Lines Matching refs:ndigits
72 u64 *out, unsigned int ndigits) in ecc_digits_from_bytes() argument
74 int diff = ndigits - DIV_ROUND_UP_POW2(nbytes, sizeof(u64)); in ecc_digits_from_bytes()
80 ndigits -= diff; in ecc_digits_from_bytes()
81 memset(&out[ndigits], 0, diff * sizeof(u64)); in ecc_digits_from_bytes()
86 out[--ndigits] = be64_to_cpu(msd); in ecc_digits_from_bytes()
89 ecc_swap_digits(in, out, ndigits); in ecc_digits_from_bytes()
93 static u64 *ecc_alloc_digits_space(unsigned int ndigits) in ecc_alloc_digits_space() argument
95 size_t len = ndigits * sizeof(u64); in ecc_alloc_digits_space()
108 struct ecc_point *ecc_alloc_point(unsigned int ndigits) in ecc_alloc_point() argument
115 p->x = ecc_alloc_digits_space(ndigits); in ecc_alloc_point()
119 p->y = ecc_alloc_digits_space(ndigits); in ecc_alloc_point()
123 p->ndigits = ndigits; in ecc_alloc_point()
146 static void vli_clear(u64 *vli, unsigned int ndigits) in vli_clear() argument
150 for (i = 0; i < ndigits; i++) in vli_clear()
155 bool vli_is_zero(const u64 *vli, unsigned int ndigits) in vli_is_zero() argument
159 for (i = 0; i < ndigits; i++) { in vli_is_zero()
174 static bool vli_is_negative(const u64 *vli, unsigned int ndigits) in vli_is_negative() argument
176 return vli_test_bit(vli, ndigits * 64 - 1); in vli_is_negative()
180 static unsigned int vli_num_digits(const u64 *vli, unsigned int ndigits) in vli_num_digits() argument
188 for (i = ndigits - 1; i >= 0 && vli[i] == 0; i--); in vli_num_digits()
194 unsigned int vli_num_bits(const u64 *vli, unsigned int ndigits) in vli_num_bits() argument
199 num_digits = vli_num_digits(vli, ndigits); in vli_num_bits()
212 void vli_from_be64(u64 *dest, const void *src, unsigned int ndigits) in vli_from_be64() argument
217 for (i = 0; i < ndigits; i++) in vli_from_be64()
218 dest[i] = get_unaligned_be64(&from[ndigits - 1 - i]); in vli_from_be64()
222 void vli_from_le64(u64 *dest, const void *src, unsigned int ndigits) in vli_from_le64() argument
227 for (i = 0; i < ndigits; i++) in vli_from_le64()
233 static void vli_set(u64 *dest, const u64 *src, unsigned int ndigits) in vli_set() argument
237 for (i = 0; i < ndigits; i++) in vli_set()
242 int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits) in vli_cmp() argument
246 for (i = ndigits - 1; i >= 0; i--) { in vli_cmp()
261 unsigned int ndigits) in vli_lshift() argument
266 for (i = 0; i < ndigits; i++) { in vli_lshift()
277 static void vli_rshift1(u64 *vli, unsigned int ndigits) in vli_rshift1() argument
282 vli += ndigits; in vli_rshift1()
293 unsigned int ndigits) in vli_add() argument
298 for (i = 0; i < ndigits; i++) { in vli_add()
313 unsigned int ndigits) in vli_uadd() argument
318 for (i = 0; i < ndigits; i++) { in vli_uadd()
335 unsigned int ndigits) in vli_sub() argument
340 for (i = 0; i < ndigits; i++) { in vli_sub()
356 unsigned int ndigits) in vli_usub() argument
361 for (i = 0; i < ndigits; i++) { in vli_usub()
416 unsigned int ndigits) in vli_mult() argument
425 for (k = 0; k < ndigits * 2 - 1; k++) { in vli_mult()
