547  * Handbook of Elliptic and Hyperelliptic Curve Cryptography.
821  * Assumes that mod is big enough curve order.
1144 			   u64 *initial_z, const struct ecc_curve *curve,  in ecc_point_mult()  argument
1152 	u64 *curve_prime = curve->p;  in ecc_point_mult()
1157 	carry = vli_add(sk[0], scalar, curve->n, ndigits);  in ecc_point_mult()
1158 	vli_add(sk[1], sk[0], curve->n, ndigits);  in ecc_point_mult()
1208 		   const struct ecc_curve *curve)  in ecc_point_add()  argument
1213 	unsigned int ndigits = curve->g.ndigits;  in ecc_point_add()
1217 	vli_mod_sub(z, result->x, p->x, curve->p, ndigits);  in ecc_point_add()
1220 	xycz_add(px, py, result->x, result->y, curve->p, ndigits);  in ecc_point_add()
1221 	vli_mod_inv(z, z, curve->p, ndigits);  in ecc_point_add()
1222 	apply_z(result->x, result->y, z, curve->p, ndigits);  in ecc_point_add()
1231 			   const struct ecc_curve *curve)  in ecc_point_mult_shamir()  argument
1237 	unsigned int ndigits = curve->g.ndigits;  in ecc_point_mult_shamir()
1245 	ecc_point_add(&sum, p, q, curve);  in ecc_point_mult_shamir()
1263 		ecc_point_double_jacobian(rx, ry, z, curve->p, ndigits);  in ecc_point_mult_shamir()
1273 			apply_z(tx, ty, z, curve->p, ndigits);  in ecc_point_mult_shamir()
1274 			vli_mod_sub(tz, rx, tx, curve->p, ndigits);  in ecc_point_mult_shamir()
1275 			xycz_add(tx, ty, rx, ry, curve->p, ndigits);  in ecc_point_mult_shamir()
1276 			vli_mod_mult_fast(z, z, tz, curve->p, ndigits);  in ecc_point_mult_shamir()
1279 	vli_mod_inv(z, z, curve->p, ndigits);  in ecc_point_mult_shamir()
1280 	apply_z(rx, ry, z, curve->p, ndigits);  in ecc_point_mult_shamir()
1294 static int __ecc_is_key_valid(const struct ecc_curve *curve,  in __ecc_is_key_valid()  argument
1303 	if (curve->g.ndigits != ndigits)  in __ecc_is_key_valid()
1309 	vli_sub(res, curve->n, one, ndigits);  in __ecc_is_key_valid()
1321 	const struct ecc_curve *curve = ecc_get_curve(curve_id);  in ecc_is_key_valid()  local
1328 	return __ecc_is_key_valid(curve, private_key, ndigits);  in ecc_is_key_valid()
1346 	const struct ecc_curve *curve = ecc_get_curve(curve_id);  in ecc_gen_privkey()  local
1349 	unsigned int nbits = vli_num_bits(curve->n, ndigits);  in ecc_gen_privkey()
1376 	if (__ecc_is_key_valid(curve, priv, ndigits))  in ecc_gen_privkey()
1391 	const struct ecc_curve *curve = ecc_get_curve(curve_id);  in ecc_make_pub_key()  local
1393 	if (!private_key || !curve || ndigits > ARRAY_SIZE(priv)) {  in ecc_make_pub_key()
1406 	ecc_point_mult(pk, &curve->g, priv, NULL, curve, ndigits);  in ecc_make_pub_key()
1409 	if (ecc_is_pubkey_valid_full(curve, pk)) {  in ecc_make_pub_key()
1425 int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve,  in ecc_is_pubkey_valid_partial()  argument
1430 	if (WARN_ON(pk->ndigits != curve->g.ndigits))  in ecc_is_pubkey_valid_partial()
1438 	if (vli_cmp(curve->p, pk->x, pk->ndigits) != 1)  in ecc_is_pubkey_valid_partial()
1440 	if (vli_cmp(curve->p, pk->y, pk->ndigits) != 1)  in ecc_is_pubkey_valid_partial()
1444 	vli_mod_square_fast(yy, pk->y, curve->p, pk->ndigits); /* y^2 */  in ecc_is_pubkey_valid_partial()
1445 	vli_mod_square_fast(xxx, pk->x, curve->p, pk->ndigits); /* x^2 */  in ecc_is_pubkey_valid_partial()
1446 	vli_mod_mult_fast(xxx, xxx, pk->x, curve->p, pk->ndigits); /* x^3 */  in ecc_is_pubkey_valid_partial()
1447 	vli_mod_mult_fast(w, curve->a, pk->x, curve->p, pk->ndigits); /* a·x */  in ecc_is_pubkey_valid_partial()
1448 	vli_mod_add(w, w, curve->b, curve->p, pk->ndigits); /* a·x + b */  in ecc_is_pubkey_valid_partial()
1449 	vli_mod_add(w, w, xxx, curve->p, pk->ndigits); /* x^3 + a·x + b */  in ecc_is_pubkey_valid_partial()
1458 int ecc_is_pubkey_valid_full(const struct ecc_curve *curve,  in ecc_is_pubkey_valid_full()  argument
1464 	int ret = ecc_is_pubkey_valid_partial(curve, pk);  in ecc_is_pubkey_valid_full()
1474 	ecc_point_mult(nQ, pk, curve->n, NULL, curve, pk->ndigits);  in ecc_is_pubkey_valid_full()
1493 	const struct ecc_curve *curve = ecc_get_curve(curve_id);  in crypto_ecdh_shared_secret()  local
1495 	if (!private_key || !public_key || !curve ||  in crypto_ecdh_shared_secret()
1513 	ret = ecc_is_pubkey_valid_partial(curve, pk);  in crypto_ecdh_shared_secret()
1525 	ecc_point_mult(product, pk, priv, rand_z, curve, ndigits);  in crypto_ecdh_shared_secret()