40 		tmp->prime = crypto_ec_get_prime(tmp->ec);  in sae_set_group()
58 		tmp->prime_buf = crypto_bignum_init_set(tmp->dh->prime,  in sae_set_group()
64 		tmp->prime = tmp->prime_buf;  in sae_set_group()
135 				 const u8 *prime, const u8 *qr, const u8 *qnr,  in sae_test_pwd_seed_ecc()  argument
149 			    prime, sae->tmp->prime_len, pwd_value, bits) < 0)  in sae_test_pwd_seed_ecc()
156 	cmp_prime = const_time_memcmp(pwd_value, prime, sae->tmp->prime_len);  in sae_test_pwd_seed_ecc()
199 			    sae->tmp->dh->prime, sae->tmp->prime_len, pwd_value,  in sae_test_pwd_seed_ffc()
206 	res = const_time_memcmp(pwd_value, sae->tmp->dh->prime,  in sae_test_pwd_seed_ffc()
241 		    crypto_bignum_sub(sae->tmp->prime, b, b) < 0 ||  in sae_test_pwd_seed_ffc()
250 	res = crypto_bignum_exptmod(a, b, sae->tmp->prime, pwe);  in sae_test_pwd_seed_ffc()
284 	u8 prime[SAE_MAX_ECC_PRIME_LEN];  in sae_derive_pwe_ecc()  local
306 	if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime),  in sae_derive_pwe_ecc()
314 	if (dragonfly_get_random_qr_qnr(sae->tmp->prime, &qr, &qnr) < 0 ||  in sae_derive_pwe_ecc()
359 					    prime, qr_bin, qnr_bin, x_cand_bin);  in sae_derive_pwe_ecc()
406 	    crypto_bignum_sub(sae->tmp->prime, y, y) < 0 ||  in sae_derive_pwe_ecc()
577 	const struct crypto_bignum *b, *prime;  in sswu()  local
593 	prime = crypto_ec_get_prime(ec);  in sswu()
619 	if (z_int < 0 && crypto_bignum_sub(prime, z, z) < 0)  in sswu()
629 	if (crypto_bignum_sqrmod(u, prime, u2) < 0 ||  in sswu()
630 	    crypto_bignum_mulmod(z, u2, prime, t1) < 0 ||  in sswu()
631 	    crypto_bignum_sqrmod(t1, prime, t2) < 0 ||  in sswu()
632 	    crypto_bignum_addmod(t1, t2, prime, t1) < 0)  in sswu()
642 	if (crypto_bignum_sub(prime, two, t2) < 0 ||  in sswu()
643 	    crypto_bignum_exptmod(t1, t2, prime, t) < 0)  in sswu()
648 	if (crypto_bignum_mulmod(z, a, prime, t1) < 0 ||  in sswu()
649 	    crypto_bignum_inverse(t1, prime, t1) < 0 ||  in sswu()
650 	    crypto_bignum_mulmod(b, t1, prime, x1a) < 0)  in sswu()
655 	if (crypto_bignum_sub(prime, b, t1) < 0 ||  in sswu()
656 	    crypto_bignum_inverse(a, prime, t2) < 0 ||  in sswu()
657 	    crypto_bignum_mulmod(t1, t2, prime, t1) < 0 ||  in sswu()
658 	    crypto_bignum_addmod(one, t, prime, t2) < 0 ||  in sswu()
659 	    crypto_bignum_mulmod(t1, t2, prime, x1b) < 0)  in sswu()
674 	if (crypto_bignum_exptmod(x1, three, prime, t1) < 0 ||  in sswu()
675 	    crypto_bignum_mulmod(a, x1, prime, t2) < 0 ||  in sswu()
676 	    crypto_bignum_addmod(t1, t2, prime, t1) < 0 ||  in sswu()
677 	    crypto_bignum_addmod(t1, b, prime, gx1) < 0)  in sswu()
682 	if (crypto_bignum_mulmod(z, u2, prime, t1) < 0 ||  in sswu()
