Lines Matching refs:ctx
88 static void point_resize(MPI_POINT p, struct mpi_ec_ctx *ctx) in point_resize() argument
90 size_t nlimbs = ctx->p->nlimbs; in point_resize()
97 if (ctx->model != MPI_EC_MONTGOMERY) { in point_resize()
104 struct mpi_ec_ctx *ctx) in point_swap_cond() argument
107 if (ctx->model != MPI_EC_MONTGOMERY) in point_swap_cond()
122 static void ec_addm(MPI w, MPI u, MPI v, struct mpi_ec_ctx *ctx) in ec_addm() argument
125 ec_mod(w, ctx); in ec_addm()
136 static void ec_mulm(MPI w, MPI u, MPI v, struct mpi_ec_ctx *ctx) in ec_mulm() argument
139 ec_mod(w, ctx); in ec_mulm()
143 static void ec_mul2(MPI w, MPI u, struct mpi_ec_ctx *ctx) in ec_mul2() argument
146 ec_mod(w, ctx); in ec_mul2()
150 struct mpi_ec_ctx *ctx) in ec_powm() argument
152 mpi_powm(w, b, e, ctx->p); in ec_powm()
160 static void ec_pow2(MPI w, const MPI b, struct mpi_ec_ctx *ctx) in ec_pow2() argument
164 ec_mulm(w, b, b, ctx); in ec_pow2()
171 static void ec_pow3(MPI w, const MPI b, struct mpi_ec_ctx *ctx) in ec_pow3() argument
173 mpi_powm(w, b, mpi_const(MPI_C_THREE), ctx->p); in ec_pow3()
176 static void ec_invm(MPI x, MPI a, struct mpi_ec_ctx *ctx) in ec_invm() argument
178 if (!mpi_invm(x, a, ctx->p)) in ec_invm()
199 static void ec_addm_25519(MPI w, MPI u, MPI v, struct mpi_ec_ctx *ctx) in ec_addm_25519() argument
215 borrow = mpihelp_sub_n(wp, wp, ctx->p->d, wsize); in ec_addm_25519()
216 mpih_set_cond(n, ctx->p->d, wsize, (borrow != 0UL)); in ec_addm_25519()
221 static void ec_subm_25519(MPI w, MPI u, MPI v, struct mpi_ec_ctx *ctx) in ec_subm_25519() argument
237 mpih_set_cond(n, ctx->p->d, wsize, (borrow != 0UL)); in ec_subm_25519()
242 static void ec_mulm_25519(MPI w, MPI u, MPI v, struct mpi_ec_ctx *ctx) in ec_mulm_25519() argument
251 (void)ctx; in ec_mulm_25519()
286 cy = mpihelp_sub_n(wp, wp, ctx->p->d, wsize); in ec_mulm_25519()
287 mpih_set_cond(m, ctx->p->d, wsize, (cy != 0UL)); in ec_mulm_25519()
291 static void ec_mul2_25519(MPI w, MPI u, struct mpi_ec_ctx *ctx) in ec_mul2_25519() argument
293 ec_addm_25519(w, u, u, ctx); in ec_mul2_25519()
296 static void ec_pow2_25519(MPI w, const MPI b, struct mpi_ec_ctx *ctx) in ec_pow2_25519() argument
298 ec_mulm_25519(w, b, b, ctx); in ec_pow2_25519()
306 static void ec_addm_448(MPI w, MPI u, MPI v, struct mpi_ec_ctx *ctx) in ec_addm_448() argument
322 mpih_set_cond(n, ctx->p->d, wsize, (cy != 0UL)); in ec_addm_448()
326 static void ec_subm_448(MPI w, MPI u, MPI v, struct mpi_ec_ctx *ctx) in ec_subm_448() argument
342 mpih_set_cond(n, ctx->p->d, wsize, (borrow != 0UL)); in ec_subm_448()
346 static void ec_mulm_448(MPI w, MPI u, MPI v, struct mpi_ec_ctx *ctx) in ec_mulm_448() argument
