From 4e9661fc426c6068b2472f52a772c312bc26acc9 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@gmail.com>
Date: Sun, 5 Dec 2021 16:19:52 +0700
Subject: [PATCH] Add _fe_verify_magnitude (no-op unless VERIFY is enabled)

Co-authored-by: Tim Ruffing <crypto@timruffing.de>
---
 src/field.h      | 3 +++
 src/field_impl.h | 7 +++++++
 2 files changed, 10 insertions(+)

diff --git a/src/field.h b/src/field.h
index bb99f948ef..c1775912f8 100644
--- a/src/field.h
+++ b/src/field.h
@@ -352,4 +352,7 @@ static int secp256k1_fe_is_square_var(const secp256k1_fe *a);
 /** Check invariants on a field element (no-op unless VERIFY is enabled). */
 static void secp256k1_fe_verify(const secp256k1_fe *a);
 
+/** Check that magnitude of a is at most m (no-op unless VERIFY is enabled). */
+static void secp256k1_fe_verify_magnitude(const secp256k1_fe *a, int m);
+
 #endif /* SECP256K1_FIELD_H */
diff --git a/src/field_impl.h b/src/field_impl.h
index 7f18ebdc94..bd3767b15c 100644
--- a/src/field_impl.h
+++ b/src/field_impl.h
@@ -159,6 +159,7 @@ static int secp256k1_fe_sqrt(secp256k1_fe * SECP256K1_RESTRICT r, const secp256k
 
 #ifndef VERIFY
 static void secp256k1_fe_verify(const secp256k1_fe *a) { (void)a; }
+static void secp256k1_fe_verify_magnitude(const secp256k1_fe *a, int m) { (void)a; (void)m; }
 #else
 static void secp256k1_fe_impl_verify(const secp256k1_fe *a);
 static void secp256k1_fe_verify(const secp256k1_fe *a) {
@@ -172,6 +173,12 @@ static void secp256k1_fe_verify(const secp256k1_fe *a) {
     secp256k1_fe_impl_verify(a);
 }
 
+static void secp256k1_fe_verify_magnitude(const secp256k1_fe *a, int m) {
+    VERIFY_CHECK(m >= 0);
+    VERIFY_CHECK(m <= 32);
+    VERIFY_CHECK(a->magnitude <= m);
+}
+
 static void secp256k1_fe_impl_normalize(secp256k1_fe *r);
 SECP256K1_INLINE static void secp256k1_fe_normalize(secp256k1_fe *r) {
     secp256k1_fe_verify(r);