34 	tmp->ec = crypto_ec_init(group);  in sae_set_group()
35 	if (tmp->ec) {  in sae_set_group()
39 		tmp->prime_len = crypto_ec_prime_len(tmp->ec);  in sae_set_group()
40 		tmp->prime = crypto_ec_get_prime(tmp->ec);  in sae_set_group()
41 		tmp->order_len = crypto_ec_order_len(tmp->ec);  in sae_set_group()
42 		tmp->order = crypto_ec_get_order(tmp->ec);  in sae_set_group()
91 	crypto_ec_deinit(tmp->ec);  in sae_clear_temp_data()
147 	bits = crypto_ec_prime_len_bits(sae->tmp->ec);  in sae_test_pwd_seed_ecc()
167 	y_sqr = crypto_ec_point_compute_y_sqr(sae->tmp->ec, x_cand);  in sae_test_pwd_seed_ecc()
172 	res = dragonfly_is_quadratic_residue_blind(sae->tmp->ec, qr, qnr,  in sae_test_pwd_seed_ecc()
401 	y = crypto_ec_point_compute_y_sqr(sae->tmp->ec, x);  in sae_derive_pwe_ecc()
403 	    dragonfly_sqrt(sae->tmp->ec, y, y) < 0 ||  in sae_derive_pwe_ecc()
419 	sae->tmp->pwe_ecc = crypto_ec_point_from_bin(sae->tmp->ec, x_y);  in sae_derive_pwe_ecc()
573 static struct crypto_ec_point * sswu(struct crypto_ec *ec, int group,  in sswu()  argument
593 	prime = crypto_ec_get_prime(ec);  in sswu()
594 	prime_len = crypto_ec_prime_len(ec);  in sswu()
598 	b = crypto_ec_get_b(ec);  in sswu()
724 	if (!y || dragonfly_sqrt(ec, v, y) < 0)  in sswu()
747 	p = crypto_ec_point_from_bin(ec, x_y);  in sswu()
818 sae_derive_pt_ecc(struct crypto_ec *ec, int group,  in sae_derive_pt_ecc()  argument
830 	prime = crypto_ec_get_prime(ec);  in sae_derive_pt_ecc()
831 	prime_len = crypto_ec_prime_len(ec);  in sae_derive_pt_ecc()
861 	p1 = sswu(ec, group, bn);  in sae_derive_pt_ecc()
884 	p2 = sswu(ec, group, bn);  in sae_derive_pt_ecc()
889 	pt = crypto_ec_point_init(ec);  in sae_derive_pt_ecc()
892 	if (crypto_ec_point_add(ec, p1, p2, pt) < 0) {  in sae_derive_pt_ecc()
1016 	pt->ec = crypto_ec_init(group);  in sae_derive_pt_group()
1017 	if (pt->ec) {  in sae_derive_pt_group()
1018 		pt->ecc_pt = sae_derive_pt_ecc(pt->ec, group, ssid, ssid_len,  in sae_derive_pt_group()
1106 	prime_len = crypto_ec_prime_len(pt->ec);  in sae_derive_pwe_from_pt_ecc()
1107 	if (crypto_ec_point_to_bin(pt->ec, pt->ecc_pt,  in sae_derive_pwe_from_pt_ecc()
1125 	order = crypto_ec_get_order(pt->ec);  in sae_derive_pwe_from_pt_ecc()
1137 	pwe = crypto_ec_point_init(pt->ec);  in sae_derive_pwe_from_pt_ecc()
1139 	    crypto_ec_point_mul(pt->ec, pt->ecc_pt, val, pwe) < 0 ||  in sae_derive_pwe_from_pt_ecc()
1140 	    crypto_ec_point_to_bin(pt->ec, pwe, bin, bin + prime_len) < 0) {  in sae_derive_pwe_from_pt_ecc()
1223 		crypto_ec_deinit(pt->ec);  in sae_deinit_pt()
1237 			crypto_ec_point_init(sae->tmp->ec);  in sae_derive_commit_element_ecc()
1242 	if (crypto_ec_point_mul(sae->tmp->ec, sae->tmp->pwe_ecc, mask,  in sae_derive_commit_element_ecc()
1244 	    crypto_ec_point_invert(sae->tmp->ec,  in sae_derive_commit_element_ecc()
1291 		(sae->tmp->ec &&  in sae_derive_commit()
1305 	    (sae->tmp->ec && sae_derive_pwe_ecc(sae, addr1, addr2, password,  in sae_prepare_commit()
1356 	if (pt->ec) {  in sae_prepare_commit_pt()
1382 	K = crypto_ec_point_init(sae->tmp->ec);  in sae_derive_k_ecc()
1393 	if (crypto_ec_point_mul(sae->tmp->ec, sae->tmp->pwe_ecc,  in sae_derive_k_ecc()
1395 	    crypto_ec_point_add(sae->tmp->ec, K,  in sae_derive_k_ecc()
1397 	    crypto_ec_point_mul(sae->tmp->ec, K, sae->tmp->sae_rand, K) < 0 ||  in sae_derive_k_ecc()
1398 	    crypto_ec_point_is_at_infinity(sae->tmp->ec, K) ||  in sae_derive_k_ecc()
1399 	    crypto_ec_point_to_bin(sae->tmp->ec, K, k, NULL) < 0) {  in sae_derive_k_ecc()
1601 	    (sae->tmp->ec && sae_derive_k_ecc(sae, k) < 0) ||  in sae_process_commit()
1631 	if (sae->tmp->ec) {  in sae_write_commit()
1633 		if (crypto_ec_point_to_bin(sae->tmp->ec,  in sae_write_commit()
1772 	scalar_elem_len = (sae->tmp->ec ? 3 : 2) * sae->tmp->prime_len;  in sae_parse_commit_token()
1888 		crypto_ec_point_from_bin(sae->tmp->ec, *pos);  in sae_parse_commit_element_ecc()
1894 	if (!crypto_ec_point_is_on_curve(sae->tmp->ec,  in sae_parse_commit_element_ecc()
2111 	    (sae->tmp->ec &&  in sae_parse_commit()
2113 	      crypto_ec_point_cmp(sae->tmp->ec,  in sae_parse_commit()
2176 	if (crypto_ec_point_to_bin(sae->tmp->ec, element1, element_b1,  in sae_cn_confirm_ecc()
2181 	if (crypto_ec_point_to_bin(sae->tmp->ec, element2, element_b2,  in sae_cn_confirm_ecc()
2236 	if (sae->tmp->ec) {  in sae_write_confirm()
2281 	if (sae->tmp->ec) {  in sae_check_confirm()