From e28b51f52254b93805350354567a944ca4d79ae2 Mon Sep 17 00:00:00 2001 From: Pieter Wuille Date: Fri, 28 Jan 2022 17:54:22 -0500 Subject: [PATCH] Abstract out verify logic for fe_normalize_weak --- src/field.h | 7 ++++++- src/field_10x26_impl.h | 7 +------ src/field_5x52_impl.h | 7 +------ src/field_impl.h | 8 ++++++++ 4 files changed, 16 insertions(+), 13 deletions(-) diff --git a/src/field.h b/src/field.h index 161df2b3ed..ba2d57bba9 100644 --- a/src/field.h +++ b/src/field.h @@ -76,6 +76,7 @@ static const secp256k1_fe secp256k1_const_beta = SECP256K1_FE_CONST( * internal field implementation, to avoid the potential overhead of a * function call (even though presumably inlinable). */ # define secp256k1_fe_normalize secp256k1_fe_impl_normalize +# define secp256k1_fe_normalize_weak secp256k1_fe_impl_normalize_weak #endif /* !defined(VERIFY) */ /** Normalize a field element. @@ -85,7 +86,11 @@ static const secp256k1_fe secp256k1_const_beta = SECP256K1_FE_CONST( */ static void secp256k1_fe_normalize(secp256k1_fe *r); -/** Weakly normalize a field element: reduce its magnitude to 1, but don't fully normalize. */ +/** Give a field element magnitude 1. + * + * On input, r must be a valid field element. + * On output, r represents the same value but has magnitude=1. Normalized is unchanged. + */ static void secp256k1_fe_normalize_weak(secp256k1_fe *r); /** Normalize a field element, without constant-time guarantee. */ diff --git a/src/field_10x26_impl.h b/src/field_10x26_impl.h index 537000a8d1..b76111641c 100644 --- a/src/field_10x26_impl.h +++ b/src/field_10x26_impl.h @@ -107,7 +107,7 @@ static void secp256k1_fe_impl_normalize(secp256k1_fe *r) { r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9; } -static void secp256k1_fe_normalize_weak(secp256k1_fe *r) { +static void secp256k1_fe_impl_normalize_weak(secp256k1_fe *r) { uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; @@ -131,11 +131,6 @@ static void secp256k1_fe_normalize_weak(secp256k1_fe *r) { r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9; - -#ifdef VERIFY - r->magnitude = 1; - secp256k1_fe_verify(r); -#endif } static void secp256k1_fe_normalize_var(secp256k1_fe *r) { diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h index 820bc3466f..09f3d74900 100644 --- a/src/field_5x52_impl.h +++ b/src/field_5x52_impl.h @@ -89,7 +89,7 @@ static void secp256k1_fe_impl_normalize(secp256k1_fe *r) { r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; } -static void secp256k1_fe_normalize_weak(secp256k1_fe *r) { +static void secp256k1_fe_impl_normalize_weak(secp256k1_fe *r) { uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; /* Reduce t4 at the start so there will be at most a single carry from the first pass */ @@ -106,11 +106,6 @@ static void secp256k1_fe_normalize_weak(secp256k1_fe *r) { VERIFY_CHECK(t4 >> 49 == 0); r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; - -#ifdef VERIFY - r->magnitude = 1; - secp256k1_fe_verify(r); -#endif } static void secp256k1_fe_normalize_var(secp256k1_fe *r) { diff --git a/src/field_impl.h b/src/field_impl.h index f3341db0e4..3928e417c6 100644 --- a/src/field_impl.h +++ b/src/field_impl.h @@ -156,6 +156,14 @@ SECP256K1_INLINE static void secp256k1_fe_normalize(secp256k1_fe *r) { r->normalized = 1; secp256k1_fe_verify(r); } + +static void secp256k1_fe_impl_normalize_weak(secp256k1_fe *r); +SECP256K1_INLINE static void secp256k1_fe_normalize_weak(secp256k1_fe *r) { + secp256k1_fe_verify(r); + secp256k1_fe_impl_normalize_weak(r); + r->magnitude = 1; + secp256k1_fe_verify(r); +} #endif /* defined(VERIFY) */ #endif /* SECP256K1_FIELD_IMPL_H */