Merge pull request #6750 from SparkiDev/curve25519_thumb2_2

Curve25519/Ed25519: align buffers

tests/api.c

@@ -12494,6 +12494,7 @@ static int test_wc_Sha256Update(void)
 #ifndef NO_SHA256
     wc_Sha256 sha256;
     byte hash[WC_SHA256_DIGEST_SIZE];
+    byte hash_unaligned[WC_SHA256_DIGEST_SIZE+1];
     testVector a, b, c;
 
     ExpectIntEQ(wc_InitSha256(&sha256), 0);
@@ -12517,6 +12518,11 @@ static int test_wc_Sha256Update(void)
     ExpectIntEQ(wc_Sha256Final(&sha256, hash), 0);
     ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE), 0);
 
+    /* Unaligned check. */
+    ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)a.input+1, (word32)a.inLen-1),
+        0);
+    ExpectIntEQ(wc_Sha256Final(&sha256, hash_unaligned + 1), 0);
+
     /* Try passing in bad values */
     b.input = NULL;
     b.inLen = 0;
@@ -12721,6 +12727,7 @@ static int test_wc_Sha512Update(void)
 #ifdef WOLFSSL_SHA512
     wc_Sha512 sha512;
     byte hash[WC_SHA512_DIGEST_SIZE];
+    byte hash_unaligned[WC_SHA512_DIGEST_SIZE + 1];
     testVector a, b, c;
 
     ExpectIntEQ(wc_InitSha512(&sha512), 0);
@@ -12747,6 +12754,11 @@ static int test_wc_Sha512Update(void)
 
     ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA512_DIGEST_SIZE), 0);
 
+    /* Unaligned check. */
+    ExpectIntEQ(wc_Sha512Update(&sha512, (byte*)a.input+1, (word32)a.inLen-1),
+        0);
+    ExpectIntEQ(wc_Sha512Final(&sha512, hash_unaligned+1), 0);
+
     /* Try passing in bad values */
     b.input = NULL;
     b.inLen = 0;
@@ -20091,7 +20103,8 @@ static int test_wc_ed25519_make_key(void)
 #if defined(HAVE_ED25519) && defined(HAVE_ED25519_MAKE_KEY)
     ed25519_key   key;
     WC_RNG        rng;
-    unsigned char pubkey[ED25519_PUB_KEY_SIZE];
+    unsigned char pubkey[ED25519_PUB_KEY_SIZE+1];
+    int           pubkey_sz = ED25519_PUB_KEY_SIZE;
 
     XMEMSET(&key, 0, sizeof(ed25519_key));
     XMEMSET(&rng, 0, sizeof(WC_RNG));
@@ -20099,7 +20112,9 @@ static int test_wc_ed25519_make_key(void)
     ExpectIntEQ(wc_ed25519_init(&key), 0);
     ExpectIntEQ(wc_InitRng(&rng), 0);
 
-    ExpectIntEQ(wc_ed25519_make_public(&key, pubkey, sizeof(pubkey)),
+    ExpectIntEQ(wc_ed25519_make_public(&key, pubkey, pubkey_sz),
+        ECC_PRIV_KEY_E);
+    ExpectIntEQ(wc_ed25519_make_public(&key, pubkey+1, pubkey_sz),
         ECC_PRIV_KEY_E);
     ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
 
@@ -20149,10 +20164,10 @@ static int test_wc_ed25519_sign_msg(void)
     WC_RNG      rng;
     ed25519_key key;
     byte        msg[] = "Everybody gets Friday off.\n";
-    byte        sig[ED25519_SIG_SIZE];
+    byte        sig[ED25519_SIG_SIZE+1];
     word32      msglen = sizeof(msg);
-    word32      siglen = sizeof(sig);
+    word32      siglen = ED25519_SIG_SIZE;
-    word32      badSigLen = sizeof(sig) - 1;
+    word32      badSigLen = ED25519_SIG_SIZE - 1;
 #ifdef HAVE_ED25519_VERIFY
     int         verify_ok = 0; /*1 = Verify success.*/
 #endif
@@ -20160,7 +20175,7 @@ static int test_wc_ed25519_sign_msg(void)
     /* Initialize stack variables. */
     XMEMSET(&key, 0, sizeof(ed25519_key));
     XMEMSET(&rng, 0, sizeof(WC_RNG));
-    XMEMSET(sig, 0, siglen);
+    XMEMSET(sig, 0, sizeof(sig));
 
     /* Initialize key. */
     ExpectIntEQ(wc_ed25519_init(&key), 0);
@@ -20169,6 +20184,8 @@ static int test_wc_ed25519_sign_msg(void)
 
     ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &siglen, &key), 0);
     ExpectIntEQ(siglen, ED25519_SIG_SIZE);
+    ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig+1, &siglen, &key), 0);
+    ExpectIntEQ(siglen, ED25519_SIG_SIZE);
 
     /* Test bad args. */
     ExpectIntEQ(wc_ed25519_sign_msg(NULL, msglen, sig, &siglen, &key),
@@ -20185,24 +20202,24 @@ static int test_wc_ed25519_sign_msg(void)
     badSigLen -= 1;
 
 #ifdef HAVE_ED25519_VERIFY
-    ExpectIntEQ(wc_ed25519_verify_msg(sig, siglen, msg, msglen, &verify_ok,
+    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, &verify_ok,
         &key), 0);
     ExpectIntEQ(verify_ok, 1);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_verify_msg(sig, siglen - 1, msg, msglen, &verify_ok,
+    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen - 1, msg, msglen,
-        &key), BAD_FUNC_ARG);
+        &verify_ok, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_verify_msg(sig, siglen + 1, msg, msglen, &verify_ok,
+    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen + 1, msg, msglen,
-        &key), BAD_FUNC_ARG);
+        &verify_ok, &key), BAD_FUNC_ARG);
     ExpectIntEQ(wc_ed25519_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
         &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_verify_msg(sig, siglen, NULL, msglen, &verify_ok,
+    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, NULL, msglen, &verify_ok,
         &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_verify_msg(sig, siglen, msg, msglen, NULL, &key),
+    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, NULL, &key),
         BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_verify_msg(sig, siglen, msg, msglen, &verify_ok,
+    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, &verify_ok,
         NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_verify_msg(sig, badSigLen, msg, msglen, &verify_ok,
+    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, badSigLen, msg, msglen, &verify_ok,
         &key), BAD_FUNC_ARG);
 #endif /* Verify. */
 

wolfcrypt/src/asn.c

@@ -33810,7 +33810,7 @@ int wc_Ed25519PrivateKeyDecode(const byte* input, word32* inOutIdx,
                                ed25519_key* key, word32 inSz)
 {
     int ret;
-    byte privKey[ED25519_KEY_SIZE], pubKey[ED25519_PUB_KEY_SIZE];
+    byte privKey[ED25519_KEY_SIZE], pubKey[2*ED25519_PUB_KEY_SIZE+1];
     word32 privKeyLen = (word32)sizeof(privKey);
     word32 pubKeyLen = (word32)sizeof(pubKey);
 
@@ -33836,7 +33836,7 @@ int wc_Ed25519PublicKeyDecode(const byte* input, word32* inOutIdx,
                               ed25519_key* key, word32 inSz)
 {
     int ret;
-    byte pubKey[ED25519_PUB_KEY_SIZE];
+    byte pubKey[2*ED25519_PUB_KEY_SIZE+1];
     word32 pubKeyLen = (word32)sizeof(pubKey);
 
     if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {
@@ -34127,7 +34127,7 @@ int wc_Ed448PublicKeyDecode(const byte* input, word32* inOutIdx,
                               ed448_key* key, word32 inSz)
 {
     int ret;
-    byte pubKey[ED448_PUB_KEY_SIZE];
+    byte pubKey[2 * ED448_PUB_KEY_SIZE + 1];
     word32 pubKeyLen = (word32)sizeof(pubKey);
 
     if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {

wolfcrypt/src/ed25519.c

@@ -187,7 +187,7 @@ int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey,
                            word32 pubKeySz)
 {
     int   ret = 0;
-    byte  az[ED25519_PRV_KEY_SIZE];
+    ALIGN16 byte az[ED25519_PRV_KEY_SIZE];
 #if !defined(FREESCALE_LTC_ECC)
     ge_p3 A;
 #endif
@@ -296,14 +296,14 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
     ret = se050_ed25519_sign_msg(in, inLen, out, outLen, key);
 #else
 #ifdef FREESCALE_LTC_ECC
-    byte   tempBuf[ED25519_PRV_KEY_SIZE];
+    ALIGN16 byte tempBuf[ED25519_PRV_KEY_SIZE];
     ltc_pkha_ecc_point_t ltcPoint = {0};
 #else
     ge_p3  R;
 #endif
-    byte   nonce[WC_SHA512_DIGEST_SIZE];
+    ALIGN16 byte nonce[WC_SHA512_DIGEST_SIZE];
-    byte   hram[WC_SHA512_DIGEST_SIZE];
+    ALIGN16 byte hram[WC_SHA512_DIGEST_SIZE];
-    byte   az[ED25519_PRV_KEY_SIZE];
+    ALIGN16 byte az[ED25519_PRV_KEY_SIZE];
 
