xff3867b8, 0x0621a99b,
      0xfed660d5, 0xc89fc3f5, 0xa3c28506, 0xf16451a7, 0x3ed350b9,
      0x67cb586f, 0x27c3e032, 0x967185b1, 0xc807c779, 0x4a13009b,
      0x09c157d4, 0xadaf1f4d, 0x362f7647, 0xf3a6a198, 0x4a42b9ac,
      0x8da6e039, 0x131c3da2 },
    { 0xa7da83ba, 0x4a785ff1, 0xd04f4436, 0xf415b425, 0xec03f812,
      0x7c0899bd, 0x80f5f4a2, 0xc58d411a, 0xfda251b9, 0x3d32d610,
      0xcd3b2f32, 0x99bb4504, 0xf4c2083c, 0x198c444b, 0x730e83fd,
      0x60c261af, 0xcb02db90, 0x060ca4df, 0x9df1e7c8, 0x0ff7838b,
      0xc4c690c9, 0x6b79cf97, 0x5d75f154, 0x131514d7, 0x1cb0e8ff,
      0xa7c074f1, 0xb2c17615, 0xb920aac1, 0x44aa0ff0, 0xde8098ad,
      0x34545ce9, 0x71d1a46a },
    { 0xfa1b382e, 0x76178f76, 0x772dda0d, 0xa0d8ecc3, 0xc5d4d130,
      0xaa5aab2a, 0x8d72622c, 0x27d38ba4, 0xca3bed06, 0xc5410db6,
      0x793ceccf, 0xf637a588, 0x6e65e3d7, 0x1f65dafd, 0x60a45641,
      0xc3b44a85, 0x4f78540b, 0x0f47b3a8, 0x5e4d60f6, 0x824fdadd,
      0x17d3b6d5, 0xd8ccf90c, 0x325fc13a, 0x008eabdf, 0x3648fab9,
      0x3e90d716, 0x24c52d4b, 0x3964ff3a, 0x533d0acb, 0xb95cc416,
      0x1167f521, 0x6cd2699f },
    { 0x12f4f3ac, 0x2d8c0b3b, 0x99d1bdfb, 0xb03dcfe2, 0x30f37326,
      0x540034f8, 0x7c5a8c82, 0x22dd6893, 0xcd8f1442, 0xeb7093d0,
      0x585742f2, 0x892795a7, 0x087adadd, 0xe15f282c, 0x16ab7b5e,
      0x7bbdc749, 0xa58acbb4, 0xd30fe40b, 0xe2bac39b, 0x0de417eb,
      0xc61a04bc, 0x4b4b19a6, 0xf2735569, 0x9338c34d, 0x30ab196f,
      0xe8f03742, 0x6c88c965, 0xfa2efcb8, 0xc7eeb826, 0x19eee274,
      0xda345dc2, 0x327c063f },
    { 0x5b47cd53, 0xab399eff, 0x1943aefe, 0xbbe9869d, 0x1402a866,
      0xe64ecc7b, 0xb1c25a16, 0xc3e7c2aa, 0x022de271, 0xc4216b79,
      0x366d6a5f, 0xe58dfcc8, 0xda813336, 0xd159509e, 0x130bfb7c,
      0x370400f2, 0x93b48780, 0x1be4e059, 0x39f3cd22, 0x0623a1fe,
      0xeecb4f87, 0x72aa22b2, 0x6c27b83b, 0x1af4c496, 0xda5fa5bf,
      0x7a42a94b, 0x48b01af2, 0x9afba822, 0x3670112c, 0xeb6b9d2a,
      0xc0df6856, 0x020f19d1 },
    { 0xa4dbba20, 0x37051a86, 0xdb1de5c5, 0xb618ebc6, 0xe6525840,
      0x9a780a19, 0xd2bccc4d, 0x9440302d, 0x10285a24, 0xe9ff023d,
      0x3a486268, 0x3b937ee3, 0x4cd61147, 0xe37ee2f2, 0xa3d057cf,
      0x79fbbfd3, 0xccddefce, 0x5fba16d3, 0x5b231727, 0x916058ec,
      0x720c3adb, 0x47699ebe, 0x8b4f6bba, 0x26274386, 0xf18a0770,
      0x54b0092a, 0xacca1160, 0x99d090eb, 0x0c888f60, 0xf757e1ff,
      0xb0050544, 0x79e72720 },
    { 0x2820a239, 0x632acf25, 0xaae6b310, 0xb1a3974e, 0x48c0a1df,
      0xd61fd6ba, 0x5a3ee7aa, 0xd2453c39, 0xb980446d, 0x548455a0,
      0xde16676f, 0x9f29d97b, 0x789375a1, 0xf252ca0c, 0x7743a985,
      0xe961af3e, 0x66cdbd8d, 0x70c79c56, 0xcbc538f9, 0x14a3854e,
      0xa126851c, 0x58daa73a, 0x2a9f558c, 0xe9b5bb45, 0xfbd15e05,
      0x37af7f83, 0x38a1939d, 0xa4487927, 0x9511a056, 0xe428b2b5,
      0x7015846d, 0x001d3ce3 },
    { 0xe145b1d7, 0xd6be36b9, 0x009c5664, 0xf3e3938a, 0xe7c0f6db,
      0x2e562e7d, 0xc343f539, 0x951044e6, 0xd90897b1, 0xa5ab62b8,
      0x512f797c, 0xb1a1f70b, 0x750f28e4, 0x91cdd754, 0xffb8165d,
      0xb4c80e2f, 0x594d02b3, 0x65ed39c7, 0x56833edc, 0xcc12a49d,
      0xf3693a18, 0xe73694bc, 0xfcd2c404, 0x34cc134a, 0x11d40194,
      0x071bd5fc, 0xfc585e46, 0x05759047, 0x790b7a04, 0xb3280360,
      0x40afc684, 0x4bb8c6fc },
    { 0xfd0f8796, 0x3120e2dd, 0xb133c9de, 0x6968a40d, 0xa9369c6e,
      0xfea366c0, 0x6007273b, 0x37e5b6d6, 0x8cb81439, 0x39e4ecf0,
      0x9febc005, 0x487fe9cd, 0x0199b53c, 0xeb8af444, 0x293519eb,
      0x2f124e3b, 0xc82c9c16, 0x860c218a, 0x709dc590, 0xacd1d6f2,
      0x36d50529, 0x5696d545, 0x59120bfc, 0xc03f5df9, 0x10ffa690,
      0x99a3e88d, 0x6c432827, 0xd4f9cfa5, 0x9a135d89, 0x2e8fea9e,
      0xb6a77e78, 0x3699a881 },
    { 0x1eb1c64d, 0x5bca3372, 0xf1d28154, 0xe9cf3a2d, 0x6537106f,
      0xb7e2e9b3, 0x4f7cbf4d, 0x06c17151, 0x2058b37f, 0xcbde416e,
      0x8834e9c5, 0x82c53a7e, 0xe9ac3a75, 0x94dbdfe2, 0xc5e67c02,
      0x795ec6cb, 0x1426a80d, 0x8c23c25f, 0x6a8d4f9f, 0xee2cd20d,
      0xd3b7c235, 0x838daa54, 0x3d7a4d52, 0xb9e08ec0, 0x781cb473,
      0xca9475e9, 0x5ec31caa, 0x7271f39e, 0x82535187, 0x1df08e9f,
      0x208aff8b, 0x4f3a4b03 },
    { 0x1ed095f8, 0x0f7b8107, 0xda226d4e, 0x23e37fa6, 0xafb36d1d,
      0x8b0f9852, 0x07d8e311, 0xb114634e, 0xe3e0f16e, 0xb9634a97,
      0x421eec37, 0x2454bb9c, 0xd72b21c1, 0xb4ecd5db, 0x6df20d7c,
      0xf9603868, 0xdf86e0a2, 0x9f5359fd, 0x5ac488aa, 0xc43d54fa,
      0xd1049df4, 0x56d714ab, 0xb020607a, 0x13152b3e, 0x7a02325e,
      0x49be1c18, 0x52ae84db, 0x44f24f4a, 0x0b5a7b80, 0x9e525c03,
      0xa6d179fd, 0x6d874446 },
    { 0xbe9a42f5, 0xd29d07aa, 0x3781ccc8, 0x1fd5316c, 0x9dc69ea1,
      0x71a75a6d, 0x88fee91a, 0x4e19e0df, 0xf8d44f12, 0x99c2b4dc,
      0x31ae94e4, 0x05f6df92, 0xcf28ccc2, 0x27fba876, 0xf57f7ceb,
      0x6e1a0f01, 0xf3fd3b74, 0xe03f1f34, 0x42c1d213, 0xa0edc4a7,
      0x7deb8580, 0x5caac270, 0xaf0848bc, 0x0f5d791f, 0x07ac759d,
      0x17f514ad, 0x904fc531, 0x95a39734, 0x7bb70f3d, 0x95a4aca9,
      0xff9c5609, 0x3cf384c9 },
    { 0xce1fc9e3, 0x700506ba, 0x676b0399, 0x49721742, 0xe72bf7b3,
      0x2b4a1b8d, 0x79b209f7, 0xca8602a8, 0xce26a8e1, 0x90580b90,
      0xfe24f39a, 0x1ef339b7, 0x629362e1, 0xb6c5d991, 0x577b24f4,
      0x51174e1a, 0x05e451e9, 0xf380fcb5, 0x148321bd, 0xf4d97afb,
      0x747e5d2a, 0x099806bb, 0xbe99a608, 0x85525d65, 0xd455e820,
      0x264828d9, 0xd8560a65, 0x8c8c5405, 0x71030770, 0x3c67e73c,
      0xee73df26, 0x2b248850 },
    { 0x8541159f, 0x2173cde6, 0x4fb410b2, 0x78224c18, 0x1f2ca1c7,
      0x07a28619, 0xa8b23e40, 0x52c207d6, 0xa6b2344a, 0x071a0210,
      0xb5ed2945, 0xdb0e587c, 0x810fcc6c, 0x6c56b8ef, 0x62d843b9,
      0x1248c58f, 0x74c66975, 0x4b90363d, 0xe66c66f6, 0x6348f7f2,
      0xc126bcbe, 0xb2f9d441, 0x73ce49e8, 0xac07f2a3, 0xe81b0df0,
      0x52486758, 0x1d4621d1, 0xa108b54d, 0x74414a1c, 0x17261ece,
      0x6a3ac215, 0x938b3bcc },
    { 0xe4ded340, 0xa9e4a16b, 0x80e88036, 0x8e65fb2a, 0xdcd73acb,
      0x97089606, 0xaaa657a9, 0x1c3a0434, 0x49101b06, 0xf304fc58,
      0xda0bb64c, 0xe60fb61a, 0xf5542df5, 0x818c2aec, 0x56f76d5f,
      0x74020576, 0x92533d97, 0xb566b790, 0x74d6eb5f, 0xae4655e5,
      0xa55b44b7, 0x60f7a1b5, 0x93747ea5, 0x7970179b, 0xf2dace56,
      0x8ae7e0e8, 0x84e83c06, 0x98474607, 0x15307341, 0x24e8c9ed,
      0xd9e89d6b, 0x6cff58a5 },
    { 0x03e51f68, 0x508c01b0, 0x1d2fe7d6, 0xe1d1f225, 0x09bd8805,
      0xf7998d0b, 0x03e415b7, 0x255e907a, 0x607d9798, 0xd148467d,
      0x9b453896, 0x055c3b1e, 0x809f50f4, 0x35001013, 0xd0233fdc,
      0xfbbb2fa6, 0xff1820b8, 0x0b680b0a, 0x38d317e0, 0xb1d404dc,
      0xccc8c7df, 0x133d5444, 0x6ec13f84, 0x7fa847e6, 0x046e2e48,
      0xc33f83d8, 0x4863b3ac, 0x3c627fc5, 0xeb936af7, 0x5f67f8aa,
      0x31b79327, 0x5fe4ac8f },
    { 0x8b6f401e, 0x581aa4bf, 0xad5c7ed4, 0x05db12a3, 0x6fb07b4a,
      0x7b018726, 0x9c22bcd4, 0xfdd11f04, 0x69371c95, 0x5454a7d4,
      0x99a46eaf, 0x066c55fb, 0x7fef96d0, 0x18637c7c, 0x6b83e95c,
      0xbafc1d34, 0x00bb42dc, 0x55c38593, 0x34e7e712, 0xdd8dec2b,
      0xb184cee8, 0x69c9cfb0, 0x49a27864, 0x8dcc0c42, 0x2010f2e7,
      0x290d95f2, 0x6977a420, 0x86e254c9, 0xeb2abdad, 0x20931c89,
      0x121c0548, 0x81377164 },
    { 0x9c5a8edf, 0x6266b25e, 0x1078a7ad, 0x6e1388c2, 0x4876eedf,
      0x5f02737d, 0x62744617, 0x242fa7f9, 0xb385382a, 0x3e2cfbd9,
      0x02f71bef, 0xbadad7b1, 0x677d0a92, 0x562abcfa, 0x51fdff34,
      0x573ebd17, 0x7c250c78, 0xd7f65852, 0xc47ca896, 0xe0cf16ee,
      0x67622c9e, 0x8ccd79b0, 0xf8f2c075, 0x31fc5882, 0xa6008515,
      0x9232b37e, 0x82e8c5ba, 0x4d7bb361, 0xd2f146fe, 0xbf24735c,
      0x9cd2db98, 0x79c280ee },
    { 0xf2b48122, 0xbdcc8203, 0xb04ac48e, 0xa8c04916, 0x9fc4885e,
      0xacf064dc, 0x82c1001c, 0xab838997, 0x676de250, 0x7339e721,
      0x8e1ab820, 0x17aa5aea, 0x6bc14b2e, 0x24d28ca0, 0x816b6230,
      0x570c5bb7, 0xcee6b606, 0x6c51235c, 0x183eae42, 0x1b2bf89f,
      0x9c66274b, 0x3e3af3c6, 0xb51e38bc, 0xe0b04426, 0x73e40e3b,
      0x26dbc58e, 0xb5be5be4, 0x3f9dd578, 0x52c8f408, 0x9fd9f791,
      0xa9e3ff4f, 0x758073a4 },
    { 0x8691ca22, 0x7d27b057, 0x13a2a1b6, 0xf206bfd6, 0xac795413,
      0xe84bd385, 0x75536607, 0xc5d18a2a, 0xc8a0e24c, 0x2e166de7,
      0x3c474dbd, 0x56d5750c, 0x1366843a, 0xdef444c1, 0xcf4b8432,
      0x14646e53, 0xa9fd9783, 0x4bc0d030, 0x297ee203, 0xbda4c824,
      0xfd7be6c7, 0x3d0b10bf, 0x08c7f3ff, 0x2d216476, 0xb4fd4c45,
      0x06e52599, 0x49e9e104, 0xfbab9fa1, 0x8661d32d, 0x9342a7fa,
      0xfaf66aa8, 0x3f3e3458 },
    { 0x951597aa, 0x51ec35af, 0x49df64eb, 0xb677d4ac, 0x9bf4eff5,
      0x0276cd9c, 0x515a2935, 0x423eca49, 0xfd9bb9c3, 0x8a696553,
      0xede1f09c, 0xf99ee9df, 0x199e5f98, 0xb8fa2956, 0x35292c32,
      0xb7638758, 0xfc40e81b, 0x8734eddc, 0x65457d95, 0xd82d5e9f,
      0x30c78d2b, 0xc8ee323e, 0xc1433d67, 0xe77b2e4c, 0x3c8314ae,
      0x56d9f807, 0x2a0e2f63, 0x441eede2, 0x6c48295e, 0x1e9e17ed,
      0x34c294ef, 0x640d20c4 },
    { 0x3284d513, 0x4e9a0b8e, 0xf315053a, 0x074c3545, 0x45acd52a,
      0xb36e7407, 0x1de50db7, 0xd80bdcfc, 0x2549fc46, 0x8d9d47dc,
      0x303f07a8, 0x29b6ef13, 0x6d4ad4c2, 0x4e461aca, 0xfc9f1b73,
      0xca8e351d, 0x57460e65, 0x8bc4094d, 0x0f32d367, 0xb6302b33,
      0x285742e8, 0x69a074b6, 0x876c29c3, 0xdfe52b11, 0x912bd17a,
      0xf39e4609, 0x349aa639, 0x8ee40d66, 0xc72e05c1, 0xb968902a,
      0xc0d92816, 0x0f9c1ca8 },
    { 0x67433df3, 0x1ebbaab3, 0x15d3628c, 0xb6aa5347, 0x97f0c5cc,
      0x13a320d8, 0x65e408f9, 0x72c918cb, 0xd5373451, 0x4b638854,
      0x0b4dca09, 0x731399a3, 0x0a3b1326, 0xcf256730, 0x6608b388,
      0x5ea60dfa, 0x7b290dfd, 0x58ad74b0, 0xd7694f9b, 0x83202789,
      0xb6630fb1, 0x48593db8, 0xc65e3eaf, 0x3db47f70, 0x3e7263f8,
      0x63949c91, 0xe6e6ff33, 0x9b9acec6, 0x098a8240, 0x34bd9ba7,
      0x45d36ec5, 0x7e31c12f },
    { 0x0dfd2dd7, 0xbe281d68, 0x24ab61d8, 0x1efacb00, 0x94431f97,
      0xb9c3005f, 0x959cb3bc, 0x660c8dfa, 0xcffbb406, 0xfdd5fc30,
      0x7969a10d, 0x7a4631be, 0xde13fd1b, 0x336e309e, 0xfc947076,
      0x76b3bfad, 0xdcc72223, 0xfa91925d, 0x156c4ee1, 0x741f0d73,
      0x0e2b3747, 0x4f64ee41, 0xefc4d93c, 0x86be92d3, 0xfc4fbb2e,
      0xc53b7e03, 0x337ca1bb, 0xac196cf5, 0x7e23ba60, 0x4de41a30,
      0x326d5357, 0x1a219c45 },
    { 0xaa4db0bc, 0xfdcf7ef8, 0x7b6c9963, 0x2e231806, 0x3d8a192f,
      0xc2639067, 0xffdc7771, 0xc0cec2e2, 0xa2fc0edb, 0x997c8e35,
      0x82cc6043, 0x78e10ec1, 0x2b0c8120, 0xfd0de2cb, 0x69e57f8e,
      0x4d6c457f, 0x5b53f1c3, 0x953e69b2, 0xc4f89cb8, 0x422a330a,
      0x95566be6, 0x92ff2329, 0x437442d1, 0x73cd502d, 0xbea69403,
      0xf04ce590, 0xf8030662, 0x6ac1537e, 0xb6d0bf93, 0xe02bcf77,
      0xbc90192f, 0x17aaa999 },
    { 0x8e55db2e, 0x0d3d5643, 0x3b946851, 0x835dee43, 0x5b88462f,
      0x1a1440e5, 0xea17e27c, 0xa6ff3b35, 0xdd95f7a9, 0x23f99c36,
      0xbdd672cf, 0x7217fdd9, 0xdd2045c0, 0xf400ac1e, 0x4ff06b25,
      0x94b55c87, 0x0e4a49be, 0x0a44a0e5, 0xb43b6813, 0xe8925e91,
      0x214f96c5, 0x78bedde1, 0x0f97fa97, 0x0f456a4c, 0xa5bfd267,
      0xa28fd86b, 0xbe7608ef, 0x3b4b2d8f, 0x226474bc, 0xfbd5ff8c,
      0xa5f3b24a, 0x6b282af0 },
    { 0x6341a595, 0x78fc025f, 0xa445e28c, 0x591c38d6, 0xeb446842,
      0x72bd6e3d, 0x75547833, 0x3f9466d3, 0x083e16c4, 0x911414d3,
      0x95a7acb4, 0x145d9466, 0x8fd2fb64, 0x102ddf09, 0x0bfd87b1,
      0x2a2b2d2d, 0x59455088, 0x69e9be5c, 0xa80245de, 0xee378bf4,
      0xb2306b0e, 0x80b0bd68, 0xc2be9f3d, 0x76a545c6, 0x4802c245,
      0x429d167b, 0x2b412dfb, 0x13e64427, 0xee8d9762, 0xb664f529,
      0x54706ebf, 0x6d4f5d23 },
    { 0x00ba9f88, 0x35c8f2b6, 0x7bb6d0bf, 0xfdc807e0, 0xb3b81e5b,
      0x0a126d42, 0xa7ac781e, 0x335ce6ce, 0xf37dcba6, 0x3e308e6f,
      0x63c96487, 0x028dca62, 0x8818434d, 0x72eba57e, 0x79b78a26,
      0xa9e3d59f, 0x2f07aea3, 0xd2f0a7dd, 0x24d05f74, 0xe0fe4678,
      0x0116deb6, 0xb2085170, 0x58f37580, 0x9c2a5e92, 0x74070bb3,
      0xe78bd7a5, 0xb9977d90, 0x551fc872, 0x40db81b4, 0x6eda93c4,
      0xd65d34ad, 0x4aaf0b4f },
    { 0x3514c7af, 0x9bef2506, 0xbc181ead, 0xb09e7dad, 0x8fa3ec58,
      0xef3cae87, 0x173b8685, 0xd8dbfab5, 0x921d32dd, 0xb2490fc0,
      0x8bd9c466, 0x4eef386b, 0xa061dbdb, 0xc1cdd52f, 0x25bc04db,
      0x64de989a, 0x85728636, 0x06f9836b, 0x8be44aa0, 0x11a5a804,
      0x097018c7, 0x16dede4e, 0xb2c11fb1, 0x72aec577, 0xa721ecd9,
      0x144dade1, 0xd6ebf3a9, 0xf99c526b, 0x1c2e14d7, 0xa1d4165b,
      0x82bc6337, 0x8b2cbd39 },
    { 0x8a52e991, 0x28ec1bf2, 0xcf9d42ec, 0x0ba202f6, 0xc634ea45,
      0x8307d130, 0xc5762b9c, 0x3fc257b3, 0x487c2a2d, 0xbd3298d1,
      0xa319488a, 0xca14f1a7, 0x06ba06d2, 0xc70ca93b, 0xee405e89,
      0x9aa3f4b3, 0x35deeae7, 0xcc64eeb3, 0x03bf1d4c, 0xd155f578,
      0x45616bfd, 0x041ec0b5, 0x086e33f6, 0x23df80e6, 0xf0243cf5,
      0x399a79c8, 0x874ccd58, 0x86c2824e, 0x8fc5c831, 0x220eeaec,
      0x7dbe3670, 0x57e28304 },
    { 0xfbcdf666, 0x6e60b698, 0x8bebb1d2, 0xbdd06a99, 0x80498436,
      0x4044adba, 0x522bc88d, 0xd76bf75e, 0x28423b20, 0x655c4b9b,
      0x53398a72, 0x65c0f492, 0x0ca37601, 0x76d4f2b7, 0x2030fa5a,
      0x46989925, 0xb6054705, 0x96b37e87, 0x53de1b2f, 0xef96f731,
      0xad54ef05, 0x5ecbbc8c, 0xa93617b0, 0xeb289d0a, 0x7cba217d,
      0x3ac0fbd5, 0x19d4a2d7, 0xd0d3cb56, 0xc91d6063, 0xe8bee9d4,
      0x696ffda6, 0x4f12e037 },
    { 0x15f1a610, 0x4ccfa422, 0x3786519a, 0x804a5c55, 0x73838134,
      0x1246a454, 0x4b284e2a, 0xfa15b484, 0x146d1320, 0x36464c65,
      0x70a8a0fa, 0xfb6ba88c, 0x93c4804e, 0x74e7cee7, 0xb95ae16a,
      0x8c34d22c, 0xf9c1d4dd, 0x9d9ed89f, 0x32025371, 0x61a0866d,
      0x9bd6444a, 0x45b232b2, 0xf277bab1, 0xf888e92c, 0xa9448b02,
      0x73e69c6e, 0x5b521ecb, 0x1a496ea9, 0x5858afb2, 0xa8f78ea7,
      0xb1266f91, 0x83d2333e },
    { 0x67b478d7, 0x1c633288, 0x50a2fc9c, 0xa1ee1ae1, 0x18d2241b,
      0x05b6ab30, 0x893cd696, 0x69f1f288, 0xa8117a87, 0x159d6660,
      0x70e73d77, 0xe8120119, 0x93f55f0a, 0x528fef00, 0xd854dfb2,
      0xb3978db8, 0xf45d9fbb, 0xd6b43ef6, 0xd5bee397, 0x17de4bfe,
      0x6bf76dad, 0xa01e0f59, 0x3d40754c, 0x28b2280e, 0xf8e86ef3,
      0x8edb6122, 0xb7d1e586, 0x8226b6af, 0x2f40a55b, 0x46353215,
      0xc5a31621, 0x7362f13e },
    { 0x73c0c430, 0x792eb27c, 0xa51c3657, 0x8cc0a65f, 0xd2194f1b,
      0x50a5cece, 0x814b4947, 0x18945688, 0x4b6fbbf4, 0xbbf0a81a,
      0xf0aa8608, 0x376f4f58, 0x3987795e, 0xd9361d68, 0xe3a8d0d5,
      0xb6510cd8, 0xb6c1a455, 0x63e2fdbf, 0xaec891f9, 0x2c91154e,
      0xff568f64, 0x0eb1e715, 0x2f2b399e, 0xe7af9cd7, 0x89f0bf0b,
      0x1fc39bac, 0x90983695, 0xf0861d92, 0xda0a20a8, 0xd9b16f02,
      0xa38c0ead, 0x2f10693f },
    { 0x0c06ded2, 0x07a6ce91, 0x2fd9087b, 0xf974842f, 0xa9f635a6,
      0xe468bfd6, 0x1ed60626, 0x04b61891, 0x369ee548, 0x1fb2f89f,
      0xdc96a201, 0x9cbd1113, 0x10d633ac, 0x6759acfe, 0x8faa629e,
      0x64ba66fc, 0x47f38283, 0xa686ae49, 0xd59cda99, 0x828c3a05,
      0x08ea2f6e, 0x7c7afb14, 0xaf3953c8, 0x2551c8e4, 0x9daa9e4f,
      0x5b53d279, 0xad6f1940, 0x1eff68d4, 0x96437cdb, 0x2775dbdd,
      0x4fe7a043, 0x985f83e4 },
    { 0xeaf45294, 0x89603c16, 0xc24b5751, 0x70131160, 0x39d6b52d,
      0x4c112018, 0xed943340, 0x7079cf02, 0x74f41b68, 0x0c5b028b,
      0x9c8ac1e1, 0x3dc3f076, 0xf8b24f0e, 0x5ac5eea3, 0xe34c5c22,
      0xee6684ba, 0x9abc452a, 0xa5259e63, 0xe9df45cc, 0xb07d2cd1,
      0x1a443cfa, 0x07019c93, 0x92c003b3, 0x68fddaa9, 0x0d8cbc2e,
      0x2d9f179c, 0x1e781ca7, 0xbbf15a6f, 0x50dcc799, 0x54d779d5,
      0x0fe962f1, 0x0c88e540 },
    { 0xe8f44357, 0x84f71a6a, 0x3a3cab6a, 0xf75b4bf6, 0x5aebc680,
      0x334c9d9e, 0x8a753ef2, 0xcecaf084, 0x075e3c8e, 0xe28014c1,
      0xf74f8d3a, 0xbb9d5a38, 0xb80e32ae, 0x75988464, 0xf2bc3792,
      0x7b328e6f, 0xeed0e197, 0xebbb1faf, 0x5a33065a, 0x674eac95,
      0x922dbce8, 0x8c19fd8f, 0x987b907a, 0x8c17ae85, 0x3b3a2cd7,
      0x89f33627, 0xfa87772f, 0xebaea019, 0x3a25ced6, 0x4e5de499,
      0xaf110715, 0x8e2560b8 },
    { 0x3141aba6, 0x56d3746c, 0xbab2cf9e, 0x45a1079f, 0x9cdd27c7,
      0xb6382831, 0x9dfd950e, 0x22237632, 0x3a9408ff, 0x1e0b15cd,
      0xb1160118, 0x49a80200, 0xa383bba7, 0x2719db5d, 0x651046d5,
      0x6078340a, 0x97523b1f, 0x8929d4de, 0x8e0a28ab, 0x4040345c,
      0x0adf09c7, 0x61275ac2, 0x2331d611, 0xb41ab265, 0x5391ca50,
      0x230cc77c, 0x8f922315, 0x88be0c92, 0x92fd9a29, 0xfef3d92b,
      0x8324f2e5, 0x59005f22 },
    { 0x3c4c1c74, 0x6bb1750c, 0xe966fb79, 0xbe73aac0, 0x66c5973f,
      0x85a75d92, 0x3a8656b6, 0x8c97f932, 0x50446cde, 0x2b7043b1,
      0x3ff3897f, 0x548916f7, 0xb18b72b2, 0x913dd01c, 0x488c0de6,
      0xd0a751f1, 0x8558ca58, 0x19175714, 0x44a663da, 0x97714301,
      0xb0e08618, 0x2df190ac, 0xf39ead9c, 0x0080fc0c, 0x17382da1,
      0x0085ac6e, 0x3262a338, 0xe9791851, 0xb43bae8d, 0xe4495936,
      0xd783df6e, 0x57a78e26 },
    { 0x40dbddd8, 0x161b346f, 0x9410c3ac, 0x2b49a927, 0x1886cf3b,
      0x8c542783, 0x33b93deb, 0x72df3232, 0x40df579d, 0x9c8d59f5,
      0xc20ef500, 0xe5d7a67d, 0x67f08643, 0xc46b3918, 0xad96adc3,
      0xecfa2445, 0x0c4544d0, 0x658f589b, 0xe08417d7, 0xe6ec9301,
      0xc454e288, 0x6ca5ef6a, 0xac0f462d, 0x4191048f, 0x08d8a036,
      0x852407d8, 0xf6d35b7e, 0xb4c533a7, 0x8f6ada87, 0x3251e412,
      0x81c472e8, 0x1ca370c5 },
    { 0xa801b68a, 0x94bd5171, 0xfd1998b3, 0x7312879c, 0x41163202,
      0x4905aabf, 0xf5b01fdb, 0xb5fe87f4, 0x9cda128b, 0x78de523a,
      0xc7bd31f7, 0x0bf161a1, 0x23904c35, 0xb5decfd0, 0xe188f12d,
      0x224b2882, 0xf99dae74, 0x0dd2801d, 0x08cd1cd2, 0xcad467b5,
      0xc0867e39, 0x6c311c3d, 0x2b425072, 0x71a11720, 0x2efd9003,
      0x83bf464e, 0x1dbd3b03, 0x53d0448a, 0xe6265baa, 0x32db52f4,
      0x4c33ac79, 0x2584b34c },
    { 0x2aeec688, 0x3cb86389, 0x45fbe523, 0xa5e740ba, 0xfd60b5f8,
      0x422e71f7, 0x4874913d, 0x455d185c, 0xfa17d80d, 0x04c2bb36,
      0xac054524, 0x3f271854, 0xa8b9a657, 0x76dd3045, 0x62ee7cc8,
      0x2e42c3e1, 0x4df6c7d0, 0x00266706, 0xdc7cb488, 0x5927dd51,
      0x187897e0, 0x6b3faabe, 0xf2d5737c, 0xfe6ad22e, 0xff51a9ff,
      0xafb60269, 0x69807baa, 0xe1c83545, 0x951ca49a, 0xacddb6ff,
      0x3f9ab085, 0x7e811374 },
    { 0x830a88b1, 0xad722a8b, 0xce1117e1, 0x91918ea8, 0x0409b47d,
      0x3e02d0b8, 0x6c46d1d3, 0xb53812d3, 0xe589669c, 0x2fd09db0,
      0x15b0cd5e, 0x9845cd06, 0x2386c453, 0x0c1c155a, 0xf5ff43cb,
      0xda774de5, 0xe391c0cd, 0xbb076b98, 0x5004f286, 0x97d71eff,
      0xaeec0bfe, 0x23e0b46c, 0x32a1ad94, 0xe4538667, 0x396da422,
      0xfe0c9f81, 0x63db2bfe, 0x6376c1a2, 0xba56fa91, 0x001c7918,
      0xdf8485a6, 0x436b8c64 },
    { 0x8ab764bc, 0x88117e9d, 0xa077df84, 0xdfa61e94, 0x0c18eebd,
      0x5a7765d3, 0xfc9451dc, 0x548916af, 0x071a347a, 0x01a52e33,
      0xb23b41df, 0x633b95de, 0x43c8c286, 0xdd7d68c9, 0x18d97068,
      0xe4f9d41e, 0x8c92799d, 0x79908b90, 0xd47394a3, 0xe614148e,
      0xcd51e53f, 0xe5018517, 0x0243dcb6, 0x5060075e, 0x17954405,
      0xe5dcde62, 0x537da5ff, 0x6f7c90e1, 0x0768cb66, 0x1df7aae4,
      0x6dbe95e1, 0x5266ca9e },
    { 0x1386b3db, 0x84ddee6d, 0x7c38e540, 0xf9e4af5a, 0xeb04f49d,
      0xb3418440, 0xfde5a4fd, 0x2138a1e8, 0x30257cfc, 0x3e6e6924,
      0x19fd70c1, 0x3519c6e3, 0x86c31ff0, 0x8f34e174, 0x940ce1e8,
      0xf1e298fd, 0x14960d7c, 0x6fb8cb1d, 0x2b2f3bff, 0x207c1347,
      0x146ef8ff, 0x899a20b4, 0x7bd3e220, 0x7dec362b, 0x626bea27,
      0xa975044e, 0x4fb4cb67, 0x0f32b449, 0x1fc6703a, 0xc17a0920,
      0x9cd84a2b, 0x41f325b9 },
    { 0xce2843a4, 0x312ed513, 0x00728afc, 0xe748498e, 0x4d864ce5,
      0xa8ef2822, 0xa620083b, 0x34064704, 0x4bed338d, 0x5905e1d9,
      0x063e7b38, 0x2a578cb5, 0x289e7bb9, 0x98276d96, 0xf17b7341,
      0xdfe2dc47, 0x1dac8944, 0x5923521f, 0x23400aa7, 0x3db6d28d,
      0xa761ba43, 0xc647705e, 0x9bfd07dd, 0x8947ba6d, 0x242ca8fd,
      0x00f2e3ac, 0xeb8c3468, 0x49ef4670, 0xd9aa18fd, 0x7db3d37b,
      0xe58cea9e, 0x56b30fb6 },
    { 0xcd80a428, 0x07ecdcaa, 0x8732c891, 0x7af922dc, 0x3ada441f,
      0x20d88798, 0x924b008a, 0x3bed9a44, 0xb2e81c3a, 0x2123533c,
      0x65f807d3, 0xc34e4075, 0x1f2faecb, 0x0bfaefa5, 0xade8a88d,
      0x78b634a5, 0x94392a91, 0xc4e0b7f8, 0x90bb1cd8, 0x30922377,
      0xf87204ae, 0xdea9b4fa, 0x85d3cd83, 0x3edf81f5, 0xc6523a79,
      0x58f88c51, 0x17c0d969, 0xe472fb8b, 0xdccf7f07, 0x899081e5,
      0x58bdd146, 0x1353cc57 },
    { 0x39bf6e18, 0x28a56497, 0x649b89c7, 0x59e8b5a2, 0xdce8b8e7,
      0x8d9434a0, 0x2047040c, 0xd935bf51, 0x6a7b8e82, 0x2ab3a164,
      0x27f81294, 0xf1583ed6, 0x72d67297, 0x8416a7e0, 0xcd39e42b,
      0x49685d86, 0x958ddbad, 0x8a797fc7, 0x155ce6de, 0xa558f928,
      0xf8a36235, 0x75f4e570, 0x52877ae5, 0xbc69cfc0, 0xa6b16ebd,
