33 		tmp->prime_len = crypto_ec_prime_len(tmp->ec);  in sae_set_group()
43 		tmp->prime_len = tmp->dh->prime_len;  in sae_set_group()
44 		if (tmp->prime_len > SAE_MAX_PRIME_LEN) {  in sae_set_group()
50 							tmp->prime_len);  in sae_set_group()
173 get_rand_1_to_p_1(const u8 *prime, size_t prime_len, size_t prime_bits,  in get_rand_1_to_p_1()  argument
180 		if (random_get_bytes(tmp, prime_len) < 0)  in get_rand_1_to_p_1()
183 			buf_shift_right(tmp, prime_len, 8 - prime_bits % 8);  in get_rand_1_to_p_1()
184 		if (os_memcmp(tmp, prime, prime_len) >= 0)  in get_rand_1_to_p_1()
186 		r = crypto_bignum_init_set(tmp, prime_len);  in get_rand_1_to_p_1()
194 		*r_odd = tmp[prime_len - 1] & 0x01;  in get_rand_1_to_p_1()
220 	r = get_rand_1_to_p_1(prime, sae->tmp->prime_len, bits, &r_odd);  in is_quadratic_residue_blind()
279 			    prime, sae->tmp->prime_len, pwd_value, bits) < 0)  in sae_test_pwd_seed_ecc()
284 			pwd_value, sae->tmp->prime_len);  in sae_test_pwd_seed_ecc()
286 	if (os_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0)  in sae_test_pwd_seed_ecc()
289 	x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len);  in sae_test_pwd_seed_ecc()
314 	size_t bits = sae->tmp->prime_len * 8;  in sae_test_pwd_seed_ffc()
323 			    sae->tmp->dh->prime, sae->tmp->prime_len, pwd_value,  in sae_test_pwd_seed_ffc()
327 			sae->tmp->prime_len);  in sae_test_pwd_seed_ffc()
329 	if (os_memcmp(pwd_value, sae->tmp->dh->prime, sae->tmp->prime_len) >= 0)  in sae_test_pwd_seed_ffc()
337 	a = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len);  in sae_test_pwd_seed_ffc()
382 static int get_random_qr_qnr(const u8 *prime, size_t prime_len,  in get_random_qr_qnr()  argument
395 		if (random_get_bytes(tmp, prime_len) < 0)  in get_random_qr_qnr()
398 			buf_shift_right(tmp, prime_len, 8 - prime_bits % 8);  in get_random_qr_qnr()
399 		if (os_memcmp(tmp, prime, prime_len) >= 0)  in get_random_qr_qnr()
401 		q = crypto_bignum_init_set(tmp, prime_len);  in get_random_qr_qnr()
430 	size_t prime_len;  in sae_derive_pwe_ecc()  local
441 	prime_len = sae->tmp->prime_len;  in sae_derive_pwe_ecc()
443 				 prime_len) < 0)  in sae_derive_pwe_ecc()
451 	if (get_random_qr_qnr(prime, prime_len, sae->tmp->prime, bits,  in sae_derive_pwe_ecc()
739 	wpa_hexdump_key(MSG_DEBUG, "SAE: k", k, sae->tmp->prime_len);  in sae_derive_k_ecc()
771 	    crypto_bignum_to_bin(K, k, SAE_MAX_PRIME_LEN, sae->tmp->prime_len) <  in sae_derive_k_ffc()
777 	wpa_hexdump_key(MSG_DEBUG, "SAE: k", k, sae->tmp->prime_len);  in sae_derive_k_ffc()
805 	hmac_sha256(null_key, sizeof(null_key), k, sae->tmp->prime_len,  in sae_derive_keys()
812 	crypto_bignum_to_bin(tmp, val, sizeof(val), sae->tmp->prime_len);  in sae_derive_keys()
815 		       val, sae->tmp->prime_len, keys, sizeof(keys)) < 0)  in sae_derive_keys()
858 	pos = wpabuf_put(buf, sae->tmp->prime_len);  in sae_write_commit()
