add verification for scalars

secp256k1_scalar_verify checks that scalars are reduced mod the group order
2023-07-04 00:43:10 +05:30 · 2023-07-04 00:43:10 +05:30 · c7d0454932
commit c7d0454932
parent ad152151b0
2 changed files with 11 additions and 0 deletions
--- a/src/scalar.h
+++ b/src/scalar.h
@ -99,4 +99,7 @@ static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_
 /** If flag is true, set *r equal to *a; otherwise leave it. Constant-time.  Both *r and *a must be initialized.*/
 static void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag);

+/** Check invariants on a scalar (no-op unless VERIFY is enabled). */
+static void secp256k1_scalar_verify(const secp256k1_scalar *r);
+
 #endif /* SECP256K1_SCALAR_H */
--- a/src/scalar_impl.h
+++ b/src/scalar_impl.h
@ -33,6 +33,14 @@ static int secp256k1_scalar_set_b32_seckey(secp256k1_scalar *r, const unsigned c
    return (!overflow) & (!secp256k1_scalar_is_zero(r));
 }

+static void secp256k1_scalar_verify(const secp256k1_scalar *r) {
+#ifdef VERIFY
+    VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0);
+#endif
+
+    (void)r;
+}
+
 #if defined(EXHAUSTIVE_TEST_ORDER)
 /* Begin of section generated by sage/gen_exhaustive_groups.sage. */
 #  if EXHAUSTIVE_TEST_ORDER == 7