      0x8f4193a9, 0xbb1cc1f1, 0x8d1df43c, 0x5a21e789, 0x723a830e,
      0xf451df58, 0x3ec2185d },
    { 0x1f0bc2d7, 0xb9d4c7d7, 0x6e51d412, 0x6982c6cc, 0xa09f80f6,
      0x92e02d93, 0x047ae09c, 0xb7dd2d25, 0x37f351f9, 0x3503149f,
      0xc77850be, 0x69d49ce1, 0x12f0d2c8, 0x60242acb, 0x7bc28b9d,
      0xba188c56, 0x06bc0550, 0x8e406121, 0x8d7d4329, 0xb0d84b1f,
      0xd38951e0, 0xb4a67ae7, 0x8bc97607, 0xb527c57b, 0x5497aa72,
      0xbc93c5f3, 0x39bdd666, 0x5f1de8cc, 0xe9d447a3, 0x3087dc5c,
      0xa211abe5, 0x89b356b6 },
    { 0xdfdcc837, 0xed6db0af, 0xa871b7a9, 0x0fb80baa, 0x1c1d4b72,
      0x413abfc9, 0xadac9e5c, 0xf5b56bf7, 0x8b8657a3, 0x5664a2da,
      0x0e41d94e, 0x11b04f72, 0x37433658, 0x63e11d26, 0xf426daea,
      0xee628ece, 0xcb162dc2, 0x011619c9, 0x87648643, 0x9cf5817f,
      0x5584bc86, 0xe1bb9702, 0x00bf7928, 0x2cc27cef, 0xdc60eee5,
      0x4ef3a80e, 0x87adc2f9, 0x7e1202be, 0x8a0d4f52, 0x656f18e0,
      0x57c5d126, 0x39c4f10d },
    { 0xe88aecd3, 0xb3a9b68c, 0xa518aa9d, 0x555b0918, 0x4bd4ee54,
      0xedc1cdad, 0x02068d84, 0x79b68b67, 0x811ac72d, 0x7dac80d0,
      0xa81a0a78, 0x6d1e6d35, 0x3bd16283, 0xc841e9ea, 0x894c4444,
      0xa7bc1775, 0xf1aa1202, 0xf2b63725, 0xc7d4c556, 0xbec7767e,
      0xd46ff51b, 0x2817ebb3, 0x73f7e339, 0xfde5be8d, 0x5aed24c4,
      0x44c6c977, 0xb6e579cf, 0x0b9a1707, 0x9069fbcc, 0xcff16478,
      0x49152b00, 0x414b542d },
    { 0x606e173b, 0x33c31e58, 0x90e6713a, 0x5b7f4e1b, 0xdebb20af,
      0x425fb512, 0x05120e70, 0xc788c617, 0x9013e4ec, 0x3ef05602,
      0x81c6e6d7, 0x9f9d35ac, 0x9450690a, 0xe131e88f, 0x44af082e,
      0x708f9b32, 0x1ba2aea9, 0xb2e4d66c, 0x740db29c, 0xaf1f4a6e,
      0xd1843007, 0x74ab9248, 0xed556a6c, 0x13338ef8, 0x270d17a6,
      0xf48e623e, 0x9608f5bf, 0x3c7362fa, 0x444e8515, 0x43977874,
      0xe00b8b2a, 0x52678d6a },
    { 0xdf36aeb4, 0x5dff1c59, 0xa92bc0ab, 0x52d6653c, 0x927a5f81,
      0x0e03f496, 0x2dfd491f, 0x8509d414, 0xa571f89b, 0x258c2c52,
      0x93334485, 0x2bd61804, 0x3f7d9e09, 0x1a33e94f, 0x2c1bf906,
      0xfab418d3, 0x5aa5695c, 0xf39c490e, 0xf6d2d7ff, 0x0e41196e,
      0x0f7948a9, 0x3ecd4075, 0xd3053b4f, 0x4b58f9b2, 0x5d9974c9,
      0xb8ee842a, 0xbf22f682, 0x23a59c1d, 0xc8efcea6, 0x045ac614,
      0xc10ceedd, 0x7040ba5b },
    { 0x515a1a96, 0x2c364f81, 0x184327e0, 0x31a63503, 0x1ad93d4f,
      0x0a096650, 0x273b6173, 0x9d7694f1, 0xd2cda9d2, 0x8886d876,
      0x2814c177, 0x1e01a742, 0x8667696b, 0x3492276b, 0x5b25f006,
      0x2fd4f0c6, 0xfb294c4a, 0x6527349f, 0xde1d336f, 0xc1fe0d8a,
      0xe7e3860e, 0xaf9a23e8, 0xb774c31e, 0x97d2b721, 0x4365784a,
      0xfac3e582, 0x70f4eaa3, 0xff2dff4e, 0xfe873248, 0x3d281e1a,
      0x0bd1c9c1, 0x9043a6d6 },
    { 0x766c7937, 0x1511a0fe, 0xabbc3be3, 0x1b2ded5c, 0xe00888ac,
      0x2ac160cc, 0x616200f3, 0x928754bd, 0x34a2ea06, 0xb801c83d,
      0x9cbe106f, 0x8ad7a03a, 0xcedfcd94, 0x996b0822, 0xe4069880,
      0xc3c3463a, 0xf597f663, 0xfb12ea4d, 0x40c92af9, 0x2c8d3834,
      0x4e8da154, 0x79bc85c6, 0xdb4e801a, 0x95771fa2, 0x1e3579b2,
      0x7bd2c138, 0xffaad078, 0xe45c75df, 0xb73eac46, 0xb0760a3c,
      0x3a125f35, 0x26362b48 },
    { 0xeefc3e89, 0x25c68d28, 0x69e9ee71, 0x2d0ee877, 0xaf5e4b75,
      0x8b07bb86, 0xcb86b333, 0xdb709072, 0xff552bac, 0xfd3d20ea,
      0x4c0da1e9, 0xa5eeb2b1, 0x44f97145, 0x391f688a, 0x1e06d485,
      0x21fbd310, 0xbea9cd49, 0x45e4f2a5, 0xa7bf21da, 0x7b60d464,
      0x054d5471, 0x193f88c8, 0xbee0f2e9, 0x5ace53d1, 0xc1439273,
      0x92c26563, 0x96c6b5ee, 0x9c86e0b2, 0x09ff59ba, 0x452fe231,
      0x555c935e, 0x2e952b20 },
    { 0xd75f886e, 0x2a846bca, 0xd43dfc58, 0xe68a5dbe, 0x007b1b86,
      0x103e45b6, 0x355ff2b5, 0x580e2ec9, 0xa263ecc9, 0xbc702f26,
      0x181e5e33, 0x2835b386, 0x6c122076, 0x025113ec, 0x7fbd856d,
      0xa5c26e3a, 0x9d6ebcb1, 0x8ef83fb3, 0xa44d2fa8, 0x7aaa53f2,
      0x53b1fa97, 0x7c14ef33, 0x17559a30, 0xff604a11, 0xb09377e0,
      0x2bcd96b0, 0xdb2f0273, 0xa5c14896, 0xeb53ef06, 0x1c0a84c9,
      0x30378e4b, 0x1236d017 },
    { 0xc084373b, 0xd7481c8f, 0x646097ae, 0x29ae4768, 0x613bc34b,
      0x1300dfa0, 0x934bc2b0, 0x3712714c, 0x0e2be7e2, 0x86524629,
      0xed010800, 0x554fbb9f, 0x42314576, 0xf0ec0b38, 0x330a3282,
      0x65baf594, 0x706ef817, 0x3bdde1a8, 0xba7530e9, 0x7d2c727d,
      0x74cc95cb, 0xbb0c5d66, 0x2438906d, 0xb3fcd365, 0xd14658f3,
      0x19881941, 0x6c97f0e9, 0xe616f555, 0x4b9ec7ea, 0x353c2d85,
      0x620cb56e, 0x02a48014 },
    { 0x506ccd38, 0x11d6d23d, 0x9059baa6, 0x229a1c54, 0x69d011c5,
      0x717c9c27, 0xd828937d, 0xe87e1b46, 0x83835083, 0xf5d63bbb,
      0xaadac258, 0xf0a7b427, 0x9f154d1f, 0x99ab26bd, 0x8ec955fd,
      0xdec0ffbf, 0x49fcb880, 0xee957c67, 0x1e0114de, 0x32395dee,
      0x369f46c7, 0x192a64b7, 0x91eb2599, 0x43044660, 0xa2e8c3da,
      0xbe2da887, 0xc3556d18, 0xa44e2c25, 0xb55f75f3, 0x31390414,
      0x8f217fe0, 0x1d8bde6f },
    { 0xa2028924, 0x03cd39f8, 0xb06ecb9f, 0x6e54f19c, 0xd6f05846,
      0x862bbcb7, 0x5a060776, 0xdbe06716, 0xb10fec10, 0x9397c97a,
      0x6f1bb65c, 0xf4213826, 0xa672ba38, 0x414deccb, 0xf88b05e6,
      0x594d4d43, 0xac94d4d1, 0x7993f57a, 0xbfb17638, 0x74fc2a6a,
      0xb6fc655a, 0xd8196b5b, 0xee8d2139, 0xdc375c84, 0x360d3a26,
      0xb9b00a02, 0xdeb93b87, 0xb36ed35c, 0xcc83209e, 0xf565b28b,
      0xc61013c1, 0x349c6943 },
    { 0x4de6c88a, 0xd1b39444, 0x4700207e, 0xd5c2c471, 0x21c2b780,
      0xb6f458a2, 0x0850993e, 0x749f7564, 0xbaef0c18, 0x400ba579,
      0x737c70f0, 0x2d742938, 0x21467ebf, 0xc5a8e2ec, 0x5337f453,
      0x243a666e, 0xed0bd50a, 0xc991f1c7, 0xf4bd1f91, 0x3a7f3e90,
      0x5f0e129b, 0x96089e8a, 0x07389635, 0xd0d3a177, 0x27182ac9,
      0x9cf842d5, 0x0817c5c2, 0x21195299, 0x87255769, 0xa32f327e,
      0x89c2d8fa, 0x056587ab },
    { 0x1ce4733d, 0x008562ed, 0x98e51444, 0x5faff7cb, 0xa9ab46b9,
      0x5f03021f, 0xb61a8c13, 0x89494c5e, 0x36b35976, 0x57c95036,
      0x2ac2d2f6, 0x6be84c8f, 0x9bd2703e, 0x0e5b34d8, 0x7e872abb,
      0xc4ad918f, 0xc4052ee1, 0xc2a89e9f, 0x3190b51e, 0xc2caee3f,
      0x6fff254f, 0x58fd1437, 0x883e0972, 0x6f3c0d68, 0x0fb15438,
      0x63d0a0e9, 0xf6caae00, 0xc438764b, 0x3f1d0f6c, 0x815f1565,
      0xb86cdbde, 0x1b87f2ed },
    { 0x2b0b15b1, 0x35792bbb, 0xce6ba779, 0xa3e4b5a7, 0xdd8f3779,
      0xfbacffd9, 0xc298d1ef, 0x005450bd, 0xc47031c6, 0x0e3f5556,
      0x95d68066, 0x0770f07a, 0x2d1052c2, 0xce3e84e0, 0x7aa8cc54,
      0xb050791e, 0xba3223a3, 0x4d621e73, 0x39632990, 0x87b9b94d,
      0x7eb8056d, 0x8df9cb47, 0xedfca0cc, 0xe2430de8, 0x9712a0ca,
      0x374bf416, 0x88848a99, 0xbe3f3c77, 0xc4a3e59e, 0xb22b87b1,
      0x3e95bc23, 0x8e0227c4 },
    { 0x3210964d, 0x000e22a8, 0xff056eeb, 0xdccd5df5, 0xdaf1ead7,
      0x02173a1f, 0x67cdcae3, 0xd02833e0, 0x8bdcc90c, 0x1cc574cb,
      0x3224b4f5, 0x86eca714, 0xbb3f8298, 0xd00e603a, 0x0c1a8deb,
      0xb98ece1b, 0x378c261d, 0x228a46e4, 0xa6165e5d, 0xc6f9dd0d,
      0x4b7ef0e2, 0xb3ae3899, 0xbda9f306, 0x3a3c16b3, 0x38a084db,
      0x5e9a26d3, 0x5394e950, 0x528e5993, 0x4ea206bc, 0x848ecb11,
      0x40545d6e, 0x14b15ab5 },
    { 0x664c59a2, 0x0f6d86c9, 0x60fd7aa5, 0x3dfe2be1, 0x9072cb8e,
      0x33f9b569, 0x8176a7e0, 0x5f2325d9, 0x4587080b, 0x79a0d4e7,
      0x0d5d4e05, 0xa4ee0def, 0xc87b28e1, 0xc0ad9ffa, 0x3f09b4ee,
      0xd6f18d2f, 0x292e9d87, 0xcc896ae7, 0x6094763c, 0xca88953d,
      0x18fbf9fa, 0xdbee97a8, 0x4b63d701, 0xdf20e0e9, 0x47ea722f,
      0xcbba6e30, 0x612b571f, 0xce57e1ca, 0x009a55f5, 0x1e16ac76,
      0xc4389e2e, 0x742bbed8 },
    { 0xc1dc2c73, 0x23ea86dc, 0xc1643abf, 0x4bbbfd5b, 0x24d8ca1f,
      0x07f8fa1f, 0x8cb5cac7, 0xde68a6e0, 0x54e66a7d, 0x7d54c64b,
      0xa9b7ad78, 0x789dba22, 0xe364ab94, 0x4d88d540, 0x1f72e011,
      0xc8c2e02d, 0x46e2a278, 0x4c826057, 0x4b187c7d, 0xe6c35bb3,
      0xeb8fe0c9, 0xed8b3dfe, 0x7d11e415, 0xb6bc34e8, 0xb865c7f9,
      0xb3908bbf, 0xe1ecc17c, 0x717d1ce6, 0xf7cdd69b, 0x151e3308,
      0xb5c94124, 0x97bd5a14 },
    { 0x81e82861, 0xe01c62fe, 0xdd42c40e, 0x703d4b6d, 0xe65e91e5,
      0x7e52e55b, 0x5abbbfdd, 0xb8b49374, 0xc72a45f4, 0xb4f15f52,
      0x550f29d8, 0xce8435a8, 0x582de75f, 0x9df76b9b, 0xa20c8b96,
      0x52e84c5f, 0x0a8a0af4, 0xaf77d2d1, 0xca6013c3, 0x0389bbd8,
      0x26f8305f, 0xb0d9b9ba, 0x0cec8b9a, 0xf053e848, 0xffabda18,
      0x4d63367a, 0xa6424c2a, 0x50f53be4, 0x864fba2e, 0xf892c58c,
      0x48cc5469, 0x317c6d31 },
    { 0x2cb7d42b, 0x0c3525b0, 0x310facae, 0x55240bc9, 0xff20408f,
      0x8d5d2022, 0xe0c10ea0, 0x6b01402f, 0x718eb23d, 0x7fbef68a,
      0x41252a19, 0xa0146b5a, 0x110e0d6e, 0x59afce48, 0x022de181,
      0xe9a1d27f, 0xdc3f49da, 0x6db96d16, 0xefbe4008, 0xfc1ae3f5,
      0xeccbc11c, 0xf9d70641, 0x525f8636, 0x49022279, 0xc2763c30,
      0x3769796a, 0x1d90630b, 0x9cc3483c, 0xee3d3f17, 0x451651f0,
      0x9da0b8fd, 0x6ae59739 },
    { 0xbff4d2ee, 0x57b13bc7, 0x30b173d8, 0x20754229, 0x0794936c,
      0xb6254bd5, 0x5efd55be, 0x1d5f232a, 0x4e0c3389, 0xc06f4a85,
      0x8e61f944, 0xcf2c5b59, 0xfd5f87b7, 0xc564861f, 0x5a2afa4c,
      0xee261fb1, 0x2d97a774, 0xb0ff7226, 0xd6cf007a, 0x1a89ae22,
      0xd346f214, 0x28880534, 0x97b6497e, 0x8fe73bff, 0xfa2afffc,
      0x8a8595b2, 0xf151a726, 0x9ef9cf3e, 0xe744b82b, 0xa84ee5f1,
      0xbc63fe72, 0x6649048d },
    { 0x1e8b760d, 0x91b7bb78, 0x25aadaa0, 0xd47b0bd8, 0xfab5226f,
      0x81493d9f, 0xbffc148e, 0x4a6dd226, 0xa29be3db, 0x5a032f8a,
      0x34b0ab0b, 0x318dbc70, 0x7d654868, 0xdcccbfb5, 0x9c581e46,
      0x8506ab37, 0x2830ece2, 0x09136a6e, 0xcf6c80c7, 0x48b79356,
      0xef6b1e86, 0xfa176377, 0x83f0f1c9, 0x2c9c1cc1, 0x16abeddd,
      0x96f0526d, 0xa93b0de4, 0x3e0e98e2, 0x0f13873a, 0x6f2d7ada,
      0xf3fa49ec, 0x4eb93b5c },
    { 0xe11fae32, 0xbd89f7e5, 0xc4023f51, 0xd13d74f5, 0x491c3f6f,
      0x1b0014df, 0x555279b7, 0x1d849a57, 0x05ba0068, 0xbb9e8897,
      0xc13ca2ca, 0x82222419, 0xfd33676f, 0xafbbb685, 0x75878a2a,
      0x931c3f52, 0xef3d5173, 0x12aeefef, 0xbd8a6878, 0x189a5cc8,
      0xd99f0c16, 0x82cffdb3, 0xa19d48b6, 0xbf565406, 0xe9c6c4e0,
      0x5605e223, 0x86804172, 0x53e781de, 0xc7001cc8, 0xcdf5c90b,
      0x7c043f68, 0x2b582d93 },
    { 0x81abc2ae, 0xa1165c82, 0xe2b69eca, 0xa73380f5, 0x07fff66f,
      0xc097b3d2, 0x54776506, 0x5d603826, 0xb57fa21c, 0xdcbac9f3,
      0xc98dbdd5, 0x78750db4, 0xd9eff32a, 0x85e21103, 0x2f11c41c,
      0xceed172c, 0x9e348c09, 0xa8e39264, 0x831eddfb, 0x71cb936b,
      0xf50864a3, 0x915c3d06, 0xe93acfcd, 0xfe8e33cd, 0xb3f2f7aa,
      0x4bee10d7, 0xeb7cee9a, 0xc1d8eb48, 0xfa574afd, 0x4fa49ce3,
      0x862db4c0, 0x78615109 },
    { 0x7ae72c21, 0x3fe3f480, 0xfd0f0da5, 0x631aa144, 0xf8c3a454,
      0xc76ee1e8, 0x51b4f1ab, 0x379ae094, 0xd7cdbb24, 0x2a3a4397,
      0x82bd5fcd, 0x7a14cffe, 0xf427ef5a, 0xbbe4ed12, 0x284d3ccf,
      0x9b0a43ee, 0x8eec6e1e, 0x57b78b93, 0x67b8e87b, 0x18d404e4,
      0x34374c20, 0x0c8adc05, 0x5428deb5, 0x64373605, 0xc3afa2cf,
      0xb4d80ec0, 0x3aa956f9, 0x6d51f93c, 0x84161c68, 0x9f9a28ab,
      0x6bc9c025, 0x540b6bb7 },
    { 0x321d315d, 0x04e1734c, 0xd86e05d0, 0x4ef56612, 0xbba8cd81,
      0xeafae145, 0xacdc789a, 0x1fb07a49, 0x5877570f, 0x6a21e9ad,
      0xb9bc53de, 0x2e4a837e, 0x1d6298eb, 0x436db293, 0xea362f45,
      0x43afbc78, 0xaabf6585, 0x2a973d97, 0x0c924d60, 0xdce7dabe,
      0x7cadf0e9, 0xf69d98f0, 0x75020538, 0xe0b505a1, 0x4461cd29,
      0x3db7d1a3, 0x5e20e818, 0xe1c28776, 0x52dd50f6, 0x2ca25867,
      0x92e0388c, 0x897cab14 },
    { 0x0d8bab8a, 0x59ed3813, 0xa438200a, 0xc11d364c, 0x40581415,
      0x0687bf2c, 0x7ac89674, 0x86ad0d3a, 0xb97411a0, 0x44928105,
      0xf383371c, 0x74984b11, 0x0d1a831e, 0x70d2ed84, 0x6c912fe0,
      0xd883628b, 0x14fa88d2, 0x44f8f7fb, 0xcf0ac93e, 0x564f2a4d,
      0xa6c24fa6, 0x82f629aa, 0xbf6cd949, 0xab906ba3, 0x20a5182d,
      0x2c822e67, 0x30eb93a5, 0x2ff47dac, 0xfff673aa, 0xdc62c4a4,
      0x476b0ec5, 0x64b00763 },
    { 0xb3c9a404, 0x1e3f533e, 0xb7ef9952, 0xb1db7f73, 0x6c253693,
      0xc7f13e29, 0x0738eed4, 0x7ce7f4c4, 0xce26cad0, 0xccfd3b33,
      0x01ec5cf1, 0xd8784935, 0xdc084e01, 0x3f8fc09d, 0xc39b5acf,
      0x217cab32, 0x9ef5551c, 0x42daf0bb, 0xe1217a95, 0xfbc76f56,
      0xc237002a, 0x80178b12, 0xb070a293, 0x0b52c39f, 0x576ca964,
      0xe3925153, 0x19d68e36, 0x25559424, 0x09e50e84, 0x291fb82c,
      0x6618ed8c, 0x7dd22ea6 },
    { 0x49cbb3bf, 0x7ffe844b, 0x5562fb25, 0xde0cc704, 0x9f5a845a,
      0x1e6ee537, 0xe51277fc, 0x956d7f26, 0x30635718, 0x2c75d4b9,
      0x96957f34, 0x39a14892, 0x82e5742b, 0x8cf4eb32, 0x83247b72,
      0x6b0d3ddd, 0x201a4237, 0x67a9f633, 0x1414a485, 0x416403c1,
      0xb6f6a916, 0x60afd447, 0xdac6f790, 0x95f94930, 0xbd3b9d82,
      0x685ff94b, 0x51cadf0f, 0x5c8f98fc, 0xb13b7489, 0x9559c88a,
      0x5f18fcc8, 0x31377c66 },
    { 0x7dcfb35f, 0x35c5de09, 0x01cc36f8, 0x2dccca9f, 0x7576cb63,
      0x7e93e85d, 0xf7b4b375, 0x0c2dd48a, 0xb09a19b5, 0x9d95cd4f,
      0x71bfe607, 0x752ed159, 0x2596dad2, 0x439880cf, 0x69e90a6f,
      0xe52efb53, 0x03d3e60a, 0x44097663, 0xa95070e0, 0xfcf364fa,
      0x05624dd2, 0xd8f993b6, 0x00d5e467, 0xb35a9824, 0x0c8f4524,
      0xe289d024, 0x648a0179, 0xef45423c, 0x587edabd, 0x3a5fd695,
      0xa11e5271, 0x3dacc50c },
    { 0x6499ae4c, 0xcb3e4f94, 0x7053c527, 0xa46dcbe1, 0xbe782e8a,
      0x807f5ce9, 0xd8481e45, 0xb6c64d28, 0xaa286fd0, 0xf35e4518,
      0xdf1cdb49, 0xf7b7b9ba, 0xaec23eaf, 0xf3fb6210, 0xb9bfd2fb,
      0x0a9ba385, 0x8807f3a0, 0xe51a0d53, 0xb17b2842, 0x7ab24404,
      0xf9dd9f0a, 0x6fd57687, 0xf3e9df64, 0xcd1efdb4, 0x60df194d,
      0x5dd2df7a, 0xe069df05, 0xbed3f2c3, 0x23248a31, 0x469b7561,
      0x694744f7, 0x866949e1 },
    { 0x3f4ab07a, 0x3a9a0da5, 0xf54a6fbf, 0x2cd6f333, 0xb23cf290,
      0x0c92e921, 0x848e3d58, 0xc9581c3e, 0xd3b218ab, 0x93af1fbd,
      0x066cb4d7, 0x38598ea1, 0x990c03a0, 0x5001394e, 0x7d0877b5,
      0x3b664b1e, 0xd74c7091, 0xd79db1bb, 0x4e2d5dd0, 0x852d4435,
      0x3329db82, 0x0d2b841b, 0x7b96d480, 0xfa844eb0, 0xc295dc46,
      0x37a50569, 0x94f7ec4e, 0xc2d38373, 0x5b083177, 0xdc3884ff,
      0x8b1fa598, 0x574352b8 },
    { 0x0d5d7ce9, 0xed2193f7, 0x0b487eaf, 0x3c19fd26, 0x7be65fd0,
      0x7c44ab59, 0x78270d56, 0xdd9da860, 0xbaa70198, 0x8a84ec00,
      0x285985df, 0x2ec27e49, 0xde2028d8, 0x996ccaf0, 0x61c2201d,
      0x4e7648c7, 0x091c19eb, 0xa96335bc, 0xf0d6782b, 0x253a3a69,
      0xd2946493, 0x3f204340, 0x099f6873, 0x444521a1, 0x6996011a,
      0x5fcbcc09, 0xf853a94e, 0x3884d5d8, 0xd3b6a3a1, 0x2418c624,
      0x06ae3c4f, 0x3e431af2 },
    { 0x83d381f1, 0xf967d939, 0xd0c033c3, 0x36501aae, 0x54410768,
      0xbf3af4d0, 0x5093a6d3, 0xa86d1598, 0xd92f2900, 0x43ae0741,
      0x36f0b755, 0xfeb2afa6, 0xaa456d6f, 0xd090a6a3, 0xaefdb646,
      0x336a4fda, 0x1a942f7d, 0xfd1bfe44, 0x851ee41e, 0x7fc2a3ed,
      0x11e935c5, 0x4f1c9686, 0x53bbb343, 0xcd577666, 0xad896c2a,
      0xf26931ba, 0x86bbfa41, 0x8a0fbbd1, 0xa203cef1, 0x1c3d7d82,
      0xe2664d35, 0x6dad3f15 },
    { 0x12ec35a1, 0xd1940b7d, 0xe7dfb128, 0x6219c5b6, 0xf13321d5,
      0x2cc278c6, 0x33c58eb6, 0x5e76904a, 0xd9903c43, 0x15090f55,
      0xc3d96a19, 0x061bc926, 0x8c0acba7, 0x974a9f03, 0x7198b21b,
      0x7a414021, 0xf8958c6f, 0xb069599d, 0xbebd0129, 0x517f2f1d,
      0xdf3a8dc3, 0x1109a613, 0x672375c5, 0x08e58448, 0x9383d2d3,
      0x56590ba4, 0x0bff837c, 0xfc3ee7c6, 0x27d2d55f, 0xc87a5390,
      0x5f517a3f, 0x2438e9d4 },
    { 0x8815af3c, 0xc4a45308, 0xf3c9bed5, 0xe55f1a32, 0x97b65ddf,
      0xaef1cdc9, 0x12e51eb5, 0x61c61d94, 0xe63f2490, 0xbd0dac54,
      0xd0b3e231, 0x6f14429c, 0xf1da6010, 0xf737c3c2, 0x6bbc4fb1,
      0x7150e04b, 0x1be281cb, 0x205b4c89, 0xd7701f5b, 0xf1b4633c,
      0x2a513490, 0x8b33ef46, 0x68f1f7f2, 0xddb47c73, 0xbd416b67,
      0xf4ada511, 0xff795bb3, 0x9d2a97cd, 0x96200e67, 0x00a8b7b2,
      0xafe30e01, 0x13f39011 },
    { 0x7bd0c827, 0x3dd296ef, 0x4a29ff46, 0x506110f3, 0x1c9a515a,
      0xf8793068, 0x268bca77, 0xde8d8045, 0x998045df, 0xcbb83024,
      0x68c0e584, 0x3f90d710, 0x263b6062, 0x2a838ca8, 0x535c5d0b,
      0x293bb5e7, 0x56415110, 0xceea99d5, 0x1bbda005, 0xfe311ad0,
      0xa4d8d018, 0x2497e0bf, 0x1cf2b866, 0x33dd77a0, 0xd8c4ba8b,
      0xbc075b73, 0x722b7bc9, 0x298466d4, 0xcbda1b0b, 0x17a7ce24,
      0x680703b6, 0x458d4b6b },
    { 0x4d54d8b2, 0x8a26a20e, 0x4d320a0d, 0x05a5696e, 0xf994f700,
      0x698b5858, 0x2f6549a8, 0x7a4adc3c, 0x3694d00d, 0x1812e819,
      0x730402bd, 0x46b9b000, 0xa1b36410, 0xe10a1449, 0x99230220,
      0xeae95ea5, 0x1b4820c3, 0x3efc2e9b, 0x85c9eb8a, 0xfe5b5cb5,
      0x97847064, 0x21ae0319, 0x8f27d49f, 0x68ef0b70, 0x2f72556b,
      0x3259ef18, 0x624db01a, 0x00ae0457, 0x5668f95c, 0x628e3b06,
      0xb6fbbf91, 0x5f13f5fa },
    { 0x3a9b0dc6, 0x7c6ed9ae, 0x6f883ec8, 0xaea1bde9, 0xea8b3677,
      0xea66bf88, 0x9a66e3ab, 0xdefa6abc, 0x68217ffd, 0xc4d3317b,
      0x290df05c, 0xf741c8f2, 0x7d11674e, 0x1f0fdf17, 0xc35989ca,
      0xfdf0ece7, 0x6b9c482d, 0x0eed92df, 0x55bf1ca7, 0x73713e66,
      0x25cec99c, 0x90acb290, 0xe803e69c, 0x37c9e3a2, 0x17713a1a,
      0x7c0a3c53, 0x6f5a174d, 0x350dc565, 0x05f802f6, 0x11625a44,
      0xa37ba4a2, 0x2196495d },
    { 0x13142680, 0x00cb2fd3, 0x65d14cf4, 0xab9e91d7, 0xdfe2669e,
      0xc6a0ceab, 0x0ae22bc5, 0xbeefce58, 0xcb6ec250, 0x3c2b7986,
      0xd738f1ff, 0x84adb1a2, 0x516ec8ec, 0x9709bc28, 0x8e8f7db5,
      0xf3693129, 0x95b197f9, 0xc48efc6b, 0x9aaaa404, 0x9ff10952,
      0x144154b0, 0x2c3c8cbd, 0x427f3435, 0x33ef7bc3, 0xd21897c1,
      0x04a17940, 0x6ce548a0, 0x5aa0c47d, 0x3d56fa62, 0x2971cea7,
      0x04475f08, 0x93ad0eb0 },
    { 0x988a9963, 0x7a0b6967, 0x6515e8dd, 0x61e477f7, 0x3b6b50f2,
      0x6274e386, 0xd33922de, 0x63a9b8d5, 0x687a5b3d, 0x3c38d3fb,
      0x1302e323, 0x18f6f09c, 0xe02fcccf, 0x254c05c3, 0x26e662f7,
      0xc04ed0b7, 0x143fe079, 0x1d5646b8, 0xc9016c8c, 0xef8a9448,
      0xf823d797, 0xe5674c4b, 0xbccde451, 0x0586f72f, 0x4417eade,
      0xc5fc88d5, 0x576e588d, 0x2b952209, 0x5844d1f9, 0x4408dd42,
      0xea41c034, 0x73f8c3f0 },
    { 0x5df763dd, 0x89534fc8, 0x3ac71836, 0x3b1427f3, 0x6e8f15a0,
      0x0db5be17, 0xcb20888e, 0x1d390944, 0x857caea6, 0x7804c9ad,
      0x519f7bf3, 0xaa584428, 0x293aa8cf, 0x626eecf1, 0xea36a015,
      0x749e0d98, 0x3321edcd, 0xefff6dae, 0x28b791cc, 0x963deea6,
      0x2d16e361, 0xa14e0552, 0xb15ae206, 0xa2e058fc, 0xfca325e4,
      0x0f268745, 0x21341a8a, 0x7cf9d407, 0x7caa51b8, 0xdfed25d9,
      0xadbedd75, 0x0108ae39 },
    { 0xa9e88f63, 0x54d178f3, 0xab0c7325, 0xaa05b11e, 0xe261d8a6,
      0x773a53e6, 0x8d0b91c8, 0x24db7dae, 0xe9bb004d, 0xde10b073,
      0x54e3090b, 0xfc8befe7, 0x0cc69c89, 0x16af0599, 0x9d59511a,
      0xddc83803, 0x46c5dafc, 0xc3f65b99, 0x1ee0a599, 0xfbbe4be8,
      0xfb3a9b17, 0x88891e36, 0x445dad00, 0x0c9aad75, 0xd5097e1f,
      0xdffc46ab, 0xac85a4e1, 0x8848089b, 0xa0c45233, 0x348bb42f,
      0xeb13c1df, 0x807c06d8 },
    { 0x98ee0ef6, 0x00a969ec, 0x8bb7b7af, 0xba9d5483, 0xa02f8fdb,
      0x24484c92, 0x8b70557c, 0x7bdb201a, 0x60ad1af2, 0xe59343e4,
      0x998c95fb, 0x53a9a942, 0xda861d3b, 0x974db3de, 0xed399c0e,
      0xce1525c9, 0xf72109bd, 0x89b56881, 0x998211a4, 0x08ff7d15,
      0xef0f275a, 0x5df76b3a, 0xfa2f358b, 0x93f180f7, 0xc39b0634,
      0xaac4ffcf, 0x17583b53, 0x2692c626, 0xb55399fc, 0xb2fdfa36,
      0x99607a61, 0x16424c6c },
    { 0xdd2744a9, 0x5dd65c55, 0xfe3af418, 0x2544c1c2, 0xefe8b089,
      0x32c82e99, 0xa9df691a, 0x30b7ab25, 0x9be99674, 0x98384550,
      0xcaf2d122, 0xbcecd258, 0xbcc77272, 0x88ae4098, 0x4b8efa0c,
      0xd4396141, 0xed64d12c, 0x44ff67b9, 0x2e7f3404, 0xa9e655e4,
      0x45b0e9eb, 0x3d16fc45, 0xf03ded28, 0x474a3e14, 0xacccb85c,
      0xa3c9adff, 0x7253a51b, 0x3dfe6bc1, 0xfb5831b1, 0xdddaf4b9,
      0xa4f4478a, 0x5544e602 },
    { 0xbaa80b4f, 0x897c5313, 0x63bdc8ef, 0x0122716f, 0x7b42c5a8,
      0xae2742db, 0x0883308c, 0xe9d9e1e9, 0x2d341ab1, 0x352c8c3f,
      0xed945870, 0x163d0500, 0xc290d9d8, 0x8349dd73, 0x1f6c7d29,
      0x2053c5e0, 0xcb42033c, 0x83107446, 0x09d09af1, 0x76c88bd2,
      0xb2794681, 0xd0f70e6e, 0x19b1b540, 0x720b59de, 0x22994b43,
      0x80b7ecdc, 0x2dec53cf, 0xc1a4cdce, 0x1ed60f42, 0xdd7d3edd,
      0xe241d261, 0x5735995c },
    { 0xa0237056, 0xdc4ba3fb, 0x33ab3388, 0x6856c164, 0x271ec612,
      0xc01eebbd, 0xe3031bec, 0xabdeb033, 0x6118a1f5, 0x4eee4419,
      0x5b600f33, 0xec497421, 0x08868773, 0x1b7185cf, 0x7c1b7dfd,
      0x7b0c46cd, 0x4a4c5e89, 0xd143b2da, 0xbb1ff94d, 0xdb9a5984,
      0xc9cf3465, 0xac3904e4, 0xeace64c9, 0xf8729bc0, 0x768ad99a,
      0x5cc22821, 0x8a9540c2, 0xbbd3b081, 0x049a6917, 0xe468ed5f,
      0x3ec45ef0, 0x885486df },
    { 0x4bdff464, 0x6a942c93, 0x25a7b451, 0x3db2719f, 0x325be324,