860 			     sae->tmp->prime_len, sae->tmp->prime_len);  in sae_write_commit()
862 		    pos, sae->tmp->prime_len);  in sae_write_commit()
864 		pos = wpabuf_put(buf, 2 * sae->tmp->prime_len);  in sae_write_commit()
867 				       pos, pos + sae->tmp->prime_len);  in sae_write_commit()
869 			    pos, sae->tmp->prime_len);  in sae_write_commit()
871 			    pos + sae->tmp->prime_len, sae->tmp->prime_len);  in sae_write_commit()
873 		pos = wpabuf_put(buf, sae->tmp->prime_len);  in sae_write_commit()
875 				     sae->tmp->prime_len, sae->tmp->prime_len);  in sae_write_commit()
877 			    pos, sae->tmp->prime_len);  in sae_write_commit()
928 	if ((sae->tmp->ec ? 3 : 2) * sae->tmp->prime_len < end - *pos) {  in sae_parse_commit_token()
930 				     sae->tmp->prime_len);  in sae_parse_commit_token()
951 	if (sae->tmp->prime_len > end - *pos) {  in sae_parse_commit_scalar()
956 	peer_scalar = crypto_bignum_init_set(*pos, sae->tmp->prime_len);  in sae_parse_commit_scalar()
987 		    *pos, sae->tmp->prime_len);  in sae_parse_commit_scalar()
988 	*pos += sae->tmp->prime_len;  in sae_parse_commit_scalar()
999 	if (2 * sae->tmp->prime_len > end - pos) {  in sae_parse_commit_element_ecc()
1006 				 sae->tmp->prime_len) < 0)  in sae_parse_commit_element_ecc()
1010 	if (os_memcmp(pos, prime, sae->tmp->prime_len) >= 0 ||  in sae_parse_commit_element_ecc()
1011 	    os_memcmp(pos + sae->tmp->prime_len, prime,  in sae_parse_commit_element_ecc()
1012 		      sae->tmp->prime_len) >= 0) {  in sae_parse_commit_element_ecc()
1019 		    pos, sae->tmp->prime_len);  in sae_parse_commit_element_ecc()
1021 		    pos + sae->tmp->prime_len, sae->tmp->prime_len);  in sae_parse_commit_element_ecc()
1045 	if (sae->tmp->prime_len > end - pos) {  in sae_parse_commit_element_ffc()
1051 		    sae->tmp->prime_len);  in sae_parse_commit_element_ffc()
1055 		crypto_bignum_init_set(pos, sae->tmp->prime_len);  in sae_parse_commit_element_ffc()
1172 			     sae->tmp->prime_len);  in sae_cn_confirm()
1174 	len[1] = sae->tmp->prime_len;  in sae_cn_confirm()
1178 			     sae->tmp->prime_len);  in sae_cn_confirm()
1180 	len[3] = sae->tmp->prime_len;  in sae_cn_confirm()
1199 			       element_b1 + sae->tmp->prime_len);  in sae_cn_confirm_ecc()
1201 			       element_b2 + sae->tmp->prime_len);  in sae_cn_confirm_ecc()
1203 	sae_cn_confirm(sae, sc, scalar1, element_b1, 2 * sae->tmp->prime_len,  in sae_cn_confirm_ecc()
1204 		       scalar2, element_b2, 2 * sae->tmp->prime_len, confirm);  in sae_cn_confirm_ecc()
1219 			     sae->tmp->prime_len);  in sae_cn_confirm_ffc()
1221 			     sae->tmp->prime_len);  in sae_cn_confirm_ffc()
1223 	sae_cn_confirm(sae, sc, scalar1, element_b1, sae->tmp->prime_len,  in sae_cn_confirm_ffc()
1224 		       scalar2, element_b2, sae->tmp->prime_len, confirm);  in sae_cn_confirm_ffc()