From 8fdd15f58485132ca99dc2c5cce0b749b56b3b84 Mon Sep 17 00:00:00 2001
From: sowle <crypto.sowle@gmail.com>
Date: Wed, 23 Aug 2023 19:32:28 +0200
Subject: [PATCH] crypto: implemented point_t::operator-() + test

---
 src/crypto/crypto-sugar.h               |  9 +++++++
 tests/functional_tests/crypto_tests.cpp | 31 +++++++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/src/crypto/crypto-sugar.h b/src/crypto/crypto-sugar.h
index 30a97135..6ecdf713 100644
--- a/src/crypto/crypto-sugar.h
+++ b/src/crypto/crypto-sugar.h
@@ -727,6 +727,15 @@ namespace crypto
       return result;
     }
 
+    point_t operator-() const
+    {
+      point_t result = *this;
+      fe zero = {0};
+      fe_sub(result.m_p3.Y, zero, result.m_p3.Y);
+      fe_sub(result.m_p3.Z, zero, result.m_p3.Z);
+      return result;
+    }
+
     point_t& modify_mul8()
     {
       ge_mul8_p3(&m_p3, &m_p3);
diff --git a/tests/functional_tests/crypto_tests.cpp b/tests/functional_tests/crypto_tests.cpp
index eafa34ed..41ea0a03 100644
--- a/tests/functional_tests/crypto_tests.cpp
+++ b/tests/functional_tests/crypto_tests.cpp
@@ -1588,6 +1588,37 @@ TEST(crypto, schnorr_sig)
   return true;
 }
 
+TEST(crypto, point_negation)
+{
+  ASSERT_EQ(c_point_0, -c_point_0);
+  ASSERT_NEQ(c_point_G, -c_point_G);
+  ASSERT_EQ(c_point_G, -(-c_point_G));
+  ASSERT_EQ(-c_point_G, c_scalar_Lm1 * c_point_G);
+  ASSERT_EQ(-c_point_G, c_point_0 - c_point_G);
+  ASSERT_EQ(0 * (-c_point_G), c_point_0);
+  scalar_t a = scalar_t::random(), b = scalar_t::random();
+  ASSERT_EQ(a * (-c_point_G) + b * c_point_G + a * c_point_H + b * (-c_point_H), (b - a) * c_point_G + (a - b) * c_point_H);
+  ASSERT_EQ(a * (-c_point_G), (a * c_scalar_Lm1) * c_point_G);
+
+  for(size_t i = 0, sz = sizeof(canonical_torsion_elements) / sizeof(canonical_torsion_elements[0]); i < sz; ++i)
+  {
+    point_t el{};
+    ASSERT_TRUE(el.from_string(canonical_torsion_elements[i].string));
+    ASSERT_EQ(el, -(-el));
+    ASSERT_EQ((-scalar_t(1)) * el, (c_scalar_0 - c_scalar_1) * el);
+    ASSERT_NEQ(-el, (-scalar_t(1)) * el);  // because torsion elements have order != L
+    ASSERT_NEQ(-el, c_scalar_Lm1 * el);    // because torsion elements have order != L
+    ASSERT_EQ(-el, (scalar_t(canonical_torsion_elements[i].order) - 1) * el); // they rather have order == canonical_torsion_elements[i].order
+    ASSERT_EQ(-el, c_point_0 - el);
+    ASSERT_EQ((-el) + (el), c_point_0);
+    ASSERT_EQ((-el) - (-el), c_point_0);
+    scalar_t x = scalar_t::random();
+    ASSERT_EQ(x * (-el) + x * el, c_point_0);
+  }
+
+  return true;
+}
+
 
 //
 // test's runner