      0xccb0070b, 0x19fe3339, 0x2055a31b, 0x241ee8ff, 0xaca69ae8,
      0x55ef8def, 0x7607dd08, 0x1a1b73c6, 0x9e24960f, 0x71d36810,
      0xbcb0e8a2, 0x6885e6b9, 0x29e11aa2, 0x185eae19, 0x98b5d0ab,
      0x0f81f91c, 0x1a0b96e4, 0x994fc503, 0x4d0e8bcf, 0xf119d6e0,
      0x33d81697, 0xaaa4ce0c, 0x29083287, 0xc91ff9d7, 0xc5dd4d3e,
      0xd4ab962d, 0x31cecfe8 },
    { 0xfc8b21e8, 0x437bfd9a, 0xb19436df, 0xe5dd32b3, 0x921c36a0,
      0xfe5902d4, 0xa3d0fa90, 0x8e9de84d, 0x5bb523bd, 0x9663e6ad,
      0xaecd6975, 0x9800a23f, 0xb4fbb59c, 0x1009c0d9, 0xc9d20ff1,
      0x839aa7bd, 0xecd6fa3d, 0xf502f66d, 0xc5516ca9, 0x480ed4fb,
      0x6c742ac4, 0x65ffa5f6, 0xff3252f8, 0x2b7c7945, 0x75d9cb3d,
      0x72fefc05, 0xd6d6f1d2, 0x11b0863b, 0x9a6a4ec3, 0x5d8f3cf0,
      0xda2547b3, 0x6961b46a },
    { 0xcb35e2ac, 0xd07b587e, 0x57af14d9, 0x1ed5546b, 0xdb28a04c,
      0xeca17a5b, 0x709d54f0, 0xa1f91d44, 0x9c6f400e, 0xa6e719fd,
      0xfb8ce190, 0x4e4b88ed, 0x246e3fd2, 0xf9781edd, 0xb655af5d,
      0xd67120e6, 0x93413ca7, 0xda782d1d, 0x9707fa21, 0x697e20a2,
      0x54e84123, 0x1eb51f32, 0x36051f9f, 0x2e254d9e, 0x73ce5be9,
      0xddaec42b, 0xcd3f794f, 0x89a9a32e, 0x0781aad9, 0x1964e22f,
      0x53755212, 0x6a63a90c },
    { 0x3d7acbbb, 0x76554e00, 0xb74f6108, 0x2c01668a, 0x388c519b,
      0xe4a29672, 0x3eb94d4f, 0x01667714, 0x0cd6d2f6, 0x086a3cdf,
      0x7b370f7f, 0xf8658021, 0x5a4d3e7c, 0x658880c1, 0x5ba3f4a1,
      0xd6ed5816, 0x5ca471dd, 0xabcc7813, 0xe844a576, 0x809bf074,
      0x6ea502ea, 0xa53a81b3, 0x0e021ed3, 0xc20b9307, 0x8617f165,
      0x8c27f892, 0x8235cd0b, 0xa5476446, 0x82552961, 0xffc89ffd,
      0xd151d90e, 0x51ed4a22 },
    { 0x449701b4, 0x37d6963a, 0xbb27caf2, 0xea8d91a3, 0xb572965f,
      0x3ef9be15, 0xdb50bf7d, 0x75a7a055, 0xce643b9b, 0xfd67480e,
      0x6ceb5d5e, 0xf2a60d2d, 0x5ed7c897, 0x68fc320c, 0x28ce685f,
      0x41c53cf6, 0x7106615e, 0x0e29711f, 0x23500ecc, 0x7a872138,
      0x6c29fe48, 0xaf0a9260, 0xe1ef9712, 0x93df3f2a, 0xd2d169bf,
      0x0d5f6fb1, 0x74a9793c, 0xeb7afe26, 0xe9f49256, 0x4173d94a,
      0x2b8b5ce5, 0x2d6951bc },
    { 0x904e222e, 0xdd007d9f, 0x86f4e109, 0x333f248f, 0x8f429eee,
      0xd4994e8b, 0xcfc77518, 0x29573415, 0x0b0f42f1, 0x6e7fea3a,
      0xc2743519, 0xc795cb7d, 0x711e71a0, 0x820a8f66, 0x2b874f55,
      0x83d95d9c, 0xe70e1627, 0xd4b64d78, 0x8b92a742, 0x924353f5,
      0x447b5e6d, 0x322048b1, 0xbcf931a0, 0x0bad730c, 0xa7af2268,
      0x75c4d089, 0xb83b93f9, 0x464904c1, 0x165b3aee, 0xa24eba02,
      0xe08cc5f0, 0x65c48e78 },
    { 0xde222c22, 0x1a1c73ce, 0xfcea23b4, 0x5683d8cd, 0xb2143b06,
      0x0301cb14, 0x59fcec77, 0x284adf8f, 0x31204cef, 0xfb1c581c,
      0x94735107, 0xf54d3eee, 0x4d3188c0, 0xdbf67f0b, 0x10f18d12,
      0x76a3f2d1, 0x07d3e013, 0x3809fa28, 0x25e7ece0, 0xf06f0a46,
      0xb2895d2e, 0xd82867ed, 0x08b0553a, 0xe106f489, 0xef245445,
      0xe2280fa6, 0xa8d9a3cb, 0x402d5785, 0xd438ba2d, 0xf63dd9ff,
      0x7a6b226f, 0x36b5cd2c },
    { 0x545679a7, 0x87ff4e20, 0x4520c750, 0x64d80b41, 0x9b459cd8,
      0x90a357fa, 0xc85af1a3, 0xa19eaf39, 0x8d935a5e, 0x0d475d79,
      0x781a678a, 0x74501983, 0x0cc2e810, 0x74839779, 0x2f412244,
      0xc6a21d11, 0x36a51a37, 0x8d0e85f9, 0xeaa74df8, 0xff50151e,
      0x93cf99c4, 0x14e182a7, 0x376a9ab6, 0x45593df1, 0x522389ff,
      0x18f73caf, 0xf7445e8a, 0xd27cc960, 0x39a51dc8, 0x0692f4c5,
      0xdb39bfd8, 0x08d7c144 },
    { 0x3ecca773, 0x809c0d96, 0xd48c2156, 0x87ea9192, 0xdb6bd641,
      0xf0eccd74, 0x2a678cdf, 0x77312374, 0xd1587b7e, 0x7a966d8b,
      0x6130a4c6, 0xf3c1a101, 0x5fce17bd, 0x7cc6e838, 0xa8de7aa4,
      0x95e95bb8, 0x898308e3, 0x3fe1e8b5, 0xe347694a, 0x0197243e,
      0xbb0cd2bf, 0xf3fe9c42, 0x0f9b2b49, 0xb5905264, 0xc7367d1f,
      0x4c385e8b, 0xb5ee147b, 0x1d3050ae, 0x04004ad9, 0x8e2c3879,
      0xbab70202, 0x5f2aa8ee },
    { 0x1266524b, 0xe208d464, 0xd0a19f66, 0xb7bf3880, 0xda106ebf,
      0xa5aa685e, 0xe642dd46, 0x0a69e8d3, 0xc682e4d6, 0xef349c61,
      0x0fcb534c, 0x26f6ee3b, 0x05eb67b8, 0x7daba127, 0x18be05f6,
      0x2babb27e, 0x8e2d85d1, 0x959afcba, 0xe2d9d386, 0xedcf2d1a,
      0x1ea6f06e, 0x59dc52e6, 0x866e5ae8, 0xc28278b4, 0x02bcd3c7,
      0xd9ff0340, 0x784be82f, 0xe884ac76, 0x83c9f224, 0xa3164980,
      0xb46ff949, 0x62501a98 },
    { 0xad264086, 0x563f7d9a, 0xa5e0e4bd, 0xca6a33db, 0x8c8d3d67,
      0xe8253002, 0x46e64b19, 0xa288dac8, 0x20aa4536, 0xfa3c9197,
      0xed553eac, 0x8130c9b0, 0x2ea8abd3, 0x622806e0, 0xceccfe77,
      0x52fbf54d, 0x4f0d1b70, 0xbd9a8e31, 0xd59b1741, 0x519d2133,
      0x9a6fea8a, 0xfd74101c, 0xb5c4eb10, 0xd1acf7a0, 0x91f9da5e,
      0x78499b73, 0xc0dea586, 0xabaa4c49, 0xa1f3531a, 0xcc9c5f73,
      0xfd3fc665, 0x497b15fe },
    { 0xf45568e9, 0x8a56cbaa, 0xc7192a6f, 0xf491a0fe, 0x9ab2539a,
      0xdbb03dd3, 0x4ac37da9, 0xc86522f8, 0x02a0f5b4, 0x8c8cdba2,
      0xa29c539f, 0x8109fc75, 0xca90f02e, 0x9cd06d31, 0x3e216dbf,
      0x8f31f044, 0xba3ebd91, 0x99aa68ac, 0x42c007f4, 0x2a80d0d2,
      0x86a9b7ce, 0xdd8dffbf, 0xd6308edc, 0x405d3e84, 0x068012ca,
      0xdafa33fe, 0xedea1071, 0xc2eebd13, 0x2ff637e6, 0xb7ae7e5c,
      0x9e514cb7, 0x18d46a6c },
    { 0xa78b7802, 0x868cbb22, 0x497cbaf4, 0x0745ddb2, 0x42ae8add,
      0xc4eb2f3e, 0xb4ceb4e4, 0xac0abcda, 0xa325fd40, 0x2e0d8325,
      0x13ac7345, 0x6cfe0571, 0xb14171b9, 0x7407a788, 0x6da7a52b,
      0x70eb0603, 0xd85176ac, 0xab0b36f9, 0x7c2954f3, 0x14109d29,
      0xdcd705ad, 0x370de9c8, 0x7bb5e751, 0x3f0db5cd, 0xa06e708c,
      0x45f93d41, 0x7e93050d, 0x10d54f8a, 0x5a38fef9, 0x69e6f8e4,
      0xd3f62e40, 0x55044601 },
    { 0x06cb9cc9, 0xd1c5c910, 0x41d00014, 0x542074d7, 0x11236fb8,
      0x7cd8663e, 0x29ad5f82, 0x39721ffe, 0x2951fc83, 0x1d21fbfa,
      0x400d144f, 0x1cde06e7, 0x91792e6b, 0x9042596b, 0x29ad5166,
      0x3365c8e5, 0x9aeefe98, 0xe2220e85, 0x70c2aee3, 0xbcb53189,
      0x9ff100bc, 0x477ca3db, 0xf532973f, 0x27074176, 0x9a2bd01b,
      0xa12118ac, 0x3dd79f93, 0xf3425209, 0xc6f5d7db, 0x563a8ff7,
      0xd7b0ec4f, 0x0da313fc },
    { 0x15aa2557, 0x37125a8c, 0x00893e9c, 0xca21d70c, 0x67b8a823,
      0x48713994, 0x7cb0042a, 0x0d3e9a74, 0xc9e2ce18, 0x2d2bf4ff,
      0x049aeac2, 0xd5531a0d, 0xf03d0660, 0x4d29a616, 0x1f1b7f00,
      0x473d50d6, 0xca3de50c, 0x3af0ecbb, 0x09c28f27, 0xe2959bea,
      0xf8704664, 0x6d7c2ea0, 0x731083ef, 0xadfae4e1, 0x941c2554,
      0x50940c26, 0xa1162d03, 0x44167410, 0x1e82290e, 0x620230d8,
      0xdb414acc, 0x63630be8 },
    { 0x8a7d2e41, 0xbf8d5222, 0xeb62f879, 0x49e75823, 0x6c402d89,
      0x1b4d33dd, 0xde2c59ad, 0x883e04d6, 0x49b9dc38, 0xbf3f38f4,
      0xb4b70c4c, 0x9d997d18, 0x13cea045, 0x1f69b20c, 0x58e2606d,
      0xca3d7025, 0x261d1b79, 0x3d4fd977, 0x5a1436fa, 0x56aeafa8,
      0xbb443c07, 0x369b3e98, 0xe558f6be, 0xfce5186c, 0xf8ac8f89,
      0xeb0cd478, 0xd5e5aa72, 0x68074f37, 0x68544eb0, 0x295845c0,
      0xf16688ed, 0x306a9871 },
    { 0x634ec136, 0xbc451e9d, 0x0e6f658f, 0x1edf27ca, 0xc0db4120,
      0xa9be0152, 0xc5bfee67, 0x87b6ef20, 0x9a2d6023, 0x35283238,
      0xc7afb899, 0x60e564d8, 0x0ac9c2de, 0x4af22bc0, 0x82a9d22b,
      0x28e6f631, 0xf532701b, 0xc075c701, 0x82075f91, 0xf6d418f8,
      0x1beaa511, 0xf9fa628d, 0x6e72a13d, 0x551e7a17, 0x77f4c01c,
      0x9306215b, 0x93c9d588, 0x71aba731, 0x58e57cd4, 0x6443ebe0,
      0xe8103e37, 0x2833ac41 },
    { 0x8da5ec5c, 0x7e564b86, 0x1c08db24, 0xac3d9da8, 0x8c57a728,
      0x9d7c1f0b, 0x9d343dc2, 0x3512afe7, 0xfdc60339, 0xb438e4cf,
      0xdcfa1941, 0x7d5a2700, 0x27320449, 0xd5f323f8, 0x1393c6e6,
      0x1b87a58e, 0x04baa431, 0xecb68bd1, 0x4722b4d7, 0xc09c1c5a,
      0x206b5faa, 0xf42faa97, 0x9976327e, 0xe1dcbcd6, 0x087787d9,
      0x655ba9e4, 0xde5c0191, 0xbd59c757, 0x0bcf3538, 0x673020ed,
      0xa49d6303, 0x120cd454 },
    { 0xcab0f9ee, 0xebfdb8f4, 0x2cce58ee, 0xbc003ef0, 0x5a8d0665,
      0x9b6a6841, 0x9b957774, 0x642ed3a6, 0x4721ab5c, 0x3de487f0,
      0x21a4f0d3, 0xef2ff380, 0x29dbddcd, 0xbd16f558, 0x0e93dff2,
      0x2ef05b4b, 0x0bc9aec1, 0xde1faa12, 0xd467fa92, 0x66dae2c2,
      0x5eb33e34, 0x758daf64, 0x8f0103cb, 0xa67ad9f6, 0x9be02430,
      0x151f693a, 0xeb4054bc, 0xd5698496, 0x7019336e, 0x8ef1677e,
      0x7fdeea3e, 0x021cfd16 },
    { 0xdf5c36f3, 0x5c73715f, 0xd64ad254, 0x703bde37, 0xf2cf7713,
      0x55368d10, 0x0f3993c8, 0x1e5ec7b7, 0x304ae4ca, 0xfdb16776,
      0x3d3bb18b, 0x0d8f717e, 0x66343d5a, 0x5267073f, 0x156008b5,
      0xfaeb52ef, 0x224a470f, 0xb97ad5f9, 0xed2ab51a, 0xaf86e391,
      0x9974302c, 0xdc0c7e57, 0xfd0ae28a, 0xc88fa817, 0xbf8ed59c,
      0x807c22df, 0xeb128bb6, 0x5dedc231, 0xa20595a3, 0x71edcd9c,
      0xc73cf78e, 0x07265b46 },
    { 0xbd66232f, 0x73dd99f0, 0xc4027716, 0xc59aaf89, 0x5b860fc4,
      0xaf826dfa, 0x7a943f3b, 0x239ea8aa, 0x523c428d, 0x0e0e1b1a,
      0x6973b95a, 0x55ea0e3a, 0x2557753b, 0xea399caa, 0x06957b1f,
      0xf8adf72f, 0x3bd34302, 0x0389f341, 0xf8a43a97, 0x333f27d0,
      0xadaf796f, 0xcd9c0c08, 0x49c12aa2, 0x6dcca49b, 0x7a0ac6e9,
      0xdd88deee, 0x0644080e, 0x8f47575d, 0x0cc2f4bd, 0x6e9d667d,
      0x31d1496c, 0x36c5754b },
    { 0xf323d84b, 0x9120046e, 0x7e789c4f, 0xa6991122, 0x921b8055,
      0x4b0eaf4e, 0x8079974e, 0x6339844a, 0x740f8c79, 0xc905466a,
      0xcd6def49, 0x1c18d0f7, 0x4b23e4ba, 0x5297da6b, 0xc41800c5,
      0x1c09dff3, 0x37ef6777, 0x6c49075b, 0x50513ded, 0xa94c3a40,
      0x6b0b1705, 0x3d6742e9, 0xc48af5ae, 0xc0784494, 0xc95822de,
      0x40c01532, 0xc164d94f, 0xa2ddade5, 0xa2975eb5, 0xfc8a8ac9,
      0x1946944e, 0x06fbf861 },
    { 0x3f45aa97, 0x2d65338e, 0x1d040feb, 0xd83b58c8, 0x0fdef8b9,
      0x05fef59b, 0xe4d7417c, 0x7beb071a, 0xb30a1a23, 0x982b61f5,
      0xfb65bd03, 0x4c5f2a2a, 0x5cbf6bf3, 0xe40abc9d, 0xf06612a5,
      0x422c326d, 0x9571ae28, 0xc921e69d, 0x23d3434e, 0x7c88b10b,
      0x9da07933, 0x96d2e957, 0x3619cf4d, 0x833d46a1, 0xd95eefa1,
      0xd9d19653, 0xa03e8f0e, 0x2a7d8411, 0x04bb5ab1, 0x5e642953,
      0x1f0fa9ea, 0x5e9ca0fd },
    { 0x197c5dc4, 0x5bd54571, 0xe78a95a2, 0xe2da40bf, 0xffdb0eb2,
      0x65fb9efc, 0x0d17467c, 0xe952dc2c, 0xc758c6a3, 0xc1fc9c7b,
      0xd4034a9a, 0xfc79562c, 0x61f64b56, 0x26e36fbe, 0x1e84728b,
      0x6adc4b9e, 0xa8f9ac8a, 0x7f165fd3, 0x03e3e013, 0x7bc93a45,
      0x656478e3, 0xeacc5513, 0x064ddc77, 0xd3391717, 0x76936914,
      0x75b318dc, 0x362424a6, 0x69b1f1c7, 0x49955f34, 0x8cc2045b,
      0xc6836af8, 0x940622b3 },
    { 0x0d997973, 0x4710ccb7, 0xd3f8f115, 0x3b29625d, 0x5b97abd5,
      0x8cf0c4d5, 0x673e14a5, 0xc6321e0a, 0x3d262246, 0x0541af9d,
      0x6fc83b11, 0xde6d8754, 0xf01652a4, 0x47e97da8, 0xad9802b6,
      0x0f82b3a6, 0xae9c44b2, 0x69aa4075, 0xced2bf77, 0xaf3f5de2,
      0x497a40da, 0x1ef1ea8a, 0x3c23ba9c, 0x2e0f8608, 0xf190a2c8,
      0xd8a998a4, 0xcfde3368, 0xe2b49c8c, 0xbde6bd71, 0xb9f49824,
      0x785bedb6, 0x80bb1664 },
    { 0xfd145cb5, 0x05e575fe, 0xac5e6883, 0x155ee561, 0x8793b273,
      0x461e70cf, 0x133b2338, 0x9f1553de, 0xa2a7ba07, 0x2fb9e0c3,
      0x3e7086fa, 0xc3bfd6a8, 0x8bb4cb93, 0xb6ba8500, 0x76f82dbd,
      0x0b66d789, 0x54eb49ff, 0x7d5a6ff6, 0x1f20b322, 0xcd65d237,
      0x54e29cdc, 0x79ea49c2, 0xcb118ff9, 0x64975963, 0xcc58000b,
      0x969598dd, 0x110c779c, 0x95107918, 0x63b85a35, 0xedfc1548,
      0x41212350, 0x077ba5ea },
    { 0xcdd86f61, 0x0b3a38d3, 0x0502a0ab, 0x43121445, 0x806d0272,
      0x1912edc5, 0x8a32f10f, 0x01dc1f98, 0x0e80c760, 0xbb1d31d1,
      0xf464e8b3, 0xd46ec7e5, 0x9abf49ee, 0xd569af36, 0x2cdade77,
      0x9d286ea7, 0x45ad5920, 0x2be7020d, 0x6299ae7f, 0xabe5236e,
      0xd3f55c07, 0xc93179bd, 0x52350e80, 0x8138995a, 0xaff07586,
      0x0901265c, 0xf4739653, 0x5b3c81b2, 0x9bc77d21, 0xbaf7581d,
      0x4591a2e2, 0x6b2006df },
    { 0x965b1bc1, 0xb2fe50a8, 0x962bb4fd, 0x931f536a, 0x000e7f99,
      0xd5718d33, 0x53d5125e, 0x84728f25, 0xd2125caf, 0x4f8a6184,
      0x357f679e, 0x54f1a701, 0x1531c05a, 0x70a9f40c, 0x6fa8b775,
      0x10d0cb97, 0x9dc12ce9, 0xb476f41e, 0x2755f894, 0x5c8d7a75,
      0x625741a4, 0xd6c12e10, 0xc917b16c, 0x262a6fb8, 0x38d6b0a0,
      0x24d116e6, 0x32c38e83, 0x849540c0, 0x66868afc, 0x855b911c,
      0xbd26b550, 0x53217ea6 },
    { 0x259f52b4, 0xfc840473, 0xe621146c, 0x968da9cb, 0xcacbd26e,
      0x964eb85e, 0xe4a54344, 0xab7daa2d, 0x381a4ff7, 0x6dc3b848,
      0x41c815ef, 0xa07a96b3, 0xc3d4b1e1, 0xc4fae9e8, 0x42ce9ea8,
      0x0f938d1e, 0x35cc052f, 0xa727dacc, 0xe9a06f07, 0xc81e01c9,
      0x4a6d65a1, 0xa9e08dcb, 0x6044a9a6, 0xf8e2d173, 0xf2bd295b,
      0x99893dd0, 0xf9781b12, 0xa08d3379, 0x61830ac2, 0x64bd6001,
      0xd9adbeef, 0x0386931e },
    { 0xd09885a5, 0xd0d7abb3, 0xe355bb07, 0xed9d2b67, 0x536ebaed,
      0x3bc238cf, 0x699ce4d6, 0x61ca2e78, 0x111594cd, 0x354ff447,
      0x03316ad2, 0x55cbe709, 0x49fff5c4, 0x418679fd, 0x0f9c6c40,
      0x75bacd75, 0x2972721a, 0x677edc88, 0xe5ef502f, 0x82596887,
      0xbf320e0e, 0x459e9367, 0x8bbdccb2, 0x81ce36ef, 0xb766863d,
      0x1ba097fc, 0xd58c6db8, 0xcd3a21d6, 0xb4a8748b, 0x0e4967cd,
      0x15041c20, 0x2caaf749 },
    { 0x6ed20424, 0x44f98006, 0x22471545, 0xb3e4ea23, 0x781a8c86,
      0x268ed1a5, 0x7ae5b70b, 0x48d0ab75, 0x356d3982, 0x6ca8b320,
      0x2df31fa4, 0x9ce8e681, 0xd925dcf2, 0xb909d232, 0xf56723de,
      0x302c8f78, 0xabac96f9, 0x11725d69, 0x57d1a170, 0x656a47ca,
      0xc18a2be7, 0x6bb5d511, 0xad50d9d9, 0xb56e45f1, 0x70b05518,
      0x36e886e2, 0x09d8ff91, 0xc7c71f3d, 0x9350361e, 0x65a1bbe2,
      0x45fe3bd8, 0x86d7f532 },
    { 0xb0bf719a, 0x99f16eb6, 0x8bc3d913, 0xb6975098, 0x26cd01b4,
      0xfae50e52, 0x90898d1c, 0xd3e3ac54, 0x887ec666, 0x4da3b9db,
      0xfbea45b8, 0x58300644, 0x8355b058, 0x369f3bd9, 0x579bcc13,
      0x0fb239a8, 0x6e2bd811, 0x4f5b4539, 0x24198fd2, 0x007f3baf,
      0x8837d51d, 0x68a676db, 0xeae75b16, 0x68eeea62, 0x3db6083c,
      0x5ffe5f94, 0x7d836c5a, 0x52c94d0f, 0xcbc1ff85, 0x5a4c3c6f,
      0x86c0b4dd, 0x682a55e3 },
    { 0x587495aa, 0xc8f235a4, 0x34c7245d, 0x2276026c, 0xb75a46e3,
      0xd6ae0cc5, 0xecc3e5e7, 0x890d3965, 0x14296629, 0x1b13342f,
      0x8a877227, 0xc89927e6, 0x2324a68b, 0x1543f27e, 0x49cdc21a,
      0x6c447684, 0x1452d0ac, 0x9bc7fd4f, 0xff4b045c, 0x2cc30a31,
      0x852f7611, 0x415d46a0, 0xc6fdd7a6, 0xad737052, 0x7b4c7c91,
      0xdcecc3ab, 0x7688d70c, 0xd2cdf01b, 0xe40d3905, 0x054f2542,
      0xfefe4dcd, 0x02227fa6 },
    { 0xb751948b, 0x1805efd9, 0xfdfd225d, 0x8efeed46, 0x4f2c8b22,
      0xcb128e09, 0x96f7c5e5, 0x9d1090bf, 0xb4cbeca0, 0x0959d044,
      0x8e08cb04, 0x21c955f9, 0x68fa4fce, 0xbc1f279d, 0x0710ae9a,
      0xb021e14e, 0x881167f4, 0x64d16e9f, 0xbbc9f1a5, 0xf5a5c22e,
      0xe3420eea, 0x5f3716df, 0xd5c4e843, 0x971eb915, 0x28ffba81,
      0x64fc55fc, 0x7dd37578, 0x3427e54d, 0x15ebc7d0, 0x446e6a62,
      0x29269778, 0x547e249a },
    { 0xa1ffda27, 0x4706868a, 0x7955cf50, 0xb4e6cdcc, 0x0a63f3d8,
      0xf65151e1, 0x9de5e70a, 0x5b4127ea, 0xf9342823, 0x3d2c09ba,
      0xaa2f7d51, 0x18c99d83, 0xddeec025, 0xa0c5bb1d, 0x03dcf1ce,
      0x7ffddf84, 0x616fdeda, 0xe57e4d29, 0x7932a1f0, 0xd2456569,
      0x3191d4e3, 0x7475e0e8, 0xc220218b, 0x3479bea1, 0x8bcb2505,
      0xfceb5c90, 0x3c6132e6, 0x1c685cea, 0xbfe6c1eb, 0xc42dc745,
      0xd2b08eea, 0x45a41cc0 },
    { 0x4dbbf0e1, 0x3ea9b2c7, 0xa17cf70e, 0x41ff962f, 0x5eeb4c66,
      0xdc1ea758, 0xa9beb17e, 0x4f5412d2, 0xa285741a, 0x2c9e4f52,
      0x984fd11f, 0x93df7da4, 0x0df3184e, 0xb2afbddc, 0x2421e375,
      0x96323d25, 0x49df781e, 0xc87be1e4, 0x3d589bea, 0x145601ed,
      0x28fff6dd, 0x0f0bd9bd, 0x8a0f298c, 0x2d3259d4, 0xd88e6944,
      0x362d7a77, 0xb6ac2af6, 0xa84c06b6, 0xd087da02, 0xba850ac9,
      0x42ee40c8, 0x128763c9 },
    { 0xacbac178, 0x29a80f07, 0x34b08f6e, 0x7cc20044, 0x70feded2,
      0xe9631d14, 0x86615767, 0xb2115da3, 0xcb088548, 0x7c75f5c4,
      0x9a2e8e03, 0x5b29d213, 0x8b881752, 0xfe9fda66, 0xc1de7ebc,
      0x3f1d8d88, 0x03218123, 0xb476565e, 0xb1c995f3, 0x07365561,
      0xb13eb71b, 0x2160cb18, 0x99b3a0eb, 0x7e8da513, 0xb20fcd74,
      0x5e8ca1f9, 0xb4126d72, 0x6a7e0067, 0x68bb637f, 0x1e8204b7,
      0xfc4f74d2, 0x75e96bcc },
    { 0x0d19716e, 0x189d1fdc, 0x7c384525, 0xdf585058, 0xea987d2a,
      0x64a846d1, 0x6c07150f, 0x12b6bf83, 0x4d6fd5b7, 0x91d85d46,
      0x4f53f55f, 0xa9788836, 0x81509129, 0x60083bd8, 0xea876f48,
      0xa7672683, 0xc15b2489, 0xe80b2e7a, 0x42d1d992, 0x985ef8d2,
      0xcf3de492, 0x9c57b029, 0xb1487627, 0xfe02f83c, 0x8ae5b687,
      0xaeba4fe4, 0x5d6b8196, 0x8a86f09b, 0xa16e523d, 0xd88f566b,
      0xba268949, 0x309a6e9a },
    { 0xbdfbe97a, 0xef27ee50, 0xb8c50c4d, 0x1a5fe70f, 0x7fe09f5c,
      0xcc7beb01, 0xbed36cc5, 0x8fa15a85, 0x7550ed3a, 0xc0c3acdb,
      0xeb908681, 0xc581ef87, 0xc49d5ccb, 0xa15b3362, 0x1fa264e8,
      0x0fbb1714, 0x8e1eee88, 0x267f8d8f, 0x21c2b63d, 0xd31ccfd6,
      0x53be7efd, 0x924dbe7d, 0xdb2a358a, 0xd42e877f, 0x75d68ac1,
      0xcf9673c7, 0x714fea55, 0xe35978fd, 0x5769b202, 0xeeb36653,
      0xd7593789, 0x0458258a },
    { 0xa042dbdf, 0x5df71a74, 0x5779dfa2, 0x2d405857, 0x0d2e6657,
      0x0e66cba7, 0xca2e892e, 0x285d6745, 0x0f0e6b5f, 0xf56a8def,
      0xa30767c3, 0xe0ee851d, 0x43346b9c, 0x98c05658, 0xd6b3c742,
      0xb35fce26, 0x39777e00, 0xc0895bff, 0xe7b6d886, 0x83c8f6a6,
      0x4f02904b, 0xbee14843, 0x2e84ec34, 0x7f74915b, 0x96d10991,
      0xbaaf663c, 0xe41facc0, 0x004b8757, 0x6f86c029, 0xa2b880e5,
      0x95b77358, 0x53f4a3e0 },
    { 0x89fc48e7, 0x11bb08ce, 0xafab5aeb, 0xba60c577, 0xa0c1cb5a,
      0xf06bcbf8, 0x79757cb6, 0x7d2efaea, 0x76319160, 0xe26d90b1,
      0x2b77b7a9, 0x42aa1ab6, 0x285df2bf, 0x38eec0cd, 0xf3a8f7f0,
      0xd35947f5, 0xfc1cb5b5, 0x97c8dc0e, 0xc45845cf, 0xfeb8cca0,
      0x249e26f2, 0x16e8d989, 0x483ed89a, 0x7c264e6d, 0x51d91073,
      0x13a3f145, 0x305e99f0, 0x8501562e, 0x6908d563, 0xaaf98d74,
      0xd723d236, 0x0a99e653 },
    { 0xabbc0559, 0x23536f46, 0x9aa1a160, 0xc163067b, 0x0c1681b5,
      0x229fd229, 0x1378e907, 0x61254be1, 0xab793a2d, 0xc60ff57a,
      0x466552db, 0xa6f2df8b, 0x8c170a36, 0x9ad31893, 0x29b74d9a,
      0xc5cd9abe, 0xf7848523, 0xcf747273, 0x0d0e3063, 0xc126a93a,
      0x4248e3d8, 0xfe2021e3, 0x8323ddfa, 0xd97343ee, 0x332639e7,
      0x9f768775, 0x75325548, 0x9650fc31, 0x3eebf7ea, 0xb595dbd1,
      0x010fcbc0, 0x3a95cb45 },
    { 0x39d7ff2e, 0x954e68cb, 0xc1d5c48f, 0x8dd1cb4b, 0x7169438a,
      0x02a92c77, 0x91cad8ce, 0x7965c0b0, 0x32cd08d2, 0x0c5798ab,
      0xa6902bda, 0x1a5bc3c3, 0x5186d218, 0x545d0925, 0xd27e64db,
      0xf0077cdb, 0x8cd092da, 0x0157caa4, 0x24532ab3, 0x2a2fa3a0,
      0x41ccaba3, 0xa5fb639b, 0x4744aee6, 0x01702dc1, 0xcdba93da,
      0x485bb436, 0x329784f1, 0x93597f66, 0xdad672c3, 0x5d713c1d,
      0x030b7245, 0x366d222e },
    { 0x573ea5b2, 0xd50b4875, 0xa90da44d, 0x0fce401b, 0x7a1a0310,
      0x7b53fa65, 0xcf114460, 0x722a80a5, 0xa538bf49, 0x0b8ebf05,
      0xd32acd21, 0xae141147, 0x7b5ad07d, 0x6692712c, 0x3f48ca07,
      0x6dc5fee7, 0x2b8a78d8, 0x98ed1499, 0xdd2f1759, 0x4e8b3145,
      0x5f971b8e, 0x43408de1, 0xadf1b368, 0x055ea6dd, 0xe5932b7e,
      0x4bb76e73, 0xd30893fd, 0x44287153, 0x0661bfda, 0x173dccd2,
      0x79defd25, 0x9072ba99 },
    { 0x9620ea39, 0x474de4dd, 0xc831cee8, 0xfbf1649f, 0xcd3a9c43,
      0x0b0e8bb1, 0x3f3df1d5, 0x6a38286f, 0x8f0ec9b3, 0x4ed072b3,
      0x729c09e3, 0xa6e4c987, 0x8ad12242, 0xea3e8ac6, 0xfbdfa5ba,
      0x6ae0e22b, 0xb0a0f592, 0x56171ecf, 0x6b871f8d, 0x33b2886d,
      0x35e11bda, 0x6b19bea9, 0x7f0f153f, 0x4d815a40, 0x7d6c02ee,
      0x7e608d97, 0xb6a88f46, 0x7e8f23d9, 0x439d1654, 0x26ac9652,
      0x35546c29, 0x8d92c6bd },
    { 0xabeb0ff7, 0xb3e0d7ce, 0x3e0e42f8, 0xfbe35254, 0xde808499,
      0x57d1b226, 0x1cd44bc3, 0x9ece2e1f, 0x435cfee1, 0x1245adbc,
      0xf93f581c, 0x874ee840, 0xbda0b947, 0x916a779c, 0xfa57ae0a,
      0xabcc815a, 0xf0a621b0, 0x97adec2d, 0x81f90bdc, 0xbe6a502b,
      0x53bde63d, 0x54bf9de1, 0x78884c25, 0xa88fdabf, 0xcbbb5470,
      0x30aa52b1, 0x29053ef5, 0xf805396c, 0x8dd827ea, 0x8d43d898,
      0x5c1ae5c0, 0x4e4bec17 },
    { 0xfcc09676, 0xbf8483a2, 0x19ea9a94, 0x457c4a3f, 0xd702a5dd,
      0xa6852ef3, 0x843fe7d8, 0xe7915fd2, 0x16e35158, 0x644bba98,
      0x9ed746f0, 0x8d1b95d0, 0xb90af0b5, 0x47704581, 0xd4fd135e,
      0x0bd4bc6b, 0xb4e833a5, 0xa6dce067, 0xff56a9a1, 0x2c0e8f30,
      0xec2c63fe, 0xa9c80800, 0x98f508a8, 0x449c20a5, 0x3292813a,
      0x02b94cb3, 0xec7e81a2, 0x647e3d28, 0xb4877677, 0x72e67d1a,
      0x6f9ded24, 0x7a4aa3f5 },
    { 0xe27a0045, 0x559ef1ba, 0xb242cb50, 0xdc812d4f, 0x39cf8d24,
      0x23a478e4, 0x9b3f9c54, 0x97544fc5, 0xaffa1fcf, 0x5ac68132,
      0x34a2c83b, 0x74f8fee0, 0xcd3f4bb7, 0x96cc640f, 0xb0512ea6,
      0x775dce9d, 0xcdce381e, 0x67dca19d, 0xa9d3fe55, 0xc1eeb3f3,
