Lines Matching refs:ndigits
58 static u64 *ecc_alloc_digits_space(unsigned int ndigits) in ecc_alloc_digits_space() argument
60 size_t len = ndigits * sizeof(u64); in ecc_alloc_digits_space()
73 static struct ecc_point *ecc_alloc_point(unsigned int ndigits) in ecc_alloc_point() argument
80 p->x = ecc_alloc_digits_space(ndigits); in ecc_alloc_point()
84 p->y = ecc_alloc_digits_space(ndigits); in ecc_alloc_point()
88 p->ndigits = ndigits; in ecc_alloc_point()
109 static void vli_clear(u64 *vli, unsigned int ndigits) in vli_clear() argument
113 for (i = 0; i < ndigits; i++) in vli_clear()
118 bool vli_is_zero(const u64 *vli, unsigned int ndigits) in vli_is_zero() argument
122 for (i = 0; i < ndigits; i++) { in vli_is_zero()
137 static bool vli_is_negative(const u64 *vli, unsigned int ndigits) in vli_is_negative() argument
139 return vli_test_bit(vli, ndigits * 64 - 1); in vli_is_negative()
143 static unsigned int vli_num_digits(const u64 *vli, unsigned int ndigits) in vli_num_digits() argument
151 for (i = ndigits - 1; i >= 0 && vli[i] == 0; i--); in vli_num_digits()
157 static unsigned int vli_num_bits(const u64 *vli, unsigned int ndigits) in vli_num_bits() argument
162 num_digits = vli_num_digits(vli, ndigits); in vli_num_bits()
174 void vli_from_be64(u64 *dest, const void *src, unsigned int ndigits) in vli_from_be64() argument
179 for (i = 0; i < ndigits; i++) in vli_from_be64()
180 dest[i] = get_unaligned_be64(&from[ndigits - 1 - i]); in vli_from_be64()
184 void vli_from_le64(u64 *dest, const void *src, unsigned int ndigits) in vli_from_le64() argument
189 for (i = 0; i < ndigits; i++) in vli_from_le64()
195 static void vli_set(u64 *dest, const u64 *src, unsigned int ndigits) in vli_set() argument
199 for (i = 0; i < ndigits; i++) in vli_set()
204 int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits) in vli_cmp() argument
208 for (i = ndigits - 1; i >= 0; i--) { in vli_cmp()
223 unsigned int ndigits) in vli_lshift() argument
228 for (i = 0; i < ndigits; i++) { in vli_lshift()
239 static void vli_rshift1(u64 *vli, unsigned int ndigits) in vli_rshift1() argument
244 vli += ndigits; in vli_rshift1()
255 unsigned int ndigits) in vli_add() argument
260 for (i = 0; i < ndigits; i++) { in vli_add()
275 unsigned int ndigits) in vli_uadd() argument
280 for (i = 0; i < ndigits; i++) { in vli_uadd()
297 unsigned int ndigits) in vli_sub() argument
302 for (i = 0; i < ndigits; i++) { in vli_sub()
318 unsigned int ndigits) in vli_usub() argument
323 for (i = 0; i < ndigits; i++) { in vli_usub()
378 unsigned int ndigits) in vli_mult() argument
387 for (k = 0; k < ndigits * 2 - 1; k++) { in vli_mult()
390 if (k < ndigits) in vli_mult()
393 min = (k + 1) - ndigits; in vli_mult()
395 for (i = min; i <= k && i < ndigits; i++) { in vli_mult()
410 result[ndigits * 2 - 1] = r01.m_low; in vli_mult()
415 unsigned int ndigits) in vli_umult() argument
420 for (k = 0; k < ndigits; k++) { in vli_umult()
431 for (++k; k < ndigits * 2; k++) in vli_umult()