428 if (k < ndigits) in vli_mult()
431 min = (k + 1) - ndigits; in vli_mult()
433 for (i = min; i <= k && i < ndigits; i++) { in vli_mult()
448 result[ndigits * 2 - 1] = r01.m_low; in vli_mult()
453 unsigned int ndigits) in vli_umult() argument
458 for (k = 0; k < ndigits; k++) { in vli_umult()
469 for (++k; k < ndigits * 2; k++) in vli_umult()
473 static void vli_square(u64 *result, const u64 *left, unsigned int ndigits) in vli_square() argument
479 for (k = 0; k < ndigits * 2 - 1; k++) { in vli_square()
482 if (k < ndigits) in vli_square()
485 min = (k + 1) - ndigits; in vli_square()
509 result[ndigits * 2 - 1] = r01.m_low; in vli_square()
516 const u64 *mod, unsigned int ndigits) in vli_mod_add() argument
520 carry = vli_add(result, left, right, ndigits); in vli_mod_add()
525 if (carry || vli_cmp(result, mod, ndigits) >= 0) in vli_mod_add()
526 vli_sub(result, result, mod, ndigits); in vli_mod_add()
533 const u64 *mod, unsigned int ndigits) in vli_mod_sub() argument
535 u64 borrow = vli_sub(result, left, right, ndigits); in vli_mod_sub()
542 vli_add(result, result, mod, ndigits); in vli_mod_sub()
555 const u64 *mod, unsigned int ndigits) in vli_mmod_special() argument
561 vli_set(r, product, ndigits * 2); in vli_mmod_special()
562 while (!vli_is_zero(r + ndigits, ndigits)) { in vli_mmod_special()
563 vli_umult(t, r + ndigits, c, ndigits); in vli_mmod_special()
564 vli_clear(r + ndigits, ndigits); in vli_mmod_special()
565 vli_add(r, r, t, ndigits * 2); in vli_mmod_special()
567 vli_set(t, mod, ndigits); in vli_mmod_special()
568 vli_clear(t + ndigits, ndigits); in vli_mmod_special()
569 while (vli_cmp(r, t, ndigits * 2) >= 0) in vli_mmod_special()
570 vli_sub(r, r, t, ndigits * 2); in vli_mmod_special()
571 vli_set(result, r, ndigits); in vli_mmod_special()
589 const u64 *mod, unsigned int ndigits) in vli_mmod_special2() argument
598 vli_set(m, mod, ndigits); in vli_mmod_special2()
599 vli_clear(m + ndigits, ndigits); in vli_mmod_special2()
601 vli_set(r, product, ndigits); in vli_mmod_special2()
603 vli_set(q, product + ndigits, ndigits); in vli_mmod_special2()
604 vli_clear(r + ndigits, ndigits); in vli_mmod_special2()
605 carry = vli_is_negative(r, ndigits); in vli_mmod_special2()
607 r[ndigits - 1] &= (1ull << 63) - 1; in vli_mmod_special2()
608 for (i = 1; carry || !vli_is_zero(q, ndigits); i++) { in vli_mmod_special2()
611 vli_umult(qc, q, c2, ndigits); in vli_mmod_special2()
613 vli_uadd(qc, qc, mod[0], ndigits * 2); in vli_mmod_special2()
614 vli_set(q, qc + ndigits, ndigits); in vli_mmod_special2()
615 vli_clear(qc + ndigits, ndigits); in vli_mmod_special2()
616 carry = vli_is_negative(qc, ndigits); in vli_mmod_special2()
618 qc[ndigits - 1] &= (1ull << 63) - 1; in vli_mmod_special2()
620 vli_sub(r, r, qc, ndigits * 2); in vli_mmod_special2()
622 vli_add(r, r, qc, ndigits * 2); in vli_mmod_special2()
624 while (vli_is_negative(r, ndigits * 2)) in vli_mmod_special2()
625 vli_add(r, r, m, ndigits * 2); in vli_mmod_special2()
626 while (vli_cmp(r, m, ndigits * 2) >= 0) in vli_mmod_special2()