      0x1a19274f, 0x38e0bf42, 0x28d69b12, 0x15992fb4, 0x9fd09df8,
      0x48fcebde, 0xb41ab5df, 0xdc9dfa4f, 0xc0a269c5, 0x0cbd7dc8,
      0xf7f0ade1, 0x60282a7b },
    { 0xdceea2e7, 0x7c07e538, 0x3c42061d, 0x38a322c8, 0x4f1f6516,
      0x676828f9, 0xc7776a10, 0xf21b69fb, 0xb5e6b405, 0xc63a3417,
      0x91a7b642, 0x4c99f258, 0x2cad1440, 0x38692ca8, 0x00869bcd,
      0xf1e82ffe, 0x16fe466a, 0xc30b714e, 0x19019138, 0x5fb742f9,
      0x0fa516ae, 0xe90166d0, 0xd8c73a43, 0x5550f7ac, 0xfbc5c372,
      0x2d6a407d, 0x68cc39ed, 0xe47a7539, 0x4a5fbe70, 0x3fd286d9,
      0x23c6b942, 0x5f4ae9c7 },
    { 0x53f4d561, 0xd96a2dda, 0x16da1992, 0x286d45d0, 0xfdd4b051,
      0x449a01fb, 0x9f2195ea, 0x25488a0d, 0xa37661b3, 0xc4151b0a,
      0xf9e5ee02, 0xb98c471e, 0xa8658817, 0xa4bca86e, 0x7a68fc0a,
      0xbbcadb87, 0x6b7366a9, 0x88b34649, 0x15661c2d, 0x32ee98d4,
      0xc901420c, 0xf5b3b4c6, 0x2f2752af, 0xa2352735, 0x510e4d9c,
      0x2f64ce73, 0xaca4aa80, 0x939a7f26, 0x401aa503, 0x9cd3e291,
      0xdc46afd2, 0x92a01423 },
    { 0x1c2f7dbd, 0xe9f24be1, 0xb7d527fa, 0xda8c900f, 0x8648f128,
      0x963e25bb, 0x48141941, 0x9ab713e2, 0x7a6756fb, 0xe87f7d01,
      0x058d90bd, 0x274dd85e, 0x82566abd, 0x823fee7a, 0x74240195,
      0x9f6230d7, 0xacb5e46e, 0x04579f2c, 0x16a4c87e, 0x2a226263,
      0xd99b0857, 0x9ca19a43, 0xe488789e, 0x86dc2ba3, 0x9406c3bd,
      0xf960b5b9, 0x8960957e, 0x6f2c428b, 0x161c515b, 0x90748706,
      0xaa88cb9b, 0x0fc8fe1e },
    { 0xfeb90f2d, 0x68ae1bed, 0xa48b1559, 0xf393bb3c, 0xf64e9635,
      0x2be62f9c, 0xf8be75c2, 0x354c2410, 0x5e6f7529, 0xbd7ea703,
      0x162cab31, 0xc264868e, 0xc860f3ff, 0xb1391e70, 0x1d89837e,
      0xdf367c75, 0x2bf32941, 0xe150b6b4, 0x78c1318f, 0x95e8f46e,
      0xa2c4b160, 0x2b3f1dab, 0x701afbf3, 0xc6ccf5ce, 0x5e8874c5,
      0x3ad27530, 0x5dc6dcbe, 0x39285e51, 0xd99892dd, 0x3c954d86,
      0xdfd3789f, 0x2d0ba862 },
    { 0xb472e1af, 0xeacd8ee8, 0xb76abbcc, 0xeb354eae, 0xd0d93fbd,
      0x9b520bf8, 0xfe6fc706, 0xfccd60d7, 0xa4ee2f39, 0xa9353dde,
      0x9a81e51e, 0x5eb0925e, 0xd1366777, 0xee334da1, 0xd5354d69,
      0xc1d28c9f, 0x92a5ed54, 0xb9771755, 0xb7f70d81, 0x5d3e367f,
      0xa933ae7a, 0x7be7eeca, 0xe23cfbb7, 0x264cf1f9, 0x89497681,
      0x0d129f4a, 0x09b6235b, 0x705375a4, 0x48a376da, 0xccf64c75,
      0x4d41dbfc, 0x963c8712 },
    { 0xde36a814, 0xbae290cb, 0x733b12b5, 0x9bdb0195, 0xf77fe0e1,
      0x0ebad867, 0x29720cea, 0x0a7d19fd, 0x9029ec72, 0x434d7651,
      0xbb51911e, 0x856aff17, 0xd80a7f60, 0xd0a25d9a, 0xf848c106,
      0xffca86af, 0x43ad749c, 0x53e8bdf9, 0xe3e696bb, 0xfb9e0284,
      0xeeee4215, 0x3eb6630a, 0x2ecf3c63, 0x9d8fbb9e, 0x4e00c0c0,
      0x71da4ffa, 0x5d57beac, 0xb296be59, 0xa8cec7ef, 0x1751fbad,
      0xff55d7bd, 0x2d03eb3c },
    { 0x04f2ec1d, 0xeb16925f, 0x0d147ee2, 0xa878f276, 0xaad9d9e0,
      0x442df604, 0x3f71035b, 0x891df44b, 0x8cb95d5b, 0xc28272b3,
      0x5ee8ed23, 0x6f14efb5, 0x13b0f3e3, 0xf3c4460f, 0x6bd7335e,
      0x889f9bd7, 0xf755ba6e, 0x889ee771, 0xed219b6c, 0x626984fe,
      0xec2ee411, 0x2d44c737, 0x63efcd37, 0xb94385a2, 0x6637826b,
      0xd909321b, 0x3ee6b7a7, 0xc24f8a79, 0xa7cf61b7, 0xa3ca8d24,
      0xc54bacd9, 0x842e40c1 },
    { 0xa661d843, 0x5a268ed6, 0x4f5b30cd, 0x02328cca, 0x1311e177,
      0x16e6fed1, 0xc6695967, 0x690decb4, 0x57b2e280, 0xbdac5bf6,
      0x1efe42d0, 0x827f82ca, 0xca5fca2f, 0xc554ec0a, 0xdde45506,
      0xac5276c1, 0xe3077513, 0xb7f4cb08, 0xcc8797cc, 0x8caf6d9a,
      0x0d9332d2, 0xd5964814, 0x285a409f, 0xcc6ae297, 0x6223d093,
      0x7773c2a5, 0x5128fc09, 0x2d5266ac, 0xbc31fe6c, 0xa596b7cb,
      0xcac91328, 0x0e63319a },
    { 0xf0360ac2, 0xb5cd2fad, 0x285e605a, 0x86b660de, 0xe25b9b14,
      0x82c6cf10, 0xaa9ac554, 0x9d5fa38d, 0x526c070e, 0x3dfcf1b8,
      0x3fccc52d, 0x0379a96b, 0x0bfcc7f5, 0xe3659c29, 0x69d3e6a1,
      0x5b1a3db5, 0x9b7b42d5, 0xb41528b5, 0x9c22a006, 0x934defa4,
      0x9b4ce3b6, 0x90f38018, 0xb3abaf32, 0xb073bc04, 0xff8389e2,
      0x27a5a222, 0xffa5a35b, 0x0b7a9d51, 0x28e1a7c2, 0x4939ecef,
      0x1872705a, 0x88839da2 },
    { 0x701ce29a, 0x56b66c30, 0x58981d50, 0x3acaf126, 0x105f9f21,
      0xd4dafc0c, 0x373e3d13, 0xfee571e6, 0xfa2ee3ca, 0xe7269c86,
      0xdd20385a, 0xf5cca64a, 0x3000e9ac, 0x217f2757, 0x0e7273ef,
      0xc934db47, 0x355b6776, 0x4294f4f7, 0x6fc05180, 0x1faa36b9,
      0xb052190b, 0x8f88b1db, 0xe9eaef52, 0x35791b90, 0xdb681b90,
      0xf37fb2eb, 0x4415c369, 0x39d0a51d, 0x1d2e21c9, 0xfc59cca7,
      0xa1f50c26, 0x64128cfe },
    { 0xe8f5b0b5, 0xf03678a2, 0xd340f059, 0x5c7e249c, 0x93ca7cec,
      0x41440441, 0xbc83af98, 0x075ca346, 0xfaa8bbb0, 0xf39f0033,
      0xf38230f7, 0x3d18f0ed, 0xd448f345, 0x78dff00c, 0xd51aa475,
      0x849228c0, 0x30c928d1, 0xdd4e2708, 0x8f12cfd3, 0xc66ba686,
      0x88b3a206, 0x091049db, 0x016dae01, 0xd865d059, 0xe253e37d,
      0x4599e905, 0x7ce9871b, 0x322cf0c2, 0x174a132e, 0x014f54da,
      0xbdabcbda, 0x93634a09 },
    { 0xa9a2e304, 0x62826b27, 0xc1a4c124, 0xc57e1866, 0x22381710,
      0x913ab832, 0xa9847cfe, 0x7e9b6b85, 0x2b5f46fd, 0x29655cf1,
      0x8038e66d, 0x7295572b, 0x6fa95eab, 0xe4cba601, 0xb9deda81,
      0xbbc11071, 0x3f1cf61e, 0x97f0009a, 0x373e0cfb, 0x5372777b,
      0xd139d63b, 0x302f909c, 0x4f87d78e, 0x1ed672da, 0xb4048763,
      0x362077a3, 0x9dcc22b2, 0xc408c32d, 0x26deeee7, 0x4b4c5bf2,
      0xbc06357e, 0x266cb467 },
    { 0xb56363e8, 0x6faa4154, 0x3c1aa4db, 0x4b4fd078, 0x2b9e6597,
      0x14358dde, 0xfa004b84, 0x5b34ae3e, 0xf19911a6, 0xcf44b2ec,
      0xa536bf78, 0x55caa833, 0x8870dc95, 0x606e1eb9, 0x09f3511d,
      0xe3c3287d, 0x9d5cf364, 0x68b2f4eb, 0x63ab8c9e, 0xc154e892,
      0xc36ab611, 0x1548828e, 0xa1b7d120, 0x0932bfcb, 0x5315b8d7,
      0x7ee7b5bc, 0xf7473ac1, 0x782fd0d1, 0x3c8f2af3, 0xbcb029a8,
      0x52454ee1, 0x4b1d5a1b },
    { 0x63d52c0c, 0x12fe5174, 0x188c099d, 0x3735525e, 0x360e3956,
      0x5c621563, 0xacfa5a43, 0x88b3f1ca, 0x797e8107, 0x90123a0a,
      0xb15e080a, 0xba31f6b5, 0xfca3dada, 0xd7de5e12, 0x0df511c8,
      0x3287361b, 0x65757d4e, 0x7cc800d4, 0x5207ec91, 0x10810f3d,
      0x30eea0e3, 0x0d4e56f1, 0x3ea5a2ec, 0xbbf7ee13, 0xbe6abbd0,
      0x6fc07762, 0x120bf619, 0xc831fdce, 0xb622d42a, 0xe07439fa,
      0x508e4b27, 0x8186b93f },
    { 0x09312867, 0xc619d154, 0xbfaf7db4, 0x7e042c05, 0x1f5f5dda,
      0xc1cf1668, 0xa4fc3d82, 0x50aa5057, 0xce68b8fe, 0xed30ed65,
      0xbeb4d644, 0xecb01c0b, 0x831c0497, 0x7b5dc444, 0x9b7d9b1c,
      0x351e6a00, 0xd9477c91, 0x4bb863b9, 0x05d4110a, 0xaba65891,
      0x43580b7a, 0x30086cf4, 0x90be357e, 0xb139c076, 0x27b5214e,
      0x12bfff1a, 0x22c3ab57, 0x79cfc6d7, 0xf34a9bfa, 0x4743de57,
      0xc9ee2b2a, 0x0bf97e97 },
    { 0xdda19e96, 0x96ec4ec8, 0x6c306e8b, 0x54ce18ea, 0x65f6918a,
      0x7e83612b, 0x0d9a0d99, 0x1ac6f68b, 0x62fdcc09, 0x98a697a4,
      0x95bc3e13, 0x65ce25f1, 0xb3939730, 0x1896ecda, 0x32f12806,
      0x9eb81a0f, 0x1d2dc7df, 0xd3d7416e, 0xad473599, 0xe22c7976,
      0x9f5ef439, 0x3de37a9a, 0x9e69d94e, 0x6b7ac0ab, 0x0a9d0bc8,
      0xe6bfa9e0, 0x5676f120, 0x576a870d, 0xfeaac23f, 0x3bd91bb4,
      0x3e40aabb, 0x8fe5482c },
    { 0xce9a4d1e, 0x85ae67c2, 0x4f1d2038, 0x4c3eb803, 0x25d06192,
      0x5c6c8f3a, 0x308fb41c, 0x803de0ad, 0xe71c294e, 0x9961f5bc,
      0xf02eb0da, 0xdc62078d, 0xb64ae8b6, 0xc87ef515, 0x50b4d18f,
      0x69679f1e, 0x52199f43, 0xc5c009a1, 0x0f640a5f, 0xa7d484be,
      0x23dab566, 0x4c918bb1, 0x64275d2c, 0xa67c114c, 0xcad2ded6,
      0x95a913b9, 0x6b4b5c8d, 0x189ed18b, 0xb42d3bf6, 0x4aeb6206,
      0xbbc8bc3f, 0x3928c669 },
    { 0xdacb4b64, 0xde4bea4a, 0xf26179a1, 0x03f62a44, 0x7a9112a4,
      0xf3aac94e, 0xd36f331e, 0x90448fbd, 0x407b85c4, 0x426042bc,
      0x2121b77b, 0x5ad8a596, 0x67cee984, 0x31674a4f, 0x4e3b2f0d,
      0x7fae8bbe, 0xa7c930eb, 0x681df6dd, 0xc259d0d4, 0xadeefa98,
      0xbea1c1fd, 0x1b14d9e6, 0x21d405d1, 0x3baadc8b, 0x73892754,
      0xf01dff93, 0xf071cde4, 0x81c35b3e, 0x9150d0d9, 0x1704d2e1,
      0x355134f6, 0x6ccc888f },
    { 0x7ad7504c, 0xf8d36f0e, 0xf7959ddd, 0xbca3265f, 0xfede67aa,
      0x0dcd1ede, 0xbaebf32f, 0x1276f4ce, 0x014edcfc, 0x6825a6e6,
      0x99ad8eb7, 0x0b8c1a82, 0x09b8ce1e, 0x312024a9, 0x9cbd351a,
      0xcb8fd98b, 0xfab1e8be, 0xa4841378, 0x3973cacf, 0x17ed0f5d,
      0x259d5254, 0xa17e1484, 0x74b91393, 0x53d5b843, 0x1aca3ce9,
      0x8f792b21, 0xc8c0f815, 0x035ff110, 0xad4ed7bd, 0x6afa6357,
      0xb26faef9, 0x2f151980 },
    { 0x29d2d439, 0x0c8631da, 0xbc039955, 0x121fbbc2, 0x6c05b75b,
      0x3e5a9792, 0xb6ce47ec, 0x6d6cf4c0, 0x9d88c658, 0xbaaa1767,
      0xf3355a17, 0x031db9e7, 0x0aef5a85, 0x8381e3d8, 0x15a31bdf,
      0xc71db290, 0x9498fd7d, 0x638f6b74, 0x13beeef6, 0x44edf3f9,
      0xf4ab67b3, 0xe6173271, 0xfd22df11, 0x3a202c70, 0x205c4e92,
      0xf7be0389, 0xa8eb9920, 0x1c219085, 0xbeb54aaa, 0x6c805ce8,
      0x0ac58d65, 0x354b05b7 },
    { 0x7a9170e9, 0x7171e236, 0x4cad50cd, 0x01eec42d, 0x3cddccfb,
      0xffbe824f, 0xa66cae1a, 0xa73e8ce3, 0x965c7d01, 0xb7138a7f,
      0x5c3d971e, 0x00058e3f, 0x2ff0a72b, 0x52591ac3, 0xbbbce76f,
      0xa32fb5bc, 0xa9f81a18, 0xf3241ab8, 0xeca68630, 0xf31d3332,
      0x4482f13b, 0x847af9fc, 0xa4681be2, 0x6196e217, 0xe55efcf9,
      0x9938f932, 0x70acc705, 0x3e7dacb8, 0xcf09fac2, 0xd41be893,
      0xae3523a1, 0x48dc55c4 },
    { 0xa5092193, 0x8e623826, 0x6898970c, 0xe46ec362, 0x25c9eb41,
      0x2f1356af, 0x83c7d245, 0x41780640, 0x97d00e38, 0x982def67,
      0xa512151c, 0x382eb6e7, 0x8af58869, 0x154e1077, 0x8a51cf02,
      0x18707075, 0x71313c58, 0xcdeba9f7, 0xba155904, 0x5d67b973,
      0x1d0d7b3a, 0x851c9f4b, 0x8b8af2cd, 0x19f29d71, 0x986b8d62,
      0xcb94ccff, 0xb93b9c33, 0x8725e24b, 0x66e38c68, 0x405ce4c5,
      0x0b6dc021, 0x5f6a8edd },
    { 0x8f9a8690, 0x83704ca5, 0x2f76a407, 0x3f369766, 0x69201028,
      0xfbc12d8c, 0xbce3a4cf, 0x4cd58f16, 0x04aab26d, 0x7804664a,
      0x4ea457a8, 0x005cfbba, 0xb8a59794, 0x537951b3, 0x4fe1f739,
      0x4ca2b9e4, 0xdf325797, 0xe4428acd, 0x0ea243db, 0x648da342,
      0xf43ce01e, 0xcce6562b, 0xf27db490, 0x840f0421, 0x8bfb7cf0,
      0x156ccb70, 0x5a8797d3, 0x9b33480d, 0x9eb814bb, 0x2e12e07a,
      0xca7f87ac, 0x1ca65072 },
    { 0x2b9d25a0, 0xfbb321cf, 0x40a746db, 0x66affdca, 0x59e368b5,
      0xc1c1530e, 0x7d80068f, 0x56ed1ea4, 0x5647dd68, 0x9b74d8fe,
      0x89b78da8, 0x1d96b507, 0x8bbe3391, 0x39b75243, 0x0d858c5f,
      0xef8d443e, 0x9646aa34, 0x4dd2db49, 0xe667543c, 0x7fad3bd1,
      0x68980985, 0xd0d710c0, 0x49facaba, 0x9f7aff32, 0x14f9a192,
      0x055dec1c, 0x1fb307a1, 0xaca66399, 0x35ffff64, 0xac44fd91,
      0xcbad3cee, 0x462cafb6 },
    { 0xde3237dd, 0x1660a647, 0x82b87404, 0x95f735cc, 0xddfa55f8,
      0xf7879f59, 0x726b914a, 0x15ef043e, 0x1c93e298, 0x1875393d,
      0x6ef18331, 0xa1a2be74, 0x25a9a12b, 0x4e7e8dfc, 0xa9c3917f,
      0xdfefc97d, 0x0a2ebe41, 0xbc875d03, 0xa732d1cc, 0x0f75d235,
      0xd9baa6d3, 0x06fee7fe, 0x65f48576, 0xaa784fab, 0x513f83c0,
      0x23155e22, 0x3e8f9d13, 0xd2fb7718, 0xb546eafd, 0x2a291503,
      0x6cd93608, 0x1293c98c },
    { 0x49d53b77, 0x72781251, 0x96eafac7, 0xa6ab403d, 0x4a36b711,
      0xb7d7c7db, 0x87e771c1, 0x8238c708, 0x33b37522, 0x495f6abf,
      0x8c87530d, 0xb0b0289c, 0xe77b111a, 0xca83cb86, 0xa1bd189e,
      0xbe1c0fb8, 0x1ae9d7c7, 0x58cfb2fb, 0x4940c3e8, 0xd05c23c5,
      0x74ad9107, 0x16e79e41, 0x064e7142, 0xa0a47f05, 0xfdfd614f,
      0xc6929cd4, 0x3946988b, 0xedb2584c, 0xe46f8fb1, 0x73e4b5f3,
      0x68ea94ba, 0x53b79aa1 },
    { 0x44bbb6a1, 0x216fafce, 0x67821728, 0xd3a5bba0, 0xa9dd939a,
      0xef1e4b30, 0xf19efafe, 0x022eaf3d, 0x7b4ec014, 0xfed5abce,
      0x512c6738, 0x64968ee6, 0x29fe89a2, 0x23119869, 0x47397c05,
      0x0d539d8d, 0x234596c4, 0x6400bc54, 0x5346611d, 0xb9287f58,
      0xc9d5da0f, 0x04099903, 0xc83af2a8, 0xe5ef4997, 0x328151e1,
      0xc89dc01b, 0x58401104, 0x150fb4a9, 0xf3872c9d, 0x40a6f7d5,
      0x56c2e833, 0x8290d6d1 },
    { 0xd8546946, 0xf84637c6, 0x69ec57fa, 0xda134a39, 0xd789007e,
      0xd42359a4, 0x0dc7b809, 0xb42557fe, 0x2d6784a9, 0xe62ae52d,
      0x0bcadb5f, 0xa2714ca6, 0x33aafca5, 0xcc208de6, 0xed967811,
      0x2380ed5c, 0xdb321660, 0x6e6b55e9, 0xa675235a, 0x1bead02c,
      0xb33fa0e1, 0x51cc6ef9, 0xf06a2a08, 0xfd223e26, 0xec47b3cf,
      0x00f332e1, 0xa0aa984e, 0x459f297b, 0xee952e14, 0x6fa1d969,
      0x304fabb0, 0x506ef1ab },
    { 0x35bff163, 0x11b4eb27, 0xea9fa984, 0x7130b96f, 0x9deb27ce,
      0x66aceb3f, 0x9dd1c3d5, 0xa2daf1a5, 0xa73075aa, 0xf5090a7e,
      0xe3071b58, 0x36a6af39, 0xdf73ad9c, 0xa28d633d, 0xbdc89a16,
      0xdd354cac, 0xd4dcbc3c, 0xdfea3423, 0x379d92d1, 0x6eec74d2,
      0x8eed6765, 0xe14a456f, 0xfa8feb1f, 0xfabe7743, 0xb98fcbc7,
      0x1404ccf8, 0xf71a706e, 0x6ccd2fbf, 0x4d85c678, 0xdaaf3fdb,
      0x15200344, 0x415b7dbf },
    { 0x7d8377a7, 0x97010586, 0xcb803272, 0x068a3d68, 0xf03a4c32,
      0xfd67d289, 0x93c8f290, 0x4bc7095d, 0xe9e5a2b8, 0x712fa13c,
      0x0feb9f3b, 0xfc6ac6c6, 0x6e0e54c2, 0x0cda36d9, 0x86320a01,
      0x45499751, 0x97f00f11, 0xf9318c91, 0xe6936508, 0x01dc4c3f,
      0x85f068aa, 0x769a2ef9, 0xa2b5511c, 0x3522cef0, 0xb4122e05,
      0x006965ed, 0xc175d43f, 0xfce0fafc, 0xec831d59, 0x525dc9bd,
      0xaf58879d, 0x1ec314f1 },
    { 0x2c8310c2, 0x0663feef, 0x457e3f74, 0xaa7e14da, 0xe5346887,
      0x392b10fc, 0x637ec2c5, 0xcde4a38f, 0xb542f8df, 0x50773320,
      0xf7de1711, 0x341302f9, 0xae4b9bc6, 0x018b1c63, 0xdd2f9e6f,
      0xf001c46e, 0x26eccfa0, 0xd3bb0a97, 0x7746e0c7, 0xa931b99d,
      0xf5875aec, 0xe0c8b6f7, 0x96939c82, 0xbb32f17c, 0x3de5a664,
      0x765135d2, 0x52abfa6b, 0x71936cb4, 0x2dc105de, 0xad5cc08f,
      0x7fff5788, 0x17e91d12 },
    { 0xb7e051ca, 0xbe92ced3, 0x19c776d4, 0xc644d4fd, 0x0086784b,
      0xc8ab4b52, 0xce9d6b31, 0x3ea66227, 0xd289e9c7, 0x395249a3,
      0xd12a19ee, 0x54509e65, 0x8c365aec, 0xa7bd4692, 0x77963e0e,
      0x354997e4, 0xb599732d, 0x0d765957, 0x91d4a3b6, 0x99584aeb,
      0x1deb3e28, 0x6e653ea4, 0x572571df, 0xca7c98ed, 0xb18ae1f9,
      0xf301a38f, 0x63f7b97e, 0x1629f7c2, 0xafc4a0d5, 0xdf242282,
      0x3ddd0c01, 0x118f3b4b },
    { 0x7ad4762b, 0x74a0a0a8, 0x8c58d175, 0x1aef84da, 0x4cf76d86,
      0x16ff4960, 0x7e60d98b, 0xc0be8786, 0x3ecc1dba, 0x83637ffb,
      0x5dd6147a, 0xc244a609, 0x5b0846e5, 0xa3e17834, 0xe77a4c05,
      0x735eb686, 0xdf758695, 0x5bc18b4f, 0x1bdfe52f, 0x15618d0b,
      0x00715ba1, 0x878ecc0d, 0xc2dd617f, 0x1dbdbd1a, 0x21b61710,
      0x21d2b631, 0x44f593c2, 0x22ce8a79, 0x44f17024, 0x3b9b536a,
      0x8d03e727, 0x01d0a67c },
    { 0x1e46533c, 0x7b964236, 0xfb88c2ae, 0xe9477990, 0xa42c4a18,
      0x019b5d16, 0xd83c7a45, 0x7135e81d, 0x4cb663e3, 0x74a69bdd,
      0xe76c0d63, 0x7b67ecdb, 0x11e68da6, 0x03d54521, 0xd2e8650a,
      0x596cceb5, 0x2af03b37, 0xcd572dfd, 0xfabd5952, 0x52364ba1,
      0xb4ed8569, 0x7f47d456, 0xc950d5d4, 0x5ad8b572, 0x486e2f84,
      0xcadd2dfa, 0xc56bb044, 0xdd527b43, 0x997c08e6, 0xc9adba24,
      0x7da6320f, 0x1b625b06 },
    { 0x4fd8446d, 0x44dfaa7b, 0xaf6febeb, 0xc01b2f01, 0xfe8838b5,
      0xbf444388, 0xbba9758b, 0xf33c434f, 0x87156bc9, 0x2b971cba,
      0x1f49098b, 0x6b245e5c, 0x2b41c5dd, 0x87dcb534, 0x34d852d7,
      0xdb1f80c6, 0x2433da34, 0x6d6e3258, 0x3f7df0c2, 0xf6682065,
      0x360cb365, 0xc4ca567c, 0x9826656a, 0x321faac2, 0xbf069768,
      0x13f5ca6f, 0xa7076639, 0x15397921, 0x8400736e, 0xbdf14328,
      0x19fc948d, 0x333eca96 },
    { 0xac775d81, 0x23337948, 0xd41dbbca, 0x38c2518f, 0xbcfce948,
      0x623c7a4f, 0x54703fe7, 0xaad36236, 0x13fb3b5b, 0x2b3a13a4,
      0x7f5c01f0, 0x5db3565a, 0x52359661, 0xd72408dc, 0x1d616e91,
      0x5a17f8e5, 0xcb25b999, 0x90c16eeb, 0x3393743e, 0xf35e8cf1,
      0xe54b64a7, 0x987da74a, 0x65cd449d, 0x557b322a, 0x37e7b15d,
      0x765082a5, 0xf2cd134f, 0x4d25c742, 0x4ccf0746, 0xae9d9c07,
      0x8728d135, 0x72fc2110 },
    { 0xf96004c8, 0xa906b203, 0x458055ff, 0xd83f95cf, 0x55f35909,
      0xd77d5867, 0xe550c8ee, 0x4a9ea6fb, 0x55a06081, 0x91c8cca9,
      0xbce82062, 0x4a1fee78, 0x9a3df85e, 0xeb9ade06, 0x7d3de666,
      0xfbbdcf0c, 0x5d336d51, 0x228a391b, 0x5c2ffc3c, 0x760f8d28,
      0x2f7b165b, 0x1ee48de3, 0x56177040, 0x03803d84, 0x9deff9a0,
      0xe573f648, 0xa17e35a4, 0xe1a2738e, 0x8840a6c6, 0x238ef17c,
      0xb11ed92d, 0x480946f8 },
    { 0xfd71f119, 0x84c747a8, 0x53eb3695, 0x19e65c5e, 0x6298587a,
      0x0e2f6786, 0xab18d6f4, 0x48a48899, 0xc630b8c0, 0xa1a99024,
      0x2caaf892, 0x84975096, 0xe20fd624, 0xc8869aba, 0x6c2b7dd4,
      0x3b72b04d, 0x0992f7d0, 0xe2775eb6, 0x7d06e684, 0x0089c06e,
      0xe4bbd007, 0xcb3b4361, 0x4ba846e4, 0xa1ae666b, 0x46464d9e,
      0xc01c2eb2, 0xc1f8539f, 0xf86f2be6, 0xcf68afc7, 0x16e8e8ae,
      0xc7386902, 0x8dab61fd },
    { 0xd54d1d45, 0x42a5c903, 0xff4f9ba2, 0xacd4297e, 0x34d478b4,
      0x2d88b520, 0x08c4621a, 0x35b2ba2b, 0x34865402, 0xd3d239bb,
      0x911f32e6, 0x1de76aed, 0x3f06fdc2, 0x877f8bcf, 0x9ec51502,
      0x802714c1, 0xa590700d, 0xa10444eb, 0x31dcc957, 0x8694229f,
      0xb8169fed, 0x5ece77ab, 0x2caf080e, 0x55be8a15, 0xcbd7cef1,
      0x3eb21b14, 0x67b97ee1, 0x9def7ad1, 0x118f690c, 0xe03ca879,
      0xf99b29e7, 0x6f77e62d },
    { 0xe40bbf59, 0xa271bded, 0x6401aad6, 0x177ba453, 0x73541cd1,
      0x1755e035, 0x4b71b02f, 0x3465b466, 0xa813359f, 0x22eb7113,
      0x6f38eac7, 0x9792a8fd, 0xff3bf3b5, 0x11aa012f, 0xf85c3fbf,
      0x99aafabf, 0x06c0cc42, 0x91e0a2ef, 0x773b7b3a, 0x314d5d57,
      0xd669840a, 0xae5e2e76, 0x2e5a8be6, 0x86136073, 0xc1cf5580,
      0xee6d7578, 0x68bed102, 0x2344e00f, 0x8184f0eb, 0x799d7886,
      0xc3d2cf80, 0x63819c91 },
    { 0x7884b073, 0xca5392e1, 0xeb1267ea, 0x9ec3a1fc, 0x907038a7,
      0x3d07f5f0, 0xe4c47b70, 0xcb2ac07c, 0x1bf96b91, 0xf96664ee,
      0x2aea4fbf, 0xebf57589, 0xfade6500, 0x5aabf391, 0x171d1204,
      0xc5b3376f, 0xa0d3d81a, 0x1ff60c51, 0x976a844b, 0x10b2cfe7,
      0xbda6125a, 0xe131cc9a, 0x4ebd453e, 0xe0fc16d3, 0x504b6bc1,
      0xc0d0319a, 0x0a2f8cab, 0xe43a0be7, 0x55e49b47, 0xc80afeec,
      0x8265d7ee, 0x67d48d12 },
    { 0xea2d56d6, 0x068d59a7, 0x27480a63, 0xd71abd0e, 0xae7366cd,
      0x6bd11db0, 0x07204ebc, 0xfbb639ca, 0xf77e6293, 0x89a242e7,
      0x75ba8c3d, 0xdee7ca2b, 0x64a2f9a8, 0x472ddc3d, 0x7561a010,
      0x84229df4, 0xc5b649d4, 0x95f62c85, 0x4dc927cd, 0xfdd56b1b,
      0x5ee60596, 0xfe8bb120, 0xabf29401, 0x3efcaa50, 0x10d1c184,
      0xd4900d0f, 0x28b01df5, 0x2cf113a9, 0x1f0e43f5, 0xa3d7ebc3,
      0xe8384dc7, 0x27950e38 },
    { 0xe1d0fa79, 0xeab21ff0, 0x048b5de9, 0x4b9fd033, 0x2fe374cb,
      0x4c934689, 0x4eb21f6b, 0xbb4827fa, 0xa925e7e7, 0x46716f79,
      0x7dd4c531, 0x1442bf36, 0xd2e96ddf, 0x2073954c, 0x8502aa89,
      0x4e0141ae, 0x8eef6cc9, 0x8ee00e1a, 0x5880cdaf, 0x55ce8491,
      0x69628046, 0xff3aba5c, 0x5d15dfbf, 0x335cc4f8, 0x9f684f25,
      0xa7f0440c, 0xbb1e5bd8, 0xae80453f, 0xff2225ab, 0xa1c99813,
      0x79b25d71, 0x54ff7884 },
    { 0xde40b068, 0x27c6ee30, 0xe6f3a51e, 0x9226465b, 0xfa3b21f6,
      0xe24a4604, 0xc0418115, 0x50a5a5ad, 0x8df90d2b, 0xe3285441,
      0xdcb0c00f, 0xbb74e58f, 0x4a2c08e3, 0xc68f1b3b, 0x0ccd9ec9,
      0x339df081, 0xb786ea9f, 0x915362dc, 0xc955aead, 0x28945e31,
      0x8b6a6c6b, 0xd6a2c01d, 0x3678a427, 0x069e82dc, 0x28c9302c,
      0x17875500, 0x9fa101e6, 0x8acda965, 0xee30b286, 0x4e4e4573,
      0x3f1830fe, 0x8adbad85 },
    { 0x0969d524, 0x060ae11f, 0xf39bcc79, 0xf42fdaf7, 0x7cc1fcc2,
      0x3cec6766, 0xe2336d4f, 0x456b9cf2, 0x8e1c0f7f, 0x6aa1f5de,
      0x0984fb0e, 0xcdbc2ad2, 0x1b464b28, 0x4090cfa6, 0x1243f3ef,
      0x40d86f30, 0xcd5e87e7, 0x95b16ccc, 0x3026cd41, 0x403f168c,
      0x816c0730, 0xdbe386cb, 0x58407a1d, 0x14eb86f3, 0x1717e1af,
      0xf588b4f8, 0x66cbc96c, 0xb75c41a6, 0x027e71c1, 0xf342c1aa,
      0xc0945e5f, 0x73930036 },
    { 0x22cdaf42, 0x954f757d, 0xf4181aab, 0x788b591d, 0xf5514f25,
      0x8b986819, 0xf18fd5bc, 0x69642e08, 0x022ceb91, 0x92b305d1,
      0x6a4f6985, 0x1715903e, 0x61179cae, 0x4bd7d69d, 0xd29c01aa,
      0xdacdfd5d, 0xd91108cc, 0x705ddd5a, 0x64ac8f15, 0x434ac7b1,
      0xb524632f, 0x61a514e1, 0x731fc447, 0x45b9e61b, 0xe0961b31,
      0xcf561348, 0x73eaf223, 0x9c28a967, 0xaa7c99d3, 0x5bd10182,
      0xe42965e2, 0x8bc6ec4a },
    { 0xe7f2a32b, 0xd096e5c0, 0x09388a30, 0xff54800c, 0x401e360c,
      0x06fe437c, 0xbb6054a6, 0x6655fc9c, 0x8457aa6e, 0x510e1860,
      0x2b29b2b7, 0xa0acfca2, 0x51b7da61, 0x732483e3, 0x6be6c8ca,
      0xe31471ee, 0x8b65c9a1, 0xe565431c, 0x48d65cbb, 0xfc9ac3b9,
      0xae9b2aa8, 0xd308fc21, 0xaa60aa6a, 0xd6a7df0d, 0x982fc0d4,
      0x2844d96a, 0x5847a4d7, 0xab012c2c, 0xdceb8955, 0x2b3c8f71,
      0xbe9c7e15, 0x8e85437d },
};

