410 			      const u64 *curve_prime, u64 *tmp)  in vli_mmod_fast_192()  argument
429 	while (carry || vli_cmp(curve_prime, result, ndigits) != 1)  in vli_mmod_fast_192()
430 		carry -= vli_sub(result, result, curve_prime, ndigits);  in vli_mmod_fast_192()
437 			      const u64 *curve_prime, u64 *tmp)  in vli_mmod_fast_256()  argument
504 			carry += vli_add(result, result, curve_prime, ndigits);  in vli_mmod_fast_256()
507 		while (carry || vli_cmp(curve_prime, result, ndigits) != 1)  in vli_mmod_fast_256()
508 			carry -= vli_sub(result, result, curve_prime, ndigits);  in vli_mmod_fast_256()
516 			  const u64 *curve_prime, unsigned int ndigits)  in vli_mmod_fast()  argument
522 		vli_mmod_fast_192(result, product, curve_prime, tmp);  in vli_mmod_fast()
525 		vli_mmod_fast_256(result, product, curve_prime, tmp);  in vli_mmod_fast()
537 			      const u64 *curve_prime, unsigned int ndigits)  in vli_mod_mult_fast()  argument
542 	vli_mmod_fast(result, product, curve_prime, ndigits);  in vli_mod_mult_fast()
547 				const u64 *curve_prime, unsigned int ndigits)  in vli_mod_square_fast()  argument
552 	vli_mmod_fast(result, product, curve_prime, ndigits);  in vli_mod_square_fast()
649 				      u64 *curve_prime, unsigned int ndigits)  in ecc_point_double_jacobian()  argument
659 	vli_mod_square_fast(t4, y1, curve_prime, ndigits);  in ecc_point_double_jacobian()
661 	vli_mod_mult_fast(t5, x1, t4, curve_prime, ndigits);  in ecc_point_double_jacobian()
663 	vli_mod_square_fast(t4, t4, curve_prime, ndigits);  in ecc_point_double_jacobian()
665 	vli_mod_mult_fast(y1, y1, z1, curve_prime, ndigits);  in ecc_point_double_jacobian()
667 	vli_mod_square_fast(z1, z1, curve_prime, ndigits);  in ecc_point_double_jacobian()
670 	vli_mod_add(x1, x1, z1, curve_prime, ndigits);  in ecc_point_double_jacobian()
672 	vli_mod_add(z1, z1, z1, curve_prime, ndigits);  in ecc_point_double_jacobian()
674 	vli_mod_sub(z1, x1, z1, curve_prime, ndigits);  in ecc_point_double_jacobian()
676 	vli_mod_mult_fast(x1, x1, z1, curve_prime, ndigits);  in ecc_point_double_jacobian()
679 	vli_mod_add(z1, x1, x1, curve_prime, ndigits);  in ecc_point_double_jacobian()
681 	vli_mod_add(x1, x1, z1, curve_prime, ndigits);  in ecc_point_double_jacobian()
683 		u64 carry = vli_add(x1, x1, curve_prime, ndigits);  in ecc_point_double_jacobian()
693 	vli_mod_square_fast(z1, x1, curve_prime, ndigits);  in ecc_point_double_jacobian()
695 	vli_mod_sub(z1, z1, t5, curve_prime, ndigits);  in ecc_point_double_jacobian()
697 	vli_mod_sub(z1, z1, t5, curve_prime, ndigits);  in ecc_point_double_jacobian()
699 	vli_mod_sub(t5, t5, z1, curve_prime, ndigits);  in ecc_point_double_jacobian()
701 	vli_mod_mult_fast(x1, x1, t5, curve_prime, ndigits);  in ecc_point_double_jacobian()
703 	vli_mod_sub(t4, x1, t4, curve_prime, ndigits);  in ecc_point_double_jacobian()
711 static void apply_z(u64 *x1, u64 *y1, u64 *z, u64 *curve_prime,  in apply_z()  argument
716 	vli_mod_square_fast(t1, z, curve_prime, ndigits);    /* z^2 */  in apply_z()
717 	vli_mod_mult_fast(x1, x1, t1, curve_prime, ndigits); /* x1 * z^2 */  in apply_z()
718 	vli_mod_mult_fast(t1, t1, z, curve_prime, ndigits);  /* z^3 */  in apply_z()
719 	vli_mod_mult_fast(y1, y1, t1, curve_prime, ndigits); /* y1 * z^3 */  in apply_z()
724 				u64 *p_initial_z, u64 *curve_prime,  in xycz_initial_double()  argument
738 	apply_z(x1, y1, z, curve_prime, ndigits);  in xycz_initial_double()
740 	ecc_point_double_jacobian(x1, y1, z, curve_prime, ndigits);  in xycz_initial_double()
742 	apply_z(x2, y2, z, curve_prime, ndigits);  in xycz_initial_double()
