From 78fa0c365044b45b23ac6ec4fb25371d7d5282bc Mon Sep 17 00:00:00 2001
From: Vincent Hanquez <vincent@snarc.org>
Date: Fri, 29 May 2015 15:47:25 +0100
Subject: [PATCH] [P256] implement missing function, and remove
 un-implementable one.

remove temporary removal, and properly fixes #1
---
 Crypto/PubKey/ECC/P256.hs | 50 +++++++++++++++++++--------------------
 cbits/p256/p256.c         | 14 +++++++++++
 2 files changed, 39 insertions(+), 25 deletions(-)

diff --git a/Crypto/PubKey/ECC/P256.hs b/Crypto/PubKey/ECC/P256.hs
index a443af0..7c5388f 100644
--- a/Crypto/PubKey/ECC/P256.hs
+++ b/Crypto/PubKey/ECC/P256.hs
@@ -27,7 +27,6 @@ module Crypto.PubKey.ECC.P256
     , scalarAdd
     , scalarSub
     , scalarInv
-    , scalarInvVarTime
     , scalarCmp
     , scalarFromBinary
     , scalarToBinary
@@ -39,7 +38,6 @@ import           Foreign.C.Types
 
 import           Crypto.Internal.Compat
 import           Crypto.Internal.Imports
---import           Crypto.Internal.Memory
 import           Crypto.Internal.ByteArray
 import qualified Crypto.Internal.ByteArray as B
 import           Crypto.Error
@@ -85,9 +83,8 @@ pointAdd a b = withNewPoint $ \dx dy ->
 -- | Multiply a point by a scalar
 pointMul :: Scalar -> Point -> Point
 pointMul scalar p = withNewPoint $ \dx dy ->
-    withScalar scalar $ \n -> withPoint p $ \px py ->
-        undefined
-        --ccryptonite_p256_point_mul n dx dy px py
+    withScalar scalar $ \n -> withPoint p $ \px py -> withScalarZero $ \nzero ->
+        ccryptonite_p256_points_mul_vartime nzero n px py dx dy
 
 -- | multiply the point @p with @n2 and add a lifted to curve value @n1
 --
@@ -132,16 +129,10 @@ scalarSub a b =
 -- | Give the inverse of the scalar
 --
 -- > 1 / a
+--
+-- variable time.
 scalarInv :: Scalar -> Scalar
 scalarInv a =
-    withNewScalarFreeze $ \b -> withScalar a $ \pa ->
-        undefined
-        --ccryptonite_p256_modinv ccryptonite_SECP256r1_n pa b
-
--- | similar to 'scalarInv' but instead of
--- trying to be constant time, do it as fast as possible
-scalarInvVarTime :: Scalar -> Scalar
-scalarInvVarTime a =
     withNewScalarFreeze $ \b -> withScalar a $ \pa ->
         ccryptonite_p256_modinv_vartime ccryptonite_SECP256r1_n pa b
 
@@ -163,8 +154,7 @@ scalarFromBinary ba
 -- | convert a scalar to binary
 scalarToBinary :: ByteArray ba => Scalar -> ba
 scalarToBinary s = B.allocAndFreeze scalarSize $ \b -> withScalar s $ \p ->
-    undefined
-    --ccryptonite_p256_to_bin p b
+    ccryptonite_p256_to_bin p b
 
 ------------------------------------------------------------------------
 -- Memory Helpers
@@ -183,9 +173,21 @@ withNewScalarFreeze :: (Ptr P256Scalar -> IO ()) -> Scalar
 withNewScalarFreeze f = Scalar $ B.allocAndFreeze scalarSize f
 {-# NOINLINE withNewScalarFreeze #-}
 
+withTempScalar :: (Ptr P256Scalar -> IO a) -> IO a
+withTempScalar f = ignoreSnd <$> B.allocRet scalarSize f
+  where ignoreSnd :: (a, ScrubbedBytes) -> a
+        ignoreSnd = fst
+{-# NOINLINE withTempScalar #-}
+
 withScalar :: Scalar -> (Ptr P256Scalar -> IO a) -> IO a
 withScalar (Scalar d) f = B.withByteArray d f
 
+withScalarZero :: (Ptr P256Scalar -> IO a) -> IO a
+withScalarZero f =
+    withTempScalar $ \d -> do
+        ccryptonite_p256_init d
+        f d
+
 ------------------------------------------------------------------------
 -- Foreign bindings
 ------------------------------------------------------------------------
@@ -224,21 +226,19 @@ foreign import ccall "cryptonite_p256e_point_add"
                                 -> Ptr P256X -> Ptr P256Y
                                 -> Ptr P256X -> Ptr P256Y
                                 -> IO ()
---foreign import ccall "cryptonite_p256_point_mul"
---    ccryptonite_p256_point_mul :: Ptr P256Scalar
---                               -> Ptr P256X -> Ptr P256Y
---                               -> Ptr P256X -> Ptr P256Y
---                               -> IO ()
+
+-- compute (out_x,out,y) = n1 * G + n2 * (in_x,in_y)
 foreign import ccall "cryptonite_p256_points_mul_vartime"
-    ccryptonite_p256_points_mul_vartime :: Ptr P256Scalar -> Ptr P256Scalar
-                                        -> Ptr P256X -> Ptr P256Y
-                                        -> Ptr P256X -> Ptr P256Y
+    ccryptonite_p256_points_mul_vartime :: Ptr P256Scalar -- n1
+                                        -> Ptr P256Scalar -- n2
+                                        -> Ptr P256X -> Ptr P256Y -- in_{x,y}
+                                        -> Ptr P256X -> Ptr P256Y -- out_{x,y}
                                         -> IO ()
 foreign import ccall "cryptonite_p256_is_valid_point"
     ccryptonite_p256_is_valid_point :: Ptr P256X -> Ptr P256Y -> IO CInt
 
---foreign import ccall "cryptonite_p256_to_bin"
---    ccryptonite_p256_to_bin :: Ptr P256Scalar -> Ptr Word8 -> IO ()
+foreign import ccall "cryptonite_p256_to_bin"
+    ccryptonite_p256_to_bin :: Ptr P256Scalar -> Ptr Word8 -> IO ()
 
 foreign import ccall "cryptonite_p256_from_bin"
     ccryptonite_p256_from_bin :: Ptr Word8 -> Ptr P256Scalar -> IO ()
diff --git a/cbits/p256/p256.c b/cbits/p256/p256.c
index d3f1c47..04060f8 100644
--- a/cbits/p256/p256.c
+++ b/cbits/p256/p256.c
@@ -371,3 +371,17 @@ void cryptonite_p256_from_bin(const uint8_t src[P256_NBYTES], cryptonite_p256_in
     p += 4;
   }
 }
+
+void cryptonite_p256_to_bin(const cryptonite_p256_int* src, uint8_t dst[P256_NBYTES])
+{
+	int i;
+	uint8_t* p = &dst[0];
+	for (i = P256_NDIGITS -1; i > 0; --i) {
+		const cryptonite_p256_digit dig = P256_DIGIT(src, i);
+		p[0] = dig >> 24;
+		p[1] = dig >> 16;
+		p[2] = dig >> 8;
+		p[3] = dig;
+		p += 4;
+	}
+}