From 0b835b44792766d30f7bdaac97418348ee9177e3 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Sun, 22 Oct 2017 17:44:51 +0200
Subject: [PATCH] + ge_is_on_curve()

---
 .../curve25519/ref10/curve25519_ref10.c       | 25 +++++++++++++++++++
 .../include/sodium/private/curve25519_ref10.h |  2 ++
 2 files changed, 27 insertions(+)

diff --git a/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c b/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c
index 43c34969..f476c969 100644
--- a/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c
+++ b/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c
@@ -2091,6 +2091,31 @@ ge_mul_l(ge_p3 *r, const ge_p3 *A)
     }
 }
 
+int
+ge_is_on_curve(const ge_p3 *p)
+{
+    fe x2;
+    fe y2;
+    fe z2;
+    fe z4;
+    fe t0;
+    fe t1;
+
+    fe_sq(x2, p->X);
+    fe_sq(y2, p->Y);
+    fe_sq(z2, p->Z);
+    fe_sub(t0, y2, x2);
+    fe_mul(t0, t0, z2);
+
+    fe_mul(t1, x2, y2);
+    fe_mul(t1, t1, d);
+    fe_sq(z4, z2);
+    fe_add(t1, t1, z4);
+    fe_sub(t0, t0, t1);
+
+    return fe_iszero(t0);
+}
+
 int
 ge_is_on_main_subgroup(const ge_p3 *p)
 {
diff --git a/src/libsodium/include/sodium/private/curve25519_ref10.h b/src/libsodium/include/sodium/private/curve25519_ref10.h
index 5728c5e7..75aca861 100644
--- a/src/libsodium/include/sodium/private/curve25519_ref10.h
+++ b/src/libsodium/include/sodium/private/curve25519_ref10.h
@@ -104,6 +104,7 @@ typedef struct {
 #define ge_scalarmult_base crypto_core_curve25519_ref10_ge_scalarmult_base
 #define ge_double_scalarmult_vartime crypto_core_curve25519_ref10_ge_double_scalarmult_vartime
 #define ge_scalarmult_vartime crypto_core_curve25519_ref10_ge_scalarmult_vartime
+#define ge_is_on_curve crypto_core_curve25519_ref10_ge_is_on_curve
 #define ge_is_on_main_subgroup crypto_core_curve25519_ref10_ge_is_on_main_subgroup
 #define ge_has_small_order crypto_core_curve25519_ref10_ge_has_small_order
 
@@ -119,6 +120,7 @@ extern void ge_scalarmult_base(ge_p3 *,const unsigned char *);
 extern void ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,const ge_p3 *,const unsigned char *);
 extern void ge_scalarmult(ge_p3 *,const unsigned char *,const ge_p3 *);
 extern void ge_scalarmult_vartime(ge_p3 *,const unsigned char *,const ge_p3 *);
+extern int ge_is_on_curve(const ge_p3 *p);
 extern int ge_is_on_main_subgroup(const ge_p3 *p);
 extern int ge_has_small_order(const unsigned char s[32], unsigned char neg);