438 cy = mpihelp_sub_n(wp, wp, ctx->p->d, wsize); in ec_mulm_448()
439 mpih_set_cond(n, ctx->p->d, wsize, (cy != 0UL)); in ec_mulm_448()
443 static void ec_mul2_448(MPI w, MPI u, struct mpi_ec_ctx *ctx) in ec_mul2_448() argument
445 ec_addm_448(w, u, u, ctx); in ec_mul2_448()
448 static void ec_pow2_448(MPI w, const MPI b, struct mpi_ec_ctx *ctx) in ec_pow2_448() argument
450 ec_mulm_448(w, b, b, ctx); in ec_pow2_448()
457 void (*addm)(MPI w, MPI u, MPI v, struct mpi_ec_ctx *ctx);
458 void (*subm)(MPI w, MPI u, MPI v, struct mpi_ec_ctx *ctx);
459 void (*mulm)(MPI w, MPI u, MPI v, struct mpi_ec_ctx *ctx);
460 void (*mul2)(MPI w, MPI u, struct mpi_ec_ctx *ctx);
461 void (*pow2)(MPI w, const MPI b, struct mpi_ec_ctx *ctx);
564 void mpi_ec_init(struct mpi_ec_ctx *ctx, enum gcry_mpi_ec_models model, in mpi_ec_init() argument
576 ctx->model = model; in mpi_ec_init()
577 ctx->dialect = dialect; in mpi_ec_init()
578 ctx->flags = flags; in mpi_ec_init()
580 ctx->nbits = 256; in mpi_ec_init()
582 ctx->nbits = mpi_get_nbits(p); in mpi_ec_init()
583 ctx->p = mpi_copy(p); in mpi_ec_init()
584 ctx->a = mpi_copy(a); in mpi_ec_init()
585 ctx->b = mpi_copy(b); in mpi_ec_init()
587 ctx->d = NULL; in mpi_ec_init()
588 ctx->t.two_inv_p = NULL; in mpi_ec_init()
590 ctx->t.p_barrett = use_barrett > 0 ? mpi_barrett_init(ctx->p, 0) : NULL; in mpi_ec_init()
592 mpi_ec_get_reset(ctx); in mpi_ec_init()
597 int match_p = !mpi_cmp(ctx->p, p_candidate); in mpi_ec_init()
604 for (j = 0; i < DIM(ctx->t.scratch) && bad_points_table[i][j]; j++) in mpi_ec_init()
605 ctx->t.scratch[j] = mpi_scanval(bad_points_table[i][j]); in mpi_ec_init()
609 for (i = 0; i < DIM(ctx->t.scratch); i++) in mpi_ec_init()
610 ctx->t.scratch[i] = mpi_alloc_like(ctx->p); in mpi_ec_init()
613 ctx->addm = ec_addm; in mpi_ec_init()
614 ctx->subm = ec_subm; in mpi_ec_init()
615 ctx->mulm = ec_mulm; in mpi_ec_init()
616 ctx->mul2 = ec_mul2; in mpi_ec_init()
617 ctx->pow2 = ec_pow2; in mpi_ec_init()
627 ctx->addm = field_table[i].addm; in mpi_ec_init()
628 ctx->subm = field_table[i].subm; in mpi_ec_init()
629 ctx->mulm = field_table[i].mulm; in mpi_ec_init()
630 ctx->mul2 = field_table[i].mul2; in mpi_ec_init()
631 ctx->pow2 = field_table[i].pow2; in mpi_ec_init()
634 mpi_resize(ctx->a, ctx->p->nlimbs); in mpi_ec_init()
635 ctx->a->nlimbs = ctx->p->nlimbs; in mpi_ec_init()
637 mpi_resize(ctx->b, ctx->p->nlimbs); in mpi_ec_init()
638 ctx->b->nlimbs = ctx->p->nlimbs; in mpi_ec_init()
640 for (i = 0; i < DIM(ctx->t.scratch) && ctx->t.scratch[i]; i++) in mpi_ec_init()
641 ctx->t.scratch[i]->nlimbs = ctx->p->nlimbs; in mpi_ec_init()
