Abstract out verify logic for fe_get_bounds

bitcoin-core · May 11, 2023 · 283cd80 · 283cd80
1 parent d5aa2f0
commit 283cd80
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 18 deletions.
diff --git a/src/field.h b/src/field.h
@@ -97,6 +97,7 @@ static const secp256k1_fe secp256k1_const_beta = SECP256K1_FE_CONST(
 #  define secp256k1_fe_from_storage secp256k1_fe_impl_from_storage
 #  define secp256k1_fe_inv secp256k1_fe_impl_inv
 #  define secp256k1_fe_inv_var secp256k1_fe_impl_inv_var
+#  define secp256k1_fe_get_bounds secp256k1_fe_impl_get_bounds
 #endif /* !defined(VERIFY) */
 
 /** Normalize a field element.
@@ -306,8 +307,9 @@ static void secp256k1_fe_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag);
  *  The output is not guaranteed to be normalized, regardless of the input. */
 static void secp256k1_fe_half(secp256k1_fe *r);
 
-/** Sets each limb of 'r' to its upper bound at magnitude 'm'. The output will also have its
- *  magnitude set to 'm' and is normalized if (and only if) 'm' is zero. */
+/** Sets r to a field element with magnitude m, normalized if (and only if) m==0.
+ *  The value is chosen so that it is likely to trigger edge cases related to
+ *  internal overflows. */
 static void secp256k1_fe_get_bounds(secp256k1_fe *r, int m);
 
 /** Determine whether a is a square (modulo p). */

diff --git a/src/field_10x26_impl.h b/src/field_10x26_impl.h
@@ -38,9 +38,7 @@ static void secp256k1_fe_impl_verify(const secp256k1_fe *a) {
 }
 #endif
 
-static void secp256k1_fe_get_bounds(secp256k1_fe *r, int m) {
-    VERIFY_CHECK(m >= 0);
-    VERIFY_CHECK(m <= 2048);
+static void secp256k1_fe_impl_get_bounds(secp256k1_fe *r, int m) {
     r->n[0] = 0x3FFFFFFUL * 2 * m;
     r->n[1] = 0x3FFFFFFUL * 2 * m;
     r->n[2] = 0x3FFFFFFUL * 2 * m;
@@ -51,11 +49,6 @@ static void secp256k1_fe_get_bounds(secp256k1_fe *r, int m) {
     r->n[7] = 0x3FFFFFFUL * 2 * m;
     r->n[8] = 0x3FFFFFFUL * 2 * m;
     r->n[9] = 0x03FFFFFUL * 2 * m;
-#ifdef VERIFY
-    r->magnitude = m;
-    r->normalized = (m == 0);
-    secp256k1_fe_verify(r);
-#endif
 }
 
 static void secp256k1_fe_impl_normalize(secp256k1_fe *r) {

diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h
@@ -37,19 +37,12 @@ static void secp256k1_fe_impl_verify(const secp256k1_fe *a) {
 }
 #endif
 
-static void secp256k1_fe_get_bounds(secp256k1_fe *r, int m) {
-    VERIFY_CHECK(m >= 0);
-    VERIFY_CHECK(m <= 2048);
+static void secp256k1_fe_impl_get_bounds(secp256k1_fe *r, int m) {
     r->n[0] = 0xFFFFFFFFFFFFFULL * 2 * m;
     r->n[1] = 0xFFFFFFFFFFFFFULL * 2 * m;
     r->n[2] = 0xFFFFFFFFFFFFFULL * 2 * m;
     r->n[3] = 0xFFFFFFFFFFFFFULL * 2 * m;
     r->n[4] = 0x0FFFFFFFFFFFFULL * 2 * m;
-#ifdef VERIFY
-    r->magnitude = m;
-    r->normalized = (m == 0);
-    secp256k1_fe_verify(r);
-#endif
 }
 
 static void secp256k1_fe_impl_normalize(secp256k1_fe *r) {

diff --git a/src/field_impl.h b/src/field_impl.h
@@ -373,6 +373,17 @@ SECP256K1_INLINE static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256
     VERIFY_CHECK(secp256k1_fe_normalizes_to_zero(r) == input_is_zero);
     secp256k1_fe_verify(r);
 }
+
+static void secp256k1_fe_impl_get_bounds(secp256k1_fe* r, int m);
+SECP256K1_INLINE static void secp256k1_fe_get_bounds(secp256k1_fe* r, int m) {
+    VERIFY_CHECK(m >= 0);
+    VERIFY_CHECK(m <= 32);
+    secp256k1_fe_impl_get_bounds(r, m);
+    r->magnitude = m;
+    r->normalized = (m == 0);
+    secp256k1_fe_verify(r);
+}
+
 #endif /* defined(VERIFY) */
 
 #endif /* SECP256K1_FIELD_IMPL_H */