435 static void vli_square(u64 *result, const u64 *left, unsigned int ndigits) in vli_square() argument
441 for (k = 0; k < ndigits * 2 - 1; k++) { in vli_square()
444 if (k < ndigits) in vli_square()
447 min = (k + 1) - ndigits; in vli_square()
471 result[ndigits * 2 - 1] = r01.m_low; in vli_square()
478 const u64 *mod, unsigned int ndigits) in vli_mod_add() argument
482 carry = vli_add(result, left, right, ndigits); in vli_mod_add()
487 if (carry || vli_cmp(result, mod, ndigits) >= 0) in vli_mod_add()
488 vli_sub(result, result, mod, ndigits); in vli_mod_add()
495 const u64 *mod, unsigned int ndigits) in vli_mod_sub() argument
497 u64 borrow = vli_sub(result, left, right, ndigits); in vli_mod_sub()
504 vli_add(result, result, mod, ndigits); in vli_mod_sub()
517 const u64 *mod, unsigned int ndigits) in vli_mmod_special() argument
523 vli_set(r, product, ndigits * 2); in vli_mmod_special()
524 while (!vli_is_zero(r + ndigits, ndigits)) { in vli_mmod_special()
525 vli_umult(t, r + ndigits, c, ndigits); in vli_mmod_special()
526 vli_clear(r + ndigits, ndigits); in vli_mmod_special()
527 vli_add(r, r, t, ndigits * 2); in vli_mmod_special()
529 vli_set(t, mod, ndigits); in vli_mmod_special()
530 vli_clear(t + ndigits, ndigits); in vli_mmod_special()
531 while (vli_cmp(r, t, ndigits * 2) >= 0) in vli_mmod_special()
532 vli_sub(r, r, t, ndigits * 2); in vli_mmod_special()
533 vli_set(result, r, ndigits); in vli_mmod_special()
551 const u64 *mod, unsigned int ndigits) in vli_mmod_special2() argument
560 vli_set(m, mod, ndigits); in vli_mmod_special2()
561 vli_clear(m + ndigits, ndigits); in vli_mmod_special2()
563 vli_set(r, product, ndigits); in vli_mmod_special2()
565 vli_set(q, product + ndigits, ndigits); in vli_mmod_special2()
566 vli_clear(r + ndigits, ndigits); in vli_mmod_special2()
567 carry = vli_is_negative(r, ndigits); in vli_mmod_special2()
569 r[ndigits - 1] &= (1ull << 63) - 1; in vli_mmod_special2()
570 for (i = 1; carry || !vli_is_zero(q, ndigits); i++) { in vli_mmod_special2()
573 vli_umult(qc, q, c2, ndigits); in vli_mmod_special2()
575 vli_uadd(qc, qc, mod[0], ndigits * 2); in vli_mmod_special2()
576 vli_set(q, qc + ndigits, ndigits); in vli_mmod_special2()
577 vli_clear(qc + ndigits, ndigits); in vli_mmod_special2()
578 carry = vli_is_negative(qc, ndigits); in vli_mmod_special2()
580 qc[ndigits - 1] &= (1ull << 63) - 1; in vli_mmod_special2()
582 vli_sub(r, r, qc, ndigits * 2); in vli_mmod_special2()
584 vli_add(r, r, qc, ndigits * 2); in vli_mmod_special2()
586 while (vli_is_negative(r, ndigits * 2)) in vli_mmod_special2()
587 vli_add(r, r, m, ndigits * 2); in vli_mmod_special2()
588 while (vli_cmp(r, m, ndigits * 2) >= 0) in vli_mmod_special2()
589 vli_sub(r, r, m, ndigits * 2); in vli_mmod_special2()
591 vli_set(result, r, ndigits); in vli_mmod_special2()
600 unsigned int ndigits) in vli_mmod_slow() argument
608 int shift = (ndigits * 2 * 64) - vli_num_bits(mod, ndigits); in vli_mmod_slow()
614 for (i = 0; i < ndigits; ++i) { in vli_mmod_slow()