627 vli_sub(r, r, m, ndigits * 2); in vli_mmod_special2()
629 vli_set(result, r, ndigits); in vli_mmod_special2()
638 unsigned int ndigits) in vli_mmod_slow() argument
646 int shift = (ndigits * 2 * 64) - vli_num_bits(mod, ndigits); in vli_mmod_slow()
652 for (i = 0; i < ndigits; ++i) { in vli_mmod_slow()
657 vli_set(mod_m + word_shift, mod, ndigits); in vli_mmod_slow()
663 for (j = 0; j < ndigits * 2; ++j) { in vli_mmod_slow()
671 vli_rshift1(mod_m, ndigits); in vli_mmod_slow()
672 mod_m[ndigits - 1] |= mod_m[ndigits] << (64 - 1); in vli_mmod_slow()
673 vli_rshift1(mod_m + ndigits, ndigits); in vli_mmod_slow()
675 vli_set(result, v[i], ndigits); in vli_mmod_slow()
688 unsigned int ndigits) in vli_mmod_barrett() argument
692 const u64 *mu = mod + ndigits; in vli_mmod_barrett()
694 vli_mult(q, product + ndigits, mu, ndigits); in vli_mmod_barrett()
695 if (mu[ndigits]) in vli_mmod_barrett()
696 vli_add(q + ndigits, q + ndigits, product + ndigits, ndigits); in vli_mmod_barrett()
697 vli_mult(r, mod, q + ndigits, ndigits); in vli_mmod_barrett()
698 vli_sub(r, product, r, ndigits * 2); in vli_mmod_barrett()
699 while (!vli_is_zero(r + ndigits, ndigits) || in vli_mmod_barrett()
700 vli_cmp(r, mod, ndigits) != -1) { in vli_mmod_barrett()
703 carry = vli_sub(r, r, mod, ndigits); in vli_mmod_barrett()
704 vli_usub(r + ndigits, r + ndigits, carry, ndigits); in vli_mmod_barrett()
706 vli_set(result, r, ndigits); in vli_mmod_barrett()
716 const unsigned int ndigits = ECC_CURVE_NIST_P192_DIGITS; in vli_mmod_fast_192() local
719 vli_set(result, product, ndigits); in vli_mmod_fast_192()
721 vli_set(tmp, &product[3], ndigits); in vli_mmod_fast_192()
722 carry = vli_add(result, result, tmp, ndigits); in vli_mmod_fast_192()
727 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_192()
731 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_192()
733 while (carry || vli_cmp(curve_prime, result, ndigits) != 1) in vli_mmod_fast_192()
734 carry -= vli_sub(result, result, curve_prime, ndigits); in vli_mmod_fast_192()
744 const unsigned int ndigits = ECC_CURVE_NIST_P256_DIGITS; in vli_mmod_fast_256() local
747 vli_set(result, product, ndigits); in vli_mmod_fast_256()
754 carry = vli_lshift(tmp, tmp, 1, ndigits); in vli_mmod_fast_256()
755 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_256()
761 carry += vli_lshift(tmp, tmp, 1, ndigits); in vli_mmod_fast_256()
762 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_256()
769 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_256()
776 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_256()
783 carry -= vli_sub(result, result, tmp, ndigits); in vli_mmod_fast_256()
790 carry -= vli_sub(result, result, tmp, ndigits); in vli_mmod_fast_256()
797 carry -= vli_sub(result, result, tmp, ndigits); in vli_mmod_fast_256()
804 carry -= vli_sub(result, result, tmp, ndigits); in vli_mmod_fast_256()
808 carry += vli_add(result, result, curve_prime, ndigits); in vli_mmod_fast_256()
811 while (carry || vli_cmp(curve_prime, result, ndigits) != 1) in vli_mmod_fast_256()