651 void mpi_ec_deinit(struct mpi_ec_ctx *ctx) in mpi_ec_deinit() argument
655 mpi_barrett_free(ctx->t.p_barrett); in mpi_ec_deinit()
658 mpi_free(ctx->p); in mpi_ec_deinit()
659 mpi_free(ctx->a); in mpi_ec_deinit()
660 mpi_free(ctx->b); in mpi_ec_deinit()
661 mpi_point_release(ctx->G); in mpi_ec_deinit()
662 mpi_free(ctx->n); in mpi_ec_deinit()
665 mpi_point_release(ctx->Q); in mpi_ec_deinit()
666 mpi_free(ctx->d); in mpi_ec_deinit()
669 mpi_free(ctx->t.two_inv_p); in mpi_ec_deinit()
671 for (i = 0; i < DIM(ctx->t.scratch); i++) in mpi_ec_deinit()
672 mpi_free(ctx->t.scratch[i]); in mpi_ec_deinit()
681 int mpi_ec_get_affine(MPI x, MPI y, MPI_POINT point, struct mpi_ec_ctx *ctx) in mpi_ec_get_affine() argument
686 switch (ctx->model) { in mpi_ec_get_affine()
693 ec_invm(z1, point->z, ctx); /* z1 = z^(-1) mod p */ in mpi_ec_get_affine()
694 ec_mulm(z2, z1, z1, ctx); /* z2 = z^(-2) mod p */ in mpi_ec_get_affine()
697 ec_mulm(x, point->x, z2, ctx); in mpi_ec_get_affine()
701 ec_mulm(z3, z2, z1, ctx); /* z3 = z^(-3) mod p */ in mpi_ec_get_affine()
702 ec_mulm(y, point->y, z3, ctx); in mpi_ec_get_affine()
729 ec_invm(z, point->z, ctx); in mpi_ec_get_affine()
731 mpi_resize(z, ctx->p->nlimbs); in mpi_ec_get_affine()
732 z->nlimbs = ctx->p->nlimbs; in mpi_ec_get_affine()
735 mpi_resize(x, ctx->p->nlimbs); in mpi_ec_get_affine()
736 x->nlimbs = ctx->p->nlimbs; in mpi_ec_get_affine()
737 ctx->mulm(x, point->x, z, ctx); in mpi_ec_get_affine()
740 mpi_resize(y, ctx->p->nlimbs); in mpi_ec_get_affine()
741 y->nlimbs = ctx->p->nlimbs; in mpi_ec_get_affine()
742 ctx->mulm(y, point->y, z, ctx); in mpi_ec_get_affine()
757 MPI_POINT point, struct mpi_ec_ctx *ctx) in dup_point_weierstrass() argument
762 #define t1 (ctx->t.scratch[0]) in dup_point_weierstrass()
763 #define t2 (ctx->t.scratch[1]) in dup_point_weierstrass()
764 #define t3 (ctx->t.scratch[2]) in dup_point_weierstrass()
765 #define l1 (ctx->t.scratch[3]) in dup_point_weierstrass()
766 #define l2 (ctx->t.scratch[4]) in dup_point_weierstrass()
767 #define l3 (ctx->t.scratch[5]) in dup_point_weierstrass()
775 if (ec_get_a_is_pminus3(ctx)) { in dup_point_weierstrass()
780 ec_pow2(t1, point->z, ctx); in dup_point_weierstrass()
781 ec_subm(l1, point->x, t1, ctx); in dup_point_weierstrass()
782 ec_mulm(l1, l1, mpi_const(MPI_C_THREE), ctx); in dup_point_weierstrass()
783 ec_addm(t2, point->x, t1, ctx); in dup_point_weierstrass()
784 ec_mulm(l1, l1, t2, ctx); in dup_point_weierstrass()
789 ec_pow2(l1, point->x, ctx); in dup_point_weierstrass()
790 ec_mulm(l1, l1, mpi_const(MPI_C_THREE), ctx); in dup_point_weierstrass()