619 vli_set(mod_m + word_shift, mod, ndigits); in vli_mmod_slow()
625 for (j = 0; j < ndigits * 2; ++j) { in vli_mmod_slow()
633 vli_rshift1(mod_m, ndigits); in vli_mmod_slow()
634 mod_m[ndigits - 1] |= mod_m[ndigits] << (64 - 1); in vli_mmod_slow()
635 vli_rshift1(mod_m + ndigits, ndigits); in vli_mmod_slow()
637 vli_set(result, v[i], ndigits); in vli_mmod_slow()
650 unsigned int ndigits) in vli_mmod_barrett() argument
654 const u64 *mu = mod + ndigits; in vli_mmod_barrett()
656 vli_mult(q, product + ndigits, mu, ndigits); in vli_mmod_barrett()
657 if (mu[ndigits]) in vli_mmod_barrett()
658 vli_add(q + ndigits, q + ndigits, product + ndigits, ndigits); in vli_mmod_barrett()
659 vli_mult(r, mod, q + ndigits, ndigits); in vli_mmod_barrett()
660 vli_sub(r, product, r, ndigits * 2); in vli_mmod_barrett()
661 while (!vli_is_zero(r + ndigits, ndigits) || in vli_mmod_barrett()
662 vli_cmp(r, mod, ndigits) != -1) { in vli_mmod_barrett()
665 carry = vli_sub(r, r, mod, ndigits); in vli_mmod_barrett()
666 vli_usub(r + ndigits, r + ndigits, carry, ndigits); in vli_mmod_barrett()
668 vli_set(result, r, ndigits); in vli_mmod_barrett()
678 const unsigned int ndigits = 3; in vli_mmod_fast_192() local
681 vli_set(result, product, ndigits); in vli_mmod_fast_192()
683 vli_set(tmp, &product[3], ndigits); in vli_mmod_fast_192()
684 carry = vli_add(result, result, tmp, ndigits); in vli_mmod_fast_192()
689 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_192()
693 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_192()
695 while (carry || vli_cmp(curve_prime, result, ndigits) != 1) in vli_mmod_fast_192()
696 carry -= vli_sub(result, result, curve_prime, ndigits); in vli_mmod_fast_192()
706 const unsigned int ndigits = 4; in vli_mmod_fast_256() local
709 vli_set(result, product, ndigits); in vli_mmod_fast_256()
716 carry = vli_lshift(tmp, tmp, 1, ndigits); in vli_mmod_fast_256()
717 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_256()
723 carry += vli_lshift(tmp, tmp, 1, ndigits); in vli_mmod_fast_256()
724 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_256()
731 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_256()
738 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_256()
745 carry -= vli_sub(result, result, tmp, ndigits); in vli_mmod_fast_256()
752 carry -= vli_sub(result, result, tmp, ndigits); in vli_mmod_fast_256()
759 carry -= vli_sub(result, result, tmp, ndigits); in vli_mmod_fast_256()
766 carry -= vli_sub(result, result, tmp, ndigits); in vli_mmod_fast_256()
770 carry += vli_add(result, result, curve_prime, ndigits); in vli_mmod_fast_256()
773 while (carry || vli_cmp(curve_prime, result, ndigits) != 1) in vli_mmod_fast_256()
774 carry -= vli_sub(result, result, curve_prime, ndigits); in vli_mmod_fast_256()
784 const u64 *curve_prime, unsigned int ndigits) in vli_mmod_fast() argument
791 if (curve_prime[ndigits - 1] == -1ull) { in vli_mmod_fast()
793 ndigits); in vli_mmod_fast()
