10 files changed, 97 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index 214c676f..0150fdd6 100644
--- a/NEWS
+++ b/NEWS
@@ -29,6 +29,7 @@ Noteworthy changes in version 1.7.0 (unreleased)
  GCRYCTL_SET_SBOX                NEW.
  gcry_cipher_set_sbox            NEW macro.
  GCRY_MD_GOSTR3411_CP            NEW.
+ gcry_mpi_ec_sub                 NEW.
 
 
 Noteworthy changes in version 1.6.0 (2013-12-16)
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 63edf061..108d53a8 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -4806,6 +4806,15 @@ Add the points @var{u} and @var{v} of the elliptic curve described by
 @var{ctx} and store the result into @var{w}.
 @end deftypefun
 
+@deftypefun void gcry_mpi_ec_sub ( @
+ @w{gcry_mpi_point_t @var{w}}, @w{gcry_mpi_point_t @var{u}}, @
+ @w{gcry_mpi_point_t @var{v}}, @w{gcry_ctx_t @var{ctx}})
+
+Subtracts the point @var{v} from the point @var{u} of the elliptic
+curve described by @var{ctx} and store the result into @var{w}. Only
+Twisted Edwards curves are supported for now.
+@end deftypefun
+
 @deftypefun void gcry_mpi_ec_mul ( @
  @w{gcry_mpi_point_t @var{w}}, @w{gcry_mpi_t @var{n}}, @
  @w{gcry_mpi_point_t @var{u}}, @w{gcry_ctx_t @var{ctx}})
diff --git a/mpi/ec.c b/mpi/ec.c
index a55291a9..80f3b220 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -1131,6 +1131,71 @@ _gcry_mpi_ec_add_points (mpi_point_t result,
 }
 
 
+/* RESULT = P1 - P2  (Weierstrass version).*/
+static void
+sub_points_weierstrass (mpi_point_t result,
+                        mpi_point_t p1, mpi_point_t p2,
+                        mpi_ec_t ctx)
+{
+  (void)result;
+  (void)p1;
+  (void)p2;
+  (void)ctx;
+  log_fatal ("%s: %s not yet supported\n",
+             "_gcry_mpi_ec_sub_points", "Weierstrass");
+}
+
+
+/* RESULT = P1 - P2  (Montgomery version).*/
+static void
+sub_points_montgomery (mpi_point_t result,
+                       mpi_point_t p1, mpi_point_t p2,
+                       mpi_ec_t ctx)
+{
+  (void)result;
+  (void)p1;
+  (void)p2;
+  (void)ctx;
+  log_fatal ("%s: %s not yet supported\n",
+             "_gcry_mpi_ec_sub_points", "Montgomery");
+}
+
+
+/* RESULT = P1 - P2  (Twisted Edwards version).*/
+static void
+sub_points_edwards (mpi_point_t result,
+                    mpi_point_t p1, mpi_point_t p2,
+                    mpi_ec_t ctx)
+{
+  mpi_point_t p2i = _gcry_mpi_point_new (0);
+  point_set (p2i, p2);
+  _gcry_mpi_neg (p2i->x, p2i->x);
+  add_points_edwards (result, p1, p2i, ctx);
+  _gcry_mpi_point_release (p2i);
+}
+
+
+/* RESULT = P1 - P2 */
+void
+_gcry_mpi_ec_sub_points (mpi_point_t result,
+                         mpi_point_t p1, mpi_point_t p2,
+                         mpi_ec_t ctx)
+{
+  switch (ctx->model)
+    {
+    case MPI_EC_WEIERSTRASS:
+      sub_points_weierstrass (result, p1, p2, ctx);
+      break;
+    case MPI_EC_MONTGOMERY:
+      sub_points_montgomery (result, p1, p2, ctx);
+      break;
+    case MPI_EC_EDWARDS:
+      sub_points_edwards (result, p1, p2, ctx);
+      break;
+    }
+}
+
+
 /* Scalar point multiplication - the main function for ECC.  If takes
    an integer SCALAR and a POINT as well as the usual context CTX.
    RESULT will be set to the resulting point. */
diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h
index 8a6df840..918937b8 100644
--- a/src/gcrypt-int.h
+++ b/src/gcrypt-int.h
@@ -430,6 +430,8 @@ int _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_point_t point,
 void _gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx);
 void _gcry_mpi_ec_add (gcry_mpi_point_t w,
                        gcry_mpi_point_t u, gcry_mpi_point_t v, mpi_ec_t ctx);
+void _gcry_mpi_ec_sub (gcry_mpi_point_t w,
+                       gcry_mpi_point_t u, gcry_mpi_point_t v, mpi_ec_t ctx);
 void _gcry_mpi_ec_mul (gcry_mpi_point_t w, gcry_mpi_t n, gcry_mpi_point_t u,
                        mpi_ec_t ctx);
 int _gcry_mpi_ec_curve_point (gcry_mpi_point_t w, mpi_ec_t ctx);
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 65d9ef6a..f3207c96 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -704,6 +704,10 @@ void gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx);
 void gcry_mpi_ec_add (gcry_mpi_point_t w,
                       gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx);
 