/* Perform the modular exponentiation in Fp* for SAKKE.
 *
 * Base is fixed to be the g parameter - a precomputed table is used.
 *
 * Striping: 128 points at a distance of 8 combined.
 * Total of 256 points in table.
 * Square and multiply performed in Fp*.
 *
 * base  [in]   Base. MP integer.
 * exp   [in]   Exponent. MP integer.
 * res   [out]  Result. MP integer.
 * returns 0 on success, MP_READ_E if there are too many bytes in an array
 * and MEMORY_E if memory allocation fails.
 */
int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
{
#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    sp_digit* td;
    sp_digit* t;
    sp_digit* tx;
    sp_digit* ty;
#else
    sp_digit t[36 * 2 * 32];
    sp_digit tx[2 * 32];
    sp_digit ty[2 * 32];
#endif
    sp_digit* r = NULL;
    unsigned char e[128];
    int err = MP_OKAY;
    int i;
    int y;

    (void)base;

#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 38 * 32 * 2, NULL,
                            DYNAMIC_TYPE_TMP_BUFFER);
    if (td == NULL) {
        err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
        t  = td;
        tx = td + 36 * 32 * 2;
        ty = td + 37 * 32 * 2;
#endif
        r = ty;

        (void)mp_to_unsigned_bin_len(exp, e, 128);