749 static void xycz_add(u64 *x1, u64 *y1, u64 *x2, u64 *y2, u64 *curve_prime,  in xycz_add()  argument
756 	vli_mod_sub(t5, x2, x1, curve_prime, ndigits);  in xycz_add()
758 	vli_mod_square_fast(t5, t5, curve_prime, ndigits);  in xycz_add()
760 	vli_mod_mult_fast(x1, x1, t5, curve_prime, ndigits);  in xycz_add()
762 	vli_mod_mult_fast(x2, x2, t5, curve_prime, ndigits);  in xycz_add()
764 	vli_mod_sub(y2, y2, y1, curve_prime, ndigits);  in xycz_add()
766 	vli_mod_square_fast(t5, y2, curve_prime, ndigits);  in xycz_add()
769 	vli_mod_sub(t5, t5, x1, curve_prime, ndigits);  in xycz_add()
771 	vli_mod_sub(t5, t5, x2, curve_prime, ndigits);  in xycz_add()
773 	vli_mod_sub(x2, x2, x1, curve_prime, ndigits);  in xycz_add()
775 	vli_mod_mult_fast(y1, y1, x2, curve_prime, ndigits);  in xycz_add()
777 	vli_mod_sub(x2, x1, t5, curve_prime, ndigits);  in xycz_add()
779 	vli_mod_mult_fast(y2, y2, x2, curve_prime, ndigits);  in xycz_add()
781 	vli_mod_sub(y2, y2, y1, curve_prime, ndigits);  in xycz_add()
790 static void xycz_add_c(u64 *x1, u64 *y1, u64 *x2, u64 *y2, u64 *curve_prime,  in xycz_add_c()  argument
799 	vli_mod_sub(t5, x2, x1, curve_prime, ndigits);  in xycz_add_c()
801 	vli_mod_square_fast(t5, t5, curve_prime, ndigits);  in xycz_add_c()
803 	vli_mod_mult_fast(x1, x1, t5, curve_prime, ndigits);  in xycz_add_c()
805 	vli_mod_mult_fast(x2, x2, t5, curve_prime, ndigits);  in xycz_add_c()
807 	vli_mod_add(t5, y2, y1, curve_prime, ndigits);  in xycz_add_c()
809 	vli_mod_sub(y2, y2, y1, curve_prime, ndigits);  in xycz_add_c()
812 	vli_mod_sub(t6, x2, x1, curve_prime, ndigits);  in xycz_add_c()
814 	vli_mod_mult_fast(y1, y1, t6, curve_prime, ndigits);  in xycz_add_c()
816 	vli_mod_add(t6, x1, x2, curve_prime, ndigits);  in xycz_add_c()
818 	vli_mod_square_fast(x2, y2, curve_prime, ndigits);  in xycz_add_c()
820 	vli_mod_sub(x2, x2, t6, curve_prime, ndigits);  in xycz_add_c()
823 	vli_mod_sub(t7, x1, x2, curve_prime, ndigits);  in xycz_add_c()
825 	vli_mod_mult_fast(y2, y2, t7, curve_prime, ndigits);  in xycz_add_c()
827 	vli_mod_sub(y2, y2, y1, curve_prime, ndigits);  in xycz_add_c()
830 	vli_mod_square_fast(t7, t5, curve_prime, ndigits);  in xycz_add_c()
832 	vli_mod_sub(t7, t7, t6, curve_prime, ndigits);  in xycz_add_c()
834 	vli_mod_sub(t6, t7, x1, curve_prime, ndigits);  in xycz_add_c()
836 	vli_mod_mult_fast(t6, t6, t5, curve_prime, ndigits);  in xycz_add_c()
838 	vli_mod_sub(y1, t6, y1, curve_prime, ndigits);  in xycz_add_c()
853 	u64 *curve_prime = curve->p;  in ecc_point_mult()  local
866 	xycz_initial_double(rx[1], ry[1], rx[0], ry[0], initial_z, curve_prime,  in ecc_point_mult()
871 		xycz_add_c(rx[1 - nb], ry[1 - nb], rx[nb], ry[nb], curve_prime,  in ecc_point_mult()
873 		xycz_add(rx[nb], ry[nb], rx[1 - nb], ry[1 - nb], curve_prime,  in ecc_point_mult()
878 	xycz_add_c(rx[1 - nb], ry[1 - nb], rx[nb], ry[nb], curve_prime,  in ecc_point_mult()
883 	vli_mod_sub(z, rx[1], rx[0], curve_prime, ndigits);  in ecc_point_mult()
885 	vli_mod_mult_fast(z, z, ry[1 - nb], curve_prime, ndigits);  in ecc_point_mult()
887 	vli_mod_mult_fast(z, z, point->x, curve_prime, ndigits);  in ecc_point_mult()
890 	vli_mod_inv(z, z, curve_prime, point->ndigits);  in ecc_point_mult()
893 	vli_mod_mult_fast(z, z, point->y, curve_prime, ndigits);  in ecc_point_mult()
895 	vli_mod_mult_fast(z, z, rx[1 - nb], curve_prime, ndigits);  in ecc_point_mult()
898 	xycz_add(rx[nb], ry[nb], rx[1 - nb], ry[1 - nb], curve_prime, ndigits);  in ecc_point_mult()
900 	apply_z(rx[0], ry[0], z, curve_prime, ndigits);  in ecc_point_mult()