795 } else if (curve_prime[ndigits - 1] == 1ull << 63 && in vli_mmod_fast()
796 curve_prime[ndigits - 2] == 0) { in vli_mmod_fast()
798 ndigits); in vli_mmod_fast()
801 vli_mmod_barrett(result, product, curve_prime, ndigits); in vli_mmod_fast()
805 switch (ndigits) { in vli_mmod_fast()
824 const u64 *mod, unsigned int ndigits) in vli_mod_mult_slow() argument
828 vli_mult(product, left, right, ndigits); in vli_mod_mult_slow()
829 vli_mmod_slow(result, product, mod, ndigits); in vli_mod_mult_slow()
835 const u64 *curve_prime, unsigned int ndigits) in vli_mod_mult_fast() argument
839 vli_mult(product, left, right, ndigits); in vli_mod_mult_fast()
840 vli_mmod_fast(result, product, curve_prime, ndigits); in vli_mod_mult_fast()
845 const u64 *curve_prime, unsigned int ndigits) in vli_mod_square_fast() argument
849 vli_square(product, left, ndigits); in vli_mod_square_fast()
850 vli_mmod_fast(result, product, curve_prime, ndigits); in vli_mod_square_fast()
859 unsigned int ndigits) in vli_mod_inv() argument
866 if (vli_is_zero(input, ndigits)) { in vli_mod_inv()
867 vli_clear(result, ndigits); in vli_mod_inv()
871 vli_set(a, input, ndigits); in vli_mod_inv()
872 vli_set(b, mod, ndigits); in vli_mod_inv()
873 vli_clear(u, ndigits); in vli_mod_inv()
875 vli_clear(v, ndigits); in vli_mod_inv()
877 while ((cmp_result = vli_cmp(a, b, ndigits)) != 0) { in vli_mod_inv()
881 vli_rshift1(a, ndigits); in vli_mod_inv()
884 carry = vli_add(u, u, mod, ndigits); in vli_mod_inv()
886 vli_rshift1(u, ndigits); in vli_mod_inv()
888 u[ndigits - 1] |= 0x8000000000000000ull; in vli_mod_inv()
890 vli_rshift1(b, ndigits); in vli_mod_inv()
893 carry = vli_add(v, v, mod, ndigits); in vli_mod_inv()
895 vli_rshift1(v, ndigits); in vli_mod_inv()
897 v[ndigits - 1] |= 0x8000000000000000ull; in vli_mod_inv()
899 vli_sub(a, a, b, ndigits); in vli_mod_inv()
900 vli_rshift1(a, ndigits); in vli_mod_inv()
902 if (vli_cmp(u, v, ndigits) < 0) in vli_mod_inv()
903 vli_add(u, u, mod, ndigits); in vli_mod_inv()
905 vli_sub(u, u, v, ndigits); in vli_mod_inv()
907 carry = vli_add(u, u, mod, ndigits); in vli_mod_inv()
909 vli_rshift1(u, ndigits); in vli_mod_inv()
911 u[ndigits - 1] |= 0x8000000000000000ull; in vli_mod_inv()
913 vli_sub(b, b, a, ndigits); in vli_mod_inv()
914 vli_rshift1(b, ndigits); in vli_mod_inv()
916 if (vli_cmp(v, u, ndigits) < 0) in vli_mod_inv()
917 vli_add(v, v, mod, ndigits); in vli_mod_inv()
919 vli_sub(v, v, u, ndigits); in vli_mod_inv()
921 carry = vli_add(v, v, mod, ndigits); in vli_mod_inv()
923 vli_rshift1(v, ndigits); in vli_mod_inv()
925 v[ndigits - 1] |= 0x8000000000000000ull; in vli_mod_inv()
929 vli_set(result, u, ndigits); in vli_mod_inv()
938 return (vli_is_zero(point->x, point->ndigits) && in ecc_point_is_zero()
939 vli_is_zero(point->y, point->ndigits)); in ecc_point_is_zero()
948 u64 *curve_prime, unsigned int ndigits) in ecc_point_double_jacobian() argument
954 if (vli_is_zero(z1, ndigits)) in ecc_point_double_jacobian()
958 vli_mod_square_fast(t4, y1, curve_prime, ndigits); in ecc_point_double_jacobian()