     /* sanity check on arguments */
     if (in == NULL || out == NULL || outLen == NULL || key == NULL ||
@@ -617,8 +617,8 @@ static int ed25519_verify_msg_final_with_sha(const byte* sig, word32 sigLen,
                                              int* res, ed25519_key* key,
                                              wc_Sha512 *sha)
 {
-    byte   rcheck[ED25519_KEY_SIZE];
+    ALIGN16 byte rcheck[ED25519_KEY_SIZE];
-    byte   h[WC_SHA512_DIGEST_SIZE];
+    ALIGN16 byte h[WC_SHA512_DIGEST_SIZE];
 #ifndef FREESCALE_LTC_ECC
     ge_p3  A;
     ge_p2  R;
@@ -1239,7 +1239,7 @@ int wc_ed25519_check_key(ed25519_key* key)
 {
     int ret = 0;
 #ifdef HAVE_ED25519_MAKE_KEY
-    unsigned char pubKey[ED25519_PUB_KEY_SIZE];
+    ALIGN16 unsigned char pubKey[ED25519_PUB_KEY_SIZE];
 
     if (!key->pubKeySet)
         ret = PUBLIC_KEY_E;

wolfcrypt/src/ge_operations.c

@@ -920,13 +920,13 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
 int ge_compress_key(byte* out, const byte* xIn, const byte* yIn, word32 keySz)
 {
     ge_p2  g;
-    byte   bArray[ED25519_KEY_SIZE];
+    ALIGN16 byte bArray[ED25519_KEY_SIZE];
-    byte   x[ED25519_KEY_SIZE];
+    ALIGN16 byte x[ED25519_PUB_KEY_SIZE];
-    byte   y[ED25519_KEY_SIZE];
+    ALIGN16 byte y[ED25519_PUB_KEY_SIZE];
     word32 i;
 
-    XMEMCPY(x, xIn, ED25519_KEY_SIZE);
+    XMEMCPY(x, xIn, ED25519_PUB_KEY_SIZE);
-    XMEMCPY(y, yIn, ED25519_KEY_SIZE);
+    XMEMCPY(y, yIn, ED25519_PUB_KEY_SIZE);
     fe_frombytes(g.X, x);
     fe_frombytes(g.Y, y);
     fe_1(g.Z);

wolfcrypt/src/port/arm/armv8-32-aes-asm.S

@@ -1447,10 +1447,10 @@ L_AES_CTR_encrypt_loop_block_256:
 	ldr	r9, [lr, #4]
 	ldr	r10, [lr, #8]
 	ldr	r11, [lr, #12]
-	eor	r4, r8
+	eor	r4, r4, r8
-	eor	r5, r9
+	eor	r5, r5, r9
-	eor	r6, r10
+	eor	r6, r6, r10
-	eor	r7, r11
+	eor	r7, r7, r11
 	ldr	r8, [sp, #4]
 	str	r4, [r1]
 	str	r5, [r1, #4]
@@ -1489,10 +1489,10 @@ L_AES_CTR_encrypt_loop_block_192:
 	ldr	r9, [lr, #4]
 	ldr	r10, [lr, #8]
 	ldr	r11, [lr, #12]
-	eor	r4, r8
+	eor	r4, r4, r8
-	eor	r5, r9
+	eor	r5, r5, r9
-	eor	r6, r10
+	eor	r6, r6, r10
-	eor	r7, r11
+	eor	r7, r7, r11
 	ldr	r8, [sp, #4]
 	str	r4, [r1]
 	str	r5, [r1, #4]
@@ -1531,10 +1531,10 @@ L_AES_CTR_encrypt_loop_block_128:
 	ldr	r9, [lr, #4]
 	ldr	r10, [lr, #8]
 	ldr	r11, [lr, #12]
-	eor	r4, r8
+	eor	r4, r4, r8
-	eor	r5, r9
+	eor	r5, r5, r9
-	eor	r6, r10
+	eor	r6, r6, r10
-	eor	r7, r11
+	eor	r7, r7, r11
 	ldr	r8, [sp, #4]
 	str	r4, [r1]
 	str	r5, [r1, #4]
@@ -3172,10 +3172,10 @@ L_AES_GCM_encrypt_loop_block_256:
 	ldr	r9, [lr, #4]
 	ldr	r10, [lr, #8]
 	ldr	r11, [lr, #12]
-	eor	r4, r8
+	eor	r4, r4, r8
-	eor	r5, r9
+	eor	r5, r5, r9
-	eor	r6, r10
+	eor	r6, r6, r10
-	eor	r7, r11
+	eor	r7, r7, r11
 	ldr	r8, [sp, #4]
 	str	r4, [r1]
 	str	r5, [r1, #4]
@@ -3211,10 +3211,10 @@ L_AES_GCM_encrypt_loop_block_192:
 	ldr	r9, [lr, #4]
 	ldr	r10, [lr, #8]
 	ldr	r11, [lr, #12]
-	eor	r4, r8
+	eor	r4, r4, r8
-	eor	r5, r9
+	eor	r5, r5, r9
-	eor	r6, r10
+	eor	r6, r6, r10
-	eor	r7, r11
+	eor	r7, r7, r11
 	ldr	r8, [sp, #4]
 	str	r4, [r1]
 	str	r5, [r1, #4]
@@ -3250,10 +3250,10 @@ L_AES_GCM_encrypt_loop_block_128:
 	ldr	r9, [lr, #4]
 	ldr	r10, [lr, #8]
 	ldr	r11, [lr, #12]
-	eor	r4, r8
+	eor	r4, r4, r8
-	eor	r5, r9
+	eor	r5, r5, r9
-	eor	r6, r10
+	eor	r6, r6, r10
-	eor	r7, r11
+	eor	r7, r7, r11
 	ldr	r8, [sp, #4]
 	str	r4, [r1]
 	str	r5, [r1, #4]

wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c

@@ -1110,10 +1110,10 @@ void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "ldr	r9, [lr, #4]\n\t"
         "ldr	r10, [lr, #8]\n\t"
         "ldr	r11, [lr, #12]\n\t"
-        "eor	r4, r8\n\t"
+        "eor	r4, r4, r8\n\t"
-        "eor	r5, r9\n\t"
+        "eor	r5, r5, r9\n\t"
-        "eor	r6, r10\n\t"
+        "eor	r6, r6, r10\n\t"
-        "eor	r7, r11\n\t"
+        "eor	r7, r7, r11\n\t"
         "ldr	r8, [sp, #4]\n\t"
         "str	r4, [%[out]]\n\t"
         "str	r5, [%[out], #4]\n\t"
@@ -1154,10 +1154,10 @@ void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "ldr	r9, [lr, #4]\n\t"
         "ldr	r10, [lr, #8]\n\t"
         "ldr	r11, [lr, #12]\n\t"
-        "eor	r4, r8\n\t"
+        "eor	r4, r4, r8\n\t"
-        "eor	r5, r9\n\t"
+        "eor	r5, r5, r9\n\t"
-        "eor	r6, r10\n\t"
+        "eor	r6, r6, r10\n\t"
-        "eor	r7, r11\n\t"
+        "eor	r7, r7, r11\n\t"
         "ldr	r8, [sp, #4]\n\t"
         "str	r4, [%[out]]\n\t"
         "str	r5, [%[out], #4]\n\t"
@@ -1198,10 +1198,10 @@ void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "ldr	r9, [lr, #4]\n\t"
         "ldr	r10, [lr, #8]\n\t"
         "ldr	r11, [lr, #12]\n\t"
-        "eor	r4, r8\n\t"
+        "eor	r4, r4, r8\n\t"
-        "eor	r5, r9\n\t"
+        "eor	r5, r5, r9\n\t"
-        "eor	r6, r10\n\t"
+        "eor	r6, r6, r10\n\t"
-        "eor	r7, r11\n\t"
+        "eor	r7, r7, r11\n\t"
         "ldr	r8, [sp, #4]\n\t"
         "str	r4, [%[out]]\n\t"
         "str	r5, [%[out], #4]\n\t"
@@ -2651,10 +2651,10 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "ldr	r9, [lr, #4]\n\t"
         "ldr	r10, [lr, #8]\n\t"
         "ldr	r11, [lr, #12]\n\t"
-        "eor	r4, r8\n\t"
+        "eor	r4, r4, r8\n\t"
-        "eor	r5, r9\n\t"
+        "eor	r5, r5, r9\n\t"
-        "eor	r6, r10\n\t"
+        "eor	r6, r6, r10\n\t"
-        "eor	r7, r11\n\t"
+        "eor	r7, r7, r11\n\t"
         "ldr	r8, [sp, #4]\n\t"
         "str	r4, [%[out]]\n\t"
         "str	r5, [%[out], #4]\n\t"
@@ -2692,10 +2692,10 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "ldr	r9, [lr, #4]\n\t"
         "ldr	r10, [lr, #8]\n\t"
         "ldr	r11, [lr, #12]\n\t"
-        "eor	r4, r8\n\t"
+        "eor	r4, r4, r8\n\t"
-        "eor	r5, r9\n\t"
+        "eor	r5, r5, r9\n\t"
-        "eor	r6, r10\n\t"
+        "eor	r6, r6, r10\n\t"
-        "eor	r7, r11\n\t"
+        "eor	r7, r7, r11\n\t"
         "ldr	r8, [sp, #4]\n\t"
         "str	r4, [%[out]]\n\t"
         "str	r5, [%[out], #4]\n\t"
@@ -2733,10 +2733,10 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "ldr	r9, [lr, #4]\n\t"
         "ldr	r10, [lr, #8]\n\t"
         "ldr	r11, [lr, #12]\n\t"
-        "eor	r4, r8\n\t"
+        "eor	r4, r4, r8\n\t"
-        "eor	r5, r9\n\t"
+        "eor	r5, r5, r9\n\t"
-        "eor	r6, r10\n\t"
+        "eor	r6, r6, r10\n\t"
-        "eor	r7, r11\n\t"
+        "eor	r7, r7, r11\n\t"
         "ldr	r8, [sp, #4]\n\t"
         "str	r4, [%[out]]\n\t"
         "str	r5, [%[out], #4]\n\t"