        XMEMCPY(tx, p1024_norm_mod, sizeof(sp_digit) * 32);
        y  =  e[112] >> 7;
        y |= (e[96] >> 7) << 1;
        y |= (e[80] >> 7) << 2;
        y |= (e[64] >> 7) << 3;
        y |= (e[48] >> 7) << 4;
        y |= (e[32] >> 7) << 5;
        y |= (e[16] >> 7) << 6;
        y |= (e[0] >> 7) << 7;
        XMEMCPY(ty, sp_1024_g_table[y], sizeof(sp_digit) * 32);
        for (i = 126; i >= 0; i--) {
            y  =  (e[127 - (i / 8)] >> (i & 0x7)) & 1;
            y |= ((e[111 - (i / 8)] >> (i & 0x7)) & 1) << 1;
            y |= ((e[95 - (i / 8)] >> (i & 0x7)) & 1) << 2;
            y |= ((e[79 - (i / 8)] >> (i & 0x7)) & 1) << 3;
            y |= ((e[63 - (i / 8)] >> (i & 0x7)) & 1) << 4;
            y |= ((e[47 - (i / 8)] >> (i & 0x7)) & 1) << 5;
            y |= ((e[31 - (i / 8)] >> (i & 0x7)) & 1) << 6;
            y |= ((e[15 - (i / 8)] >> (i & 0x7)) & 1) << 7;

            sp_1024_proj_sqr_32(tx, ty, t);
            sp_1024_proj_mul_qx1_32(tx, ty, sp_1024_g_table[y], t);
        }
    }

    if (err == MP_OKAY) {
        sp_1024_mont_inv_32(tx, tx, t);
        sp_1024_mont_mul_32(r, tx, ty, p1024_mod, p1024_mp_mod);
        XMEMSET(r + 32, 0, sizeof(sp_digit) * 32);
        sp_1024_mont_reduce_32(r, p1024_mod, p1024_mp_mod);

        err = sp_1024_to_mp(r, res);
    }

#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    if (td != NULL) {
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    }
#endif
    return err;
}

#endif /* WOLFSSL_SP_SMALL */
/* Multiply p* by q* in projective coordinates.
 *
 *   p.x' = (p.x * q.x) - (p.y * q.y)
 *   p.y' = (p.x * q.y) + (p.y * q.x)
 * But applying Karatsuba:
 *   v0 = p.x * q.x
 *   v1 = p.y * q.y
 *   p.x' = v0 - v1
 *   p.y' = (px + py) * (qx + qy) - v0 - v1
 *
 * px  [in,out]  A single precision integer - X ordinate of number to multiply.
 * py  [in,out]  A single precision integer - Y ordinate of number to multiply.
 * qx  [in]      A single precision integer - X ordinate of number of
 *               multiplier.
 * qy  [in]      A single precision integer - Y ordinate of number of
 *               multiplier.
 * t   [in]      Two single precision integers - temps.
 */
static void sp_1024_proj_mul_32(sp_digit* px, sp_digit* py,
        const sp_digit* qx, const sp_digit* qy, sp_digit* t)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t + 2 * 32;

    /* t1 = px + py */
    sp_1024_mont_add_32(t1, px, py, p1024_mod);
    /* t2 = qx + qy */
    sp_1024_mont_add_32(t2, qx, qy, p1024_mod);
    /* t2 = (px + py) * (qx + qy) */
    sp_1024_mont_mul_32(t2, t1, t2, p1024_mod, p1024_mp_mod);
    /* t1 = py * qy */
    sp_1024_mont_mul_32(t1, py, qy, p1024_mod, p1024_mp_mod);
    /* t2 = (px + py) * (qx + qy) - (py * qy) */
    sp_1024_mont_sub_32(t2, t2, t1, p1024_mod);
    /* px = px * qx */
    sp_1024_mont_mul_32(px, px, qx, p1024_mod, p1024_mp_mod);
    /* py = (px + py) * (qx + qy) - (py * qy) - (px * qx) */
    sp_1024_mont_sub_32(py, t2, px, p1024_mod);
    /* px = (px * qx) - (py * qy)*/
    sp_1024_mont_sub_32(px, px, t1, p1024_mod);
}

#ifndef WOLFSSL_SP_SMALL
/*
 * Convert point from projective to affine but keep in Montgomery form.
 *
 * p  [in,out]  Point to convert.
 * t  [in]      Temporary numbers: 2.
 */
static void sp_1024_mont_map_32(sp_point_1024* p, sp_digit* t)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t + 2 * 32;

    sp_1024_mont_inv_32(t1, p->z, t2);
    sp_1024_mont_sqr_32(t2, t1, p1024_mod, p1024_mp_mod);
    sp_1024_mont_mul_32(t1, t2, t1, p1024_mod, p1024_mp_mod);
    sp_1024_mont_mul_32(p->x, p->x, t2, p1024_mod, p1024_mp_mod);
    sp_1024_mont_mul_32(p->y, p->y, t1, p1024_mod, p1024_mp_mod);
    XMEMCPY(p->z, p1024_norm_mod, sizeof(sp_digit) * 32);
}

#endif /* WOLFSSL_SP_SMALL */
/*
 * Calculate gradient of line through P, P and [-2]P, accumulate line and
 * double P.
 *
 * Calculations:
 *   l = 3 * (p.x^2 - p.z^4) = 3 * (p.x - p.z^2) * (p.x + p.z^2)
 *   r.x = l * (p.x + q.x * p.z^2) - 2 * p.y^2
 *   r.y = 2 * p.y * p.z^3 * q.y (= p'.z * p.z^2 * q.y)
 *   v* = v*^2 * r*
 *   p'.x = l^2 - 8 * p.y^2 * p.x
 *   p'.y = (4 * p.y^2 * p.x - p'.x) * l - 8 * p.y^4
 *   p'.z = 2 * p.y * p.z
 *
 * @param  [in,out]  vx  X-ordinate of projective value in F*.
 * @param  [in,out]  vy  Y-ordinate of projective value in F*.
 * @param  [in,out]  p   ECC point - point on E(F_p^2) to double.
 * @param  [in]      q   ECC point - second point on E(F_P^2).
 * @param  [in]      t   SP temporaries (6 used).
 */
static void sp_1024_accumulate_line_dbl_32(sp_digit* vx, sp_digit* vy,
        sp_point_1024* p, const sp_point_1024* q, sp_digit* t)
{
    sp_digit* t1  = t +  0 * 32;
    sp_digit* pz2 = t +  2 * 32;
    sp_digit* rx  = t +  4 * 32;
    sp_digit* ry  = t +  6 * 32;
    sp_digit* l   = t +  8 * 32;
    sp_digit* ty  = t + 10 * 32;

    /* v = v^2 */
    sp_1024_proj_sqr_32(vx, vy, t);
    /* pz2 = p.z^2 */
    sp_1024_mont_sqr_32(pz2, p->z, p1024_mod, p1024_mp_mod);
    /* t1 = p.x + p.z^2 */
    sp_1024_mont_add_32(ty, p->x, pz2, p1024_mod);
    /* l = p.x - p.z^2 */
    sp_1024_mont_sub_32(l, p->x, pz2, p1024_mod);
    /* t1 = (p.x + p.z^2) * (p.x - p.z^2) = p.x^2 - p.z^4 */
    sp_1024_mont_mul_32(t1, l, ty, p1024_mod, p1024_mp_mod);
    /* l = 3 * (p.x^2 - p.z^4) */
    sp_1024_mont_tpl_32(l, t1, p1024_mod);
    /* t1 = q.x * p.z^2 */
    sp_1024_mont_mul_32(t1, q->x, pz2, p1024_mod, p1024_mp_mod);
    /* t1 = p.x + q.x * p.z^2 */
    sp_1024_mont_add_32(t1, p->x, t1, p1024_mod);
    /* r.x = l * (p.x + q.x * p.z^2) */
    sp_1024_mont_mul_32(rx, l, t1, p1024_mod, p1024_mp_mod);
    /* r.y = 2 * p.y */
    sp_1024_mont_dbl_32(ry, p->y, p1024_mod);
    /* ty = 4 * p.y ^ 2 */
    sp_1024_mont_sqr_32(ty, ry, p1024_mod, p1024_mp_mod);
    /* t1 = 2 * p.y ^ 2 */
    sp_1024_mont_div2_32(t1, ty, p1024_mod);
    /* r.x -= 2 * (p.y ^ 2) */
    sp_1024_mont_sub_32(rx, rx, t1, p1024_mod);
    /* p'.z = p.y * 2 * p.z */
    sp_1024_mont_mul_32(p->z, p->z, ry, p1024_mod, p1024_mp_mod);
    /* r.y = p'.z * p.z^2 */
    sp_1024_mont_mul_32(t1, p->z, pz2, p1024_mod, p1024_mp_mod);
    /* r.y = p'.z * p.z^2 * q.y */
    sp_1024_mont_mul_32(ry, t1, q->y, p1024_mod, p1024_mp_mod);
    /* v = v^2 * r */
    sp_1024_proj_mul_32(vx, vy, rx, ry, t);

    /* Double point using previously calculated values
     *   l = 3 * (p.x - p.z^2).(p.x + p.z^2)
     *   ty = 4 * p.y^2
     *   p'.z = 2 * p.y * p.z
     */
    /* t1 = (4 * p.y^2) ^ 2 = 16 * p.y^4 */
    sp_1024_mont_sqr_32(t1, ty, p1024_mod, p1024_mp_mod);
    /* t1 = 16 * p.y^4 / 2 = 8 * p.y^4 */
    sp_1024_mont_div2_32(t1, t1, p1024_mod);
    /* p'.y = 4 * p.y^2 * p.x */
    sp_1024_mont_mul_32(p->y, ty, p->x, p1024_mod, p1024_mp_mod);
    /* p'.x = l^2 */
    sp_1024_mont_sqr_32(p->x, l, p1024_mod, p1024_mp_mod);
    /* p'.x = l^2 - 4 * p.y^2 * p.x */
    sp_1024_mont_sub_32(p->x, p->x, p->y, p1024_mod);
    /* p'.x = l^2 - 8 * p.y^2 * p.x */
    sp_1024_mont_sub_32(p->x, p->x, p->y, p1024_mod);
    /* p'.y = 4 * p.y^2 * p.x - p.x' */
    sp_1024_mont_sub_32(ty, p->y, p->x, p1024_mod);
    /* p'.y = (4 * p.y^2 * p.x - p'.x) * l */
    sp_1024_mont_mul_32(p->y, ty, l, p1024_mod, p1024_mp_mod);
    /* p'.y = (4 * p.y^2 * p.x - p'.x) * l - 8 * p.y^4 */
    sp_1024_mont_sub_32(p->y, p->y, t1, p1024_mod);
}

#ifdef WOLFSSL_SP_SMALL
/*
 * Calculate gradient of line through C, P and -C-P, accumulate line and
 * add P to C.
 *
 * Calculations:
 *   r.x = (q.x + p.x) * c.y - (q.x * c.z^2 + c.x) * p.y * c.z
 *   r.y = (c.x - p.x * c.z^2) * q.y * c.z
 *   v* = v* * r*
 *   r = p.y * c.z^3 - c.y
 *   c'.x = r^2 + h^3 - 2 * c.x * h^2
 *   c'.y = r * (c'.x - c.x * h^2) - c.y * h^3
 *   c'.z = (c.x - p.x * c.z^2) * c.z
 *
 * @param  [in,out]  vx     X-ordinate of projective value in F*.
 * @param  [in,out]  vy     Y-ordinate of projective value in F*.
 * @param  [in,out]  c      ECC point - current point on E(F_p^2) to be added
 *                          to.
 * @param  [in]      p      ECC point - point on E(F_p^2) to add.
 * @param  [in]      q      ECC point - second point on E(F_P^2).
 * @param  [in]      qx_px  SP that is a constant value across adds.
 * @param  [in]      t      SP temporaries (6 used).
 */
static void sp_1024_accumulate_line_add_one_32(sp_digit* vx, sp_digit* vy,
        sp_point_1024* c, sp_point_1024* p, sp_point_1024* q, sp_digit* qx_px,
        sp_digit* t)
{
    sp_digit* t1  = t;
    sp_digit* t2  = t +  2 * 32;
    sp_digit* rx  = t +  4 * 32;
    sp_digit* ry  = t +  6 * 32;
    sp_digit* h   = t +  8 * 32;
    sp_digit* r   = t + 10 * 32;

    /* r.x = (q.x + p.x) * c.y */
    sp_1024_mont_mul_32(rx, qx_px, c->y, p1024_mod, p1024_mp_mod);
    /* t2 = c.z^2 */
    sp_1024_mont_sqr_32(t2, c->z, p1024_mod, p1024_mp_mod);
    /* t1 = q.x * c.z^2 */
    sp_1024_mont_mul_32(t1, q->x, t2, p1024_mod, p1024_mp_mod);
    /* t1 = q.x * c.z^2 + c.x */
    sp_1024_mont_add_32(h, t1, c->x, p1024_mod);
    /* r = p.y * c.z */
    sp_1024_mont_mul_32(ry, p->y, c->z, p1024_mod, p1024_mp_mod);
    /* t1 = (q.x * c.z^2 + c.x) * p.y * c.z */
    sp_1024_mont_mul_32(t1, h, ry, p1024_mod, p1024_mp_mod);
    /* r = p.y * c.z * c.z^2 = p.y * c.z^3  */
    sp_1024_mont_mul_32(r, ry, t2, p1024_mod, p1024_mp_mod);
    /* r.x -= (q.x * c.z^2 + c.x) * p.y * c.z */
    sp_1024_mont_sub_32(rx, rx, t1, p1024_mod);
    /* t1 = p.x * c.z^2 */
    sp_1024_mont_mul_32(t1, p->x, t2, p1024_mod, p1024_mp_mod);
    /* h = c.x - p.x * c.z^2 */
    sp_1024_mont_sub_32(h, c->x, t1, p1024_mod);
    /* c'.z = (c.x - p.x * c.z^2) * c.z */
    sp_1024_mont_mul_32(c->z, h, c->z, p1024_mod, p1024_mp_mod);
    /* r.y = (c.x - p.x * c.z^2) * c.z * q.y */
    sp_1024_mont_mul_32(ry, c->z, q->y, p1024_mod, p1024_mp_mod);
    /* v = v * r */
    sp_1024_proj_mul_32(vx, vy, rx, ry, t);

    /* Add p to c using previously calculated values.
     *   h = c.x - p.x * c.z^2
     *   r = p.y * c.z^3
     *   c'.z = (c.x - p.x * c.z^2) * c.z
     */

    /* r = p.y * c.z^3 - c.y */
    sp_1024_mont_sub_32(r, r, c->y, p1024_mod);
    /* t1 = r^2 */
    sp_1024_mont_sqr_32(t1, r, p1024_mod, p1024_mp_mod);
    /* t2 = h^2 */
    sp_1024_mont_sqr_32(rx, h, p1024_mod, p1024_mp_mod);
    /* ry = c.x * h^2 */
    sp_1024_mont_mul_32(ry, c->x, rx, p1024_mod, p1024_mp_mod);
    /* t2 = h^3 */
    sp_1024_mont_mul_32(t2, rx, h, p1024_mod, p1024_mp_mod);
    /* c->x = r^2 + h^3 */
    sp_1024_mont_add_32(c->x, t1, t2, p1024_mod);
    /* t1 = 2 * c.x * h^2 */
    sp_1024_mont_dbl_32(t1, ry, p1024_mod);
    /* c'.x = r^2 + h^3 - 2 * c.x * h^2 */
    sp_1024_mont_sub_32(c->x, c->x, t1, p1024_mod);
    /* ry = c'.x - c.x * h^2 */
    sp_1024_mont_sub_32(t1, c->x, ry, p1024_mod);
    /* ry = r * (c'.x - c.x * h^2) */
    sp_1024_mont_mul_32(ry, t1, r, p1024_mod, p1024_mp_mod);
    /* t2 = c.y * h^3 */
    sp_1024_mont_mul_32(t1, t2, c->y, p1024_mod, p1024_mp_mod);
    /* c'.y = r * (c'.x - c.x * h^2) - c.y * h^3 */
    sp_1024_mont_sub_32(c->y, ry, t1, p1024_mod);
}

/*
 * Calculate r = pairing <P, Q>.
 *
 * That is, multiply base in PF_p[q] by the scalar s, such that s.P = Q.
 *
 * @param  [in]  key  SAKKE key.
 * @param  [in]  p    First point on E(F_p)[q].
 * @param  [in]  q    Second point on E(F_p)[q].
 * @param  [in]  r    Result of calculation.
 * @return  0 on success.
 * @return  MEMORY_E when dynamic memory allocation fails.
 * @return  Other -ve value on internal failure.
 */
int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
{
    int err = MP_OKAY;
#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    sp_digit* td = NULL;
    sp_digit* t;
    sp_digit* vx;
    sp_digit* vy;
    sp_digit* qx_px;
#else
    sp_digit t[36 * 2 * 32];
    sp_digit vx[2 * 32];
    sp_digit vy[2 * 32];
    sp_digit qx_px[2 * 32];
    sp_point_1024 pd;
    sp_point_1024 qd;
    sp_point_1024 cd;
#endif
    sp_point_1024* p = NULL;
    sp_point_1024* q = NULL;
    sp_point_1024* c = NULL;
    sp_digit* r = NULL;
    int i;

    err = sp_1024_point_new_32(NULL, pd, p);
    if (err == MP_OKAY) {
        err = sp_1024_point_new_32(NULL, qd, q);
    }
    if (err == MP_OKAY) {
        err = sp_1024_point_new_32(NULL, cd, c);
    }