683 	    crypto_bignum_mulmod(t1, x1, prime, x2) < 0)  in sswu()
688 	if (crypto_bignum_exptmod(x2, three, prime, t1) < 0 ||  in sswu()
689 	    crypto_bignum_mulmod(a, x2, prime, t2) < 0 ||  in sswu()
690 	    crypto_bignum_addmod(t1, t2, prime, t1) < 0 ||  in sswu()
691 	    crypto_bignum_addmod(t1, b, prime, gx2) < 0)  in sswu()
697 	if (crypto_bignum_sub(prime, one, t1) < 0 ||  in sswu()
699 	    crypto_bignum_exptmod(gx1, t1, prime, tmp) < 0)  in sswu()
736 	if (crypto_bignum_sub(prime, y, t1) < 0)  in sswu()
826 	const struct crypto_bignum *prime;  in sae_derive_pt_ecc()  local
830 	prime = crypto_ec_get_prime(ec);  in sae_derive_pt_ecc()
854 	if (!bn || crypto_bignum_mod(bn, prime, bn) < 0 ||  in sae_derive_pt_ecc()
877 	if (!bn || crypto_bignum_mod(bn, prime, bn) < 0 ||  in sae_derive_pt_ecc()
924 	struct crypto_bignum *prime, *order;  in sae_derive_pt_ffc()  local
930 	prime = crypto_bignum_init_set(dh->prime, dh->prime_len);  in sae_derive_pt_ffc()
932 	if (!prime || !order)  in sae_derive_pt_ffc()
961 	    crypto_bignum_sub(prime, two, tmp) < 0 ||  in sae_derive_pt_ffc()
973 	    crypto_bignum_sub(prime, one, tmp) < 0 ||  in sae_derive_pt_ffc()
975 	    crypto_bignum_exptmod(bn, tmp, prime, pt) < 0) {  in sae_derive_pt_ffc()
989 	crypto_bignum_deinit(prime, 0);  in sae_derive_pt_ffc()
1166 	struct crypto_bignum *pwe = NULL, *order = NULL, *prime = NULL;  in sae_derive_pwe_from_pt_ffc()  local
1169 	prime = crypto_bignum_init_set(pt->dh->prime, pt->dh->prime_len);  in sae_derive_pwe_from_pt_ffc()
1171 	if (!prime || !order)  in sae_derive_pwe_from_pt_ffc()
1199 	if (!pwe || crypto_bignum_exptmod(pt->ffc_pt, val, prime, pwe) < 0) {  in sae_derive_pwe_from_pt_ffc()
1210 	crypto_bignum_deinit(prime, 0);  in sae_derive_pwe_from_pt_ffc()
1264 	if (crypto_bignum_exptmod(sae->tmp->pwe_ffc, mask, sae->tmp->prime,  in sae_derive_commit_element_ffc()
1267 				  sae->tmp->prime,  in sae_derive_commit_element_ffc()
1430 				  sae->tmp->prime, K) < 0 ||  in sae_derive_k_ffc()
1432 				 sae->tmp->prime, K) < 0 ||  in sae_derive_k_ffc()
1433 	    crypto_bignum_exptmod(K, sae->tmp->sae_rand, sae->tmp->prime, K) < 0  in sae_derive_k_ffc()
1860 	u8 prime[SAE_MAX_ECC_PRIME_LEN];  in sae_parse_commit_element_ecc()  local
1868 	if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime),  in sae_parse_commit_element_ecc()
1873 	if (os_memcmp(*pos, prime, sae->tmp->prime_len) >= 0 ||  in sae_parse_commit_element_ecc()
1874 	    os_memcmp(*pos + sae->tmp->prime_len, prime,  in sae_parse_commit_element_ecc()
1929 	    crypto_bignum_sub(sae->tmp->prime, one, res) ||  in sae_parse_commit_element_ffc()
1942 				  sae->tmp->order, sae->tmp->prime, res) < 0 ||  in sae_parse_commit_element_ffc()