51 		tmp->prime = crypto_ec_get_prime(tmp->ec);  in sae_set_group()
69 		tmp->prime_buf = crypto_bignum_init_set(tmp->dh->prime,  in sae_set_group()
75 		tmp->prime = tmp->prime_buf;  in sae_set_group()
148 				 const u8 *prime, const u8 *qr, const u8 *qnr,  in sae_test_pwd_seed_ecc()  argument
162 			    prime, sae->tmp->prime_len, pwd_value, bits) < 0)  in sae_test_pwd_seed_ecc()
169 	cmp_prime = const_time_memcmp(pwd_value, prime, sae->tmp->prime_len);  in sae_test_pwd_seed_ecc()
210 			    sae->tmp->dh->prime, sae->tmp->prime_len, pwd_value,  in sae_test_pwd_seed_ffc()
217 	res = const_time_memcmp(pwd_value, sae->tmp->dh->prime,  in sae_test_pwd_seed_ffc()
251 		    crypto_bignum_sub(sae->tmp->prime, b, b) < 0 ||  in sae_test_pwd_seed_ffc()
259 	res = crypto_bignum_exptmod(a, b, sae->tmp->prime, pwe);  in sae_test_pwd_seed_ffc()
293 	u8 prime[SAE_MAX_ECC_PRIME_LEN];  in sae_derive_pwe_ecc()  local
315 	if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime),  in sae_derive_pwe_ecc()
323 	if (dragonfly_get_random_qr_qnr(sae->tmp->prime, &qr, &qnr) < 0 ||  in sae_derive_pwe_ecc()
368 					    prime, qr_bin, qnr_bin, x_cand_bin);  in sae_derive_pwe_ecc()
415 	    crypto_bignum_sub(sae->tmp->prime, y, y) < 0 ||  in sae_derive_pwe_ecc()
630 	const struct crypto_bignum *a, *b, *prime;  in sswu()  local
645 	prime = crypto_ec_get_prime(ec);  in sswu()
668 	if (z_int < 0 && crypto_bignum_sub(prime, z, z) < 0)  in sswu()
678 	if (crypto_bignum_sqrmod(u, prime, u2) < 0 ||  in sswu()
679 	    crypto_bignum_mulmod(z, u2, prime, t1) < 0 ||  in sswu()
680 	    crypto_bignum_sqrmod(t1, prime, t2) < 0 ||  in sswu()
681 	    crypto_bignum_addmod(t1, t2, prime, t1) < 0)  in sswu()
691 	if (crypto_bignum_sub(prime, two, t2) < 0 ||  in sswu()
692 	    crypto_bignum_exptmod(t1, t2, prime, t) < 0)  in sswu()
697 	if (crypto_bignum_mulmod(z, a, prime, t1) < 0 ||  in sswu()
698 	    crypto_bignum_inverse(t1, prime, t1) < 0 ||  in sswu()
699 	    crypto_bignum_mulmod(b, t1, prime, x1a) < 0)  in sswu()
704 	if (crypto_bignum_sub(prime, b, t1) < 0 ||  in sswu()
705 	    crypto_bignum_inverse(a, prime, t2) < 0 ||  in sswu()
706 	    crypto_bignum_mulmod(t1, t2, prime, t1) < 0 ||  in sswu()
707 	    crypto_bignum_addmod(one, t, prime, t2) < 0 ||  in sswu()
708 	    crypto_bignum_mulmod(t1, t2, prime, x1b) < 0)  in sswu()
723 	if (crypto_bignum_exptmod(x1, three, prime, t1) < 0 ||  in sswu()
724 	    crypto_bignum_mulmod(a, x1, prime, t2) < 0 ||  in sswu()
725 	    crypto_bignum_addmod(t1, t2, prime, t1) < 0 ||  in sswu()
726 	    crypto_bignum_addmod(t1, b, prime, gx1) < 0)  in sswu()
731 	if (crypto_bignum_mulmod(z, u2, prime, t1) < 0 ||  in sswu()