wolfcrypt/src/port/arm/armv8-32-curve25519.S

@@ -32,10 +32,6 @@
 #ifdef WOLFSSL_ARMASM
 #if !defined(__aarch64__) && defined(__arm__)
 #ifndef WOLFSSL_ARMASM_INLINE
-/* Based on work by: Emil Lenngren
- * https://github.com/pornin/X25519-Cortex-M4
- */
-
 #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
 #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL)
 
@@ -348,9 +344,23 @@ fe_add:
 	.type	fe_frombytes, %function
 fe_frombytes:
 	push	{r4, r5, r6, r7, r8, r9, lr}
-	ldm	r1, {r2, r3, r4, r5, r6, r7, r8, r9}
+	ldr	r2, [r1]
+	ldr	r3, [r1, #4]
+	ldr	r4, [r1, #8]
+	ldr	r5, [r1, #12]
+	ldr	r6, [r1, #16]
+	ldr	r7, [r1, #20]
+	ldr	r8, [r1, #24]
+	ldr	r9, [r1, #28]
 	bfc	r9, #31, #1
-	stm	r0, {r2, r3, r4, r5, r6, r7, r8, r9}
+	str	r2, [r0]
+	str	r3, [r0, #4]
+	str	r4, [r0, #8]
+	str	r5, [r0, #12]
+	str	r6, [r0, #16]
+	str	r7, [r0, #20]
+	str	r8, [r0, #24]
+	str	r9, [r0, #28]
 	pop	{r4, r5, r6, r7, r8, r9, pc}
 	.size	fe_frombytes,.-fe_frombytes
 	.text
@@ -379,7 +389,14 @@ fe_tobytes:
 	adcs	r8, r8, #0
 	adc	r9, r9, #0
 	bfc	r9, #31, #1
-	stm	r0, {r2, r3, r4, r5, r6, r7, r8, r9}
+	str	r2, [r0]
+	str	r3, [r0, #4]
+	str	r4, [r0, #8]
+	str	r5, [r0, #12]
+	str	r6, [r0, #16]
+	str	r7, [r0, #20]
+	str	r8, [r0, #24]
+	str	r9, [r0, #28]
 	pop	{r4, r5, r6, r7, r8, r9, pc}
 	.size	fe_tobytes,.-fe_tobytes
 	.text
@@ -387,69 +404,36 @@ fe_tobytes:
 	.globl	fe_1
 	.type	fe_1, %function
 fe_1:
+	push	{r4, r5, r6, r7, r8, r9, lr}
 	# Set one
 	mov	r2, #1
 	mov	r3, #0
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	mov	r4, #0
-	str	r2, [r0]
+	mov	r5, #0
-	str	r3, [r0, #4]
+	mov	r6, #0
-#else
+	mov	r7, #0
-	strd	r2, r3, [r0]
+	mov	r8, #0
-#endif
+	mov	r9, #0
-	mov	r2, #0
+	stm	r0, {r2, r3, r4, r5, r6, r7, r8, r9}
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	pop	{r4, r5, r6, r7, r8, r9, pc}
-	str	r2, [r0, #8]
-	str	r3, [r0, #12]
-#else
-	strd	r2, r3, [r0, #8]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r2, [r0, #16]
-	str	r3, [r0, #20]
-#else
-	strd	r2, r3, [r0, #16]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r2, [r0, #24]
-	str	r3, [r0, #28]
-#else
-	strd	r2, r3, [r0, #24]
-#endif
-	bx	lr
 	.size	fe_1,.-fe_1
 	.text
 	.align	4
 	.globl	fe_0
 	.type	fe_0, %function
 fe_0:
+	push	{r4, r5, r6, r7, r8, r9, lr}
 	# Set zero
 	mov	r2, #0
 	mov	r3, #0
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	mov	r4, #0
-	str	r2, [r0]
+	mov	r5, #0
-	str	r3, [r0, #4]
+	mov	r6, #0
-#else
+	mov	r7, #0
-	strd	r2, r3, [r0]
+	mov	r8, #0
-#endif
+	mov	r9, #0
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	stm	r0, {r2, r3, r4, r5, r6, r7, r8, r9}
-	str	r2, [r0, #8]
+	pop	{r4, r5, r6, r7, r8, r9, pc}
-	str	r3, [r0, #12]
-#else
-	strd	r2, r3, [r0, #8]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r2, [r0, #16]
-	str	r3, [r0, #20]
-#else
-	strd	r2, r3, [r0, #16]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r2, [r0, #24]
-	str	r3, [r0, #28]
-#else
-	strd	r2, r3, [r0, #24]
-#endif
-	bx	lr
 	.size	fe_0,.-fe_0
 	.text
 	.align	4
@@ -588,6 +572,7 @@ fe_isnegative:
 	eor	r0, r0, r1
 	pop	{r4, r5, pc}
 	.size	fe_isnegative,.-fe_isnegative
+#if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN)
 #ifndef WC_NO_CACHE_RESISTANT
 	.text
 	.align	4
@@ -2394,6 +2379,7 @@ fe_cmov_table:
 	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	.size	fe_cmov_table,.-fe_cmov_table
 #endif /* WC_NO_CACHE_RESISTANT */
+#endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN */
 #endif /* HAVE_ED25519 */
 	.text
 	.align	4
@@ -2671,6 +2657,7 @@ fe_sq:
 	bl	fe_sq_op
 	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	.size	fe_sq,.-fe_sq
+#ifdef HAVE_CURVE25519
 	.text
 	.align	4
 	.globl	fe_mul121666
@@ -2725,89 +2712,20 @@ curve25519:
 	str	r2, [sp, #168]
 	mov	r1, #0
 	str	r1, [sp, #172]
-	# Set one
+	mov	r4, #1
-	mov	r10, #1
+	mov	r5, #0
-	mov	r11, #0
+	mov	r6, #0
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	mov	r7, #0
-	str	r10, [r0]
+	mov	r8, #0
-	str	r11, [r0, #4]
+	mov	r9, #0
-#else
-	strd	r10, r11, [r0]
-#endif
-	mov	r10, #0
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [r0, #8]
-	str	r11, [r0, #12]
-#else
-	strd	r10, r11, [r0, #8]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [r0, #16]
-	str	r11, [r0, #20]
-#else
-	strd	r10, r11, [r0, #16]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [r0, #24]
-	str	r11, [r0, #28]
-#else
-	strd	r10, r11, [r0, #24]
-#endif
-	# Set zero
 	mov	r10, #0
 	mov	r11, #0
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	stm	r0, {r4, r5, r6, r7, r8, r9, r10, r11}
-	str	r10, [sp]
+	add	r3, sp, #32
-	str	r11, [sp, #4]
+	stm	r3, {r4, r5, r6, r7, r8, r9, r10, r11}
-#else
+	mov	r4, #0
-	strd	r10, r11, [sp]
+	mov	r3, sp
-#endif
+	stm	r3, {r4, r5, r6, r7, r8, r9, r10, r11}
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [sp, #8]
-	str	r11, [sp, #12]
-#else
-	strd	r10, r11, [sp, #8]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [sp, #16]
-	str	r11, [sp, #20]
-#else
-	strd	r10, r11, [sp, #16]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [sp, #24]
-	str	r11, [sp, #28]
-#else
-	strd	r10, r11, [sp, #24]
-#endif
-	# Set one
-	mov	r10, #1
-	mov	r11, #0
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [sp, #32]
-	str	r11, [sp, #36]
-#else
-	strd	r10, r11, [sp, #32]
-#endif
-	mov	r10, #0
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [sp, #40]
-	str	r11, [sp, #44]
-#else
-	strd	r10, r11, [sp, #40]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [sp, #48]
-	str	r11, [sp, #52]
-#else
-	strd	r10, r11, [sp, #48]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [sp, #56]
-	str	r11, [sp, #60]
-#else
-	strd	r10, r11, [sp, #56]
-#endif
 	add	r3, sp, #0x40
 	# Copy
 	ldm	r2, {r4, r5, r6, r7, r8, r9, r10, r11}
@@ -2830,18 +2748,10 @@ L_curve25519_bits:
 	ldr	r0, [sp, #160]
 	# Conditional Swap
 	rsb	r1, r1, #0
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	mov	r3, r0
-	ldr	r4, [r0]
+	add	r12, sp, #0x40
-	ldr	r5, [r0, #4]
+	ldm	r3, {r4, r5}
-#else
+	ldm	r12, {r6, r7}
-	ldrd	r4, r5, [r0]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	ldr	r6, [sp, #64]
-	ldr	r7, [sp, #68]
-#else
-	ldrd	r6, r7, [sp, #64]
-#endif
 	eor	r8, r4, r6
 	eor	r9, r5, r7
 	and	r8, r8, r1
@@ -2850,30 +2760,10 @@ L_curve25519_bits:
 	eor	r5, r5, r9
 	eor	r6, r6, r8
 	eor	r7, r7, r9
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	stm	r3!, {r4, r5}
-	str	r4, [r0]
+	stm	r12!, {r6, r7}
-	str	r5, [r0, #4]
+	ldm	r3, {r4, r5}
-#else
+	ldm	r12, {r6, r7}
-	strd	r4, r5, [r0]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r6, [sp, #64]
-	str	r7, [sp, #68]
-#else
-	strd	r6, r7, [sp, #64]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	ldr	r4, [r0, #8]
-	ldr	r5, [r0, #12]
-#else
-	ldrd	r4, r5, [r0, #8]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	ldr	r6, [sp, #72]
-	ldr	r7, [sp, #76]
-#else
-	ldrd	r6, r7, [sp, #72]
-#endif
 	eor	r8, r4, r6
 	eor	r9, r5, r7
 	and	r8, r8, r1
@@ -2882,30 +2772,10 @@ L_curve25519_bits:
 	eor	r5, r5, r9
 	eor	r6, r6, r8
 	eor	r7, r7, r9
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	stm	r3!, {r4, r5}
-	str	r4, [r0, #8]
+	stm	r12!, {r6, r7}
-	str	r5, [r0, #12]
+	ldm	r3, {r4, r5}
-#else
+	ldm	r12, {r6, r7}
-	strd	r4, r5, [r0, #8]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r6, [sp, #72]
-	str	r7, [sp, #76]
-#else
-	strd	r6, r7, [sp, #72]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	ldr	r4, [r0, #16]
-	ldr	r5, [r0, #20]
-#else
-	ldrd	r4, r5, [r0, #16]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	ldr	r6, [sp, #80]
-	ldr	r7, [sp, #84]
-#else
-	ldrd	r6, r7, [sp, #80]
-#endif
 	eor	r8, r4, r6