960 vli_mod_mult_fast(t5, x1, t4, curve_prime, ndigits); in ecc_point_double_jacobian()
962 vli_mod_square_fast(t4, t4, curve_prime, ndigits); in ecc_point_double_jacobian()
964 vli_mod_mult_fast(y1, y1, z1, curve_prime, ndigits); in ecc_point_double_jacobian()
966 vli_mod_square_fast(z1, z1, curve_prime, ndigits); in ecc_point_double_jacobian()
969 vli_mod_add(x1, x1, z1, curve_prime, ndigits); in ecc_point_double_jacobian()
971 vli_mod_add(z1, z1, z1, curve_prime, ndigits); in ecc_point_double_jacobian()
973 vli_mod_sub(z1, x1, z1, curve_prime, ndigits); in ecc_point_double_jacobian()
975 vli_mod_mult_fast(x1, x1, z1, curve_prime, ndigits); in ecc_point_double_jacobian()
978 vli_mod_add(z1, x1, x1, curve_prime, ndigits); in ecc_point_double_jacobian()
980 vli_mod_add(x1, x1, z1, curve_prime, ndigits); in ecc_point_double_jacobian()
982 u64 carry = vli_add(x1, x1, curve_prime, ndigits); in ecc_point_double_jacobian()
984 vli_rshift1(x1, ndigits); in ecc_point_double_jacobian()
985 x1[ndigits - 1] |= carry << 63; in ecc_point_double_jacobian()
987 vli_rshift1(x1, ndigits); in ecc_point_double_jacobian()
992 vli_mod_square_fast(z1, x1, curve_prime, ndigits); in ecc_point_double_jacobian()
994 vli_mod_sub(z1, z1, t5, curve_prime, ndigits); in ecc_point_double_jacobian()
996 vli_mod_sub(z1, z1, t5, curve_prime, ndigits); in ecc_point_double_jacobian()
998 vli_mod_sub(t5, t5, z1, curve_prime, ndigits); in ecc_point_double_jacobian()
1000 vli_mod_mult_fast(x1, x1, t5, curve_prime, ndigits); in ecc_point_double_jacobian()
1002 vli_mod_sub(t4, x1, t4, curve_prime, ndigits); in ecc_point_double_jacobian()
1004 vli_set(x1, z1, ndigits); in ecc_point_double_jacobian()
1005 vli_set(z1, y1, ndigits); in ecc_point_double_jacobian()
1006 vli_set(y1, t4, ndigits); in ecc_point_double_jacobian()
1011 unsigned int ndigits) in apply_z() argument
1015 vli_mod_square_fast(t1, z, curve_prime, ndigits); /* z^2 */ in apply_z()
1016 vli_mod_mult_fast(x1, x1, t1, curve_prime, ndigits); /* x1 * z^2 */ in apply_z()
1017 vli_mod_mult_fast(t1, t1, z, curve_prime, ndigits); /* z^3 */ in apply_z()
1018 vli_mod_mult_fast(y1, y1, t1, curve_prime, ndigits); /* y1 * z^3 */ in apply_z()
1024 unsigned int ndigits) in xycz_initial_double() argument
1028 vli_set(x2, x1, ndigits); in xycz_initial_double()
1029 vli_set(y2, y1, ndigits); in xycz_initial_double()
1031 vli_clear(z, ndigits); in xycz_initial_double()
1035 vli_set(z, p_initial_z, ndigits); in xycz_initial_double()
1037 apply_z(x1, y1, z, curve_prime, ndigits); in xycz_initial_double()
1039 ecc_point_double_jacobian(x1, y1, z, curve_prime, ndigits); in xycz_initial_double()
1041 apply_z(x2, y2, z, curve_prime, ndigits); in xycz_initial_double()
1049 unsigned int ndigits) in xycz_add() argument
1055 vli_mod_sub(t5, x2, x1, curve_prime, ndigits); in xycz_add()
1057 vli_mod_square_fast(t5, t5, curve_prime, ndigits); in xycz_add()
1059 vli_mod_mult_fast(x1, x1, t5, curve_prime, ndigits); in xycz_add()
