X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=inc%2Fbearssl_ec.h;h=50225300629b4c255aed05c60a69d64d1e32e407;hp=2c84bad1fd82b561f15d04208644dcced90b8e82;hb=bd3036844bd20b2b8d7bce7fee5ad010ce401915;hpb=2f9c953af45299f8546df8984d5262e767a7d943 diff --git a/inc/bearssl_ec.h b/inc/bearssl_ec.h index 2c84bad..5022530 100644 --- a/inc/bearssl_ec.h +++ b/inc/bearssl_ec.h @@ -65,6 +65,11 @@ * Callback method that returns a pointer to the subgroup order for * that curve. That value uses unsigned big-endian encoding. * + * - `xoff()` + * + * Callback method that returns the offset and length of the X + * coordinate in an encoded point. + * * - `mul()` * * Multiply a curve point with an integer. @@ -294,6 +299,18 @@ typedef struct { */ const unsigned char *(*order)(int curve, size_t *len); + /** + * \brief Get the offset and length for the X coordinate. + * + * This function returns the offset and length (in bytes) of + * the X coordinate in an encoded non-zero point. + * + * \param curve curve identifier. + * \param len receiver for the X coordinate length (in bytes). + * \return the offset for the X coordinate (in bytes). + */ + size_t (*xoff)(int curve, size_t *len); + /** * \brief Multiply a curve point by an integer. * @@ -410,24 +427,91 @@ extern const br_ec_impl br_ec_prime_i31; extern const br_ec_impl br_ec_prime_i15; /** - * \brief EC implementation "i15" for P-256. + * \brief EC implementation "m15" for P-256. * * This implementation uses specialised code for curve secp256r1 (also - * known as NIST P-256), with Karatsuba decomposition, and fast modular - * reduction thanks to the field modulus special format. Only 32-bit - * multiplications are used (with 32-bit results, not 64-bit). + * known as NIST P-256), with optional Karatsuba decomposition, and fast + * modular reduction thanks to the field modulus special format. Only + * 32-bit multiplications are used (with 32-bit results, not 64-bit). */ extern const br_ec_impl br_ec_p256_m15; +/** + * \brief EC implementation "m31" for P-256. + * + * This implementation uses specialised code for curve secp256r1 (also + * known as NIST P-256), relying on multiplications of 31-bit values + * (MUL31). + */ +extern const br_ec_impl br_ec_p256_m31; + /** * \brief EC implementation "i15" (generic code) for Curve25519. * * This implementation uses the generic code for modular integers (with - * 15-bit words) to support Curve25519. The `muladd()` method is not - * implemented. + * 15-bit words) to support Curve25519. Due to the specificities of the + * curve definition, the following applies: + * + * - `muladd()` is not implemented (the function returns 0 systematically). + * - `order()` returns 2^255-1, since the point multiplication algorithm + * accepts any 32-bit integer as input (it clears the top bit and low + * three bits systematically). */ extern const br_ec_impl br_ec_c25519_i15; +/** + * \brief EC implementation "i31" (generic code) for Curve25519. + * + * This implementation uses the generic code for modular integers (with + * 31-bit words) to support Curve25519. Due to the specificities of the + * curve definition, the following applies: + * + * - `muladd()` is not implemented (the function returns 0 systematically). + * - `order()` returns 2^255-1, since the point multiplication algorithm + * accepts any 32-bit integer as input (it clears the top bit and low + * three bits systematically). + */ +extern const br_ec_impl br_ec_c25519_i31; + +/** + * \brief EC implementation "m15" (specialised code) for Curve25519. + * + * This implementation uses custom code relying on multiplication of + * integers up to 15 bits. Due to the specificities of the curve + * definition, the following applies: + * + * - `muladd()` is not implemented (the function returns 0 systematically). + * - `order()` returns 2^255-1, since the point multiplication algorithm + * accepts any 32-bit integer as input (it clears the top bit and low + * three bits systematically). + */ +extern const br_ec_impl br_ec_c25519_m15; + +/** + * \brief EC implementation "m31" (specialised code) for Curve25519. + * + * This implementation uses custom code relying on multiplication of + * integers up to 31 bits. Due to the specificities of the curve + * definition, the following applies: + * + * - `muladd()` is not implemented (the function returns 0 systematically). + * - `order()` returns 2^255-1, since the point multiplication algorithm + * accepts any 32-bit integer as input (it clears the top bit and low + * three bits systematically). + */ +extern const br_ec_impl br_ec_c25519_m31; + +/** + * \brief Aggregate EC implementation "m15". + * + * This implementation is a wrapper for: + * + * - `br_ec_c25519_m15` for Curve25519 + * - `br_ec_p256_m15` for NIST P-256 + * - `br_ec_prime_i15` for other curves (NIST P-384 and NIST-P512) + */ +extern const br_ec_impl br_ec_all_m15; + /** * \brief Convert a signature from "raw" to "asn1". *