791 ec_powm(t1, point->z, mpi_const(MPI_C_FOUR), ctx); in dup_point_weierstrass()
792 ec_mulm(t1, t1, ctx->a, ctx); in dup_point_weierstrass()
793 ec_addm(l1, l1, t1, ctx); in dup_point_weierstrass()
796 ec_mulm(z3, point->y, point->z, ctx); in dup_point_weierstrass()
797 ec_mul2(z3, z3, ctx); in dup_point_weierstrass()
801 ec_pow2(t2, point->y, ctx); in dup_point_weierstrass()
802 ec_mulm(l2, t2, point->x, ctx); in dup_point_weierstrass()
803 ec_mulm(l2, l2, mpi_const(MPI_C_FOUR), ctx); in dup_point_weierstrass()
807 ec_pow2(x3, l1, ctx); in dup_point_weierstrass()
808 ec_mul2(t1, l2, ctx); in dup_point_weierstrass()
809 ec_subm(x3, x3, t1, ctx); in dup_point_weierstrass()
813 ec_pow2(t2, t2, ctx); in dup_point_weierstrass()
814 ec_mulm(l3, t2, mpi_const(MPI_C_EIGHT), ctx); in dup_point_weierstrass()
817 ec_subm(y3, l2, x3, ctx); in dup_point_weierstrass()
818 ec_mulm(y3, y3, l1, ctx); in dup_point_weierstrass()
819 ec_subm(y3, y3, l3, ctx); in dup_point_weierstrass()
835 MPI_POINT point, struct mpi_ec_ctx *ctx) in dup_point_montgomery() argument
839 (void)ctx; in dup_point_montgomery()
846 MPI_POINT point, struct mpi_ec_ctx *ctx) in dup_point_edwards() argument
854 #define B (ctx->t.scratch[0]) in dup_point_edwards()
855 #define C (ctx->t.scratch[1]) in dup_point_edwards()
856 #define D (ctx->t.scratch[2]) in dup_point_edwards()
857 #define E (ctx->t.scratch[3]) in dup_point_edwards()
858 #define F (ctx->t.scratch[4]) in dup_point_edwards()
859 #define H (ctx->t.scratch[5]) in dup_point_edwards()
860 #define J (ctx->t.scratch[6]) in dup_point_edwards()
865 ctx->addm(B, X1, Y1, ctx); in dup_point_edwards()
866 ctx->pow2(B, B, ctx); in dup_point_edwards()
870 ctx->pow2(C, X1, ctx); in dup_point_edwards()
871 ctx->pow2(D, Y1, ctx); in dup_point_edwards()
874 if (ctx->dialect == ECC_DIALECT_ED25519) in dup_point_edwards()
875 ctx->subm(E, ctx->p, C, ctx); in dup_point_edwards()
877 ctx->mulm(E, ctx->a, C, ctx); in dup_point_edwards()
880 ctx->addm(F, E, D, ctx); in dup_point_edwards()
883 ctx->pow2(H, Z1, ctx); in dup_point_edwards()
886 ctx->mul2(J, H, ctx); in dup_point_edwards()
887 ctx->subm(J, F, J, ctx); in dup_point_edwards()
890 ctx->subm(X3, B, C, ctx); in dup_point_edwards()
891 ctx->subm(X3, X3, D, ctx); in dup_point_edwards()
892 ctx->mulm(X3, X3, J, ctx); in dup_point_edwards()
895 ctx->subm(Y3, E, D, ctx); in dup_point_edwards()
896 ctx->mulm(Y3, Y3, F, ctx); in dup_point_edwards()
899 ctx->mulm(Z3, F, J, ctx); in dup_point_edwards()
918 mpi_ec_dup_point(MPI_POINT result, MPI_POINT point, struct mpi_ec_ctx *ctx) in mpi_ec_dup_point() argument
920 switch (ctx->model) { in mpi_ec_dup_point()