1061 vli_mod_mult_fast(x2, x2, t5, curve_prime, ndigits); in xycz_add()
1063 vli_mod_sub(y2, y2, y1, curve_prime, ndigits); in xycz_add()
1065 vli_mod_square_fast(t5, y2, curve_prime, ndigits); in xycz_add()
1068 vli_mod_sub(t5, t5, x1, curve_prime, ndigits); in xycz_add()
1070 vli_mod_sub(t5, t5, x2, curve_prime, ndigits); in xycz_add()
1072 vli_mod_sub(x2, x2, x1, curve_prime, ndigits); in xycz_add()
1074 vli_mod_mult_fast(y1, y1, x2, curve_prime, ndigits); in xycz_add()
1076 vli_mod_sub(x2, x1, t5, curve_prime, ndigits); in xycz_add()
1078 vli_mod_mult_fast(y2, y2, x2, curve_prime, ndigits); in xycz_add()
1080 vli_mod_sub(y2, y2, y1, curve_prime, ndigits); in xycz_add()
1082 vli_set(x2, t5, ndigits); in xycz_add()
1090 unsigned int ndigits) in xycz_add_c() argument
1098 vli_mod_sub(t5, x2, x1, curve_prime, ndigits); in xycz_add_c()
1100 vli_mod_square_fast(t5, t5, curve_prime, ndigits); in xycz_add_c()
1102 vli_mod_mult_fast(x1, x1, t5, curve_prime, ndigits); in xycz_add_c()
1104 vli_mod_mult_fast(x2, x2, t5, curve_prime, ndigits); in xycz_add_c()
1106 vli_mod_add(t5, y2, y1, curve_prime, ndigits); in xycz_add_c()
1108 vli_mod_sub(y2, y2, y1, curve_prime, ndigits); in xycz_add_c()
1111 vli_mod_sub(t6, x2, x1, curve_prime, ndigits); in xycz_add_c()
1113 vli_mod_mult_fast(y1, y1, t6, curve_prime, ndigits); in xycz_add_c()
1115 vli_mod_add(t6, x1, x2, curve_prime, ndigits); in xycz_add_c()
1117 vli_mod_square_fast(x2, y2, curve_prime, ndigits); in xycz_add_c()
1119 vli_mod_sub(x2, x2, t6, curve_prime, ndigits); in xycz_add_c()
1122 vli_mod_sub(t7, x1, x2, curve_prime, ndigits); in xycz_add_c()
1124 vli_mod_mult_fast(y2, y2, t7, curve_prime, ndigits); in xycz_add_c()
1126 vli_mod_sub(y2, y2, y1, curve_prime, ndigits); in xycz_add_c()
1129 vli_mod_square_fast(t7, t5, curve_prime, ndigits); in xycz_add_c()
1131 vli_mod_sub(t7, t7, t6, curve_prime, ndigits); in xycz_add_c()
1133 vli_mod_sub(t6, t7, x1, curve_prime, ndigits); in xycz_add_c()
1135 vli_mod_mult_fast(t6, t6, t5, curve_prime, ndigits); in xycz_add_c()
1137 vli_mod_sub(y1, t6, y1, curve_prime, ndigits); in xycz_add_c()
1139 vli_set(x1, t7, ndigits); in xycz_add_c()
1145 unsigned int ndigits) in ecc_point_mult() argument
1157 carry = vli_add(sk[0], scalar, curve->n, ndigits); in ecc_point_mult()
1158 vli_add(sk[1], sk[0], curve->n, ndigits); in ecc_point_mult()
1160 num_bits = sizeof(u64) * ndigits * 8 + 1; in ecc_point_mult()
1162 vli_set(rx[1], point->x, ndigits); in ecc_point_mult()
1163 vli_set(ry[1], point->y, ndigits); in ecc_point_mult()
1166 ndigits); in ecc_point_mult()
1171 ndigits); in ecc_point_mult()
1173 ndigits); in ecc_point_mult()
1178 ndigits); in ecc_point_mult()
1182 vli_mod_sub(z, rx[1], rx[0], curve_prime, ndigits); in ecc_point_mult()
1184 vli_mod_mult_fast(z, z, ry[1 - nb], curve_prime, ndigits); in ecc_point_mult()
1186 vli_mod_mult_fast(z, z, point->x, curve_prime, ndigits); in ecc_point_mult()
1189 vli_mod_inv(z, z, curve_prime, point->ndigits); in ecc_point_mult()
