Abstract out verify logic for fe_get_bounds

2022-06-08 15:04:49 -04:00 · 2022-06-08 15:04:49 -04:00 · 283cd80ab4
commit 283cd80ab4
parent d5aa2f0358
4 changed files with 17 additions and 18 deletions
--- a/src/field.h
+++ b/src/field.h
@ -97,6 +97,7 @@ static const secp256k1_fe secp256k1_const_beta = SECP256K1_FE_CONST(
 #  define secp256k1_fe_from_storage secp256k1_fe_impl_from_storage
 #  define secp256k1_fe_inv secp256k1_fe_impl_inv
 #  define secp256k1_fe_inv_var secp256k1_fe_impl_inv_var
+#  define secp256k1_fe_get_bounds secp256k1_fe_impl_get_bounds
 #endif /* !defined(VERIFY) */

 /** Normalize a field element.
@ -306,8 +307,9 @@ static void secp256k1_fe_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag);
 *  The output is not guaranteed to be normalized, regardless of the input. */
 static void secp256k1_fe_half(secp256k1_fe *r);

-/** Sets each limb of 'r' to its upper bound at magnitude 'm'. The output will also have its
- *  magnitude set to 'm' and is normalized if (and only if) 'm' is zero. */
+/** Sets r to a field element with magnitude m, normalized if (and only if) m==0.
+ *  The value is chosen so that it is likely to trigger edge cases related to
+ *  internal overflows. */
 static void secp256k1_fe_get_bounds(secp256k1_fe *r, int m);

 /** Determine whether a is a square (modulo p). */
--- a/src/field_10x26_impl.h
+++ b/src/field_10x26_impl.h
@ -38,9 +38,7 @@ static void secp256k1_fe_impl_verify(const secp256k1_fe *a) {
 }
 #endif

-static void secp256k1_fe_get_bounds(secp256k1_fe *r, int m) {
-    VERIFY_CHECK(m >= 0);
-    VERIFY_CHECK(m <= 2048);
+static void secp256k1_fe_impl_get_bounds(secp256k1_fe *r, int m) {
    r->n[0] = 0x3FFFFFFUL * 2 * m;
    r->n[1] = 0x3FFFFFFUL * 2 * m;
    r->n[2] = 0x3FFFFFFUL * 2 * m;
@ -51,11 +49,6 @@ static void secp256k1_fe_get_bounds(secp256k1_fe *r, int m) {
    r->n[7] = 0x3FFFFFFUL * 2 * m;
    r->n[8] = 0x3FFFFFFUL * 2 * m;
    r->n[9] = 0x03FFFFFUL * 2 * m;
-#ifdef VERIFY
-    r->magnitude = m;
-    r->normalized = (m == 0);
-    secp256k1_fe_verify(r);
-#endif
 }

 static void secp256k1_fe_impl_normalize(secp256k1_fe *r) {
--- a/src/field_5x52_impl.h
+++ b/src/field_5x52_impl.h
@ -37,19 +37,12 @@ static void secp256k1_fe_impl_verify(const secp256k1_fe *a) {
 }
 #endif

-static void secp256k1_fe_get_bounds(secp256k1_fe *r, int m) {
-    VERIFY_CHECK(m >= 0);
-    VERIFY_CHECK(m <= 2048);
+static void secp256k1_fe_impl_get_bounds(secp256k1_fe *r, int m) {
    r->n[0] = 0xFFFFFFFFFFFFFULL * 2 * m;
    r->n[1] = 0xFFFFFFFFFFFFFULL * 2 * m;
    r->n[2] = 0xFFFFFFFFFFFFFULL * 2 * m;
    r->n[3] = 0xFFFFFFFFFFFFFULL * 2 * m;
    r->n[4] = 0x0FFFFFFFFFFFFULL * 2 * m;
-#ifdef VERIFY
-    r->magnitude = m;
-    r->normalized = (m == 0);
-    secp256k1_fe_verify(r);
-#endif
 }

 static void secp256k1_fe_impl_normalize(secp256k1_fe *r) {
--- a/src/field_impl.h
+++ b/src/field_impl.h
@ -373,6 +373,17 @@ SECP256K1_INLINE static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256
    VERIFY_CHECK(secp256k1_fe_normalizes_to_zero(r) == input_is_zero);
    secp256k1_fe_verify(r);
 }
+
+static void secp256k1_fe_impl_get_bounds(secp256k1_fe* r, int m);
+SECP256K1_INLINE static void secp256k1_fe_get_bounds(secp256k1_fe* r, int m) {
+    VERIFY_CHECK(m >= 0);
+    VERIFY_CHECK(m <= 32);
+    secp256k1_fe_impl_get_bounds(r, m);
+    r->magnitude = m;
+    r->normalized = (m == 0);
+    secp256k1_fe_verify(r);
+}
+
 #endif /* defined(VERIFY) */

 #endif /* SECP256K1_FIELD_IMPL_H */