233 static u64 vli_lshift(u64 *result, const u64 *in, unsigned int shift,  in vli_lshift()  argument
242 		result[i] = (temp << shift) | carry;  in vli_lshift()
265 static u64 vli_add(u64 *result, const u64 *left, const u64 *right,  in vli_add()  argument
278 		result[i] = sum;  in vli_add()
285 static u64 vli_uadd(u64 *result, const u64 *left, u64 right,  in vli_uadd()  argument
300 		result[i] = sum;  in vli_uadd()
307 u64 vli_sub(u64 *result, const u64 *left, const u64 *right,  in vli_sub()  argument
320 		result[i] = diff;  in vli_sub()
328 static u64 vli_usub(u64 *result, const u64 *left, u64 right,  in vli_usub()  argument
341 		result[i] = diff;  in vli_usub()
349 	uint128_t result;  in mul_64_64()  local
353 	result.m_low  = m;  in mul_64_64()
354 	result.m_high = m >> 64;  in mul_64_64()
372 	result.m_low = (m0 & 0xffffffffull) | (m2 << 32);  in mul_64_64()
373 	result.m_high = m3 + (m2 >> 32);  in mul_64_64()
375 	return result;  in mul_64_64()
380 	uint128_t result;  in add_128_128()  local
382 	result.m_low = a.m_low + b.m_low;  in add_128_128()
383 	result.m_high = a.m_high + b.m_high + (result.m_low < a.m_low);  in add_128_128()
385 	return result;  in add_128_128()
388 static void vli_mult(u64 *result, const u64 *left, const u64 *right,  in vli_mult()  argument
415 		result[k] = r01.m_low;  in vli_mult()
421 	result[ndigits * 2 - 1] = r01.m_low;  in vli_mult()
425 static void vli_umult(u64 *result, const u64 *left, u32 right,  in vli_umult()  argument
437 		result[k] = r01.m_low;  in vli_umult()
441 	result[k] = r01.m_low;  in vli_umult()
443 		result[k] = 0;  in vli_umult()
446 static void vli_square(u64 *result, const u64 *left, unsigned int ndigits)  in vli_square()  argument
476 		result[k] = r01.m_low;  in vli_square()
482 	result[ndigits * 2 - 1] = r01.m_low;  in vli_square()
488 static void vli_mod_add(u64 *result, const u64 *left, const u64 *right,  in vli_mod_add()  argument
493 	carry = vli_add(result, left, right, ndigits);  in vli_mod_add()
498 	if (carry || vli_cmp(result, mod, ndigits) >= 0)  in vli_mod_add()
499 		vli_sub(result, result, mod, ndigits);  in vli_mod_add()
505 static void vli_mod_sub(u64 *result, const u64 *left, const u64 *right,  in vli_mod_sub()  argument
508 	u64 borrow = vli_sub(result, left, right, ndigits);  in vli_mod_sub()
515 		vli_add(result, result, mod, ndigits);  in vli_mod_sub()
527 static void vli_mmod_special(u64 *result, const u64 *product,  in vli_mmod_special()  argument
544 	vli_set(result, r, ndigits);  in vli_mmod_special()
561 static void vli_mmod_special2(u64 *result, const u64 *product,  in vli_mmod_special2()  argument
602 	vli_set(result, r, ndigits);  in vli_mmod_special2()
610 static void vli_mmod_slow(u64 *result, u64 *product, const u64 *mod,  in vli_mmod_slow()  argument
648 	vli_set(result, v[i], ndigits);  in vli_mmod_slow()
660 static void vli_mmod_barrett(u64 *result, u64 *product, const u64 *mod,  in vli_mmod_barrett()  argument
679 	vli_set(result, r, ndigits);  in vli_mmod_barrett()
686 static void vli_mmod_fast_192(u64 *result, const u64 *product,  in vli_mmod_fast_192()  argument
692 	vli_set(result, product, ndigits);  in vli_mmod_fast_192()
695 	carry = vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_192()
700 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_192()
704 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_192()
706 	while (carry || vli_cmp(curve_prime, result, ndigits) != 1)  in vli_mmod_fast_192()
707 		carry -= vli_sub(result, result, curve_prime, ndigits);  in vli_mmod_fast_192()
713 static void vli_mmod_fast_256(u64 *result, const u64 *product,  in vli_mmod_fast_256()  argument
720 	vli_set(result, product, ndigits);  in vli_mmod_fast_256()
728 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_256()
735 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_256()