922 dup_point_weierstrass(result, point, ctx); in mpi_ec_dup_point()
925 dup_point_montgomery(result, point, ctx); in mpi_ec_dup_point()
928 dup_point_edwards(result, point, ctx); in mpi_ec_dup_point()
936 struct mpi_ec_ctx *ctx) in add_points_weierstrass() argument
947 #define l1 (ctx->t.scratch[0]) in add_points_weierstrass()
948 #define l2 (ctx->t.scratch[1]) in add_points_weierstrass()
949 #define l3 (ctx->t.scratch[2]) in add_points_weierstrass()
950 #define l4 (ctx->t.scratch[3]) in add_points_weierstrass()
951 #define l5 (ctx->t.scratch[4]) in add_points_weierstrass()
952 #define l6 (ctx->t.scratch[5]) in add_points_weierstrass()
953 #define l7 (ctx->t.scratch[6]) in add_points_weierstrass()
954 #define l8 (ctx->t.scratch[7]) in add_points_weierstrass()
955 #define l9 (ctx->t.scratch[8]) in add_points_weierstrass()
956 #define t1 (ctx->t.scratch[9]) in add_points_weierstrass()
957 #define t2 (ctx->t.scratch[10]) in add_points_weierstrass()
961 mpi_ec_dup_point(result, p1, ctx); in add_points_weierstrass()
981 ec_pow2(l1, z2, ctx); in add_points_weierstrass()
982 ec_mulm(l1, l1, x1, ctx); in add_points_weierstrass()
987 ec_pow2(l2, z1, ctx); in add_points_weierstrass()
988 ec_mulm(l2, l2, x2, ctx); in add_points_weierstrass()
991 ec_subm(l3, l1, l2, ctx); in add_points_weierstrass()
993 ec_powm(l4, z2, mpi_const(MPI_C_THREE), ctx); in add_points_weierstrass()
994 ec_mulm(l4, l4, y1, ctx); in add_points_weierstrass()
996 ec_powm(l5, z1, mpi_const(MPI_C_THREE), ctx); in add_points_weierstrass()
997 ec_mulm(l5, l5, y2, ctx); in add_points_weierstrass()
999 ec_subm(l6, l4, l5, ctx); in add_points_weierstrass()
1004 mpi_ec_dup_point(result, p1, ctx); in add_points_weierstrass()
1013 ec_addm(l7, l1, l2, ctx); in add_points_weierstrass()
1015 ec_addm(l8, l4, l5, ctx); in add_points_weierstrass()
1017 ec_mulm(z3, z1, z2, ctx); in add_points_weierstrass()
1018 ec_mulm(z3, z3, l3, ctx); in add_points_weierstrass()
1020 ec_pow2(t1, l6, ctx); in add_points_weierstrass()
1021 ec_pow2(t2, l3, ctx); in add_points_weierstrass()
1022 ec_mulm(t2, t2, l7, ctx); in add_points_weierstrass()
1023 ec_subm(x3, t1, t2, ctx); in add_points_weierstrass()
1025 ec_mul2(t1, x3, ctx); in add_points_weierstrass()
1026 ec_subm(l9, t2, t1, ctx); in add_points_weierstrass()
1028 ec_mulm(l9, l9, l6, ctx); in add_points_weierstrass()
1029 ec_powm(t1, l3, mpi_const(MPI_C_THREE), ctx); /* fixme: Use saved value*/ in add_points_weierstrass()
1030 ec_mulm(t1, t1, l8, ctx); in add_points_weierstrass()
1031 ec_subm(y3, l9, t1, ctx); in add_points_weierstrass()
1032 ec_mulm(y3, y3, ec_get_two_inv_p(ctx), ctx); in add_points_weierstrass()