812 carry -= vli_sub(result, result, curve_prime, ndigits); in vli_mmod_fast_256()
827 const unsigned int ndigits = ECC_CURVE_NIST_P384_DIGITS; in vli_mmod_fast_384() local
830 vli_set(result, product, ndigits); in vli_mmod_fast_384()
839 carry = vli_lshift(tmp, tmp, 1, ndigits); in vli_mmod_fast_384()
840 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_384()
849 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_384()
858 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_384()
867 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_384()
876 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_384()
885 carry += vli_add(result, result, tmp, ndigits); in vli_mmod_fast_384()
894 carry -= vli_sub(result, result, tmp, ndigits); in vli_mmod_fast_384()
903 carry -= vli_sub(result, result, tmp, ndigits); in vli_mmod_fast_384()
912 carry -= vli_sub(result, result, tmp, ndigits); in vli_mmod_fast_384()
916 carry += vli_add(result, result, curve_prime, ndigits); in vli_mmod_fast_384()
919 while (carry || vli_cmp(curve_prime, result, ndigits) != 1) in vli_mmod_fast_384()
920 carry -= vli_sub(result, result, curve_prime, ndigits); in vli_mmod_fast_384()
937 const unsigned int ndigits = ECC_CURVE_NIST_P521_DIGITS; in vli_mmod_fast_521() local
941 vli_set(result, product, ndigits); in vli_mmod_fast_521()
944 for (i = 0; i < ndigits; i++) in vli_mmod_fast_521()
948 vli_mod_add(result, result, tmp, curve_prime, ndigits); in vli_mmod_fast_521()
961 const unsigned int ndigits = curve->g.ndigits; in vli_mmod_fast() local
966 if (curve_prime[ndigits - 1] == -1ull) { in vli_mmod_fast()
968 ndigits); in vli_mmod_fast()
970 } else if (curve_prime[ndigits - 1] == 1ull << 63 && in vli_mmod_fast()
971 curve_prime[ndigits - 2] == 0) { in vli_mmod_fast()
973 ndigits); in vli_mmod_fast()
976 vli_mmod_barrett(result, product, curve_prime, ndigits); in vli_mmod_fast()
980 switch (ndigits) { in vli_mmod_fast()
1005 const u64 *mod, unsigned int ndigits) in vli_mod_mult_slow() argument
1009 vli_mult(product, left, right, ndigits); in vli_mod_mult_slow()
1010 vli_mmod_slow(result, product, mod, ndigits); in vli_mod_mult_slow()
1020 vli_mult(product, left, right, curve->g.ndigits); in vli_mod_mult_fast()
1030 vli_square(product, left, curve->g.ndigits); in vli_mod_square_fast()
1040 unsigned int ndigits) in vli_mod_inv() argument
1047 if (vli_is_zero(input, ndigits)) { in vli_mod_inv()
1048 vli_clear(result, ndigits); in vli_mod_inv()
1052 vli_set(a, input, ndigits); in vli_mod_inv()
1053 vli_set(b, mod, ndigits); in vli_mod_inv()
1054 vli_clear(u, ndigits); in vli_mod_inv()
1056 vli_clear(v, ndigits); in vli_mod_inv()
1058 while ((cmp_result = vli_cmp(a, b, ndigits)) != 0) { in vli_mod_inv()
1062 vli_rshift1(a, ndigits); in vli_mod_inv()
1065 carry = vli_add(u, u, mod, ndigits); in vli_mod_inv()
1067 vli_rshift1(u, ndigits); in vli_mod_inv()
1069 u[ndigits - 1] |= 0x8000000000000000ull; in vli_mod_inv()
1071 vli_rshift1(b, ndigits); in vli_mod_inv()