 	eor	r9, r5, r7
 	and	r8, r8, r1
@@ -2914,30 +2784,10 @@ L_curve25519_bits:
 	eor	r5, r5, r9
 	eor	r6, r6, r8
 	eor	r7, r7, r9
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	stm	r3!, {r4, r5}
-	str	r4, [r0, #16]
+	stm	r12!, {r6, r7}
-	str	r5, [r0, #20]
+	ldm	r3, {r4, r5}
-#else
+	ldm	r12, {r6, r7}
-	strd	r4, r5, [r0, #16]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r6, [sp, #80]
-	str	r7, [sp, #84]
-#else
-	strd	r6, r7, [sp, #80]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	ldr	r4, [r0, #24]
-	ldr	r5, [r0, #28]
-#else
-	ldrd	r4, r5, [r0, #24]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	ldr	r6, [sp, #88]
-	ldr	r7, [sp, #92]
-#else
-	ldrd	r6, r7, [sp, #88]
-#endif
 	eor	r8, r4, r6
 	eor	r9, r5, r7
 	and	r8, r8, r1
@@ -2946,33 +2796,15 @@ L_curve25519_bits:
 	eor	r5, r5, r9
 	eor	r6, r6, r8
 	eor	r7, r7, r9
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	stm	r3!, {r4, r5}
-	str	r4, [r0, #24]
+	stm	r12!, {r6, r7}
-	str	r5, [r0, #28]
-#else
-	strd	r4, r5, [r0, #24]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r6, [sp, #88]
-	str	r7, [sp, #92]
-#else
-	strd	r6, r7, [sp, #88]
-#endif
 	ldr	r1, [sp, #172]
 	# Conditional Swap
 	rsb	r1, r1, #0
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	mov	r3, sp
-	ldr	r4, [sp]
+	add	r12, sp, #32
-	ldr	r5, [sp, #4]
+	ldm	r3, {r4, r5}
-#else
+	ldm	r12, {r6, r7}
-	ldrd	r4, r5, [sp]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	ldr	r6, [sp, #32]
-	ldr	r7, [sp, #36]
-#else
-	ldrd	r6, r7, [sp, #32]
-#endif
 	eor	r8, r4, r6
 	eor	r9, r5, r7
 	and	r8, r8, r1
@@ -2981,30 +2813,10 @@ L_curve25519_bits:
 	eor	r5, r5, r9
 	eor	r6, r6, r8
 	eor	r7, r7, r9
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	stm	r3!, {r4, r5}
-	str	r4, [sp]
+	stm	r12!, {r6, r7}
-	str	r5, [sp, #4]
+	ldm	r3, {r4, r5}
-#else
+	ldm	r12, {r6, r7}
-	strd	r4, r5, [sp]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r6, [sp, #32]
-	str	r7, [sp, #36]
-#else
-	strd	r6, r7, [sp, #32]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	ldr	r4, [sp, #8]
-	ldr	r5, [sp, #12]
-#else
-	ldrd	r4, r5, [sp, #8]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	ldr	r6, [sp, #40]
-	ldr	r7, [sp, #44]
-#else
-	ldrd	r6, r7, [sp, #40]
-#endif
 	eor	r8, r4, r6
 	eor	r9, r5, r7
 	and	r8, r8, r1
@@ -3013,30 +2825,10 @@ L_curve25519_bits:
 	eor	r5, r5, r9
 	eor	r6, r6, r8
 	eor	r7, r7, r9
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	stm	r3!, {r4, r5}
-	str	r4, [sp, #8]
+	stm	r12!, {r6, r7}
-	str	r5, [sp, #12]
+	ldm	r3, {r4, r5}
-#else
+	ldm	r12, {r6, r7}
-	strd	r4, r5, [sp, #8]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r6, [sp, #40]
-	str	r7, [sp, #44]
-#else
-	strd	r6, r7, [sp, #40]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	ldr	r4, [sp, #16]
-	ldr	r5, [sp, #20]
-#else
-	ldrd	r4, r5, [sp, #16]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	ldr	r6, [sp, #48]
-	ldr	r7, [sp, #52]
-#else
-	ldrd	r6, r7, [sp, #48]
-#endif
 	eor	r8, r4, r6
 	eor	r9, r5, r7
 	and	r8, r8, r1
@@ -3045,30 +2837,10 @@ L_curve25519_bits:
 	eor	r5, r5, r9
 	eor	r6, r6, r8
 	eor	r7, r7, r9
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	stm	r3!, {r4, r5}
-	str	r4, [sp, #16]
+	stm	r12!, {r6, r7}
-	str	r5, [sp, #20]
+	ldm	r3, {r4, r5}
-#else
+	ldm	r12, {r6, r7}
-	strd	r4, r5, [sp, #16]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r6, [sp, #48]
-	str	r7, [sp, #52]
-#else
-	strd	r6, r7, [sp, #48]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	ldr	r4, [sp, #24]
-	ldr	r5, [sp, #28]
-#else
-	ldrd	r4, r5, [sp, #24]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	ldr	r6, [sp, #56]
-	ldr	r7, [sp, #60]
-#else
-	ldrd	r6, r7, [sp, #56]
-#endif
 	eor	r8, r4, r6
 	eor	r9, r5, r7
 	and	r8, r8, r1
@@ -3077,18 +2849,8 @@ L_curve25519_bits:
 	eor	r5, r5, r9
 	eor	r6, r6, r8
 	eor	r7, r7, r9
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	stm	r3!, {r4, r5}
-	str	r4, [sp, #24]
+	stm	r12!, {r6, r7}
-	str	r5, [sp, #28]
-#else
-	strd	r4, r5, [sp, #24]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r6, [sp, #56]
-	str	r7, [sp, #60]
-#else
-	strd	r6, r7, [sp, #56]
-#endif
 	ldr	r1, [sp, #184]
 	str	r1, [sp, #172]
 	mov	r3, sp
@@ -3329,89 +3091,20 @@ curve25519:
 	str	r4, [sp, #188]
 	mov	r1, #0
 	str	r1, [sp, #164]
-	# Set one
+	mov	r4, #1
-	mov	r10, #1
+	mov	r5, #0
-	mov	r11, #0
+	mov	r6, #0
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	mov	r7, #0
-	str	r10, [r0]
+	mov	r8, #0
-	str	r11, [r0, #4]
+	mov	r9, #0
-#else
-	strd	r10, r11, [r0]
-#endif
-	mov	r10, #0
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [r0, #8]
-	str	r11, [r0, #12]
-#else
-	strd	r10, r11, [r0, #8]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [r0, #16]
-	str	r11, [r0, #20]
-#else
-	strd	r10, r11, [r0, #16]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [r0, #24]
-	str	r11, [r0, #28]
-#else
-	strd	r10, r11, [r0, #24]
-#endif
-	# Set zero
 	mov	r10, #0
 	mov	r11, #0
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+	stm	r0, {r4, r5, r6, r7, r8, r9, r10, r11}
-	str	r10, [sp]
+	add	r3, sp, #32
-	str	r11, [sp, #4]
+	stm	r3, {r4, r5, r6, r7, r8, r9, r10, r11}
-#else
+	mov	r4, #0
-	strd	r10, r11, [sp]
+	mov	r3, sp
-#endif
+	stm	r3, {r4, r5, r6, r7, r8, r9, r10, r11}
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [sp, #8]
-	str	r11, [sp, #12]
-#else
-	strd	r10, r11, [sp, #8]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [sp, #16]
-	str	r11, [sp, #20]
-#else
-	strd	r10, r11, [sp, #16]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [sp, #24]
-	str	r11, [sp, #28]
-#else
-	strd	r10, r11, [sp, #24]
-#endif
-	# Set one
-	mov	r10, #1
-	mov	r11, #0
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [sp, #32]
-	str	r11, [sp, #36]
-#else
-	strd	r10, r11, [sp, #32]
-#endif
-	mov	r10, #0
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [sp, #40]
-	str	r11, [sp, #44]
-#else
-	strd	r10, r11, [sp, #40]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [sp, #48]
-	str	r11, [sp, #52]
-#else
-	strd	r10, r11, [sp, #48]
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-	str	r10, [sp, #56]
-	str	r11, [sp, #60]
-#else
-	strd	r10, r11, [sp, #56]
-#endif
 	add	r3, sp, #0x40
 	# Copy
 	ldm	r2, {r4, r5, r6, r7, r8, r9, r10, r11}
@@ -3675,6 +3368,7 @@ L_curve25519_inv_8:
 	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	.size	curve25519,.-curve25519
 #endif /* WC_NO_CACHE_RESISTANT */
+#endif /* HAVE_CURVE25519 */
 #ifdef HAVE_ED25519
 	.text
 	.align	4
@@ -4974,13 +4668,14 @@ sc_reduce:
 	add	sp, sp, #52
 	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	.size	sc_reduce,.-sc_reduce
+#ifdef HAVE_ED25519_SIGN
 	.text
 	.align	4
 	.globl	sc_muladd
 	.type	sc_muladd, %function
 sc_muladd:
 	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
-	sub	sp, sp, #0x50
+	sub	sp, sp, #0x70
 	add	lr, sp, #0x44
 	stm	lr, {r0, r1, r3}
 	mov	lr, r2
@@ -5082,7 +4777,7 @@ sc_muladd:
 	mov	r3, r12
 	add	lr, sp, #32
 	stm	lr, {r3, r4, r5, r6, r7, r8, r9, r10}
-	ldr	r0, [sp, #68]
+	add	r0, sp, #0x50
 	# Add c to a * b
 	ldr	lr, [sp, #76]
 	ldm	sp!, {r2, r3, r4, r5, r6, r7, r8, r9}
@@ -5502,11 +5197,20 @@ sc_muladd:
 	adcs	r8, r8, #0
 	adc	r9, r9, r1
 	bfc	r9, #28, #4
+	ldr	r0, [sp, #68]
 	# Store result
-	stm	r0, {r2, r3, r4, r5, r6, r7, r8, r9}
+	str	r2, [r0]
-	add	sp, sp, #0x50
+	str	r3, [r0, #4]
+	str	r4, [r0, #8]
+	str	r5, [r0, #12]
+	str	r6, [r0, #16]
+	str	r7, [r0, #20]
+	str	r8, [r0, #24]
+	str	r9, [r0, #28]
+	add	sp, sp, #0x70
 	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	.size	sc_muladd,.-sc_muladd
+#endif /* HAVE_ED25519_SIGN */
 #endif /* HAVE_ED25519 */
 