732 	    crypto_bignum_mulmod(t1, x1, prime, x2) < 0)  in sswu()
737 	if (crypto_bignum_exptmod(x2, three, prime, t1) < 0 ||  in sswu()
738 	    crypto_bignum_mulmod(a, x2, prime, t2) < 0 ||  in sswu()
739 	    crypto_bignum_addmod(t1, t2, prime, t1) < 0 ||  in sswu()
740 	    crypto_bignum_addmod(t1, b, prime, gx2) < 0)  in sswu()
746 	if (crypto_bignum_sub(prime, one, t1) < 0 ||  in sswu()
748 	    crypto_bignum_exptmod(gx1, t1, prime, t1) < 0)  in sswu()
785 	if (crypto_bignum_sub(prime, y, t1) < 0)  in sswu()
873 	const struct crypto_bignum *prime;  in sae_derive_pt_ecc()  local
877 	prime = crypto_ec_get_prime(ec);  in sae_derive_pt_ecc()
901 	if (!bn || crypto_bignum_mod(bn, prime, bn) < 0 ||  in sae_derive_pt_ecc()
924 	if (!bn || crypto_bignum_mod(bn, prime, bn) < 0 ||  in sae_derive_pt_ecc()
971 	struct crypto_bignum *prime, *order;  in sae_derive_pt_ffc()  local
977 	prime = crypto_bignum_init_set(dh->prime, dh->prime_len);  in sae_derive_pt_ffc()
979 	if (!prime || !order)  in sae_derive_pt_ffc()
1008 	    crypto_bignum_sub(prime, two, tmp) < 0 ||  in sae_derive_pt_ffc()
1020 	    crypto_bignum_sub(prime, one, tmp) < 0 ||  in sae_derive_pt_ffc()
1022 	    crypto_bignum_exptmod(bn, tmp, prime, pt) < 0) {  in sae_derive_pt_ffc()
1036 	crypto_bignum_deinit(prime, 0);  in sae_derive_pt_ffc()
1213 	struct crypto_bignum *pwe = NULL, *order = NULL, *prime = NULL;  in sae_derive_pwe_from_pt_ffc()  local
1216 	prime = crypto_bignum_init_set(pt->dh->prime, pt->dh->prime_len);  in sae_derive_pwe_from_pt_ffc()
1218 	if (!prime || !order)  in sae_derive_pwe_from_pt_ffc()
1246 	if (!pwe || crypto_bignum_exptmod(pt->ffc_pt, val, prime, pwe) < 0) {  in sae_derive_pwe_from_pt_ffc()
1257 	crypto_bignum_deinit(prime, 0);  in sae_derive_pwe_from_pt_ffc()
1311 	if (crypto_bignum_exptmod(sae->tmp->pwe_ffc, mask, sae->tmp->prime,  in sae_derive_commit_element_ffc()
1314 				  sae->tmp->prime,  in sae_derive_commit_element_ffc()
1477 				  sae->tmp->prime, K) < 0 ||  in sae_derive_k_ffc()
1479 				 sae->tmp->prime, K) < 0 ||  in sae_derive_k_ffc()
1480 	    crypto_bignum_exptmod(K, sae->tmp->sae_rand, sae->tmp->prime, K) < 0  in sae_derive_k_ffc()
1943 	u8 prime[SAE_MAX_ECC_PRIME_LEN];  in sae_parse_commit_element_ecc()  local
1951 	if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime),  in sae_parse_commit_element_ecc()
1956 	if (os_memcmp(*pos, prime, sae->tmp->prime_len) >= 0 ||  in sae_parse_commit_element_ecc()
1957 	    os_memcmp(*pos + sae->tmp->prime_len, prime,  in sae_parse_commit_element_ecc()
2012 	    crypto_bignum_sub(sae->tmp->prime, one, res) ||  in sae_parse_commit_element_ffc()
2025 				  sae->tmp->order, sae->tmp->prime, res) < 0 ||  in sae_parse_commit_element_ffc()