Ed25519 point negation

Crypto/ECC/Ed25519.hs

@@ -20,6 +20,7 @@ module Crypto.ECC.Ed25519
     , pointEncode
     -- * Arithmetic functions
     , toPoint
+    , pointNegate
     , pointAdd
     , pointDouble
     , pointMul
@@ -151,6 +152,13 @@ pointDecode bs
                     else return $ CryptoPassed (Point p)
 {-# NOINLINE pointDecode #-}
 
+-- | Negate a point.
+pointNegate :: Point -> Point
+pointNegate (Point a) =
+    Point $ B.allocAndFreeze pointArraySize $ \out ->
+        withByteArray a $ \pa ->
+             ed25519_point_negate out pa
+
 -- | Add two points.
 pointAdd :: Point -> Point -> Point
 pointAdd (Point a) (Point b) =
@@ -209,6 +217,11 @@ foreign import ccall "cryptonite_ed25519_point_eq"
                      -> Ptr Point
                      -> IO CInt
 
+foreign import ccall "cryptonite_ed25519_point_negate"
+    ed25519_point_negate :: Ptr Point -- minus_a
+                         -> Ptr Point -- a
+                         -> IO ()
+
 foreign import ccall "cryptonite_ed25519_point_add"
     ed25519_point_add :: Ptr Point -- sum
                       -> Ptr Point -- a

cbits/ed25519/ed25519-cryptonite-exts.h

@@ -77,6 +77,14 @@ ED25519_FN(ed25519_point_eq) (const ge25519 *p, const ge25519 *q) {
     return eq;
 }
 
+void
+ED25519_FN(ed25519_point_negate) (ge25519 *r, const ge25519 *p) {
+    curve25519_neg(r->x, p->x);
+    curve25519_copy(r->y, p->y);
+    curve25519_copy(r->z, p->z);
+    curve25519_neg(r->t, p->t);
+}
+
 void
 ED25519_FN(ed25519_point_add) (ge25519 *r, const ge25519 *p, const ge25519 *q) {
     ge25519_add(r, p, q);