1192 vli_mod_mult_fast(z, z, point->y, curve_prime, ndigits); in ecc_point_mult()
1194 vli_mod_mult_fast(z, z, rx[1 - nb], curve_prime, ndigits); in ecc_point_mult()
1197 xycz_add(rx[nb], ry[nb], rx[1 - nb], ry[1 - nb], curve_prime, ndigits); in ecc_point_mult()
1199 apply_z(rx[0], ry[0], z, curve_prime, ndigits); in ecc_point_mult()
1201 vli_set(result->x, rx[0], ndigits); in ecc_point_mult()
1202 vli_set(result->y, ry[0], ndigits); in ecc_point_mult()
1213 unsigned int ndigits = curve->g.ndigits; in ecc_point_add() local
1215 vli_set(result->x, q->x, ndigits); in ecc_point_add()
1216 vli_set(result->y, q->y, ndigits); in ecc_point_add()
1217 vli_mod_sub(z, result->x, p->x, curve->p, ndigits); in ecc_point_add()
1218 vli_set(px, p->x, ndigits); in ecc_point_add()
1219 vli_set(py, p->y, ndigits); in ecc_point_add()
1220 xycz_add(px, py, result->x, result->y, curve->p, ndigits); in ecc_point_add()
1221 vli_mod_inv(z, z, curve->p, ndigits); in ecc_point_add()
1222 apply_z(result->x, result->y, z, curve->p, ndigits); in ecc_point_add()
1237 unsigned int ndigits = curve->g.ndigits; in ecc_point_mult_shamir() local
1239 struct ecc_point sum = ECC_POINT_INIT(sump[0], sump[1], ndigits); in ecc_point_mult_shamir()
1251 num_bits = max(vli_num_bits(u1, ndigits), in ecc_point_mult_shamir()
1252 vli_num_bits(u2, ndigits)); in ecc_point_mult_shamir()
1257 vli_set(rx, point->x, ndigits); in ecc_point_mult_shamir()
1258 vli_set(ry, point->y, ndigits); in ecc_point_mult_shamir()
1259 vli_clear(z + 1, ndigits - 1); in ecc_point_mult_shamir()
1263 ecc_point_double_jacobian(rx, ry, z, curve->p, ndigits); in ecc_point_mult_shamir()
1271 vli_set(tx, point->x, ndigits); in ecc_point_mult_shamir()
1272 vli_set(ty, point->y, ndigits); in ecc_point_mult_shamir()
1273 apply_z(tx, ty, z, curve->p, ndigits); in ecc_point_mult_shamir()
1274 vli_mod_sub(tz, rx, tx, curve->p, ndigits); in ecc_point_mult_shamir()
1275 xycz_add(tx, ty, rx, ry, curve->p, ndigits); in ecc_point_mult_shamir()
1276 vli_mod_mult_fast(z, z, tz, curve->p, ndigits); in ecc_point_mult_shamir()
1279 vli_mod_inv(z, z, curve->p, ndigits); in ecc_point_mult_shamir()
1280 apply_z(rx, ry, z, curve->p, ndigits); in ecc_point_mult_shamir()
1285 unsigned int ndigits) in ecc_swap_digits() argument
1290 for (i = 0; i < ndigits; i++) in ecc_swap_digits()
1291 out[i] = be64_to_cpu(src[ndigits - 1 - i]); in ecc_swap_digits()
1295 const u64 *private_key, unsigned int ndigits) in __ecc_is_key_valid() argument
1303 if (curve->g.ndigits != ndigits) in __ecc_is_key_valid()
1307 if (vli_cmp(one, private_key, ndigits) != -1) in __ecc_is_key_valid()
1309 vli_sub(res, curve->n, one, ndigits); in __ecc_is_key_valid()
1310 vli_sub(res, res, one, ndigits); in __ecc_is_key_valid()
1311 if (vli_cmp(res, private_key, ndigits) != 1) in __ecc_is_key_valid()
1317 int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits, in ecc_is_key_valid() argument
1323 nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT; in ecc_is_key_valid()
