Add P256.pointNegate

2017-11-10 13:37:56 +01:00 · 2017-11-10 13:37:56 +01:00 · 8d7e0d236c
commit 8d7e0d236c
parent e8f1bc08c8
3 changed files with 30 additions and 0 deletions
--- a/Crypto/PubKey/ECC/P256.hs
+++ b/Crypto/PubKey/ECC/P256.hs
@ -17,6 +17,7 @@ module Crypto.PubKey.ECC.P256
    -- * Point arithmetic
    , pointBase
    , pointAdd
+    , pointNegate
    , pointMul
    , pointDh
    , pointsMulVarTime
@ -106,6 +107,12 @@ pointAdd a b = withNewPoint $ \dx dy ->
    withPoint a $ \ax ay -> withPoint b $ \bx by ->
        ccryptonite_p256e_point_add ax ay bx by dx dy

+-- | Negate a point
+pointNegate :: Point -> Point
+pointNegate a = withNewPoint $ \dx dy ->
+    withPoint a $ \ax ay -> do
+        ccryptonite_p256e_point_negate ax ay dx dy
+
 -- | Multiply a point by a scalar
 --
 -- warning: variable time
@ -372,6 +379,11 @@ foreign import ccall "cryptonite_p256e_point_add"
                                -> Ptr P256X -> Ptr P256Y
                                -> IO ()

+foreign import ccall "cryptonite_p256e_point_negate"
+    ccryptonite_p256e_point_negate :: Ptr P256X -> Ptr P256Y
+                                   -> Ptr P256X -> Ptr P256Y
+                                   -> IO ()
+
 -- compute (out_x,out,y) = n1 * G + n2 * (in_x,in_y)
 foreign import ccall "cryptonite_p256_points_mul_vartime"
    ccryptonite_p256_points_mul_vartime :: Ptr P256Scalar -- n1
--- a/cbits/p256/p256_ec.c
+++ b/cbits/p256/p256_ec.c
@ -1303,3 +1303,14 @@ void cryptonite_p256e_point_add(
    from_montgomery(out_x, px1);
    from_montgomery(out_y, py1);
 }
+
+/* this function is not part of the original source
+   negate a point, i.e. (out_x, out_y) = (in_x, -in_y)
+ */
+void cryptonite_p256e_point_negate(
+    const cryptonite_p256_int *in_x, const cryptonite_p256_int *in_y,
+    cryptonite_p256_int *out_x, cryptonite_p256_int *out_y)
+{
+    memcpy(out_x, in_x, P256_NBYTES);
+    cryptonite_p256_sub(&cryptonite_SECP256r1_p, in_y, out_y);
+}
--- a/tests/KAT_PubKey/P256.hs
+++ b/tests/KAT_PubKey/P256.hs
@ -113,6 +113,7 @@ tests = testGroup "P256"
             in r @=? P256.pointAdd s t
        , testProperty "lift-to-curve" $ propertyLiftToCurve
        , testProperty "point-add" $ propertyPointAdd
+        , testProperty "point-negate" $ propertyPointNegate
        ]
    ]
  where
@ -136,6 +137,12 @@ tests = testGroup "P256"
                         , eqTest "ecc" peR (pointP256ToECC pR)
                         ]

+    propertyPointNegate r =
+        let p  = P256.toPoint (unP256Scalar r)
+            pe = ECC.pointMul curve (unP256 r) curveGen
+            pR = P256.pointNegate p
+         in ECC.pointNegate curve pe `propertyEq` (pointP256ToECC pR)
+
    i2ospScalar :: Integer -> Bytes
    i2ospScalar i =
        case i2ospOf 32 i of