222 static u64 vli_lshift(u64 *result, const u64 *in, unsigned int shift,  in vli_lshift()  argument
231 		result[i] = (temp << shift) | carry;  in vli_lshift()
254 static u64 vli_add(u64 *result, const u64 *left, const u64 *right,  in vli_add()  argument
267 		result[i] = sum;  in vli_add()
274 static u64 vli_uadd(u64 *result, const u64 *left, u64 right,  in vli_uadd()  argument
289 		result[i] = sum;  in vli_uadd()
296 u64 vli_sub(u64 *result, const u64 *left, const u64 *right,  in vli_sub()  argument
309 		result[i] = diff;  in vli_sub()
317 static u64 vli_usub(u64 *result, const u64 *left, u64 right,  in vli_usub()  argument
330 		result[i] = diff;  in vli_usub()
338 	uint128_t result;  in mul_64_64()  local
342 	result.m_low  = m;  in mul_64_64()
343 	result.m_high = m >> 64;  in mul_64_64()
361 	result.m_low = (m0 & 0xffffffffull) | (m2 << 32);  in mul_64_64()
362 	result.m_high = m3 + (m2 >> 32);  in mul_64_64()
364 	return result;  in mul_64_64()
369 	uint128_t result;  in add_128_128()  local
371 	result.m_low = a.m_low + b.m_low;  in add_128_128()
372 	result.m_high = a.m_high + b.m_high + (result.m_low < a.m_low);  in add_128_128()
374 	return result;  in add_128_128()
377 static void vli_mult(u64 *result, const u64 *left, const u64 *right,  in vli_mult()  argument
404 		result[k] = r01.m_low;  in vli_mult()
410 	result[ndigits * 2 - 1] = r01.m_low;  in vli_mult()
414 static void vli_umult(u64 *result, const u64 *left, u32 right,  in vli_umult()  argument
426 		result[k] = r01.m_low;  in vli_umult()
430 	result[k] = r01.m_low;  in vli_umult()
432 		result[k] = 0;  in vli_umult()
435 static void vli_square(u64 *result, const u64 *left, unsigned int ndigits)  in vli_square()  argument
465 		result[k] = r01.m_low;  in vli_square()
471 	result[ndigits * 2 - 1] = r01.m_low;  in vli_square()
477 static void vli_mod_add(u64 *result, const u64 *left, const u64 *right,  in vli_mod_add()  argument
482 	carry = vli_add(result, left, right, ndigits);  in vli_mod_add()
487 	if (carry || vli_cmp(result, mod, ndigits) >= 0)  in vli_mod_add()
488 		vli_sub(result, result, mod, ndigits);  in vli_mod_add()
494 static void vli_mod_sub(u64 *result, const u64 *left, const u64 *right,  in vli_mod_sub()  argument
497 	u64 borrow = vli_sub(result, left, right, ndigits);  in vli_mod_sub()
504 		vli_add(result, result, mod, ndigits);  in vli_mod_sub()
516 static void vli_mmod_special(u64 *result, const u64 *product,  in vli_mmod_special()  argument
533 	vli_set(result, r, ndigits);  in vli_mmod_special()
550 static void vli_mmod_special2(u64 *result, const u64 *product,  in vli_mmod_special2()  argument
591 	vli_set(result, r, ndigits);  in vli_mmod_special2()
599 static void vli_mmod_slow(u64 *result, u64 *product, const u64 *mod,  in vli_mmod_slow()  argument
637 	vli_set(result, v[i], ndigits);  in vli_mmod_slow()
649 static void vli_mmod_barrett(u64 *result, u64 *product, const u64 *mod,  in vli_mmod_barrett()  argument
668 	vli_set(result, r, ndigits);  in vli_mmod_barrett()
675 static void vli_mmod_fast_192(u64 *result, const u64 *product,  in vli_mmod_fast_192()  argument
681 	vli_set(result, product, ndigits);  in vli_mmod_fast_192()
684 	carry = vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_192()
689 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_192()
