Abstract out verify logic for fe_normalize_weak

bitcoin-core · May 11, 2023 · e28b51f · e28b51f
1 parent b6b6f9c
commit e28b51f
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 13 deletions.
diff --git a/src/field.h b/src/field.h
@@ -76,6 +76,7 @@ static const secp256k1_fe secp256k1_const_beta = SECP256K1_FE_CONST(
  * internal field implementation, to avoid the potential overhead of a
  * function call (even though presumably inlinable). */
 #  define secp256k1_fe_normalize secp256k1_fe_impl_normalize
+#  define secp256k1_fe_normalize_weak secp256k1_fe_impl_normalize_weak
 #endif /* !defined(VERIFY) */
 
 /** Normalize a field element.
@@ -85,7 +86,11 @@ static const secp256k1_fe secp256k1_const_beta = SECP256K1_FE_CONST(
  */
 static void secp256k1_fe_normalize(secp256k1_fe *r);
 
-/** Weakly normalize a field element: reduce its magnitude to 1, but don't fully normalize. */
+/** Give a field element magnitude 1.
+ *
+ * On input, r must be a valid field element.
+ * On output, r represents the same value but has magnitude=1. Normalized is unchanged.
+ */
 static void secp256k1_fe_normalize_weak(secp256k1_fe *r);
 
 /** Normalize a field element, without constant-time guarantee. */

diff --git a/src/field_10x26_impl.h b/src/field_10x26_impl.h
@@ -107,7 +107,7 @@ static void secp256k1_fe_impl_normalize(secp256k1_fe *r) {
     r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9;
 }
 
-static void secp256k1_fe_normalize_weak(secp256k1_fe *r) {
+static void secp256k1_fe_impl_normalize_weak(secp256k1_fe *r) {
     uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4],
              t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9];
 
@@ -131,11 +131,6 @@ static void secp256k1_fe_normalize_weak(secp256k1_fe *r) {
 
     r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4;
     r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9;
-
-#ifdef VERIFY
-    r->magnitude = 1;
-    secp256k1_fe_verify(r);
-#endif
 }
 
 static void secp256k1_fe_normalize_var(secp256k1_fe *r) {

diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h
@@ -89,7 +89,7 @@ static void secp256k1_fe_impl_normalize(secp256k1_fe *r) {
     r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4;
 }
 
-static void secp256k1_fe_normalize_weak(secp256k1_fe *r) {
+static void secp256k1_fe_impl_normalize_weak(secp256k1_fe *r) {
     uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4];
 
     /* Reduce t4 at the start so there will be at most a single carry from the first pass */
@@ -106,11 +106,6 @@ static void secp256k1_fe_normalize_weak(secp256k1_fe *r) {
     VERIFY_CHECK(t4 >> 49 == 0);
 
     r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4;
-
-#ifdef VERIFY
-    r->magnitude = 1;
-    secp256k1_fe_verify(r);
-#endif
 }
 
 static void secp256k1_fe_normalize_var(secp256k1_fe *r) {

diff --git a/src/field_impl.h b/src/field_impl.h
@@ -156,6 +156,14 @@ SECP256K1_INLINE static void secp256k1_fe_normalize(secp256k1_fe *r) {
     r->normalized = 1;
     secp256k1_fe_verify(r);
 }
+
+static void secp256k1_fe_impl_normalize_weak(secp256k1_fe *r);
+SECP256K1_INLINE static void secp256k1_fe_normalize_weak(secp256k1_fe *r) {
+    secp256k1_fe_verify(r);
+    secp256k1_fe_impl_normalize_weak(r);
+    r->magnitude = 1;
+    secp256k1_fe_verify(r);
+}
 #endif /* defined(VERIFY) */
 
 #endif /* SECP256K1_FIELD_IMPL_H */