742 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_256()
749 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_256()
756 	carry -= vli_sub(result, result, tmp, ndigits);  in vli_mmod_fast_256()
763 	carry -= vli_sub(result, result, tmp, ndigits);  in vli_mmod_fast_256()
770 	carry -= vli_sub(result, result, tmp, ndigits);  in vli_mmod_fast_256()
777 	carry -= vli_sub(result, result, tmp, ndigits);  in vli_mmod_fast_256()
781 			carry += vli_add(result, result, curve_prime, ndigits);  in vli_mmod_fast_256()
784 		while (carry || vli_cmp(curve_prime, result, ndigits) != 1)  in vli_mmod_fast_256()
785 			carry -= vli_sub(result, result, curve_prime, ndigits);  in vli_mmod_fast_256()
796 static void vli_mmod_fast_384(u64 *result, const u64 *product,  in vli_mmod_fast_384()  argument
803 	vli_set(result, product, ndigits);  in vli_mmod_fast_384()
813 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_384()
822 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_384()
831 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_384()
840 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_384()
849 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_384()
858 	carry += vli_add(result, result, tmp, ndigits);  in vli_mmod_fast_384()
867 	carry -= vli_sub(result, result, tmp, ndigits);  in vli_mmod_fast_384()
876 	carry -= vli_sub(result, result, tmp, ndigits);  in vli_mmod_fast_384()
885 	carry -= vli_sub(result, result, tmp, ndigits);  in vli_mmod_fast_384()
889 			carry += vli_add(result, result, curve_prime, ndigits);  in vli_mmod_fast_384()
892 		while (carry || vli_cmp(curve_prime, result, ndigits) != 1)  in vli_mmod_fast_384()
893 			carry -= vli_sub(result, result, curve_prime, ndigits);  in vli_mmod_fast_384()
907 static bool vli_mmod_fast(u64 *result, u64 *product,  in vli_mmod_fast()  argument
918 			vli_mmod_special(result, product, curve_prime,  in vli_mmod_fast()
923 			vli_mmod_special2(result, product, curve_prime,  in vli_mmod_fast()
927 		vli_mmod_barrett(result, product, curve_prime, ndigits);  in vli_mmod_fast()
933 		vli_mmod_fast_192(result, product, curve_prime, tmp);  in vli_mmod_fast()
936 		vli_mmod_fast_256(result, product, curve_prime, tmp);  in vli_mmod_fast()
939 		vli_mmod_fast_384(result, product, curve_prime, tmp);  in vli_mmod_fast()
952 void vli_mod_mult_slow(u64 *result, const u64 *left, const u64 *right,  in vli_mod_mult_slow()  argument
958 	vli_mmod_slow(result, product, mod, ndigits);  in vli_mod_mult_slow()
963 static void vli_mod_mult_fast(u64 *result, const u64 *left, const u64 *right,  in vli_mod_mult_fast()  argument
969 	vli_mmod_fast(result, product, curve);  in vli_mod_mult_fast()
973 static void vli_mod_square_fast(u64 *result, const u64 *left,  in vli_mod_square_fast()  argument
979 	vli_mmod_fast(result, product, curve);  in vli_mod_square_fast()
987 void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod,  in vli_mod_inv()  argument
996 		vli_clear(result, ndigits);  in vli_mod_inv()
1058 	vli_set(result, u, ndigits);  in vli_mod_inv()
1276 static void ecc_point_mult(struct ecc_point *result,  in ecc_point_mult()  argument
1331 	vli_set(result->x, rx[0], ndigits);  in ecc_point_mult()
1332 	vli_set(result->y, ry[0], ndigits);  in ecc_point_mult()
1336 static void ecc_point_add(const struct ecc_point *result,  in ecc_point_add()  argument
1345 	vli_set(result->x, q->x, ndigits);  in ecc_point_add()
1346 	vli_set(result->y, q->y, ndigits);  in ecc_point_add()
1347 	vli_mod_sub(z, result->x, p->x, curve->p, ndigits);  in ecc_point_add()
1350 	xycz_add(px, py, result->x, result->y, curve);  in ecc_point_add()
1352 	apply_z(result->x, result->y, z, curve);  in ecc_point_add()
1358 void ecc_point_mult_shamir(const struct ecc_point *result,  in ecc_point_mult_shamir()  argument
1365 	u64 *rx = result->x;  in ecc_point_mult_shamir()
1366 	u64 *ry = result->y;  in ecc_point_mult_shamir()