693 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_192()
695 	while (carry || vli_cmp(curve_prime, result, ndigits) != 1)  in vli_mmod_fast_192()
696 		carry -= vli_sub(result, result, curve_prime, ndigits);  in vli_mmod_fast_192()
702 static void vli_mmod_fast_256(u64 *result, const u64 *product,  in vli_mmod_fast_256()  argument
709 	vli_set(result, product, ndigits);  in vli_mmod_fast_256()
717 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_256()
724 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_256()
731 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_256()
738 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_256()
745 	carry -= vli_sub(result, result, tmp, ndigits);  in vli_mmod_fast_256()
752 	carry -= vli_sub(result, result, tmp, ndigits);  in vli_mmod_fast_256()
759 	carry -= vli_sub(result, result, tmp, ndigits);  in vli_mmod_fast_256()
766 	carry -= vli_sub(result, result, tmp, ndigits);  in vli_mmod_fast_256()
770 			carry += vli_add(result, result, curve_prime, ndigits);  in vli_mmod_fast_256()
773 		while (carry || vli_cmp(curve_prime, result, ndigits) != 1)  in vli_mmod_fast_256()
774 			carry -= vli_sub(result, result, curve_prime, ndigits);  in vli_mmod_fast_256()
783 static bool vli_mmod_fast(u64 *result, u64 *product,  in vli_mmod_fast()  argument
792 			vli_mmod_special(result, product, curve_prime,  in vli_mmod_fast()
797 			vli_mmod_special2(result, product, curve_prime,  in vli_mmod_fast()
801 		vli_mmod_barrett(result, product, curve_prime, ndigits);  in vli_mmod_fast()
807 		vli_mmod_fast_192(result, product, curve_prime, tmp);  in vli_mmod_fast()
810 		vli_mmod_fast_256(result, product, curve_prime, tmp);  in vli_mmod_fast()
823 void vli_mod_mult_slow(u64 *result, const u64 *left, const u64 *right,  in vli_mod_mult_slow()  argument
829 	vli_mmod_slow(result, product, mod, ndigits);  in vli_mod_mult_slow()
834 static void vli_mod_mult_fast(u64 *result, const u64 *left, const u64 *right,  in vli_mod_mult_fast()  argument
840 	vli_mmod_fast(result, product, curve_prime, ndigits);  in vli_mod_mult_fast()
844 static void vli_mod_square_fast(u64 *result, const u64 *left,  in vli_mod_square_fast()  argument
850 	vli_mmod_fast(result, product, curve_prime, ndigits);  in vli_mod_square_fast()
858 void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod,  in vli_mod_inv()  argument
867 		vli_clear(result, ndigits);  in vli_mod_inv()
929 	vli_set(result, u, ndigits);  in vli_mod_inv()
1142 static void ecc_point_mult(struct ecc_point *result,  in ecc_point_mult()  argument
1201 	vli_set(result->x, rx[0], ndigits);  in ecc_point_mult()
1202 	vli_set(result->y, ry[0], ndigits);  in ecc_point_mult()
1206 static void ecc_point_add(const struct ecc_point *result,  in ecc_point_add()  argument
1215 	vli_set(result->x, q->x, ndigits);  in ecc_point_add()
1216 	vli_set(result->y, q->y, ndigits);  in ecc_point_add()
1217 	vli_mod_sub(z, result->x, p->x, curve->p, ndigits);  in ecc_point_add()
1220 	xycz_add(px, py, result->x, result->y, curve->p, ndigits);  in ecc_point_add()
1222 	apply_z(result->x, result->y, z, curve->p, ndigits);  in ecc_point_add()
1228 void ecc_point_mult_shamir(const struct ecc_point *result,  in ecc_point_mult_shamir()  argument
1235 	u64 *rx = result->x;  in ecc_point_mult_shamir()
1236 	u64 *ry = result->y;  in ecc_point_mult_shamir()