From 8d7e0d236c8da14c31a186d70f4ed0724d22cc0e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Olivier=20Ch=C3=A9ron?= <olivier.cheron@gmail.com>
Date: Fri, 10 Nov 2017 13:37:56 +0100
Subject: [PATCH] Add P256.pointNegate

---
 Crypto/PubKey/ECC/P256.hs | 12 ++++++++++++
 cbits/p256/p256_ec.c      | 11 +++++++++++
 tests/KAT_PubKey/P256.hs  |  7 +++++++
 3 files changed, 30 insertions(+)

diff --git a/Crypto/PubKey/ECC/P256.hs b/Crypto/PubKey/ECC/P256.hs
index f1d8c32..161983a 100644
--- a/Crypto/PubKey/ECC/P256.hs
+++ b/Crypto/PubKey/ECC/P256.hs
@@ -17,6 +17,7 @@ module Crypto.PubKey.ECC.P256
     -- * Point arithmetic
     , pointBase
     , pointAdd
+    , pointNegate
     , pointMul
     , pointDh
     , pointsMulVarTime
@@ -106,6 +107,12 @@ pointAdd a b = withNewPoint $ \dx dy ->
     withPoint a $ \ax ay -> withPoint b $ \bx by ->
         ccryptonite_p256e_point_add ax ay bx by dx dy
 
+-- | Negate a point
+pointNegate :: Point -> Point
+pointNegate a = withNewPoint $ \dx dy ->
+    withPoint a $ \ax ay -> do
+        ccryptonite_p256e_point_negate ax ay dx dy
+
 -- | Multiply a point by a scalar
 --
 -- warning: variable time
@@ -372,6 +379,11 @@ foreign import ccall "cryptonite_p256e_point_add"
                                 -> Ptr P256X -> Ptr P256Y
                                 -> IO ()
 
+foreign import ccall "cryptonite_p256e_point_negate"
+    ccryptonite_p256e_point_negate :: Ptr P256X -> Ptr P256Y
+                                   -> Ptr P256X -> Ptr P256Y
+                                   -> IO ()
+
 -- compute (out_x,out,y) = n1 * G + n2 * (in_x,in_y)
 foreign import ccall "cryptonite_p256_points_mul_vartime"
     ccryptonite_p256_points_mul_vartime :: Ptr P256Scalar -- n1
diff --git a/cbits/p256/p256_ec.c b/cbits/p256/p256_ec.c
index e9c41e1..bee8ff0 100644
--- a/cbits/p256/p256_ec.c
+++ b/cbits/p256/p256_ec.c
@@ -1303,3 +1303,14 @@ void cryptonite_p256e_point_add(
     from_montgomery(out_x, px1);
     from_montgomery(out_y, py1);
 }
+
+/* this function is not part of the original source
+   negate a point, i.e. (out_x, out_y) = (in_x, -in_y)
+ */
+void cryptonite_p256e_point_negate(
+    const cryptonite_p256_int *in_x, const cryptonite_p256_int *in_y,
+    cryptonite_p256_int *out_x, cryptonite_p256_int *out_y)
+{
+    memcpy(out_x, in_x, P256_NBYTES);
+    cryptonite_p256_sub(&cryptonite_SECP256r1_p, in_y, out_y);
+}
diff --git a/tests/KAT_PubKey/P256.hs b/tests/KAT_PubKey/P256.hs
index 6b6d279..2d6bb2b 100644
--- a/tests/KAT_PubKey/P256.hs
+++ b/tests/KAT_PubKey/P256.hs
@@ -113,6 +113,7 @@ tests = testGroup "P256"
              in r @=? P256.pointAdd s t
         , testProperty "lift-to-curve" $ propertyLiftToCurve
         , testProperty "point-add" $ propertyPointAdd
+        , testProperty "point-negate" $ propertyPointNegate
         ]
     ]
   where
@@ -136,6 +137,12 @@ tests = testGroup "P256"
                          , eqTest "ecc" peR (pointP256ToECC pR)
                          ]
 
+    propertyPointNegate r =
+        let p  = P256.toPoint (unP256Scalar r)
+            pe = ECC.pointMul curve (unP256 r) curveGen
+            pR = P256.pointNegate p
+         in ECC.pointNegate curve pe `propertyEq` (pointP256ToECC pR)
+
     i2ospScalar :: Integer -> Bytes
     i2ospScalar i =
         case i2ospOf 32 i of