1102 static void ecc_point_double_jacobian(u64 *x1, u64 *y1, u64 *z1,  in ecc_point_double_jacobian()  argument
1114 	/* t4 = y1^2 */  in ecc_point_double_jacobian()
1115 	vli_mod_square_fast(t4, y1, curve);  in ecc_point_double_jacobian()
1116 	/* t5 = x1*y1^2 = A */  in ecc_point_double_jacobian()
1118 	/* t4 = y1^4 */  in ecc_point_double_jacobian()
1120 	/* t2 = y1*z1 = z3 */  in ecc_point_double_jacobian()
1121 	vli_mod_mult_fast(y1, y1, z1, curve);  in ecc_point_double_jacobian()
1158 	/* t4 = B * (A - x3) - y1^4 = y3 */  in ecc_point_double_jacobian()
1162 	vli_set(z1, y1, ndigits);  in ecc_point_double_jacobian()
1163 	vli_set(y1, t4, ndigits);  in ecc_point_double_jacobian()
1166 /* Modify (x1, y1) => (x1 * z^2, y1 * z^3) */
1167 static void apply_z(u64 *x1, u64 *y1, u64 *z, const struct ecc_curve *curve)  in apply_z()  argument
1174 	vli_mod_mult_fast(y1, y1, t1, curve);	/* y1 * z^3 */  in apply_z()
1177 /* P = (x1, y1) => 2P, (x2, y2) => P' */
1178 static void xycz_initial_double(u64 *x1, u64 *y1, u64 *x2, u64 *y2,  in xycz_initial_double()  argument
1185 	vli_set(y2, y1, ndigits);  in xycz_initial_double()
1193 	apply_z(x1, y1, z, curve);  in xycz_initial_double()
1195 	ecc_point_double_jacobian(x1, y1, z, curve);  in xycz_initial_double()
1200 /* Input P = (x1, y1, Z), Q = (x2, y2, Z)
1201  * Output P' = (x1', y1', Z3), P + Q = (x3, y3, Z3)
1204 static void xycz_add(u64 *x1, u64 *y1, u64 *x2, u64 *y2,  in xycz_add()  argument
1207 	/* t1 = X1, t2 = Y1, t3 = X2, t4 = Y2 */  in xycz_add()
1220 	/* t4 = y2 - y1 */  in xycz_add()
1221 	vli_mod_sub(y2, y2, y1, curve_prime, ndigits);  in xycz_add()
1222 	/* t5 = (y2 - y1)^2 = D */  in xycz_add()
1231 	/* t2 = y1*(C - B) */  in xycz_add()
1232 	vli_mod_mult_fast(y1, y1, x2, curve);  in xycz_add()
1235 	/* t4 = (y2 - y1)*(B - x3) */  in xycz_add()
1238 	vli_mod_sub(y2, y2, y1, curve_prime, ndigits);  in xycz_add()
1243 /* Input P = (x1, y1, Z), Q = (x2, y2, Z)
1247 static void xycz_add_c(u64 *x1, u64 *y1, u64 *x2, u64 *y2,  in xycz_add_c()  argument
1250 	/* t1 = X1, t2 = Y1, t3 = X2, t4 = Y2 */  in xycz_add_c()
1265 	/* t4 = y2 + y1 */  in xycz_add_c()
1266 	vli_mod_add(t5, y2, y1, curve_prime, ndigits);  in xycz_add_c()
1267 	/* t4 = y2 - y1 */  in xycz_add_c()
1268 	vli_mod_sub(y2, y2, y1, curve_prime, ndigits);  in xycz_add_c()
1272 	/* t2 = y1 * (C - B) */  in xycz_add_c()
1273 	vli_mod_mult_fast(y1, y1, t6, curve);  in xycz_add_c()
1276 	/* t3 = (y2 - y1)^2 */  in xycz_add_c()
1283 	/* t4 = (y2 - y1)*(B - x3) */  in xycz_add_c()
1286 	vli_mod_sub(y2, y2, y1, curve_prime, ndigits);  in xycz_add_c()
1288 	/* t7 = (y2 + y1)^2 = F */  in xycz_add_c()
1294 	/* t6 = (y2 + y1)*(x3' - B) */  in xycz_add_c()
1297 	vli_mod_sub(y1, t6, y1, curve_prime, ndigits);  in xycz_add_c()