+/* W = U - V.  */
+void gcry_mpi_ec_sub (gcry_mpi_point_t w,
+                      gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx);
+
 /* W = N * U.  */
 void gcry_mpi_ec_mul (gcry_mpi_point_t w, gcry_mpi_t n, gcry_mpi_point_t u,
                       gcry_ctx_t ctx);
diff --git a/src/libgcrypt.def b/src/libgcrypt.def
index 57ed490e..924f17fe 100644
--- a/src/libgcrypt.def
+++ b/src/libgcrypt.def
@@ -276,5 +276,7 @@ EXPORTS
       gcry_mac_ctl              @242
       gcry_mac_get_algo         @243
 
+      gcry_mpi_ec_sub           @244
+
 
 ;; end of file with public symbols for Windows.
diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers
index 7ee0541a..7e8df3f0 100644
--- a/src/libgcrypt.vers
+++ b/src/libgcrypt.vers
@@ -105,7 +105,7 @@ GCRYPT_1.6 {
     gcry_mpi_ec_get_mpi; gcry_mpi_ec_get_point;
     gcry_mpi_ec_set_mpi; gcry_mpi_ec_set_point;
     gcry_mpi_ec_get_affine;
-    gcry_mpi_ec_dup; gcry_mpi_ec_add; gcry_mpi_ec_mul;
+    gcry_mpi_ec_dup; gcry_mpi_ec_add; gcry_mpi_ec_sub; gcry_mpi_ec_mul;
     gcry_mpi_ec_curve_point;
 
     gcry_log_debug;
diff --git a/src/mpi.h b/src/mpi.h
index 7407b7fc..13b51175 100644
--- a/src/mpi.h
+++ b/src/mpi.h
@@ -286,6 +286,9 @@ void _gcry_mpi_ec_dup_point (mpi_point_t result,
 void _gcry_mpi_ec_add_points (mpi_point_t result,
                               mpi_point_t p1, mpi_point_t p2,
                               mpi_ec_t ctx);
+void _gcry_mpi_ec_sub_points (mpi_point_t result,
+                              mpi_point_t p1, mpi_point_t p2,
+                              mpi_ec_t ctx);
 void _gcry_mpi_ec_mul_point (mpi_point_t result,
                              gcry_mpi_t scalar, mpi_point_t point,
                              mpi_ec_t ctx);
diff --git a/src/visibility.c b/src/visibility.c
index 6ed57ca6..fa23e53c 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -567,6 +567,14 @@ gcry_mpi_ec_add (gcry_mpi_point_t w,
 }
 
 void
+gcry_mpi_ec_sub (gcry_mpi_point_t w,
+                 gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx)
+{
+  _gcry_mpi_ec_sub_points (w, u, v,
+                           _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+}
+
+void
 gcry_mpi_ec_mul (gcry_mpi_point_t w, gcry_mpi_t n, gcry_mpi_point_t u,
                  gcry_ctx_t ctx)
 {
diff --git a/src/visibility.h b/src/visibility.h
index 96b52355..fa3c7630 100644
--- a/src/visibility.h
+++ b/src/visibility.h
@@ -218,6 +218,7 @@ MARK_VISIBLEX (gcry_mpi_copy)
 MARK_VISIBLEX (gcry_mpi_div)
 MARK_VISIBLEX (gcry_mpi_dump)
 MARK_VISIBLEX (gcry_mpi_ec_add)
+MARK_VISIBLEX (gcry_mpi_ec_sub)
 MARK_VISIBLEX (gcry_mpi_ec_curve_point)
 MARK_VISIBLEX (gcry_mpi_ec_dup)
 MARK_VISIBLEX (gcry_mpi_ec_get_affine)
@@ -486,6 +487,7 @@ MARK_VISIBLEX (_gcry_mpi_get_const)
 
 #define gcry_mpi_abs                _gcry_USE_THE_UNDERSCORED_FUNCTION
 #define gcry_mpi_ec_add             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_sub             _gcry_USE_THE_UNDERSCORED_FUNCTION
 #define gcry_mpi_ec_curve_point     _gcry_USE_THE_UNDERSCORED_FUNCTION
 #define gcry_mpi_ec_dup             _gcry_USE_THE_UNDERSCORED_FUNCTION
 #define gcry_mpi_ec_get_affine      _gcry_USE_THE_UNDERSCORED_FUNCTION