1074 carry = vli_add(v, v, mod, ndigits); in vli_mod_inv()
1076 vli_rshift1(v, ndigits); in vli_mod_inv()
1078 v[ndigits - 1] |= 0x8000000000000000ull; in vli_mod_inv()
1080 vli_sub(a, a, b, ndigits); in vli_mod_inv()
1081 vli_rshift1(a, ndigits); in vli_mod_inv()
1083 if (vli_cmp(u, v, ndigits) < 0) in vli_mod_inv()
1084 vli_add(u, u, mod, ndigits); in vli_mod_inv()
1086 vli_sub(u, u, v, ndigits); in vli_mod_inv()
1088 carry = vli_add(u, u, mod, ndigits); in vli_mod_inv()
1090 vli_rshift1(u, ndigits); in vli_mod_inv()
1092 u[ndigits - 1] |= 0x8000000000000000ull; in vli_mod_inv()
1094 vli_sub(b, b, a, ndigits); in vli_mod_inv()
1095 vli_rshift1(b, ndigits); in vli_mod_inv()
1097 if (vli_cmp(v, u, ndigits) < 0) in vli_mod_inv()
1098 vli_add(v, v, mod, ndigits); in vli_mod_inv()
1100 vli_sub(v, v, u, ndigits); in vli_mod_inv()
1102 carry = vli_add(v, v, mod, ndigits); in vli_mod_inv()
1104 vli_rshift1(v, ndigits); in vli_mod_inv()
1106 v[ndigits - 1] |= 0x8000000000000000ull; in vli_mod_inv()
1110 vli_set(result, u, ndigits); in vli_mod_inv()
1119 return (vli_is_zero(point->x, point->ndigits) && in ecc_point_is_zero()
1120 vli_is_zero(point->y, point->ndigits)); in ecc_point_is_zero()
1136 const unsigned int ndigits = curve->g.ndigits; in ecc_point_double_jacobian() local
1138 if (vli_is_zero(z1, ndigits)) in ecc_point_double_jacobian()
1153 vli_mod_add(x1, x1, z1, curve_prime, ndigits); in ecc_point_double_jacobian()
1155 vli_mod_add(z1, z1, z1, curve_prime, ndigits); in ecc_point_double_jacobian()
1157 vli_mod_sub(z1, x1, z1, curve_prime, ndigits); in ecc_point_double_jacobian()
1162 vli_mod_add(z1, x1, x1, curve_prime, ndigits); in ecc_point_double_jacobian()
1164 vli_mod_add(x1, x1, z1, curve_prime, ndigits); in ecc_point_double_jacobian()
1166 u64 carry = vli_add(x1, x1, curve_prime, ndigits); in ecc_point_double_jacobian()
1168 vli_rshift1(x1, ndigits); in ecc_point_double_jacobian()
1169 x1[ndigits - 1] |= carry << 63; in ecc_point_double_jacobian()
1171 vli_rshift1(x1, ndigits); in ecc_point_double_jacobian()
1178 vli_mod_sub(z1, z1, t5, curve_prime, ndigits); in ecc_point_double_jacobian()
1180 vli_mod_sub(z1, z1, t5, curve_prime, ndigits); in ecc_point_double_jacobian()
1182 vli_mod_sub(t5, t5, z1, curve_prime, ndigits); in ecc_point_double_jacobian()
1186 vli_mod_sub(t4, x1, t4, curve_prime, ndigits); in ecc_point_double_jacobian()
1188 vli_set(x1, z1, ndigits); in ecc_point_double_jacobian()
1189 vli_set(z1, y1, ndigits); in ecc_point_double_jacobian()
1190 vli_set(y1, t4, ndigits); in ecc_point_double_jacobian()
1209 const unsigned int ndigits = curve->g.ndigits; in xycz_initial_double() local
1211 vli_set(x2, x1, ndigits); in xycz_initial_double()
1212 vli_set(y2, y1, ndigits); in xycz_initial_double()
1214 vli_clear(z, ndigits); in xycz_initial_double()
1218 vli_set(z, p_initial_z, ndigits); in xycz_initial_double()
1237 const unsigned int ndigits = curve->g.ndigits; in xycz_add() local
1240 vli_mod_sub(t5, x2, x1, curve_prime, ndigits); in xycz_add()