#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 39 * 32 * 2, NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL) {
            err = MEMORY_E;
        }
    }
#endif

    if (err == MP_OKAY) {
#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
        t     = td;
        vx    = td + 36 * 32 * 2;
        vy    = td + 37 * 32 * 2;
        qx_px = td + 38 * 32 * 2;
#endif
        r = vy;

        sp_1024_point_from_ecc_point_32(p, pm);
        sp_1024_point_from_ecc_point_32(q, qm);

        err = sp_1024_mod_mul_norm_32(p->x, p->x, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(p->y, p->y, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(p->z, p->z, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(q->x, q->x, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(q->y, q->y, p1024_mod);
    }
    if (err == MP_OKAY) {
        XMEMCPY(c, p, sizeof(sp_point_1024));
        XMEMSET(vx, 0, sizeof(sp_digit) * 2 * 32);
        vx[0] = 1;
        XMEMSET(vy, 0, sizeof(sp_digit) * 2 * 32);

        sp_1024_mont_add_32(qx_px, q->x, p->x, p1024_mod);

        for (i = 1020; i >= 0; i--) {
            /* Accumulate line into v and double point. */
            sp_1024_accumulate_line_dbl_32(vx, vy, c, q, t);

            if ((i > 0) && ((p1024_order[i / 32] >> (i % 32)) & 1)) {
                /* Accumulate line into v and add P into C. */
                sp_1024_accumulate_line_add_one_32(vx, vy, c, p, q, qx_px, t);
            }
        }

        /* Final exponentiation */
        sp_1024_proj_sqr_32(vx, vy, t);
        sp_1024_proj_sqr_32(vx, vy, t);

        /* Convert from PF_p[q] to F_p */
        sp_1024_mont_inv_32(vx, vx, t);
        sp_1024_mont_mul_32(r, vx, vy, p1024_mod, p1024_mp_mod);
        XMEMSET(r + 32, 0, sizeof(sp_digit) * 32);
        sp_1024_mont_reduce_32(r, p1024_mod, p1024_mp_mod);

        err = sp_1024_to_mp(r, res);
    }

#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    if (td != NULL) {
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    }
#endif
    sp_1024_point_free_32(c, 1, NULL);
    sp_1024_point_free_32(q, 1, NULL);
    sp_1024_point_free_32(p, 1, NULL);
    return err;
}

#else
/*
 * Calculate gradient of line through C, P and -C-P, accumulate line and
 * add P to C.
 *
 * Both C and P have z ordinates to use in the calculation.
 *
 * Calculations:
 *   r.x  = (q.x * c.z^2 + c.x) * p.y * c.z - (q.x * p.z^2 + p.x) * c.y * p.z
 *   r.y  = (p.x * c.z^2 - c.x * p.z^2) * q.y * p.z * c.z
 *   v*   = v* * r*
 *   h    = p.x * c.z^2 - c.x * p.z^2
 *   r    = p.y * c.z^3 - c.y * p.z^3
 *   c'.x = r^2 - h^3 - 2 * c.x * p.z^2 * h^2
 *   c'.y = r * (c.x * p.z^2 * h^2 - c'.x) - c.y * p.z^3 * h^3
 *   c'.z = (p.x * c.z^2 - c.x * p.z^2) * c.z
 *
 * @param  [in,out]  vx     X-ordinate of projective value in F*.
 * @param  [in,out]  vy     Y-ordinate of projective value in F*.
 * @param  [in,out]  c      ECC point - current point on E(F_p^2) to be added
 *                          to.
 * @param  [in,out]  p      ECC point - point on E(F_p^2) to add.
 * @param  [in,out]  q      ECC point - second point on E(F_P^2).
 * @param  [in,out]  t      SP temporaries (6 used).
 * @param  [in,out]  neg    Indicates to use negative P.
 * @return  0 on success.
 * @return  MEMORY_E when dynamic memory allocation fails.
 * @return  Other -ve value on internal failure.
 */
static void sp_1024_accumulate_line_add_n_32(sp_digit* vx, sp_digit* vy,
        const sp_point_1024* p, const sp_point_1024* q,
        sp_point_1024* c, sp_digit* t, int neg)
{
    sp_digit* t1 = t;
    sp_digit* t2 = t +  2 * 32;
    sp_digit* rx = t +  4 * 32;
    sp_digit* ry = t +  6 * 32;
    sp_digit* h  = t +  8 * 32;
    sp_digit* r  = t + 10 * 32;

    /* h = p.z^2 */
    sp_1024_mont_sqr_32(h, p->z, p1024_mod, p1024_mp_mod);
    /* rx = q.x * p.z^2 */
    sp_1024_mont_mul_32(rx, q->x, h, p1024_mod, p1024_mp_mod);
    /* rx = q.x * p.z^2 + p.x */
    sp_1024_mont_add_32(t2, rx, p->x, p1024_mod);
    /* c.y = c.y * p.z */
    sp_1024_mont_mul_32(t1, c->y, p->z, p1024_mod, p1024_mp_mod);
    /* r.x = (q.x * p.z^2 + p.x) * c.y * p.z */
    sp_1024_mont_mul_32(rx, t2, t1, p1024_mod, p1024_mp_mod);
    /* c.y = c.y * p.z^3 */
    sp_1024_mont_mul_32(c->y, t1, h, p1024_mod, p1024_mp_mod);
    /* t2 = c.z^2 */
    sp_1024_mont_sqr_32(t2, c->z, p1024_mod, p1024_mp_mod);
    /* t1 = q.x * c.z^2 */
    sp_1024_mont_mul_32(t1, q->x, t2, p1024_mod, p1024_mp_mod);
    /* t1 = q.x * c.z^2 + c.x */
    sp_1024_mont_add_32(t1, t1, c->x, p1024_mod);
    /* c.x = c.x * p.z^2 */
    sp_1024_mont_mul_32(c->x, c->x, h, p1024_mod, p1024_mp_mod);
    /* r = p.y * c.z */
    sp_1024_mont_mul_32(r, p->y, c->z, p1024_mod, p1024_mp_mod);
    if (neg) {
        /* r = -p.y * c.z */
        sp_1024_mont_sub_32(r, p1024_mod, r, p1024_mod);
    }
    /* t1 = (q.x * c.z^2 + c.x) * p.y * c.z */
    sp_1024_mont_mul_32(ry, t1, r, p1024_mod, p1024_mp_mod);
    /* r.x -= (q.x * c.z^2 + c.x) * p.y * c.z */
    sp_1024_mont_sub_32(rx, ry, rx, p1024_mod);
    /* t1 = p.x * c.z^2 */
    sp_1024_mont_mul_32(t1, p->x, t2, p1024_mod, p1024_mp_mod);
    /* h = p.x * c.z^2 - c.x * p.z^2 */
    sp_1024_mont_sub_32(h, t1, c->x, p1024_mod);
    /* c'.z = (p.x * c.z^2 - c.x * p.z^2) * c.z */
    sp_1024_mont_mul_32(t1, h, c->z, p1024_mod, p1024_mp_mod);
    /* c'.z = (p.x * c.z^2 - c.x * p.z^2) * c.z * p.z */
    sp_1024_mont_mul_32(c->z, t1, p->z, p1024_mod, p1024_mp_mod);
    /* r.y = (p.x * c.z^2 - c.x * p.z^2) * c.z * p.z * q.y */
    sp_1024_mont_mul_32(ry, c->z, q->y, p1024_mod, p1024_mp_mod);
    /* r = p.y * c.z^3 */
    sp_1024_mont_mul_32(t1, r, t2, p1024_mod, p1024_mp_mod);
    /* r = p.y * c.z^3 - c.y * p.z^3 */
    sp_1024_mont_sub_32(r, t1, c->y, p1024_mod);
    /* v = v * r */
    sp_1024_proj_mul_32(vx, vy, rx, ry, t);

    /* Add p to c using previously calculated values.
     *   h = p.x * c.z^2 - c.x * p.z^2
     *   r = p.y * c.z^3 - c.y * p.z^3
     *   c'.z = (p.x * c.z^2 - c.x * p.z^2) * c.z
     */

    /* t1 = r^2 */
    sp_1024_mont_sqr_32(t1, r, p1024_mod, p1024_mp_mod);
    /* t2 = h^2 */
    sp_1024_mont_sqr_32(rx, h, p1024_mod, p1024_mp_mod);
    /* ry = c.x * p.z^2 * h^2 */
    sp_1024_mont_mul_32(ry, rx, c->x, p1024_mod, p1024_mp_mod);
    /* t2 = h^3 */
    sp_1024_mont_mul_32(t2, rx, h, p1024_mod, p1024_mp_mod);
    /* c'.x = r^2 - h^3 */
    sp_1024_mont_sub_32(c->x, t1, t2, p1024_mod);
    /* t1 = 2 * c.x * p.z^2 * h^2 */
    sp_1024_mont_dbl_32(t1, ry, p1024_mod);
    /* c'.x = r^2 - h^3 - 2 * c.x * p.z^2 * h^2 */
    sp_1024_mont_sub_32(c->x, c->x, t1, p1024_mod);
    /* ry = c.x * p.z^2 * h^2 - c'.x */
    sp_1024_mont_sub_32(t1, ry, c->x, p1024_mod);
    /* ry = r * (c.x * p.z^2 * h^2 - c'.x) */
    sp_1024_mont_mul_32(ry, t1, r, p1024_mod, p1024_mp_mod);
    /* t2 = c.y * p.z^3 * h^3 */
    sp_1024_mont_mul_32(t1, t2, c->y, p1024_mod, p1024_mp_mod);
    /* c'.y = r * (c.x * p.z^2 * h^2 - c'.x) - c.y * p.z^3 * h^3 */
    sp_1024_mont_sub_32(c->y, ry, t1, p1024_mod);
}

/*
 * Perform n accumulate doubles and doubles of P.
 *
 * py = 2 * p.y
 *
 * For each double:
 * Calculate gradient of line through P, P and [-2]P, accumulate line and
 * double P.
 *
 * Calculations:
 *   l = 3 * (p.x^2 - p.z^4) = 3 * (p.x - p.z^2) * (p.x + p.z^2)
 *   r.x = l * (p.x + q.x * p.z^2) - py^2 / 2
 *   r.y = py * p.z^3 * q.y (= p'.z * p.z^2 * q.y)
 *   v* = v*^2 * r*
 *   p'.x = l^2 - 2 * py^2 * p.x
 *   py' = (py^2 * p.x - p'.x) * l - py^4 (= 2 * p'.y)
 *   p'.z = py * p.z
 *
 * Finally:
 *   p'.y = py' / 2
 *
 * @param  [in,out]  vx  X-ordinate of projective value in F*.
 * @param  [in,out]  vy  Y-ordinate of projective value in F*.
 * @param  [in,out]  p   ECC point - point on E(F_p^2) to double.
 * @param  [in]      q   ECC point - second point on E(F_P^2).
 * @param  [in]      n   Number of times to double.
 * @param  [in]      t   SP temporaries (6 used).
 */
static void sp_1024_accumulate_line_dbl_n_32(sp_digit* vx, sp_digit* vy,
        sp_point_1024* p, const sp_point_1024* q, int n, sp_digit* t)
{
    sp_digit* t1  = t +  0 * 32;
    sp_digit* pz2 = t +  2 * 32;
    sp_digit* rx  = t +  4 * 32;
    sp_digit* ry  = t +  6 * 32;
    sp_digit* l   = t +  8 * 32;
    sp_digit* ty  = t + 10 * 32;
    int i;

    /* py = 2 * p.y */
    sp_1024_mont_dbl_32(p->y, p->y, p1024_mod);

    for (i = 0; i < n; i++) {
        /* v = v^2 */
        sp_1024_proj_sqr_32(vx, vy, t);
        /* pz2 = p.z^2 */
        sp_1024_mont_sqr_32(pz2, p->z, p1024_mod, p1024_mp_mod);
        /* t1 = p.x + p.z^2 */
        sp_1024_mont_add_32(t1, p->x, pz2, p1024_mod);
        /* l = p.x - p.z^2 */
        sp_1024_mont_sub_32(l, p->x, pz2, p1024_mod);
        /* t1 = (p.x + p.z^2) * (p.x - p.z^2) = p.x^2 - p.z^4 */
        sp_1024_mont_mul_32(ty, l, t1, p1024_mod, p1024_mp_mod);
        /* l = 3 * (p.x^2 - p.z^4) */
        sp_1024_mont_tpl_32(l, ty, p1024_mod);
        /* t1 = q.x * p.z^2 */
        sp_1024_mont_mul_32(t1, q->x, pz2, p1024_mod, p1024_mp_mod);
        /* t1 = p.x + q.x * p.z^2 */
        sp_1024_mont_add_32(t1, p->x, t1, p1024_mod);
        /* r.x = l * (p.x + q.x * p.z^2) */
        sp_1024_mont_mul_32(rx, l, t1, p1024_mod, p1024_mp_mod);
        /* ty = py ^ 2 */
        sp_1024_mont_sqr_32(ty, p->y, p1024_mod, p1024_mp_mod);
        /* t1 = py ^ 2 / 2 */
        sp_1024_mont_div2_32(t1, ty, p1024_mod);
        /* r.x -= py ^ 2 / 2 */
        sp_1024_mont_sub_32(rx, rx, t1, p1024_mod);
        /* p'.z = py * pz */
        sp_1024_mont_mul_32(p->z, p->z, p->y, p1024_mod, p1024_mp_mod);
        /* r.y = p'.z * p.z^2 */
        sp_1024_mont_mul_32(t1, p->z, pz2, p1024_mod, p1024_mp_mod);
        /* r.y = p'.z * p.z^2 * q.y */
        sp_1024_mont_mul_32(ry, t1, q->y, p1024_mod, p1024_mp_mod);
        /* v = v^2 * r */
        sp_1024_proj_mul_32(vx, vy, rx, ry, t);

        /* Double point using previously calculated values
         *   l = 3 * (p.x - p.z^2).(p.x + p.z^2)
         *   ty = py^2
         *   p'.z = py * p.z
         */
        /* t1 = py^2 ^ 2 = py^4 */
        sp_1024_mont_sqr_32(t1, ty, p1024_mod, p1024_mp_mod);
        /* py' = py^2 * p. x */
        sp_1024_mont_mul_32(p->y, ty, p->x, p1024_mod, p1024_mp_mod);
        /* p'.x = l^2 */
        sp_1024_mont_sqr_32(p->x, l, p1024_mod, p1024_mp_mod);
        /* p'.x = l^2 - py^2 * p.x */
        sp_1024_mont_sub_32(p->x, p->x, p->y, p1024_mod);
        /* p'.x = l^2 - 2 * p.y^2 * p.x */
        sp_1024_mont_sub_32(p->x, p->x, p->y, p1024_mod);
        /* py' = py^2 * p.x - p.x' */
        sp_1024_mont_sub_32(ty, p->y, p->x, p1024_mod);
        /* py' = (p.y^2 * p.x - p'.x) * l */
        sp_1024_mont_mul_32(p->y, ty, l, p1024_mod, p1024_mp_mod);
        /* py' = (p.y^2 * p.x - p'.x) * l * 2 */
        sp_1024_mont_dbl_32(p->y, p->y, p1024_mod);
        /* py' = (p.y^2 * p.x - p'.x) * l * 2 - p.y^4 */
        sp_1024_mont_sub_32(p->y, p->y, t1, p1024_mod);
    }

    /* p'.y = py' / 2 */
    sp_1024_mont_div2_32(p->y, p->y, p1024_mod);
}

/* Operations to perform based on order - 1.
 * Sliding window. Start at bottom and stop when bottom bit is one.
 * Subtract if top bit in window is one.
 * Width of 6 bits.
 * Pairs: #dbls, add/subtract window value
 */
static const signed char sp_1024_order_op[] = {
   5,   6, -13,   9, -21,   6,  -5,   8,  31,   6,   3,   6, -27,   6,  25,   9,
  -1,   6, -11,   6, -13,   6,  -7,   6, -15,   6, -29,   7,  25,   6,  -9,   6,
 -19,   7,   3,   6,  11,   9, -23,   6,   1,   6,  27,   6,   1,   7, -25,   8,
  13,   7, -13,   7, -23,  10,  19,   7,   7,   7,  -3,   7,  27,   6,  -7,   7,
 -21,   7,  11,   7,  31,   8,   1,   7, -23,   6, -17,   6,  -3,  10,  11,   6,
 -21,   7, -27,  11, -29,   6,  -1,  10,  15,   8,  27,   7,  17,   6,  17,   7,
 -13,   8,  13,   6,  21,   7, -29,   6,  19,   7, -25,   6,  11,   9,  29,   7,
  -7,   8,  27,   7,  29,  10,  -1,   8,  -7,   8,  17,   6,  17,   7, -27,   7,
 -21,   6,  -9,   6, -27,  12, -23,   6,  19,   6,  13,   6, -11,   7,  27,   6,
  17,   6,  -7,   6, -25,   7, -29,   6,   9,   7,   7,   6,  13,   6, -25,   6,
 -19,   6,  13,   6, -11,   6,   5,   8,  19,   6, -21,   8,  23,   7,  27,   6,
 -13,   6, -19,  11,  29,   7, -15,   6,  -9,   7, -21,  10,  -3,   7,  21,  10,
  25,   6, -15,   6, -23,   6,  21,   6,   1,   6,  21,   7,  -3,   6,  -3,   7,
  -7,   6, -23,   7,   7,   8,  15,   9,   5,   6, -11,   6,  21,  11, -27,   7,
  27,   6, -11,   6,  31,   6, -21,   6,  19,   6,  -7,   8,  -7,  13,  -3,   6,
  -7,   7,  -3,   6,   1,   6,   7,   8,  19,   8,  11,   9,  -9,   7, -31,  12,
  25,   6, -17,   9, -15,   7,   5,   6,  25,   7,  -5,   7, -25,   6,  17,   8,
 -19,   6, -13,   6,  27,   8,   1,   7,  -5,   7,  -1,   6,  21,   6,   3,  10,
  -3,   1,
};
/*
 * Calculate r = pairing <P, Q>.
 *
 * That is, multiply base in PF_p[q] by the scalar s, such that s.P = Q.
 *
 * Sliding window. Start at bottom and stop when bottom bit is one.
 * Subtract if top bit in window is one.
 * Width of 6 bits.
 *
 * @param  [in]  pm   First point on E(F_p)[q].
 * @param  [in]  qm   Second point on E(F_p)[q].
 * @param  [in]  res  Result of calculation.
 * @return  0 on success.
 * @return  MEMORY_E when dynamic memory allocation fails.
 */
int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
{
    int err;
#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    sp_digit* td = NULL;
    sp_digit* t;
    sp_digit* vx;
    sp_digit* vy;
    sp_digit (*pre_vx)[64];
    sp_digit (*pre_vy)[64];
    sp_digit (*pre_nvy)[64];
    sp_point_1024* pre_p;
#else
    sp_digit t[36 * 2 * 32];
    sp_digit vx[2 * 32];
    sp_digit vy[2 * 32];
    sp_digit pre_vx[16][64];
    sp_digit pre_vy[16][64];
    sp_digit pre_nvy[16][64];
    sp_point_1024 pre_p[16];
    sp_point_1024 pd;
    sp_point_1024 qd;
    sp_point_1024 cd;
#endif
    sp_point_1024* p = NULL;
    sp_point_1024* q = NULL;
    sp_point_1024* c = NULL;
    sp_digit* r = NULL;
    int i;
    int j;

    err = sp_1024_point_new_32(NULL, pd, p);
    if (err == MP_OKAY) {
        err = sp_1024_point_new_32(NULL, qd, q);
    }
    if (err == MP_OKAY) {
        err = sp_1024_point_new_32(NULL, cd, c);
    }

#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 86 * 32 * 2 + 16 * sizeof(sp_point_1024), NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL) {
            err = MEMORY_E;
        }
    }
#endif

    if (err == MP_OKAY) {
#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
        t       = td;
        vx      = td + 36 * 32 * 2;
        vy      = td + 37 * 32 * 2;
        pre_vx  = (sp_digit(*)[64])(td + 38 * 32 * 2);
        pre_vy  = (sp_digit(*)[64])(td + 54 * 32 * 2);
        pre_nvy = (sp_digit(*)[64])(td + 70 * 32 * 2);
        pre_p   = (sp_point_1024*)(td + 86 * 32 * 2);
#endif
        r = vy;

        sp_1024_point_from_ecc_point_32(p, pm);
        sp_1024_point_from_ecc_point_32(q, qm);

        err = sp_1024_mod_mul_norm_32(p->x, p->x, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(p->y, p->y, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(p->z, p->z, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(q->x, q->x, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(q->y, q->y, p1024_mod);
    }
    if (err == MP_OKAY) {
        /* Generate pre-computation table: 1, 3, ... , 31 */
        XMEMCPY(&pre_p[0], p, sizeof(sp_point_1024));
        XMEMSET(pre_vx[0], 0, sizeof(sp_digit) * 2 * 32);
        pre_vx[0][0] = 1;
        XMEMSET(pre_vy[0], 0, sizeof(sp_digit) * 2 * 32);
        sp_1024_mont_sub_32(pre_nvy[0], p1024_mod, pre_vy[0], p1024_mod);

        /* [2]P for adding */
        XMEMCPY(c, p, sizeof(sp_point_1024));
        XMEMSET(vx, 0, sizeof(sp_digit) * 2 * 32);
        vx[0] = 1;
        XMEMSET(vy, 0, sizeof(sp_digit) * 2 * 32);
        sp_1024_accumulate_line_dbl_32(vx, vy, c, q, t);

        /* 3, 5, ... */
        for (i = 1; i < 16; i++) {
            XMEMCPY(&pre_p[i], &pre_p[i-1], sizeof(sp_point_1024));
            XMEMCPY(pre_vx[i], pre_vx[i-1], sizeof(sp_digit) * 2 * 32);
            XMEMCPY(pre_vy[i], pre_vy[i-1], sizeof(sp_digit) * 2 * 32);
            sp_1024_proj_mul_32(pre_vx[i], pre_vy[i], vx, vy, t);
            sp_1024_accumulate_line_add_n_32(pre_vx[i], pre_vy[i], c,
                    q, &pre_p[i], t, 0);
            sp_1024_mont_sub_32(pre_nvy[i], p1024_mod, pre_vy[i], p1024_mod);
        }

        j = sp_1024_order_op[0] / 2;
        XMEMCPY(c, &pre_p[j], sizeof(sp_point_1024));
        XMEMCPY(vx, pre_vx[j], sizeof(sp_digit) * 2 * 32);
        XMEMCPY(vy, pre_vy[j], sizeof(sp_digit) * 2 * 32);

        /* Accumulate line into v and double point n times. */
        sp_1024_accumulate_line_dbl_n_32(vx, vy, c, q,
                sp_1024_order_op[1], t);

        for (i = 2; i < 290; i += 2) {
            j = sp_1024_order_op[i];
            if (j > 0) {
                j /= 2;
                /* Accumulate line into v and add P into C. */
                sp_1024_proj_mul_32(vx, vy, pre_vx[j], pre_vy[j], t);
                sp_1024_accumulate_line_add_n_32(vx, vy, &pre_p[j], q, c,
                    t, 0);
            }
            else {
                j = -j / 2;
                /* Accumulate line into v and add P into C. */
                sp_1024_proj_mul_32(vx, vy, pre_vx[j], pre_nvy[j], t);
                sp_1024_accumulate_line_add_n_32(vx, vy, &pre_p[j], q, c,
                    t, 1);
            }

            /* Accumulate line into v and double point n times. */
            sp_1024_accumulate_line_dbl_n_32(vx, vy, c, q,
                    sp_1024_order_op[i + 1], t);
        }

        /* Final exponentiation */
        sp_1024_proj_sqr_32(vx, vy, t);
        sp_1024_proj_sqr_32(vx, vy, t);

        /* Convert from PF_p[q] to F_p */
        sp_1024_mont_inv_32(vx, vx, t);
        sp_1024_mont_mul_32(r, vx, vy, p1024_mod, p1024_mp_mod);
        XMEMSET(r + 32, 0, sizeof(sp_digit) * 32);
        sp_1024_mont_reduce_32(r, p1024_mod, p1024_mp_mod);

        err = sp_1024_to_mp(r, res);
    }

#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    if (td != NULL) {
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    }
#endif
    sp_1024_point_free_32(c, 1, NULL);
    sp_1024_point_free_32(q, 1, NULL);
    sp_1024_point_free_32(p, 1, NULL);
    return err;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef WOLFSSL_SP_SMALL
/*
 * Generate table for pairing.
 *
 * Small implementation does not use a table - returns 0 length.
 *
 * pm     [in]      Point to generate table for.
 * table  [in]      Generated table.
 * len    [in,out]  On in, the size of the buffer.
 *                  On out, length of table generated.
 * @return  0 on success.
 *          LENGTH_ONLY_E when table is NULL and only length returned.
 *          BUFFER_E when len is too small.
 */
int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
        word32* len)
{
    int err = 0;

    if (table == NULL) {
        *len = 0;
        err = LENGTH_ONLY_E;
    }
    else if (*len != 0) {
        err = BUFFER_E;
    }

    (void)*pm;

    return err;
}

/*
 * Calculate r = pairing <P, Q>.
 *
 * That is, multiply base in PF_p[q] by the scalar s, such that s.P = Q.
 *
 * Small implementation does not use a table - use the normal implementation.
 *
 * @param  [in]  pm     First point on E(F_p)[q].
 * @param  [in]  qm     Second point on E(F_p)[q].
 * @param  [in]  res    Result of calculation.
 * @param  [in]  table  Precomputed table of values.
 * @param  [in]  len    Length of precomputed table of values in bytes.
 * @return  0 on success.
 * @return  MEMORY_E when dynamic memory allocation fails.
 */
int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm,
    mp_int* res, const byte* table, word32 len)
{
    (void)table;
    (void)len;
    return sp_Pairing_1024(pm, qm, res);
}

#else
/*
 * Calc l and c for the point when doubling p.
 *
 * l = 3 * (p.x^2 - 1) / (2 * p.y)
 * c = l * p.x - p.y
 *
 * @param  [out]  lr  Gradient result - table entry.
 * @param  [out]  cr  Constant result - table entry.
 * @param  [in]   px  X-ordinate of point to double.
 * @param  [in]   py  Y-ordinate of point to double.
 * @param  [in]   t   SP temporaries (3 used).
 */
static void sp_1024_accum_dbl_calc_lc_32(sp_digit* lr, sp_digit* cr,
        const sp_digit* px, const sp_digit* py, sp_digit* t)
{
    sp_digit* t1 = t + 33 * 2 * 32;
    sp_digit* t2 = t + 34 * 2 * 32;
    sp_digit* l  = t + 35 * 2 * 32;

    /* l = 1 / 2 * p.y */
    sp_1024_mont_dbl_32(l, py, p1024_mod);
    sp_1024_mont_inv_32(l, l, t);