 #endif /* !CURVE25519_SMALL || !ED25519_SMALL */

wolfcrypt/src/port/arm/armv8-32-curve25519_c.c

@@ -378,9 +378,23 @@ void fe_frombytes(fe out_p, const unsigned char* in_p)
     register const unsigned char* in asm ("r1") = (const unsigned char*)in_p;
 
     __asm__ __volatile__ (
-        "ldm	%[in], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldr	r2, [%[in]]\n\t"
+        "ldr	r3, [%[in], #4]\n\t"
+        "ldr	r4, [%[in], #8]\n\t"
+        "ldr	r5, [%[in], #12]\n\t"
+        "ldr	r6, [%[in], #16]\n\t"
+        "ldr	r7, [%[in], #20]\n\t"
+        "ldr	r8, [%[in], #24]\n\t"
+        "ldr	r9, [%[in], #28]\n\t"
         "bfc	r9, #31, #1\n\t"
-        "stm	%[out], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "str	r2, [%[out]]\n\t"
+        "str	r3, [%[out], #4]\n\t"
+        "str	r4, [%[out], #8]\n\t"
+        "str	r5, [%[out], #12]\n\t"
+        "str	r6, [%[out], #16]\n\t"
+        "str	r7, [%[out], #20]\n\t"
+        "str	r8, [%[out], #24]\n\t"
+        "str	r9, [%[out], #28]\n\t"
         : [out] "+r" (out), [in] "+r" (in)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
@@ -413,7 +427,14 @@ void fe_tobytes(unsigned char* out_p, const fe n_p)
         "adcs	r8, r8, #0\n\t"
         "adc	r9, r9, #0\n\t"
         "bfc	r9, #31, #1\n\t"
-        "stm	%[out], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "str	r2, [%[out]]\n\t"
+        "str	r3, [%[out], #4]\n\t"
+        "str	r4, [%[out], #8]\n\t"
+        "str	r5, [%[out], #12]\n\t"
+        "str	r6, [%[out], #16]\n\t"
+        "str	r7, [%[out], #20]\n\t"
+        "str	r8, [%[out], #24]\n\t"
+        "str	r9, [%[out], #28]\n\t"
         : [out] "+r" (out), [n] "+r" (n)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12"
@@ -428,34 +449,16 @@ void fe_1(fe n_p)
         /* Set one */
         "mov	r2, #1\n\t"
         "mov	r3, #0\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "mov	r4, #0\n\t"
-        "str	r2, [%[n]]\n\t"
+        "mov	r5, #0\n\t"
-        "str	r3, [%[n], #4]\n\t"
+        "mov	r6, #0\n\t"
-#else
+        "mov	r7, #0\n\t"
-        "strd	r2, r3, [%[n]]\n\t"
+        "mov	r8, #0\n\t"
-#endif
+        "mov	r9, #0\n\t"
-        "mov	r2, #0\n\t"
+        "stm	%[n], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r2, [%[n], #8]\n\t"
-        "str	r3, [%[n], #12]\n\t"
-#else
-        "strd	r2, r3, [%[n], #8]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r2, [%[n], #16]\n\t"
-        "str	r3, [%[n], #20]\n\t"
-#else
-        "strd	r2, r3, [%[n], #16]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r2, [%[n], #24]\n\t"
-        "str	r3, [%[n], #28]\n\t"
-#else
-        "strd	r2, r3, [%[n], #24]\n\t"
-#endif
         : [n] "+r" (n)
         :
-        : "memory", "r2", "r3"
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -467,33 +470,16 @@ void fe_0(fe n_p)
         /* Set zero */
         "mov	r2, #0\n\t"
         "mov	r3, #0\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "mov	r4, #0\n\t"
-        "str	r2, [%[n]]\n\t"
+        "mov	r5, #0\n\t"
-        "str	r3, [%[n], #4]\n\t"
+        "mov	r6, #0\n\t"
-#else
+        "mov	r7, #0\n\t"
-        "strd	r2, r3, [%[n]]\n\t"
+        "mov	r8, #0\n\t"
-#endif
+        "mov	r9, #0\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "stm	%[n], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
-        "str	r2, [%[n], #8]\n\t"
-        "str	r3, [%[n], #12]\n\t"
-#else
-        "strd	r2, r3, [%[n], #8]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r2, [%[n], #16]\n\t"
-        "str	r3, [%[n], #20]\n\t"
-#else
-        "strd	r2, r3, [%[n], #16]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r2, [%[n], #24]\n\t"
-        "str	r3, [%[n], #28]\n\t"
-#else
-        "strd	r2, r3, [%[n], #24]\n\t"
-#endif
         : [n] "+r" (n)
         :
-        : "memory", "r2", "r3"
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -650,6 +636,7 @@ int fe_isnegative(const fe a_p)
     return (uint32_t)(size_t)a;
 }
 
