49 		tmp->prime = crypto_ec_get_prime(tmp->ec);  in sae_set_group()
67 		tmp->prime_buf = crypto_bignum_init_set(tmp->dh->prime,  in sae_set_group()
73 		tmp->prime = tmp->prime_buf;  in sae_set_group()
146 				 const u8 *prime, const u8 *qr, const u8 *qnr,  in sae_test_pwd_seed_ecc()  argument
160 			    prime, sae->tmp->prime_len, pwd_value, bits) < 0)  in sae_test_pwd_seed_ecc()
167 	cmp_prime = const_time_memcmp(pwd_value, prime, sae->tmp->prime_len);  in sae_test_pwd_seed_ecc()
208 			    sae->tmp->dh->prime, sae->tmp->prime_len, pwd_value,  in sae_test_pwd_seed_ffc()
215 	res = const_time_memcmp(pwd_value, sae->tmp->dh->prime,  in sae_test_pwd_seed_ffc()
249 		    crypto_bignum_sub(sae->tmp->prime, b, b) < 0 ||  in sae_test_pwd_seed_ffc()
257 	res = crypto_bignum_exptmod(a, b, sae->tmp->prime, pwe);  in sae_test_pwd_seed_ffc()
291 	u8 prime[SAE_MAX_ECC_PRIME_LEN];  in sae_derive_pwe_ecc()  local
313 	if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime),  in sae_derive_pwe_ecc()
321 	if (dragonfly_get_random_qr_qnr(sae->tmp->prime, &qr, &qnr) < 0 ||  in sae_derive_pwe_ecc()
366 					    prime, qr_bin, qnr_bin, x_cand_bin);  in sae_derive_pwe_ecc()
413 	    crypto_bignum_sub(sae->tmp->prime, y, y) < 0 ||  in sae_derive_pwe_ecc()
628 	const struct crypto_bignum *a, *b, *prime;  in sswu()  local
643 	prime = crypto_ec_get_prime(ec);  in sswu()
666 	if (z_int < 0 && crypto_bignum_sub(prime, z, z) < 0)  in sswu()
676 	if (crypto_bignum_sqrmod(u, prime, u2) < 0 ||  in sswu()
677 	    crypto_bignum_mulmod(z, u2, prime, t1) < 0 ||  in sswu()
678 	    crypto_bignum_sqrmod(t1, prime, t2) < 0 ||  in sswu()
679 	    crypto_bignum_addmod(t1, t2, prime, t1) < 0)  in sswu()
689 	if (crypto_bignum_sub(prime, two, t2) < 0 ||  in sswu()
690 	    crypto_bignum_exptmod(t1, t2, prime, t) < 0)  in sswu()
695 	if (crypto_bignum_mulmod(z, a, prime, t1) < 0 ||  in sswu()
696 	    crypto_bignum_inverse(t1, prime, t1) < 0 ||  in sswu()
697 	    crypto_bignum_mulmod(b, t1, prime, x1a) < 0)  in sswu()
702 	if (crypto_bignum_sub(prime, b, t1) < 0 ||  in sswu()
703 	    crypto_bignum_inverse(a, prime, t2) < 0 ||  in sswu()
704 	    crypto_bignum_mulmod(t1, t2, prime, t1) < 0 ||  in sswu()
705 	    crypto_bignum_addmod(one, t, prime, t2) < 0 ||  in sswu()
706 	    crypto_bignum_mulmod(t1, t2, prime, x1b) < 0)  in sswu()
721 	if (crypto_bignum_exptmod(x1, three, prime, t1) < 0 ||  in sswu()
722 	    crypto_bignum_mulmod(a, x1, prime, t2) < 0 ||  in sswu()
723 	    crypto_bignum_addmod(t1, t2, prime, t1) < 0 ||  in sswu()
724 	    crypto_bignum_addmod(t1, b, prime, gx1) < 0)  in sswu()
729 	if (crypto_bignum_mulmod(z, u2, prime, t1) < 0 ||  in sswu()