1248 vli_mod_sub(y2, y2, y1, curve_prime, ndigits); in xycz_add()
1253 vli_mod_sub(t5, t5, x1, curve_prime, ndigits); in xycz_add()
1255 vli_mod_sub(t5, t5, x2, curve_prime, ndigits); in xycz_add()
1257 vli_mod_sub(x2, x2, x1, curve_prime, ndigits); in xycz_add()
1261 vli_mod_sub(x2, x1, t5, curve_prime, ndigits); in xycz_add()
1265 vli_mod_sub(y2, y2, y1, curve_prime, ndigits); in xycz_add()
1267 vli_set(x2, t5, ndigits); in xycz_add()
1282 const unsigned int ndigits = curve->g.ndigits; in xycz_add_c() local
1285 vli_mod_sub(t5, x2, x1, curve_prime, ndigits); in xycz_add_c()
1293 vli_mod_add(t5, y2, y1, curve_prime, ndigits); in xycz_add_c()
1295 vli_mod_sub(y2, y2, y1, curve_prime, ndigits); in xycz_add_c()
1298 vli_mod_sub(t6, x2, x1, curve_prime, ndigits); in xycz_add_c()
1302 vli_mod_add(t6, x1, x2, curve_prime, ndigits); in xycz_add_c()
1306 vli_mod_sub(x2, x2, t6, curve_prime, ndigits); in xycz_add_c()
1309 vli_mod_sub(t7, x1, x2, curve_prime, ndigits); in xycz_add_c()
1313 vli_mod_sub(y2, y2, y1, curve_prime, ndigits); in xycz_add_c()
1318 vli_mod_sub(t7, t7, t6, curve_prime, ndigits); in xycz_add_c()
1320 vli_mod_sub(t6, t7, x1, curve_prime, ndigits); in xycz_add_c()
1324 vli_mod_sub(y1, t6, y1, curve_prime, ndigits); in xycz_add_c()
1326 vli_set(x1, t7, ndigits); in xycz_add_c()
1332 unsigned int ndigits) in ecc_point_mult() argument
1344 carry = vli_add(sk[0], scalar, curve->n, ndigits); in ecc_point_mult()
1345 vli_add(sk[1], sk[0], curve->n, ndigits); in ecc_point_mult()
1350 num_bits = sizeof(u64) * ndigits * 8 + 1; in ecc_point_mult()
1352 vli_set(rx[1], point->x, ndigits); in ecc_point_mult()
1353 vli_set(ry[1], point->y, ndigits); in ecc_point_mult()
1368 vli_mod_sub(z, rx[1], rx[0], curve_prime, ndigits); in ecc_point_mult()
1375 vli_mod_inv(z, z, curve_prime, point->ndigits); in ecc_point_mult()
1387 vli_set(result->x, rx[0], ndigits); in ecc_point_mult()
1388 vli_set(result->y, ry[0], ndigits); in ecc_point_mult()
1399 unsigned int ndigits = curve->g.ndigits; in ecc_point_add() local
1401 vli_set(result->x, q->x, ndigits); in ecc_point_add()
1402 vli_set(result->y, q->y, ndigits); in ecc_point_add()
1403 vli_mod_sub(z, result->x, p->x, curve->p, ndigits); in ecc_point_add()
1404 vli_set(px, p->x, ndigits); in ecc_point_add()
1405 vli_set(py, p->y, ndigits); in ecc_point_add()
1407 vli_mod_inv(z, z, curve->p, ndigits); in ecc_point_add()
1423 unsigned int ndigits = curve->g.ndigits; in ecc_point_mult_shamir() local
1425 struct ecc_point sum = ECC_POINT_INIT(sump[0], sump[1], ndigits); in ecc_point_mult_shamir()
1437 num_bits = max(vli_num_bits(u1, ndigits), vli_num_bits(u2, ndigits)); in ecc_point_mult_shamir()
1443 vli_set(rx, point->x, ndigits); in ecc_point_mult_shamir()
1444 vli_set(ry, point->y, ndigits); in ecc_point_mult_shamir()
1445 vli_clear(z + 1, ndigits - 1); in ecc_point_mult_shamir()
1458 vli_set(tx, point->x, ndigits); in ecc_point_mult_shamir()
1459 vli_set(ty, point->y, ndigits); in ecc_point_mult_shamir()
1461 vli_mod_sub(tz, rx, tx, curve->p, ndigits); in ecc_point_mult_shamir()