+#if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN)
 #ifndef WC_NO_CACHE_RESISTANT
 void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 {
@@ -2466,6 +2453,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 }
 
 #endif /* WC_NO_CACHE_RESISTANT */
+#endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN */
 #endif /* HAVE_ED25519 */
 void fe_mul_op(void);
 void fe_mul_op()
@@ -2756,6 +2744,7 @@ void fe_sq(fe r_p, const fe a_p)
     );
 }
 
+#ifdef HAVE_CURVE25519
 void fe_mul121666(fe r_p, fe a_p)
 {
     register sword32* r asm ("r0") = (sword32*)r_p;
@@ -2815,89 +2804,20 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "str	%[a], [sp, #168]\n\t"
         "mov	%[n], #0\n\t"
         "str	%[n], [sp, #172]\n\t"
-        /* Set one */
+        "mov	r4, #1\n\t"
-        "mov	r10, #1\n\t"
+        "mov	r5, #0\n\t"
-        "mov	r11, #0\n\t"
+        "mov	r6, #0\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "mov	r7, #0\n\t"
-        "str	r10, [%[r]]\n\t"
+        "mov	r8, #0\n\t"
-        "str	r11, [%[r], #4]\n\t"
+        "mov	r9, #0\n\t"
-#else
-        "strd	r10, r11, [%[r]]\n\t"
-#endif
-        "mov	r10, #0\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [%[r], #8]\n\t"
-        "str	r11, [%[r], #12]\n\t"
-#else
-        "strd	r10, r11, [%[r], #8]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [%[r], #16]\n\t"
-        "str	r11, [%[r], #20]\n\t"
-#else
-        "strd	r10, r11, [%[r], #16]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [%[r], #24]\n\t"
-        "str	r11, [%[r], #28]\n\t"
-#else
-        "strd	r10, r11, [%[r], #24]\n\t"
-#endif
-        /* Set zero */
         "mov	r10, #0\n\t"
         "mov	r11, #0\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "stm	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
-        "str	r10, [sp]\n\t"
+        "add	r3, sp, #32\n\t"
-        "str	r11, [sp, #4]\n\t"
+        "stm	r3, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
-#else
+        "mov	r4, #0\n\t"
-        "strd	r10, r11, [sp]\n\t"
+        "mov	r3, sp\n\t"
-#endif
+        "stm	r3, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [sp, #8]\n\t"
-        "str	r11, [sp, #12]\n\t"
-#else
-        "strd	r10, r11, [sp, #8]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [sp, #16]\n\t"
-        "str	r11, [sp, #20]\n\t"
-#else
-        "strd	r10, r11, [sp, #16]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [sp, #24]\n\t"
-        "str	r11, [sp, #28]\n\t"
-#else
-        "strd	r10, r11, [sp, #24]\n\t"
-#endif
-        /* Set one */
-        "mov	r10, #1\n\t"
-        "mov	r11, #0\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [sp, #32]\n\t"
-        "str	r11, [sp, #36]\n\t"
-#else
-        "strd	r10, r11, [sp, #32]\n\t"
-#endif
-        "mov	r10, #0\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [sp, #40]\n\t"
-        "str	r11, [sp, #44]\n\t"
-#else
-        "strd	r10, r11, [sp, #40]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [sp, #48]\n\t"
-        "str	r11, [sp, #52]\n\t"
-#else
-        "strd	r10, r11, [sp, #48]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [sp, #56]\n\t"
-        "str	r11, [sp, #60]\n\t"
-#else
-        "strd	r10, r11, [sp, #56]\n\t"
-#endif
         "add	r3, sp, #0x40\n\t"
         /* Copy */
         "ldm	r2, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
@@ -2922,18 +2842,10 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "ldr	%[r], [sp, #160]\n\t"
         /* Conditional Swap */
         "rsb	%[n], %[n], #0\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "mov	r3, r0\n\t"
-        "ldr	r4, [%[r]]\n\t"
+        "add	r12, sp, #0x40\n\t"
-        "ldr	r5, [%[r], #4]\n\t"
+        "ldm	r3, {r4, r5}\n\t"
-#else
+        "ldm	r12, {r6, r7}\n\t"
-        "ldrd	r4, r5, [%[r]]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "ldr	r6, [sp, #64]\n\t"
-        "ldr	r7, [sp, #68]\n\t"
-#else
-        "ldrd	r6, r7, [sp, #64]\n\t"
-#endif
         "eor	r8, r4, r6\n\t"
         "eor	r9, r5, r7\n\t"
         "and	r8, r8, %[n]\n\t"
@@ -2942,30 +2854,10 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "eor	r5, r5, r9\n\t"
         "eor	r6, r6, r8\n\t"
         "eor	r7, r7, r9\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "stm	r3!, {r4, r5}\n\t"
-        "str	r4, [%[r]]\n\t"
+        "stm	r12!, {r6, r7}\n\t"
-        "str	r5, [%[r], #4]\n\t"
+        "ldm	r3, {r4, r5}\n\t"
-#else
+        "ldm	r12, {r6, r7}\n\t"
-        "strd	r4, r5, [%[r]]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r6, [sp, #64]\n\t"
-        "str	r7, [sp, #68]\n\t"
-#else
-        "strd	r6, r7, [sp, #64]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "ldr	r4, [%[r], #8]\n\t"
-        "ldr	r5, [%[r], #12]\n\t"
-#else
-        "ldrd	r4, r5, [%[r], #8]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "ldr	r6, [sp, #72]\n\t"
-        "ldr	r7, [sp, #76]\n\t"
-#else
-        "ldrd	r6, r7, [sp, #72]\n\t"
-#endif
         "eor	r8, r4, r6\n\t"
         "eor	r9, r5, r7\n\t"
         "and	r8, r8, %[n]\n\t"
@@ -2974,30 +2866,10 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "eor	r5, r5, r9\n\t"
         "eor	r6, r6, r8\n\t"
         "eor	r7, r7, r9\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "stm	r3!, {r4, r5}\n\t"
-        "str	r4, [%[r], #8]\n\t"
+        "stm	r12!, {r6, r7}\n\t"
-        "str	r5, [%[r], #12]\n\t"
+        "ldm	r3, {r4, r5}\n\t"
-#else
+        "ldm	r12, {r6, r7}\n\t"
-        "strd	r4, r5, [%[r], #8]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r6, [sp, #72]\n\t"
-        "str	r7, [sp, #76]\n\t"
-#else
-        "strd	r6, r7, [sp, #72]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "ldr	r4, [%[r], #16]\n\t"
-        "ldr	r5, [%[r], #20]\n\t"
-#else
-        "ldrd	r4, r5, [%[r], #16]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "ldr	r6, [sp, #80]\n\t"
-        "ldr	r7, [sp, #84]\n\t"
-#else
-        "ldrd	r6, r7, [sp, #80]\n\t"
-#endif
         "eor	r8, r4, r6\n\t"
         "eor	r9, r5, r7\n\t"
         "and	r8, r8, %[n]\n\t"
@@ -3006,30 +2878,10 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "eor	r5, r5, r9\n\t"
         "eor	r6, r6, r8\n\t"
         "eor	r7, r7, r9\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "stm	r3!, {r4, r5}\n\t"
-        "str	r4, [%[r], #16]\n\t"
+        "stm	r12!, {r6, r7}\n\t"
-        "str	r5, [%[r], #20]\n\t"
+        "ldm	r3, {r4, r5}\n\t"
-#else
+        "ldm	r12, {r6, r7}\n\t"
-        "strd	r4, r5, [%[r], #16]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r6, [sp, #80]\n\t"
-        "str	r7, [sp, #84]\n\t"
-#else
-        "strd	r6, r7, [sp, #80]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "ldr	r4, [%[r], #24]\n\t"
-        "ldr	r5, [%[r], #28]\n\t"
-#else
-        "ldrd	r4, r5, [%[r], #24]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "ldr	r6, [sp, #88]\n\t"
-        "ldr	r7, [sp, #92]\n\t"
-#else
-        "ldrd	r6, r7, [sp, #88]\n\t"
-#endif
         "eor	r8, r4, r6\n\t"
         "eor	r9, r5, r7\n\t"
         "and	r8, r8, %[n]\n\t"
@@ -3038,33 +2890,15 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "eor	r5, r5, r9\n\t"
         "eor	r6, r6, r8\n\t"
         "eor	r7, r7, r9\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "stm	r3!, {r4, r5}\n\t"
-        "str	r4, [%[r], #24]\n\t"
+        "stm	r12!, {r6, r7}\n\t"
-        "str	r5, [%[r], #28]\n\t"
-#else