1061 struct mpi_ec_ctx *ctx) in add_points_montgomery() argument
1066 (void)ctx; in add_points_montgomery()
1074 struct mpi_ec_ctx *ctx) in add_points_edwards() argument
1085 #define A (ctx->t.scratch[0]) in add_points_edwards()
1086 #define B (ctx->t.scratch[1]) in add_points_edwards()
1087 #define C (ctx->t.scratch[2]) in add_points_edwards()
1088 #define D (ctx->t.scratch[3]) in add_points_edwards()
1089 #define E (ctx->t.scratch[4]) in add_points_edwards()
1090 #define F (ctx->t.scratch[5]) in add_points_edwards()
1091 #define G (ctx->t.scratch[6]) in add_points_edwards()
1092 #define tmp (ctx->t.scratch[7]) in add_points_edwards()
1094 point_resize(result, ctx); in add_points_edwards()
1099 ctx->mulm(A, Z1, Z2, ctx); in add_points_edwards()
1102 ctx->pow2(B, A, ctx); in add_points_edwards()
1105 ctx->mulm(C, X1, X2, ctx); in add_points_edwards()
1108 ctx->mulm(D, Y1, Y2, ctx); in add_points_edwards()
1111 ctx->mulm(E, ctx->b, C, ctx); in add_points_edwards()
1112 ctx->mulm(E, E, D, ctx); in add_points_edwards()
1115 ctx->subm(F, B, E, ctx); in add_points_edwards()
1118 ctx->addm(G, B, E, ctx); in add_points_edwards()
1121 ctx->addm(tmp, X1, Y1, ctx); in add_points_edwards()
1122 ctx->addm(X3, X2, Y2, ctx); in add_points_edwards()
1123 ctx->mulm(X3, X3, tmp, ctx); in add_points_edwards()
1124 ctx->subm(X3, X3, C, ctx); in add_points_edwards()
1125 ctx->subm(X3, X3, D, ctx); in add_points_edwards()
1126 ctx->mulm(X3, X3, F, ctx); in add_points_edwards()
1127 ctx->mulm(X3, X3, A, ctx); in add_points_edwards()
1130 if (ctx->dialect == ECC_DIALECT_ED25519) { in add_points_edwards()
1131 ctx->addm(Y3, D, C, ctx); in add_points_edwards()
1133 ctx->mulm(Y3, ctx->a, C, ctx); in add_points_edwards()
1134 ctx->subm(Y3, D, Y3, ctx); in add_points_edwards()
1136 ctx->mulm(Y3, Y3, G, ctx); in add_points_edwards()
1137 ctx->mulm(Y3, Y3, A, ctx); in add_points_edwards()
1140 ctx->mulm(Z3, F, G, ctx); in add_points_edwards()
1168 struct mpi_ec_ctx *ctx) in montgomery_ladder() argument
1170 ctx->addm(sum->x, p2->x, p2->z, ctx); in montgomery_ladder()
1171 ctx->subm(p2->z, p2->x, p2->z, ctx); in montgomery_ladder()
1172 ctx->addm(prd->x, p1->x, p1->z, ctx); in montgomery_ladder()
1173 ctx->subm(p1->z, p1->x, p1->z, ctx); in montgomery_ladder()
1174 ctx->mulm(p2->x, p1->z, sum->x, ctx); in montgomery_ladder()
1175 ctx->mulm(p2->z, prd->x, p2->z, ctx); in montgomery_ladder()
1176 ctx->pow2(p1->x, prd->x, ctx); in montgomery_ladder()
1177 ctx->pow2(p1->z, p1->z, ctx); in montgomery_ladder()
1178 ctx->addm(sum->x, p2->x, p2->z, ctx); in montgomery_ladder()
