X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=inc%2Fbearssl_ec.h;h=50225300629b4c255aed05c60a69d64d1e32e407;hp=5769f0a4d576e32c6eac086b3c78b0ba32139241;hb=2f454aad577ae53798935cc32438a2d3f02ba31f;hpb=3655193439d4e093bb80a2f0d9e02179d424de08

diff --git a/inc/bearssl_ec.h b/inc/bearssl_ec.h
index 5769f0a..5022530 100644
--- a/inc/bearssl_ec.h
+++ b/inc/bearssl_ec.h
@@ -436,6 +436,15 @@ extern const br_ec_impl br_ec_prime_i15;
  */
 extern const br_ec_impl br_ec_p256_m15;
 
+/**
+ * \brief EC implementation "m31" for P-256.
+ *
+ * This implementation uses specialised code for curve secp256r1 (also
+ * known as NIST P-256), relying on multiplications of 31-bit values
+ * (MUL31).
+ */
+extern const br_ec_impl br_ec_p256_m31;
+
 /**
  * \brief EC implementation "i15" (generic code) for Curve25519.
  *
@@ -450,6 +459,20 @@ extern const br_ec_impl br_ec_p256_m15;
  */
 extern const br_ec_impl br_ec_c25519_i15;
 
+/**
+ * \brief EC implementation "i31" (generic code) for Curve25519.
+ *
+ * This implementation uses the generic code for modular integers (with
+ * 31-bit words) to support Curve25519. Due to the specificities of the
+ * curve definition, the following applies:
+ *
+ *   - `muladd()` is not implemented (the function returns 0 systematically).
+ *   - `order()` returns 2^255-1, since the point multiplication algorithm
+ *     accepts any 32-bit integer as input (it clears the top bit and low
+ *     three bits systematically).
+ */
+extern const br_ec_impl br_ec_c25519_i31;
+
 /**
  * \brief EC implementation "m15" (specialised code) for Curve25519.
  *
@@ -464,6 +487,20 @@ extern const br_ec_impl br_ec_c25519_i15;
  */
 extern const br_ec_impl br_ec_c25519_m15;
 
+/**
+ * \brief EC implementation "m31" (specialised code) for Curve25519.
+ *
+ * This implementation uses custom code relying on multiplication of
+ * integers up to 31 bits. Due to the specificities of the curve
+ * definition, the following applies:
+ *
+ *   - `muladd()` is not implemented (the function returns 0 systematically).
+ *   - `order()` returns 2^255-1, since the point multiplication algorithm
+ *     accepts any 32-bit integer as input (it clears the top bit and low
+ *     three bits systematically).
+ */
+extern const br_ec_impl br_ec_c25519_m31;
+
 /**
  * \brief Aggregate EC implementation "m15".
  *