Fixed negation of Ed25519 points

Legrandin · Jun 19, 2024 · 97bf178 · 97bf178
1 parent d984da4
commit 97bf178
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 2 deletions.
diff --git a/Changelog.rst b/Changelog.rst
@@ -7,6 +7,7 @@ Under development
   the GMP library will not be used even if detected.
 * Remove support for Python 3.5
 * GH#814: RSA keys for PSS can be imported.
+* GH#810: fixed negation of Ed25519 points
 
 3.20.0 (9 January 2024)
 ++++++++++++++++++++++++++

diff --git a/lib/Crypto/SelfTest/PublicKey/test_ECC_Ed25519.py b/lib/Crypto/SelfTest/PublicKey/test_ECC_Ed25519.py
@@ -110,8 +110,13 @@ def test_pai(self):
 
     def test_negate(self):
         negG = -self.pointG
-        sum = self.pointG + negG
-        self.assertTrue(sum.is_point_at_infinity())
+        G100 = self.pointG * 100
+        sum_zero = G100 + negG * 100
+        self.assertTrue(sum_zero.is_point_at_infinity())
+
+        sum_99 = G100 + negG
+        expected = self.pointG * 99
+        self.assertEqual(sum_99, expected)
 
     def test_addition(self):
         self.assertEqual(self.pointG + self.pointG2, self.pointG3)

diff --git a/src/ed25519.c b/src/ed25519.c
@@ -285,6 +285,7 @@ EXPORT_SYM int ed25519_neg(Point *p)
     const uint32_t zero[10] = { 0 };
 
     sub_25519(p->X, zero, p->X);
+    sub_25519(p->T, zero, p->T);
     return 0;
 }