1179 ctx->subm(p2->z, p2->x, p2->z, ctx); in montgomery_ladder()
1180 ctx->mulm(prd->x, p1->x, p1->z, ctx); in montgomery_ladder()
1181 ctx->subm(p1->z, p1->x, p1->z, ctx); in montgomery_ladder()
1182 ctx->pow2(sum->x, sum->x, ctx); in montgomery_ladder()
1183 ctx->pow2(sum->z, p2->z, ctx); in montgomery_ladder()
1184 ctx->mulm(prd->z, p1->z, ctx->a, ctx); /* CTX->A: (a-2)/4 */ in montgomery_ladder()
1185 ctx->mulm(sum->z, sum->z, dif_x, ctx); in montgomery_ladder()
1186 ctx->addm(prd->z, p1->x, prd->z, ctx); in montgomery_ladder()
1187 ctx->mulm(prd->z, prd->z, p1->z, ctx); in montgomery_ladder()
1193 struct mpi_ec_ctx *ctx) in mpi_ec_add_points() argument
1195 switch (ctx->model) { in mpi_ec_add_points()
1197 add_points_weierstrass(result, p1, p2, ctx); in mpi_ec_add_points()
1200 add_points_montgomery(result, p1, p2, ctx); in mpi_ec_add_points()
1203 add_points_edwards(result, p1, p2, ctx); in mpi_ec_add_points()
1215 struct mpi_ec_ctx *ctx) in mpi_ec_mul_point() argument
1221 if (ctx->model == MPI_EC_EDWARDS) { in mpi_ec_mul_point()
1232 if (mpi_cmp(scalar, ctx->p) >= 0) in mpi_ec_mul_point()
1235 nbits = mpi_get_nbits(ctx->p); in mpi_ec_mul_point()
1240 point_resize(point, ctx); in mpi_ec_mul_point()
1242 point_resize(result, ctx); in mpi_ec_mul_point()
1243 point_resize(point, ctx); in mpi_ec_mul_point()
1246 mpi_ec_dup_point(result, result, ctx); in mpi_ec_mul_point()
1248 mpi_ec_add_points(result, result, point, ctx); in mpi_ec_mul_point()
1251 } else if (ctx->model == MPI_EC_MONTGOMERY) { in mpi_ec_mul_point()
1274 point_resize(&p1, ctx); in mpi_ec_mul_point()
1275 point_resize(&p2, ctx); in mpi_ec_mul_point()
1276 point_resize(&p1_, ctx); in mpi_ec_mul_point()
1277 point_resize(&p2_, ctx); in mpi_ec_mul_point()
1279 mpi_resize(point->x, ctx->p->nlimbs); in mpi_ec_mul_point()
1280 point->x->nlimbs = ctx->p->nlimbs; in mpi_ec_mul_point()
1291 point_swap_cond(q1, q2, sw, ctx); in mpi_ec_mul_point()
1292 montgomery_ladder(prd, sum, q1, q2, point->x, ctx); in mpi_ec_mul_point()
1293 point_swap_cond(prd, sum, sw, ctx); in mpi_ec_mul_point()
1300 point_swap_cond(&p1, &p1_, sw, ctx); in mpi_ec_mul_point()
1309 ec_invm(z1, p1.z, ctx); in mpi_ec_mul_point()
1310 ec_mulm(result->x, p1.x, z1, ctx); in mpi_ec_mul_point()
1322 x1 = mpi_alloc_like(ctx->p); in mpi_ec_mul_point()
1323 y1 = mpi_alloc_like(ctx->p); in mpi_ec_mul_point()
1324 h = mpi_alloc_like(ctx->p); in mpi_ec_mul_point()
1330 ec_invm(yy, yy, ctx); in mpi_ec_mul_point()
1339 z2 = mpi_alloc_like(ctx->p); in mpi_ec_mul_point()
1340 z3 = mpi_alloc_like(ctx->p); in mpi_ec_mul_point()
1341 ec_mulm(z2, point->z, point->z, ctx); in mpi_ec_mul_point()