730 	    crypto_bignum_mulmod(t1, x1, prime, x2) < 0)  in sswu()
735 	if (crypto_bignum_exptmod(x2, three, prime, t1) < 0 ||  in sswu()
736 	    crypto_bignum_mulmod(a, x2, prime, t2) < 0 ||  in sswu()
737 	    crypto_bignum_addmod(t1, t2, prime, t1) < 0 ||  in sswu()
738 	    crypto_bignum_addmod(t1, b, prime, gx2) < 0)  in sswu()
744 	if (crypto_bignum_sub(prime, one, t1) < 0 ||  in sswu()
746 	    crypto_bignum_exptmod(gx1, t1, prime, t1) < 0)  in sswu()
783 	if (crypto_bignum_sub(prime, y, t1) < 0)  in sswu()
871 	const struct crypto_bignum *prime;  in sae_derive_pt_ecc()  local
875 	prime = crypto_ec_get_prime(ec);  in sae_derive_pt_ecc()
899 	if (!bn || crypto_bignum_mod(bn, prime, bn) < 0 ||  in sae_derive_pt_ecc()
922 	if (!bn || crypto_bignum_mod(bn, prime, bn) < 0 ||  in sae_derive_pt_ecc()
969 	struct crypto_bignum *prime, *order;  in sae_derive_pt_ffc()  local
975 	prime = crypto_bignum_init_set(dh->prime, dh->prime_len);  in sae_derive_pt_ffc()
977 	if (!prime || !order)  in sae_derive_pt_ffc()
1006 	    crypto_bignum_sub(prime, two, tmp) < 0 ||  in sae_derive_pt_ffc()
1018 	    crypto_bignum_sub(prime, one, tmp) < 0 ||  in sae_derive_pt_ffc()
1020 	    crypto_bignum_exptmod(bn, tmp, prime, pt) < 0) {  in sae_derive_pt_ffc()
1034 	crypto_bignum_deinit(prime, 0);  in sae_derive_pt_ffc()
1211 	struct crypto_bignum *pwe = NULL, *order = NULL, *prime = NULL;  in sae_derive_pwe_from_pt_ffc()  local
1214 	prime = crypto_bignum_init_set(pt->dh->prime, pt->dh->prime_len);  in sae_derive_pwe_from_pt_ffc()
1216 	if (!prime || !order)  in sae_derive_pwe_from_pt_ffc()
1244 	if (!pwe || crypto_bignum_exptmod(pt->ffc_pt, val, prime, pwe) < 0) {  in sae_derive_pwe_from_pt_ffc()
1255 	crypto_bignum_deinit(prime, 0);  in sae_derive_pwe_from_pt_ffc()
1309 	if (crypto_bignum_exptmod(sae->tmp->pwe_ffc, mask, sae->tmp->prime,  in sae_derive_commit_element_ffc()
1312 				  sae->tmp->prime,  in sae_derive_commit_element_ffc()
1475 				  sae->tmp->prime, K) < 0 ||  in sae_derive_k_ffc()
1477 				 sae->tmp->prime, K) < 0 ||  in sae_derive_k_ffc()
1478 	    crypto_bignum_exptmod(K, sae->tmp->sae_rand, sae->tmp->prime, K) < 0  in sae_derive_k_ffc()
1908 	u8 prime[SAE_MAX_ECC_PRIME_LEN];  in sae_parse_commit_element_ecc()  local
1916 	if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime),  in sae_parse_commit_element_ecc()
1921 	if (os_memcmp(*pos, prime, sae->tmp->prime_len) >= 0 ||  in sae_parse_commit_element_ecc()
1922 	    os_memcmp(*pos + sae->tmp->prime_len, prime,  in sae_parse_commit_element_ecc()
1975 	    crypto_bignum_sub(sae->tmp->prime, one, res) ||  in sae_parse_commit_element_ffc()
1988 				  sae->tmp->order, sae->tmp->prime, res) < 0 ||  in sae_parse_commit_element_ffc()