+ ge_is_on_curve()

src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c

@@ -2091,6 +2091,31 @@ ge_mul_l(ge_p3 *r, const ge_p3 *A)
     }
 }
 
+int
+ge_is_on_curve(const ge_p3 *p)
+{
+    fe x2;
+    fe y2;
+    fe z2;
+    fe z4;
+    fe t0;
+    fe t1;
+
+    fe_sq(x2, p->X);
+    fe_sq(y2, p->Y);
+    fe_sq(z2, p->Z);
+    fe_sub(t0, y2, x2);
+    fe_mul(t0, t0, z2);
+
+    fe_mul(t1, x2, y2);
+    fe_mul(t1, t1, d);
+    fe_sq(z4, z2);
+    fe_add(t1, t1, z4);
+    fe_sub(t0, t0, t1);
+
+    return fe_iszero(t0);
+}
+
 int
 ge_is_on_main_subgroup(const ge_p3 *p)
 {

src/libsodium/include/sodium/private/curve25519_ref10.h

@@ -104,6 +104,7 @@ typedef struct {
 #define ge_scalarmult_base crypto_core_curve25519_ref10_ge_scalarmult_base
 #define ge_double_scalarmult_vartime crypto_core_curve25519_ref10_ge_double_scalarmult_vartime
 #define ge_scalarmult_vartime crypto_core_curve25519_ref10_ge_scalarmult_vartime
+#define ge_is_on_curve crypto_core_curve25519_ref10_ge_is_on_curve
 #define ge_is_on_main_subgroup crypto_core_curve25519_ref10_ge_is_on_main_subgroup
 #define ge_has_small_order crypto_core_curve25519_ref10_ge_has_small_order
 
@@ -119,6 +120,7 @@ extern void ge_scalarmult_base(ge_p3 *,const unsigned char *);
 extern void ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,const ge_p3 *,const unsigned char *);
 extern void ge_scalarmult(ge_p3 *,const unsigned char *,const ge_p3 *);
 extern void ge_scalarmult_vartime(ge_p3 *,const unsigned char *,const ge_p3 *);
+extern int ge_is_on_curve(const ge_p3 *p);
 extern int ge_is_on_main_subgroup(const ge_p3 *p);
 extern int ge_has_small_order(const unsigned char s[32], unsigned char neg);