haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add P256.pointNegate

Browse Source
This commit is contained in:
Olivier Chéron 2017-11-10 13:37:56 +01:00
parent e8f1bc08c8
commit 8d7e0d236c
3 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Crypto/PubKey/ECC/P256.hs
View File

@ -17,6 +17,7 @@ module Crypto.PubKey.ECC.P256
-- * Point arithmetic -- * Point arithmetic
, pointBase , pointBase
, pointAdd , pointAdd
, pointNegate
, pointMul , pointMul
, pointDh , pointDh
, pointsMulVarTime , pointsMulVarTime
@ -106,6 +107,12 @@ pointAdd a b = withNewPoint $ \dx dy ->
withPoint a $ \ax ay -> withPoint b $ \bx by -> withPoint a $ \ax ay -> withPoint b $ \bx by ->
ccryptonite_p256e_point_add ax ay bx by dx dy ccryptonite_p256e_point_add ax ay bx by dx dy
-- | Negate a point
pointNegate :: Point -> Point
pointNegate a = withNewPoint $ \dx dy ->
withPoint a $ \ax ay -> do
ccryptonite_p256e_point_negate ax ay dx dy
-- | Multiply a point by a scalar -- | Multiply a point by a scalar
-- --
-- warning: variable time -- warning: variable time
@ -372,6 +379,11 @@ foreign import ccall "cryptonite_p256e_point_add"
-> Ptr P256X -> Ptr P256Y -> Ptr P256X -> Ptr P256Y
-> IO () -> IO ()
foreign import ccall "cryptonite_p256e_point_negate"
ccryptonite_p256e_point_negate :: Ptr P256X -> Ptr P256Y
-> Ptr P256X -> Ptr P256Y
-> IO ()
-- compute (out_x,out,y) = n1 * G + n2 * (in_x,in_y) -- compute (out_x,out,y) = n1 * G + n2 * (in_x,in_y)
foreign import ccall "cryptonite_p256_points_mul_vartime" foreign import ccall "cryptonite_p256_points_mul_vartime"
ccryptonite_p256_points_mul_vartime :: Ptr P256Scalar -- n1 ccryptonite_p256_points_mul_vartime :: Ptr P256Scalar -- n1

11
cbits/p256/p256_ec.c
View File

@ -1303,3 +1303,14 @@ void cryptonite_p256e_point_add(
from_montgomery(out_x, px1); from_montgomery(out_x, px1);
from_montgomery(out_y, py1); from_montgomery(out_y, py1);
} }
/* this function is not part of the original source
negate a point, i.e. (out_x, out_y) = (in_x, -in_y)
*/
void cryptonite_p256e_point_negate(
const cryptonite_p256_int *in_x, const cryptonite_p256_int *in_y,
cryptonite_p256_int *out_x, cryptonite_p256_int *out_y)
{
memcpy(out_x, in_x, P256_NBYTES);
cryptonite_p256_sub(&cryptonite_SECP256r1_p, in_y, out_y);
}

7
tests/KAT_PubKey/P256.hs
View File

@ -113,6 +113,7 @@ tests = testGroup "P256"
in r @=? P256.pointAdd s t in r @=? P256.pointAdd s t
, testProperty "lift-to-curve" $ propertyLiftToCurve , testProperty "lift-to-curve" $ propertyLiftToCurve
, testProperty "point-add" $ propertyPointAdd , testProperty "point-add" $ propertyPointAdd
, testProperty "point-negate" $ propertyPointNegate
] ]
] ]
where where
@ -136,6 +137,12 @@ tests = testGroup "P256"
, eqTest "ecc" peR (pointP256ToECC pR) , eqTest "ecc" peR (pointP256ToECC pR)
] ]
propertyPointNegate r =
let p = P256.toPoint (unP256Scalar r)
pe = ECC.pointMul curve (unP256 r) curveGen
pR = P256.pointNegate p
in ECC.pointNegate curve pe `propertyEq` (pointP256ToECC pR)
i2ospScalar :: Integer -> Bytes i2ospScalar :: Integer -> Bytes
i2ospScalar i = i2ospScalar i =
case i2ospOf 32 i of case i2ospOf 32 i of