    /* t1 = p.x^2 */
    sp_1024_mont_sqr_32(t1, px, p1024_mod, p1024_mp_mod);
    /* t1 = p.x - 1 */
    sp_1024_mont_sub_32(t1, t1, p1024_norm_mod, p1024_mod);
    /* t1 = 3 * (p.x^2 - 1) */
    sp_1024_mont_dbl_32(t2, t1, p1024_mod);
    sp_1024_mont_add_32(t1, t1, t2, p1024_mod);
    /* t1 = 3 * (p.x^2 - 1) / (2 * p.y) */
    sp_1024_mont_mul_32(l, l, t1, p1024_mod, p1024_mp_mod);
    /* t2 = l * p.x */
    sp_1024_mont_mul_32(t2, l, px, p1024_mod, p1024_mp_mod);
    /* c = t2 = l * p.x - p.y */
    sp_1024_mont_sub_32(t2, t2, py, p1024_mod);

    XMEMCPY(lr, l, sizeof(sp_digit) * 32);
    XMEMCPY(cr, t2, sizeof(sp_digit) * 32);
}

/*
 * Calc l and c when adding p and c.
 *
 * l = (c.y - p.y) / (c.x - p.x)
 * c = (p.x * c.y - cx * p.y) / (cx - p.x)
 *
 * @param  [out]  lr  Gradient result - table entry.
 * @param  [out]  cr  Constant result - table entry.
 * @param  [in]   px  X-ordinate of point to add.
 * @param  [in]   py  Y-ordinate of point to add.
 * @param  [in]   cx  X-ordinate of current point.
 * @param  [in]   cy  Y-ordinate of current point.
 * @param  [in]   t   SP temporaries (3 used).
 */
static void sp_1024_accum_add_calc_lc_32(sp_digit* lr, sp_digit* cr,
        const sp_digit* px, const sp_digit* py, const sp_digit* cx,
        const sp_digit* cy, sp_digit* t)
{
    sp_digit* t1 = t + 33 * 2 * 32;
    sp_digit* c  = t + 34 * 2 * 32;
    sp_digit* l  = t + 35 * 2 * 32;

    /* l = 1 / (c.x - p.x) */
    sp_1024_mont_sub_32(l, cx, px, p1024_mod);
    sp_1024_mont_inv_32(l, l, t);

    /* c = p.x * c.y */
    sp_1024_mont_mul_32(c, px, cy, p1024_mod, p1024_mp_mod);
    /* t1 = c.x * p.y */
    sp_1024_mont_mul_32(t1, cx, py, p1024_mod, p1024_mp_mod);
    /* c = (p.x * c.y) - (c.x * p.y) */
    sp_1024_mont_sub_32(c, c, t1, p1024_mod);
    /* c = ((p.x * c.y) - (c.x * p.y)) / (c.x - p.x) */
    sp_1024_mont_mul_32(c, c, l, p1024_mod, p1024_mp_mod);
    /* t1 = c.y - p.y */
    sp_1024_mont_sub_32(t1, cy, py, p1024_mod);
    /* l = (c.y - p.y) / (c.x - p.x) */
    sp_1024_mont_mul_32(l, t1, l, p1024_mod, p1024_mp_mod);

    XMEMCPY(lr, l, sizeof(sp_digit) * 32);
    XMEMCPY(cr, c, sizeof(sp_digit) * 32);
}

/*
 * Calculate vx and vy given gradient l and constant c and point q.
 *
 * l is a the gradient and is multiplied by q->x.
 * c is a the constant that is added to the multiplicative result.
 * q->y is the y-ordinate in result to multiply.
 *
 * if dbl
 *   v*  = v*^2
 * r.x = l * q.x + c
 * r.y = q->y
 * v*  = v* * r*
 *
 * @param  [in,out]  vx     X-ordinate of projective value in F*.
 * @param  [in,out]  vy     Y-ordinate of projective value in F*.
 * @param  [in]      l      Gradient to multiply with.
 * @param  [in]      c      Constant to add with.
 * @param  [in]      q      ECC point - second point on E(F_P^2).
 * @param  [in]      t      SP temporaries (3 used).
 * @param  [in]      dbl    Indicates whether this is for doubling. Otherwise
 *                          adding.
 */
static void sp_1024_accumulate_line_lc_32(sp_digit* vx, sp_digit* vy,
        const sp_digit* l, const sp_digit* c, const sp_point_1024* q,
        sp_digit* t, int dbl)
{
    sp_digit* rx = t + 4 * 2 * 32;

    /* v = v^2 */
    if (dbl) {
        sp_1024_proj_sqr_32(vx, vy, t);
    }
    /* rx = l * q.x + c */
    sp_1024_mont_mul_32(rx, l, q->x, p1024_mod, p1024_mp_mod);
    sp_1024_mont_add_32(rx, rx, c, p1024_mod);
    /* v = v^2 * r */
    sp_1024_proj_mul_32(vx, vy, rx, q->y, t);
}

/* Operations to perform based on order - 1.
 * Sliding window. Start at bottom and stop when bottom bit is one.
 * Subtract if top bit in window is one.
 * Width of 6 bits.
 * Pairs: #dbls, add/subtract window value
 */
static const signed char sp_1024_order_op_pre[] = {
   5,   6, -13,   9, -21,   6,  -5,   8,  31,   6,   3,   6, -27,   6,  25,   9,
  -1,   6, -11,   6, -13,   6,  -7,   6, -15,   6, -29,   7,  25,   6,  -9,   6,
 -19,   7,   3,   6,  11,   9, -23,   6,   1,   6,  27,   6,   1,   7, -25,   8,
  13,   7, -13,   7, -23,  10,  19,   7,   7,   7,  -3,   7,  27,   6,  -7,   7,
 -21,   7,  11,   7,  31,   8,   1,   7, -23,   6, -17,   6,  -3,  10,  11,   6,
 -21,   7, -27,  11, -29,   6,  -1,  10,  15,   8,  27,   7,  17,   6,  17,   7,
 -13,   8,  13,   6,  21,   7, -29,   6,  19,   7, -25,   6,  11,   9,  29,   7,
  -7,   8,  27,   7,  29,  10,  -1,   8,  -7,   8,  17,   6,  17,   7, -27,   7,
 -21,   6,  -9,   6, -27,  12, -23,   6,  19,   6,  13,   6, -11,   7,  27,   6,
  17,   6,  -7,   6, -25,   7, -29,   6,   9,   7,   7,   6,  13,   6, -25,   6,
 -19,   6,  13,   6, -11,   6,   5,   8,  19,   6, -21,   8,  23,   7,  27,   6,
 -13,   6, -19,  11,  29,   7, -15,   6,  -9,   7, -21,  10,  -3,   7,  21,  10,
  25,   6, -15,   6, -23,   6,  21,   6,   1,   6,  21,   7,  -3,   6,  -3,   7,
  -7,   6, -23,   7,   7,   8,  15,   9,   5,   6, -11,   6,  21,  11, -27,   7,
  27,   6, -11,   6,  31,   6, -21,   6,  19,   6,  -7,   8,  -7,  13,  -3,   6,
  -7,   7,  -3,   6,   1,   6,   7,   8,  19,   8,  11,   9,  -9,   7, -31,  12,
  25,   6, -17,   9, -15,   7,   5,   6,  25,   7,  -5,   7, -25,   6,  17,   8,
 -19,   6, -13,   6,  27,   8,   1,   7,  -5,   7,  -1,   6,  21,   6,   3,  10,
  -3,   1,
};

/*
 * Generate table for pairing.
 *
 * Calculate the graident (l) and constant (c) at each step of the way.
 * Sliding window. Start at bottom and stop when bottom bit is one.
 * Subtract if top bit in window is one.
 * Width of 6 bits.
 *
 * pm     [in]      Point to generate table for.
 * table  [in]      Generated table.
 * len    [in,out]  On in, the size of the buffer.
 *                  On out, length of table generated.
 * @return  0 on success.
 *          LENGTH_ONLY_E when table is NULL and only length returned.
 *          BUFFER_E when len is too small.
 *          MEMORY_E when dynamic memory allocation fauls.
 */
int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
        word32* len)
{
    int err = 0;
#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    sp_digit* td = NULL;
    sp_digit* t;
    sp_point_1024* pre_p;
#else
    sp_digit t[36 * 2 * 32];
    sp_point_1024 pre_p[16];
    sp_point_1024 pd;
    sp_point_1024 cd;
    sp_point_1024 negd;
#endif
    sp_point_1024* p = NULL;
    sp_point_1024* c = NULL;
    sp_point_1024* neg = NULL;
    int i;
    int j;
    int k;
    sp_table_entry_1024* precomp = (sp_table_entry_1024*)table;

    if (table == NULL) {
        *len = sizeof(sp_table_entry_1024) * 1167;
        err = LENGTH_ONLY_E;
    }

    if ((err == MP_OKAY) &&
            (*len < (int)(sizeof(sp_table_entry_1024) * 1167))) {
        err = BUFFER_E;
    }

    if (err == MP_OKAY) {
        err = sp_1024_point_new_32(NULL, pd, p);
    }
    if (err == MP_OKAY) {
        err = sp_1024_point_new_32(NULL, cd, c);
    }
    if (err == MP_OKAY) {
        err = sp_1024_point_new_32(NULL, negd, neg);
    }

#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 32 * 2 + 16 *
            sizeof(sp_point_1024), NULL, DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL) {
            err = MEMORY_E;
        }
    }
#endif

    if (err == MP_OKAY) {
#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
        t     = td;
        pre_p = (sp_point_1024*)(td + 36 * 32 * 2);
#endif

        sp_1024_point_from_ecc_point_32(p, pm);

        err = sp_1024_mod_mul_norm_32(p->x, p->x, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(p->y, p->y, p1024_mod);
    }
    if (err == MP_OKAY) {
        XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod));
        neg->infinity = 0;
        c->infinity = 0;

        /* Generate pre-computation table: 1, 3, ... , 31 */
        XMEMCPY(&pre_p[0], p, sizeof(sp_point_1024));
        /* [2]P for adding */
        sp_1024_proj_point_dbl_32(c, p, t);

        /* 1, 3, ... */
        for (i = 1; i < 16; i++) {
            sp_1024_proj_point_add_32(&pre_p[i], &pre_p[i-1], c, t);
            sp_1024_mont_map_32(&pre_p[i], t);
        }

        k = 0;
        j = sp_1024_order_op_pre[0] / 2;
        XMEMCPY(c, &pre_p[j], sizeof(sp_point_1024));

        for (j = 0; j < sp_1024_order_op_pre[1]; j++) {
            sp_1024_accum_dbl_calc_lc_32(precomp[k].x, precomp[k].y, c->x,
                c->y, t);
            k++;
            sp_1024_proj_point_dbl_32(c, c, t);
            sp_1024_mont_map_32(c, t);
        }

        for (i = 2; i < 290; i += 2) {
            j = sp_1024_order_op_pre[i];
            if (j > 0) {
                sp_1024_accum_add_calc_lc_32(precomp[k].x, precomp[k].y,
                    pre_p[j/2].x, pre_p[j/2].y, c->x, c->y, t);
                k++;
                sp_1024_proj_point_add_32(c, c, &pre_p[j/2], t);
                sp_1024_mont_map_32(c, t);
            }
            else {
                XMEMCPY(neg->x, pre_p[-j / 2].x, sizeof(pre_p->x));
                sp_1024_mont_sub_32(neg->y, p1024_mod, pre_p[-j / 2].y,
                        p1024_mod);
                XMEMCPY(neg->z, pre_p[-j / 2].z, sizeof(pre_p->z));

                sp_1024_accum_add_calc_lc_32(precomp[k].x, precomp[k].y,
                    neg->x, neg->y, c->x, c->y, t);
                k++;
                sp_1024_proj_point_add_32(c, c, neg, t);
                sp_1024_mont_map_32(c, t);
            }

            for (j = 0; j < sp_1024_order_op_pre[i + 1]; j++) {
                sp_1024_accum_dbl_calc_lc_32(precomp[k].x, precomp[k].y, c->x,
                    c->y, t);
                k++;
                sp_1024_proj_point_dbl_32(c, c, t);
                sp_1024_mont_map_32(c, t);
            }
        }

        *len = sizeof(sp_table_entry_1024) * 1167;
    }

#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    if (td != NULL) {
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    }
#endif
    sp_1024_point_free_32(neg, 1, NULL);
    sp_1024_point_free_32(c, 1, NULL);
    sp_1024_point_free_32(p, 1, NULL);
    return err;
}

/*
 * Calculate r = pairing <P, Q>.
 *
 * That is, multiply base in PF_p[q] by the scalar s, such that s.P = Q.
 *
 * Sliding window. Start at bottom and stop when bottom bit is one.
 * Subtract if top bit in window is one.
 * Width of 6 bits.
 * Pre-generate values in window (1, 3, ...) - only V.
 * Table contains all gradient l and a constant for each point on the path.
 *
 * @param  [in]  pm     First point on E(F_p)[q].
 * @param  [in]  qm     Second point on E(F_p)[q].
 * @param  [in]  res    Result of calculation.
 * @param  [in]  table  Precomputed table of values.
 * @param  [in]  len    Length of precomputed table of values in bytes.
 * @return  0 on success.
 * @return  MEMORY_E when dynamic memory allocation fails.
 */
int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm,
    mp_int* res, const byte* table, word32 len)
{
    int err = 0;
#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    sp_digit* td = NULL;
    sp_digit* t;
    sp_digit* vx;
    sp_digit* vy;
    sp_digit (*pre_vx)[64];
    sp_digit (*pre_vy)[64];
    sp_digit (*pre_nvy)[64];
#else
    sp_digit t[36 * 2 * 32];
    sp_digit vx[2 * 32];
    sp_digit vy[2 * 32];
    sp_digit pre_vx[16][64];
    sp_digit pre_vy[16][64];
    sp_digit pre_nvy[16][64];
    sp_point_1024 pd;
    sp_point_1024 qd;
    sp_point_1024 cd;
#endif
    sp_point_1024* p = NULL;
    sp_point_1024* q = NULL;
    sp_point_1024* c = NULL;
    sp_digit* r = NULL;
    int i;
    int j;
    int k;
    const sp_table_entry_1024* precomp = (const sp_table_entry_1024*)table;

    if (len < (int)(sizeof(sp_table_entry_1024) * 1167)) {
        err = BUFFER_E;
    }

    if (err == MP_OKAY) {
        err = sp_1024_point_new_32(NULL, pd, p);
    }
    if (err == MP_OKAY) {
        err = sp_1024_point_new_32(NULL, qd, q);
    }
    if (err == MP_OKAY) {
        err = sp_1024_point_new_32(NULL, cd, c);
    }

#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    if (err == MP_OKAY) {
        td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 86 * 32 * 2, NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
        if (td == NULL) {
            err = MEMORY_E;
        }
    }
#endif

    if (err == MP_OKAY) {
#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
        t       = td;
        vx      = td + 36 * 32 * 2;
        vy      = td + 37 * 32 * 2;
        pre_vx  = (sp_digit(*)[64])(td + 38 * 32 * 2);
        pre_vy  = (sp_digit(*)[64])(td + 54 * 32 * 2);
        pre_nvy = (sp_digit(*)[64])(td + 70 * 32 * 2);
#endif
        r = vy;

        sp_1024_point_from_ecc_point_32(p, pm);
        sp_1024_point_from_ecc_point_32(q, qm);

        err = sp_1024_mod_mul_norm_32(p->x, p->x, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(p->y, p->y, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(p->z, p->z, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(q->x, q->x, p1024_mod);
    }
    if (err == MP_OKAY) {
        err = sp_1024_mod_mul_norm_32(q->y, q->y, p1024_mod);
    }
    if (err == MP_OKAY) {
        /* Generate pre-computation table: 1, 3, ... , 31 */
        XMEMSET(pre_vx[0], 0, sizeof(sp_digit) * 2 * 32);
        pre_vx[0][0] = 1;
        XMEMSET(pre_vy[0], 0, sizeof(sp_digit) * 2 * 32);
        sp_1024_mont_sub_32(pre_nvy[0], p1024_mod, pre_vy[0], p1024_mod);

        /* [2]P for adding */
        XMEMCPY(c, p, sizeof(sp_point_1024));
        XMEMSET(vx, 0, sizeof(sp_digit) * 2 * 32);
        vx[0] = 1;
        XMEMSET(vy, 0, sizeof(sp_digit) * 2 * 32);
        sp_1024_accumulate_line_dbl_32(vx, vy, c, q, t);

        /* 3, 5, ... */
        for (i = 1; i < 16; i++) {
            XMEMCPY(pre_vx[i], pre_vx[i-1], sizeof(sp_digit) * 2 * 32);
            XMEMCPY(pre_vy[i], pre_vy[i-1], sizeof(sp_digit) * 2 * 32);
            sp_1024_proj_mul_32(pre_vx[i], pre_vy[i], vx, vy, t);
            sp_1024_accumulate_line_add_n_32(pre_vx[i], pre_vy[i], c,
                q, p, t, 0);
            sp_1024_mont_sub_32(pre_nvy[i], p1024_mod, pre_vy[i],
                p1024_mod);
        }

        XMEMCPY(c->z, p1024_norm_mod, sizeof(sp_digit) * 32);
        c->infinity = 0;
        j = sp_1024_order_op_pre[0] / 2;
        XMEMCPY(vx, pre_vx[j], sizeof(sp_digit) * 2 * 32);
        XMEMCPY(vy, pre_vy[j], sizeof(sp_digit) * 2 * 32);

        k = 0;
        for (j = 0; j < sp_1024_order_op_pre[1]; j++) {
            /* Accumulate line into v and double point. */
            sp_1024_accumulate_line_lc_32(vx, vy, precomp[k].x,
                precomp[k].y, q, t, 1);
            k++;
        }

        for (i = 2; i < 290; i += 2) {
            sp_1024_accumulate_line_lc_32(vx, vy, precomp[k].x,
                precomp[k].y, q, t, 0);
            k++;

            j = sp_1024_order_op_pre[i];
            if (j > 0) {
                j /= 2;
                /* Accumulate line into v. */
                sp_1024_proj_mul_32(vx, vy, pre_vx[j], pre_vy[j], t);
            }
            else {
                j = -j / 2;
                /* Accumulate line into v. */
                sp_1024_proj_mul_32(vx, vy, pre_vx[j], pre_nvy[j], t);
            }

            for (j = 0; j < sp_1024_order_op_pre[i + 1]; j++) {
                /* Accumulate line into v and double point. */
                sp_1024_accumulate_line_lc_32(vx, vy, precomp[k].x,
                    precomp[k].y, q, t, 1);
                k++;
            }
        }

        /* Final exponentiation */
        sp_1024_proj_sqr_32(vx, vy, t);
        sp_1024_proj_sqr_32(vx, vy, t);

        /* Convert from PF_p[q] to F_p */
        sp_1024_mont_inv_32(vx, vx, t);
        sp_1024_mont_mul_32(r, vx, vy, p1024_mod, p1024_mp_mod);
        XMEMSET(r + 32, 0, sizeof(sp_digit) * 32);
        sp_1024_mont_reduce_32(r, p1024_mod, p1024_mp_mod);

        err = sp_1024_to_mp(r, res);
    }

#if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
    defined(WOLFSSL_SP_SMALL_STACK)
    if (td != NULL) {
        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    }
#endif
    sp_1024_point_free_32(c, 1, NULL);
    sp_1024_point_free_32(q, 1, NULL);
    sp_1024_point_free_32(p, 1, NULL);
    return err;
}

#endif /* WOLFSSL_SP_SMALL */
#ifdef HAVE_ECC_CHECK_KEY
/* Read big endian unsigned byte array into r.
 *
 * r  A single precision integer.
 * size  Maximum number of bytes to convert
 * a  Byte array.
 * n  Number of bytes in array to read.
 */
static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
{
    int i;
    int j;
    byte* d;

    for (i = n - 1,j = 0; i >= 3; i -= 4) {
        r[j]  = ((sp_digit)a[i - 0] <<  0) |
                ((sp_digit)a[i - 1] <<  8) |
                ((sp_digit)a[i - 2] << 16) |
                ((sp_digit)a[i - 3] << 24);
        j++;
    }

    if (i >= 0) {
        r[j] = 0;

        d = (byte*)r;
        switch (i) {
            case 2: d[n - 1 - 2] = a[2]; //fallthrough
            case 1: d[n - 1 - 1] = a[1]; //fallthrough
            case 0: d[n - 1 - 0] = a[0]; //fallthrough
        }
        j++;
    }

    for (; j < size; j++) {
        r[j] = 0;
    }
}

/* Check that the x and y ordinates are a valid point on the curve.
 *
 * point  EC point.
 * heap   Heap to use if dynamically allocating.
 * returns MEMORY_E if dynamic memory allocation fails, MP_VAL if the point is
 * not on the curve and MP_OKAY otherwise.
 */
static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
    void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* t1 = NULL;
#else
    sp_digit t1[32 * 4];
#endif
    sp_digit* t2 = NULL;
    sp_int32 n;
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, heap, DYNAMIC_TYPE_ECC);
    if (t1 == NULL)
        err = MEMORY_E;
#endif
    (void)heap;

    if (err == MP_OKAY) {
        t2 = t1 + 2 * 32;

        /* y^2 - x^3 - a.x = b */
        sp_1024_sqr_32(t1, point->y);
        (void)sp_1024_mod_32(t1, t1, p1024_mod);
        sp_1024_sqr_32(t2, point->x);
        (void)sp_1024_mod_32(t2, t2, p1024_mod);
        sp_1024_mul_32(t2, t2, point->x);
        (void)sp_1024_mod_32(t2, t2, p1024_mod);
        sp_1024_mont_sub_32(t1, t1, t2, p1024_mod);

        /* y^2 - x^3 + 3.x = b, when a = -3  */
        sp_1024_mont_add_32(t1, t1, point->x, p1024_mod);
        sp_1024_mont_add_32(t1, t1, point->x, p1024_mod);
        sp_1024_mont_add_32(t1, t1, point->x, p1024_mod);


        n = sp_1024_cmp_32(t1, p1024_mod);
        sp_1024_cond_sub_32(t1, t1, p1024_mod, ~(n >> 31));
        sp_1024_norm_32(t1);
        if (!sp_1024_iszero_32(t1)) {
            err = MP_VAL;
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (t1 != NULL)
        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Check that the x and y ordinates are a valid point on the curve.
 *
 * pX  X ordinate of EC point.
 * pY  Y ordinate of EC point.
 * returns MEMORY_E if dynamic memory allocation fails, MP_VAL if the point is
 * not on the curve and MP_OKAY otherwise.
 */
int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_point_1024* pub = NULL;
#else
    sp_point_1024 pub[1];
#endif
    const byte one[1] = { 1 };
    int err = MP_OKAY;

#ifdef WOLFSSL_SP_SMALL_STACK
    pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), NULL,
                                       DYNAMIC_TYPE_ECC);
    if (pub == NULL)
        err = MEMORY_E;
#endif

    if (err == MP_OKAY) {
        sp_1024_from_mp(pub->x, 32, pX);
        sp_1024_from_mp(pub->y, 32, pY);
        sp_1024_from_bin(pub->z, 32, one, (int)sizeof(one));

        err = sp_1024_ecc_is_point_32(pub, NULL);
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (pub != NULL)
        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
#endif

    return err;
}

/* Check that the private scalar generates the EC point (px, py), the point is
 * on the curve and the point has the correct order.
 *
 * pX     X ordinate of EC point.
 * pY     Y ordinate of EC point.
 * privm  Private scalar that generates EC point.
 * returns MEMORY_E if dynamic memory allocation fails, MP_VAL if the point is
 * not on the curve, ECC_INF_E if the point does not have the correct order,
 * ECC_PRIV_KEY_E when the private scalar doesn't generate the EC point and
 * MP_OKAY otherwise.
 */
int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
    const mp_int* privm, void* heap)
{
#ifdef WOLFSSL_SP_SMALL_STACK
    sp_digit* priv = NULL;
    sp_point_1024* pub = NULL;
#else
    sp_digit priv[32];
    sp_point_1024 pub[2];
#endif
    sp_point_1024* p = NULL;
    const byte one[1] = { 1 };
    int err = MP_OKAY;


    /* Quick check the lengs of public key ordinates and private key are in
     * range. Proper check later.
     */
    if (((mp_count_bits(pX) > 1024) ||
        (mp_count_bits(pY) > 1024) ||
        ((privm != NULL) && (mp_count_bits(privm) > 1024)))) {
        err = ECC_OUT_OF_RANGE_E;
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (err == MP_OKAY) {
        pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
                                           DYNAMIC_TYPE_ECC);
        if (pub == NULL)
            err = MEMORY_E;
    }
    if (err == MP_OKAY && privm) {
        priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap,
                                  DYNAMIC_TYPE_ECC);
        if (priv == NULL)
            err = MEMORY_E;
    }
#endif

    if (err == MP_OKAY) {
        p = pub + 1;

        sp_1024_from_mp(pub->x, 32, pX);
        sp_1024_from_mp(pub->y, 32, pY);
        sp_1024_from_bin(pub->z, 32, one, (int)sizeof(one));
        if (privm)
            sp_1024_from_mp(priv, 32, privm);

        /* Check point at infinitiy. */
        if ((sp_1024_iszero_32(pub->x) != 0) &&
            (sp_1024_iszero_32(pub->y) != 0)) {
            err = ECC_INF_E;
        }
    }

    /* Check range of X and Y */
    if ((err == MP_OKAY) &&
            ((sp_1024_cmp_32(pub->x, p1024_mod) >= 0) ||
             (sp_1024_cmp_32(pub->y, p1024_mod) >= 0))) {
        err = ECC_OUT_OF_RANGE_E;
    }

    if (err == MP_OKAY) {
        /* Check point is on curve */
        err = sp_1024_ecc_is_point_32(pub, heap);
    }

    if (err == MP_OKAY) {
        /* Point * order = infinity */
            err = sp_1024_ecc_mulmod_32(p, pub, p1024_order, 1, 1, heap);
    }
    /* Check result is infinity */
    if ((err == MP_OKAY) && ((sp_1024_iszero_32(p->x) == 0) ||
                             (sp_1024_iszero_32(p->y) == 0))) {
        err = ECC_INF_E;
    }

    if (privm) {
        if (err == MP_OKAY) {
            /* Base * private = point */
                err = sp_1024_ecc_mulmod_base_32(p, priv, 1, 1, heap);
        }
        /* Check result is public key */
        if ((err == MP_OKAY) &&
                ((sp_1024_cmp_32(p->x, pub->x) != 0) ||
                 (sp_1024_cmp_32(p->y, pub->y) != 0))) {
            err = ECC_PRIV_KEY_E;
        }
    }

#ifdef WOLFSSL_SP_SMALL_STACK
    if (pub != NULL)
        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
    if (priv != NULL)
        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
#endif

    return err;
}
#endif
#endif /* WOLFSSL_SP_1024 */
#endif /* WOLFCRYPT_HAVE_SAKKE */
#endif /* WOLFSSL_HAVE_SP_ECC */
#endif /* WOLFSSL_SP_ARM_CORTEX_M_ASM */
#endif /* WOLFSSL_HAVE_SP_RSA | WOLFSSL_HAVE_SP_DH | WOLFSSL_HAVE_SP_ECC */