-        "strd	r4, r5, [%[r], #24]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r6, [sp, #88]\n\t"
-        "str	r7, [sp, #92]\n\t"
-#else
-        "strd	r6, r7, [sp, #88]\n\t"
-#endif
         "ldr	%[n], [sp, #172]\n\t"
         /* Conditional Swap */
         "rsb	%[n], %[n], #0\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "mov	r3, sp\n\t"
-        "ldr	r4, [sp]\n\t"
+        "add	r12, sp, #32\n\t"
-        "ldr	r5, [sp, #4]\n\t"
+        "ldm	r3, {r4, r5}\n\t"
-#else
+        "ldm	r12, {r6, r7}\n\t"
-        "ldrd	r4, r5, [sp]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "ldr	r6, [sp, #32]\n\t"
-        "ldr	r7, [sp, #36]\n\t"
-#else
-        "ldrd	r6, r7, [sp, #32]\n\t"
-#endif
         "eor	r8, r4, r6\n\t"
         "eor	r9, r5, r7\n\t"
         "and	r8, r8, %[n]\n\t"
@@ -3073,30 +2907,10 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "eor	r5, r5, r9\n\t"
         "eor	r6, r6, r8\n\t"
         "eor	r7, r7, r9\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "stm	r3!, {r4, r5}\n\t"
-        "str	r4, [sp]\n\t"
+        "stm	r12!, {r6, r7}\n\t"
-        "str	r5, [sp, #4]\n\t"
+        "ldm	r3, {r4, r5}\n\t"
-#else
+        "ldm	r12, {r6, r7}\n\t"
-        "strd	r4, r5, [sp]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r6, [sp, #32]\n\t"
-        "str	r7, [sp, #36]\n\t"
-#else
-        "strd	r6, r7, [sp, #32]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "ldr	r4, [sp, #8]\n\t"
-        "ldr	r5, [sp, #12]\n\t"
-#else
-        "ldrd	r4, r5, [sp, #8]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "ldr	r6, [sp, #40]\n\t"
-        "ldr	r7, [sp, #44]\n\t"
-#else
-        "ldrd	r6, r7, [sp, #40]\n\t"
-#endif
         "eor	r8, r4, r6\n\t"
         "eor	r9, r5, r7\n\t"
         "and	r8, r8, %[n]\n\t"
@@ -3105,30 +2919,10 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "eor	r5, r5, r9\n\t"
         "eor	r6, r6, r8\n\t"
         "eor	r7, r7, r9\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "stm	r3!, {r4, r5}\n\t"
-        "str	r4, [sp, #8]\n\t"
+        "stm	r12!, {r6, r7}\n\t"
-        "str	r5, [sp, #12]\n\t"
+        "ldm	r3, {r4, r5}\n\t"
-#else
+        "ldm	r12, {r6, r7}\n\t"
-        "strd	r4, r5, [sp, #8]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r6, [sp, #40]\n\t"
-        "str	r7, [sp, #44]\n\t"
-#else
-        "strd	r6, r7, [sp, #40]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "ldr	r4, [sp, #16]\n\t"
-        "ldr	r5, [sp, #20]\n\t"
-#else
-        "ldrd	r4, r5, [sp, #16]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "ldr	r6, [sp, #48]\n\t"
-        "ldr	r7, [sp, #52]\n\t"
-#else
-        "ldrd	r6, r7, [sp, #48]\n\t"
-#endif
         "eor	r8, r4, r6\n\t"
         "eor	r9, r5, r7\n\t"
         "and	r8, r8, %[n]\n\t"
@@ -3137,30 +2931,10 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "eor	r5, r5, r9\n\t"
         "eor	r6, r6, r8\n\t"
         "eor	r7, r7, r9\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "stm	r3!, {r4, r5}\n\t"
-        "str	r4, [sp, #16]\n\t"
+        "stm	r12!, {r6, r7}\n\t"
-        "str	r5, [sp, #20]\n\t"
+        "ldm	r3, {r4, r5}\n\t"
-#else
+        "ldm	r12, {r6, r7}\n\t"
-        "strd	r4, r5, [sp, #16]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r6, [sp, #48]\n\t"
-        "str	r7, [sp, #52]\n\t"
-#else
-        "strd	r6, r7, [sp, #48]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "ldr	r4, [sp, #24]\n\t"
-        "ldr	r5, [sp, #28]\n\t"
-#else
-        "ldrd	r4, r5, [sp, #24]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "ldr	r6, [sp, #56]\n\t"
-        "ldr	r7, [sp, #60]\n\t"
-#else
-        "ldrd	r6, r7, [sp, #56]\n\t"
-#endif
         "eor	r8, r4, r6\n\t"
         "eor	r9, r5, r7\n\t"
         "and	r8, r8, %[n]\n\t"
@@ -3169,18 +2943,8 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "eor	r5, r5, r9\n\t"
         "eor	r6, r6, r8\n\t"
         "eor	r7, r7, r9\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "stm	r3!, {r4, r5}\n\t"
-        "str	r4, [sp, #24]\n\t"
+        "stm	r12!, {r6, r7}\n\t"
-        "str	r5, [sp, #28]\n\t"
-#else
-        "strd	r4, r5, [sp, #24]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r6, [sp, #56]\n\t"
-        "str	r7, [sp, #60]\n\t"
-#else
-        "strd	r6, r7, [sp, #56]\n\t"
-#endif
         "ldr	%[n], [sp, #184]\n\t"
         "str	%[n], [sp, #172]\n\t"
         "mov	r3, sp\n\t"
@@ -3435,89 +3199,20 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "str	r4, [sp, #188]\n\t"
         "mov	%[n], #0\n\t"
         "str	%[n], [sp, #164]\n\t"
-        /* Set one */
+        "mov	r4, #1\n\t"
-        "mov	r10, #1\n\t"
+        "mov	r5, #0\n\t"
-        "mov	r11, #0\n\t"
+        "mov	r6, #0\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "mov	r7, #0\n\t"
-        "str	r10, [%[r]]\n\t"
+        "mov	r8, #0\n\t"
-        "str	r11, [%[r], #4]\n\t"
+        "mov	r9, #0\n\t"
-#else
-        "strd	r10, r11, [%[r]]\n\t"
-#endif
-        "mov	r10, #0\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [%[r], #8]\n\t"
-        "str	r11, [%[r], #12]\n\t"
-#else
-        "strd	r10, r11, [%[r], #8]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [%[r], #16]\n\t"
-        "str	r11, [%[r], #20]\n\t"
-#else
-        "strd	r10, r11, [%[r], #16]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [%[r], #24]\n\t"
-        "str	r11, [%[r], #28]\n\t"
-#else
-        "strd	r10, r11, [%[r], #24]\n\t"
-#endif
-        /* Set zero */
         "mov	r10, #0\n\t"
         "mov	r11, #0\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
+        "stm	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
-        "str	r10, [sp]\n\t"
+        "add	r3, sp, #32\n\t"
-        "str	r11, [sp, #4]\n\t"
+        "stm	r3, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
-#else
+        "mov	r4, #0\n\t"
-        "strd	r10, r11, [sp]\n\t"
+        "mov	r3, sp\n\t"
-#endif
+        "stm	r3, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [sp, #8]\n\t"
-        "str	r11, [sp, #12]\n\t"
-#else
-        "strd	r10, r11, [sp, #8]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [sp, #16]\n\t"
-        "str	r11, [sp, #20]\n\t"
-#else
-        "strd	r10, r11, [sp, #16]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [sp, #24]\n\t"
-        "str	r11, [sp, #28]\n\t"
-#else
-        "strd	r10, r11, [sp, #24]\n\t"
-#endif
-        /* Set one */
-        "mov	r10, #1\n\t"
-        "mov	r11, #0\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [sp, #32]\n\t"
-        "str	r11, [sp, #36]\n\t"
-#else
-        "strd	r10, r11, [sp, #32]\n\t"
-#endif
-        "mov	r10, #0\n\t"
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [sp, #40]\n\t"
-        "str	r11, [sp, #44]\n\t"
-#else
-        "strd	r10, r11, [sp, #40]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [sp, #48]\n\t"
-        "str	r11, [sp, #52]\n\t"
-#else
-        "strd	r10, r11, [sp, #48]\n\t"
-#endif
-#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
-        "str	r10, [sp, #56]\n\t"
-        "str	r11, [sp, #60]\n\t"
-#else
-        "strd	r10, r11, [sp, #56]\n\t"
-#endif
         "add	r3, sp, #0x40\n\t"
         /* Copy */
         "ldm	r2, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
@@ -3795,6 +3490,7 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
 }
 
 #endif /* WC_NO_CACHE_RESISTANT */
+#endif /* HAVE_CURVE25519 */
 #ifdef HAVE_ED25519
 void fe_invert(fe r_p, const fe a_p)
 {
@@ -5157,6 +4853,7 @@ void sc_reduce(byte* s_p)
     );
 }
 