1328 return __ecc_is_key_valid(curve, private_key, ndigits); in ecc_is_key_valid()
1344 int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey) in ecc_gen_privkey() argument
1348 unsigned int nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT; in ecc_gen_privkey()
1349 unsigned int nbits = vli_num_bits(curve->n, ndigits); in ecc_gen_privkey()
1353 if (nbits < 160 || ndigits > ARRAY_SIZE(priv)) in ecc_gen_privkey()
1376 if (__ecc_is_key_valid(curve, priv, ndigits)) in ecc_gen_privkey()
1379 ecc_swap_digits(priv, privkey, ndigits); in ecc_gen_privkey()
1385 int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits, in ecc_make_pub_key() argument
1393 if (!private_key || !curve || ndigits > ARRAY_SIZE(priv)) { in ecc_make_pub_key()
1398 ecc_swap_digits(private_key, priv, ndigits); in ecc_make_pub_key()
1400 pk = ecc_alloc_point(ndigits); in ecc_make_pub_key()
1406 ecc_point_mult(pk, &curve->g, priv, NULL, curve, ndigits); in ecc_make_pub_key()
1412 ecc_swap_digits(pk->x, public_key, ndigits); in ecc_make_pub_key()
1413 ecc_swap_digits(pk->y, &public_key[ndigits], ndigits); in ecc_make_pub_key()
1428 if (WARN_ON(pk->ndigits != curve->g.ndigits)) in ecc_is_pubkey_valid_partial()
1436 if (vli_cmp(curve->p, pk->x, pk->ndigits) != 1) in ecc_is_pubkey_valid_partial()
1438 if (vli_cmp(curve->p, pk->y, pk->ndigits) != 1) in ecc_is_pubkey_valid_partial()
1442 vli_mod_square_fast(yy, pk->y, curve->p, pk->ndigits); /* y^2 */ in ecc_is_pubkey_valid_partial()
1443 vli_mod_square_fast(xxx, pk->x, curve->p, pk->ndigits); /* x^2 */ in ecc_is_pubkey_valid_partial()
1444 vli_mod_mult_fast(xxx, xxx, pk->x, curve->p, pk->ndigits); /* x^3 */ in ecc_is_pubkey_valid_partial()
1445 vli_mod_mult_fast(w, curve->a, pk->x, curve->p, pk->ndigits); /* a·x */ in ecc_is_pubkey_valid_partial()
1446 vli_mod_add(w, w, curve->b, curve->p, pk->ndigits); /* a·x + b */ in ecc_is_pubkey_valid_partial()
1447 vli_mod_add(w, w, xxx, curve->p, pk->ndigits); /* x^3 + a·x + b */ in ecc_is_pubkey_valid_partial()
1448 if (vli_cmp(yy, w, pk->ndigits) != 0) /* Equation */ in ecc_is_pubkey_valid_partial()
1455 int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits, in crypto_ecdh_shared_secret() argument
1467 ndigits > ARRAY_SIZE(priv) || ndigits > ARRAY_SIZE(rand_z)) { in crypto_ecdh_shared_secret()
1472 nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT; in crypto_ecdh_shared_secret()
1476 pk = ecc_alloc_point(ndigits); in crypto_ecdh_shared_secret()
1482 ecc_swap_digits(public_key, pk->x, ndigits); in crypto_ecdh_shared_secret()
1483 ecc_swap_digits(&public_key[ndigits], pk->y, ndigits); in crypto_ecdh_shared_secret()
1488 ecc_swap_digits(private_key, priv, ndigits); in crypto_ecdh_shared_secret()
1490 product = ecc_alloc_point(ndigits); in crypto_ecdh_shared_secret()
1496 ecc_point_mult(product, pk, priv, rand_z, curve, ndigits); in crypto_ecdh_shared_secret()
1498 ecc_swap_digits(product->x, secret, ndigits); in crypto_ecdh_shared_secret()