1342 ec_mulm(z3, point->z, z2, ctx); in mpi_ec_mul_point()
1343 ec_invm(z2, z2, ctx); in mpi_ec_mul_point()
1344 ec_mulm(x1, point->x, z2, ctx); in mpi_ec_mul_point()
1345 ec_invm(z3, z3, ctx); in mpi_ec_mul_point()
1346 ec_mulm(y1, yy, z3, ctx); in mpi_ec_mul_point()
1378 ec_subm(p1inv.y, ctx->p, p1inv.y, ctx); in mpi_ec_mul_point()
1381 mpi_ec_dup_point(result, result, ctx); in mpi_ec_mul_point()
1384 mpi_ec_add_points(result, &p2, &p1, ctx); in mpi_ec_mul_point()
1388 mpi_ec_add_points(result, &p2, &p1inv, ctx); in mpi_ec_mul_point()
1401 int mpi_ec_curve_point(MPI_POINT point, struct mpi_ec_ctx *ctx) in mpi_ec_curve_point() argument
1413 if (mpi_cmpabs(point->x, ctx->p) >= 0) in mpi_ec_curve_point()
1415 if (mpi_cmpabs(point->y, ctx->p) >= 0) in mpi_ec_curve_point()
1417 if (mpi_cmpabs(point->z, ctx->p) >= 0) in mpi_ec_curve_point()
1420 switch (ctx->model) { in mpi_ec_curve_point()
1425 if (mpi_ec_get_affine(x, y, point, ctx)) in mpi_ec_curve_point()
1431 ec_pow2(y, y, ctx); in mpi_ec_curve_point()
1433 ec_pow3(xxx, x, ctx); in mpi_ec_curve_point()
1434 ec_mulm(w, ctx->a, x, ctx); in mpi_ec_curve_point()
1435 ec_addm(w, w, ctx->b, ctx); in mpi_ec_curve_point()
1436 ec_addm(w, w, xxx, ctx); in mpi_ec_curve_point()
1449 if (mpi_ec_get_affine(x, NULL, point, ctx)) in mpi_ec_curve_point()
1457 ec_mulm(w, ctx->a, mpi_const(MPI_C_FOUR), ctx); in mpi_ec_curve_point()
1458 ec_addm(w, w, mpi_const(MPI_C_TWO), ctx); in mpi_ec_curve_point()
1459 ec_mulm(w, w, x, ctx); in mpi_ec_curve_point()
1460 ec_pow2(xx, x, ctx); in mpi_ec_curve_point()
1461 ec_addm(w, w, xx, ctx); in mpi_ec_curve_point()
1462 ec_addm(w, w, mpi_const(MPI_C_ONE), ctx); in mpi_ec_curve_point()
1463 ec_mulm(w, w, x, ctx); in mpi_ec_curve_point()
1464 ec_mulm(w, w, ctx->b, ctx); in mpi_ec_curve_point()
1468 ec_subm(p_minus1, ctx->p, mpi_const(MPI_C_ONE), ctx); in mpi_ec_curve_point()
1470 ec_powm(w, w, p_minus1, ctx); in mpi_ec_curve_point()
1479 if (mpi_ec_get_affine(x, y, point, ctx)) in mpi_ec_curve_point()
1482 mpi_resize(w, ctx->p->nlimbs); in mpi_ec_curve_point()
1483 w->nlimbs = ctx->p->nlimbs; in mpi_ec_curve_point()
1486 ctx->pow2(x, x, ctx); in mpi_ec_curve_point()
1487 ctx->pow2(y, y, ctx); in mpi_ec_curve_point()
1488 if (ctx->dialect == ECC_DIALECT_ED25519) in mpi_ec_curve_point()
1489 ctx->subm(w, ctx->p, x, ctx); in mpi_ec_curve_point()
1491 ctx->mulm(w, ctx->a, x, ctx); in mpi_ec_curve_point()
1492 ctx->addm(w, w, y, ctx); in mpi_ec_curve_point()
1493 ctx->mulm(x, x, y, ctx); in mpi_ec_curve_point()
1494 ctx->mulm(x, x, ctx->b, ctx); in mpi_ec_curve_point()
1495 ctx->subm(w, w, x, ctx); in mpi_ec_curve_point()