+#ifdef HAVE_ED25519_SIGN
 void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 {
     register byte* s asm ("r0") = (byte*)s_p;
@@ -5165,7 +4862,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
     register const byte* c asm ("r3") = (const byte*)c_p;
 
     __asm__ __volatile__ (
-        "sub	sp, sp, #0x50\n\t"
+        "sub	sp, sp, #0x70\n\t"
         "add	lr, sp, #0x44\n\t"
         "stm	lr, {%[s], %[a], %[c]}\n\t"
         "mov	lr, %[b]\n\t"
@@ -5267,7 +4964,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "mov	%[c], r12\n\t"
         "add	lr, sp, #32\n\t"
         "stm	lr, {%[c], r4, r5, r6, r7, r8, r9, r10}\n\t"
-        "ldr	%[s], [sp, #68]\n\t"
+        "add	%[s], sp, #0x50\n\t"
         /* Add c to a * b */
         "ldr	lr, [sp, #76]\n\t"
         "ldm	sp!, {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
@@ -5687,15 +5384,24 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "adcs	r8, r8, #0\n\t"
         "adc	r9, r9, %[a]\n\t"
         "bfc	r9, #28, #4\n\t"
+        "ldr	%[s], [sp, #68]\n\t"
         /* Store result */
-        "stm	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
+        "str	%[b], [%[s]]\n\t"
-        "add	sp, sp, #0x50\n\t"
+        "str	%[c], [%[s], #4]\n\t"
+        "str	r4, [%[s], #8]\n\t"
+        "str	r5, [%[s], #12]\n\t"
+        "str	r6, [%[s], #16]\n\t"
+        "str	r7, [%[s], #20]\n\t"
+        "str	r8, [%[s], #24]\n\t"
+        "str	r9, [%[s], #28]\n\t"
+        "add	sp, sp, #0x70\n\t"
         : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr"
     );
 }
 
+#endif /* HAVE_ED25519_SIGN */
 #endif /* HAVE_ED25519 */
 
 #endif /* !CURVE25519_SMALL || !ED25519_SMALL */

wolfcrypt/src/port/arm/thumb2-sha256-asm.S

@@ -125,10 +125,14 @@ Transform_Sha256_Len:
 	# Start of loop processing a block
 L_SHA256_transform_len_begin:
 	# Load, Reverse and Store W - 64 bytes
-	LDRD	r4, r5, [r1]
+	LDR	r4, [r1]
-	LDRD	r6, r7, [r1, #8]
+	LDR	r5, [r1, #4]
-	LDRD	r8, r9, [r1, #16]
+	LDR	r6, [r1, #8]
-	LDRD	r10, r11, [r1, #24]
+	LDR	r7, [r1, #12]
+	LDR	r8, [r1, #16]
+	LDR	r9, [r1, #20]
+	LDR	r10, [r1, #24]
+	LDR	r11, [r1, #28]
 	REV	r4, r4
 	REV	r5, r5
 	REV	r6, r6
@@ -141,10 +145,14 @@ L_SHA256_transform_len_begin:
 	STRD	r6, r7, [sp, #8]
 	STRD	r8, r9, [sp, #16]
 	STRD	r10, r11, [sp, #24]
-	LDRD	r4, r5, [r1, #32]
+	LDR	r4, [r1, #32]
-	LDRD	r6, r7, [r1, #40]
+	LDR	r5, [r1, #36]
-	LDRD	r8, r9, [r1, #48]
+	LDR	r6, [r1, #40]
-	LDRD	r10, r11, [r1, #56]
+	LDR	r7, [r1, #44]
+	LDR	r8, [r1, #48]
+	LDR	r9, [r1, #52]
+	LDR	r10, [r1, #56]
+	LDR	r11, [r1, #60]
 	REV	r4, r4
 	REV	r5, r5
 	REV	r6, r6
@@ -1461,7 +1469,7 @@ L_SHA256_transform_len_start:
 	BNE	L_SHA256_transform_len_begin
 	ADD	sp, sp, #0xc0
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
-	# Cycle Count = 1866
+	# Cycle Count = 1874
 	.size	Transform_Sha256_Len,.-Transform_Sha256_Len
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #endif /* !NO_SHA256 */

wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c

@@ -84,10 +84,14 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "\n"
     "L_SHA256_transform_len_begin_%=:\n\t"
         /* Load, Reverse and Store W - 64 bytes */
-        "LDRD	r4, r5, [%[data]]\n\t"
+        "LDR	r4, [%[data]]\n\t"
-        "LDRD	r6, r7, [%[data], #8]\n\t"
+        "LDR	r5, [%[data], #4]\n\t"
-        "LDRD	r8, r9, [%[data], #16]\n\t"
+        "LDR	r6, [%[data], #8]\n\t"
-        "LDRD	r10, r11, [%[data], #24]\n\t"
+        "LDR	r7, [%[data], #12]\n\t"
+        "LDR	r8, [%[data], #16]\n\t"
+        "LDR	r9, [%[data], #20]\n\t"
+        "LDR	r10, [%[data], #24]\n\t"
+        "LDR	r11, [%[data], #28]\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -100,10 +104,14 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "STRD	r6, r7, [sp, #8]\n\t"
         "STRD	r8, r9, [sp, #16]\n\t"
         "STRD	r10, r11, [sp, #24]\n\t"
-        "LDRD	r4, r5, [%[data], #32]\n\t"
+        "LDR	r4, [%[data], #32]\n\t"
-        "LDRD	r6, r7, [%[data], #40]\n\t"
+        "LDR	r5, [%[data], #36]\n\t"
-        "LDRD	r8, r9, [%[data], #48]\n\t"
+        "LDR	r6, [%[data], #40]\n\t"
-        "LDRD	r10, r11, [%[data], #56]\n\t"
+        "LDR	r7, [%[data], #44]\n\t"
+        "LDR	r8, [%[data], #48]\n\t"
+        "LDR	r9, [%[data], #52]\n\t"
+        "LDR	r10, [%[data], #56]\n\t"
+        "LDR	r11, [%[data], #60]\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"

wolfssl/wolfcrypt/curve25519.h

@@ -61,9 +61,9 @@ typedef struct {
 /* ECC point, the internal structure is Little endian
  * the mathematical functions used the endianness */
 typedef struct ECPoint {
-    byte point[CURVE25519_KEYSIZE];
+    ALIGN16 byte point[CURVE25519_KEYSIZE];
 #ifdef FREESCALE_LTC_ECC
-    byte pointY[CURVE25519_KEYSIZE];
+    ALIGN16 byte pointY[CURVE25519_KEYSIZE];
 #endif
     byte pointSz;
 } ECPoint;
@@ -80,8 +80,8 @@ struct curve25519_key {
                            curve in dp */
     const curve25519_set_type* dp;   /* domain parameters, either points to
                                    curves (idx >= 0) or user supplied */
-    ECPoint   p;                     /* public point for key  */
+    ECPoint      p;                     /* public point for key  */
-    byte      k[CURVE25519_KEYSIZE]; /* private scaler for key */
+    ALIGN16 byte k[CURVE25519_KEYSIZE]; /* private scaler for key */
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;

wolfssl/wolfcrypt/ed25519.h

@@ -85,12 +85,12 @@ enum {
 
 /* An ED25519 Key */
 struct ed25519_key {
-    byte    p[ED25519_PUB_KEY_SIZE]; /* compressed public key */
+    ALIGN16 byte p[ED25519_PUB_KEY_SIZE]; /* compressed public key */
-    byte    k[ED25519_PRV_KEY_SIZE]; /* private key : 32 secret -- 32 public */
+    ALIGN16 byte k[ED25519_PRV_KEY_SIZE]; /* private key: 32 secret, 32 pub */
 #ifdef FREESCALE_LTC_ECC
     /* uncompressed point coordinates */
-    byte pointX[ED25519_KEY_SIZE]; /* recovered X coordinate */
+    ALIGN16 byte pointX[ED25519_KEY_SIZE]; /* recovered X coordinate */
-    byte pointY[ED25519_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */
+    ALIGN16 byte pointY[ED25519_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */
 #endif
 #ifdef WOLFSSL_SE050
     word32 keyId;

wolfssl/wolfcrypt/ge_operations.h

@@ -46,15 +46,15 @@ Representations:
 */
 
 #ifdef ED25519_SMALL
-  typedef byte     ge[F25519_SIZE];
+  ALIGN16 typedef byte     ge[F25519_SIZE];
 #elif defined(CURVED25519_ASM_64BIT)
-  typedef sword64  ge[4];
+  ALIGN16 typedef sword64  ge[4];
 #elif defined(CURVED25519_ASM_32BIT)
-  typedef sword32  ge[8];
+  ALIGN16 typedef sword32  ge[8];
 #elif defined(CURVED25519_128BIT)
-  typedef sword64  ge[5];
+  ALIGN16 typedef sword64  ge[5];
 #else
-  typedef sword32  ge[10];
+  ALIGN16 typedef sword32  ge[10];
 #endif
 
 typedef struct {