1466 vli_mod_inv(z, z, curve->p, ndigits); in ecc_point_mult_shamir()
1478 const u64 *private_key, unsigned int ndigits) in __ecc_is_key_valid() argument
1486 if (curve->g.ndigits != ndigits) in __ecc_is_key_valid()
1490 if (vli_cmp(one, private_key, ndigits) != -1) in __ecc_is_key_valid()
1492 vli_sub(res, curve->n, one, ndigits); in __ecc_is_key_valid()
1493 vli_sub(res, res, one, ndigits); in __ecc_is_key_valid()
1494 if (vli_cmp(res, private_key, ndigits) != 1) in __ecc_is_key_valid()
1500 int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits, in ecc_is_key_valid() argument
1506 nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT; in ecc_is_key_valid()
1511 return __ecc_is_key_valid(curve, private_key, ndigits); in ecc_is_key_valid()
1522 int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, in ecc_gen_privkey() argument
1526 unsigned int nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT; in ecc_gen_privkey()
1527 unsigned int nbits = vli_num_bits(curve->n, ndigits); in ecc_gen_privkey()
1559 if (__ecc_is_key_valid(curve, private_key, ndigits)) in ecc_gen_privkey()
1566 int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits, in ecc_make_pub_key() argument
1578 pk = ecc_alloc_point(ndigits); in ecc_make_pub_key()
1584 ecc_point_mult(pk, &curve->g, private_key, NULL, curve, ndigits); in ecc_make_pub_key()
1592 ecc_swap_digits(pk->x, public_key, ndigits); in ecc_make_pub_key()
1593 ecc_swap_digits(pk->y, &public_key[ndigits], ndigits); in ecc_make_pub_key()
1608 if (WARN_ON(pk->ndigits != curve->g.ndigits)) in ecc_is_pubkey_valid_partial()
1616 if (vli_cmp(curve->p, pk->x, pk->ndigits) != 1) in ecc_is_pubkey_valid_partial()
1618 if (vli_cmp(curve->p, pk->y, pk->ndigits) != 1) in ecc_is_pubkey_valid_partial()
1626 vli_mod_add(w, w, curve->b, curve->p, pk->ndigits); /* a·x + b */ in ecc_is_pubkey_valid_partial()
1627 vli_mod_add(w, w, xxx, curve->p, pk->ndigits); /* x^3 + a·x + b */ in ecc_is_pubkey_valid_partial()
1628 if (vli_cmp(yy, w, pk->ndigits) != 0) /* Equation */ in ecc_is_pubkey_valid_partial()
1648 nQ = ecc_alloc_point(pk->ndigits); in ecc_is_pubkey_valid_full()
1652 ecc_point_mult(nQ, pk, curve->n, NULL, curve, pk->ndigits); in ecc_is_pubkey_valid_full()
1662 int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits, in crypto_ecdh_shared_secret() argument
1672 if (!private_key || !public_key || ndigits > ARRAY_SIZE(rand_z)) { in crypto_ecdh_shared_secret()
1677 nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT; in crypto_ecdh_shared_secret()
1681 pk = ecc_alloc_point(ndigits); in crypto_ecdh_shared_secret()
1687 ecc_swap_digits(public_key, pk->x, ndigits); in crypto_ecdh_shared_secret()
1688 ecc_swap_digits(&public_key[ndigits], pk->y, ndigits); in crypto_ecdh_shared_secret()
1693 product = ecc_alloc_point(ndigits); in crypto_ecdh_shared_secret()
1699 ecc_point_mult(product, pk, private_key, rand_z, curve, ndigits); in crypto_ecdh_shared_secret()
1706 ecc_swap_digits(product->x, secret, ndigits); in crypto_ecdh_shared_secret()