From e179e651cbb20031905e01f37596e20ec2cb788a Mon Sep 17 00:00:00 2001 From: Pieter Wuille Date: Fri, 28 Jan 2022 18:36:13 -0500 Subject: [PATCH] Abstract out verify logic for fe_add --- src/field.h | 9 ++++++++- src/field_10x26_impl.h | 8 +------- src/field_5x52_impl.h | 8 +------- src/field_impl.h | 11 +++++++++++ 4 files changed, 21 insertions(+), 15 deletions(-) diff --git a/src/field.h b/src/field.h index 2c1e9d2e1addc..988bc6f39006f 100644 --- a/src/field.h +++ b/src/field.h @@ -89,6 +89,7 @@ static const secp256k1_fe secp256k1_const_beta = SECP256K1_FE_CONST( # define secp256k1_fe_get_b32 secp256k1_fe_impl_get_b32 # define secp256k1_fe_negate secp256k1_fe_impl_negate # define secp256k1_fe_mul_int secp256k1_fe_impl_mul_int +# define secp256k1_fe_add secp256k1_fe_impl_add #endif /* !defined(VERIFY) */ /** Normalize a field element. @@ -215,7 +216,13 @@ static void secp256k1_fe_add_int(secp256k1_fe *r, int a); */ static void secp256k1_fe_mul_int(secp256k1_fe *r, int a); -/** Adds a field element to another. The result has the sum of the inputs' magnitudes as magnitude. */ +/** Increment a field element by another. + * + * On input, r and a must be valid field elements, not necessarily normalized. + * The sum of their magnitudes must not exceed 32. + * Performs {r += a}. + * On output, r will not be normalized, and will have magnitude incremented by a's. + */ static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a); /** Sets a field element to be the product of two others. Requires the inputs' magnitudes to be at most 8. diff --git a/src/field_10x26_impl.h b/src/field_10x26_impl.h index f8c8ddb5b4da0..eefd4da697919 100644 --- a/src/field_10x26_impl.h +++ b/src/field_10x26_impl.h @@ -383,8 +383,7 @@ SECP256K1_INLINE static void secp256k1_fe_impl_mul_int(secp256k1_fe *r, int a) { r->n[9] *= a; } -SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a) { - secp256k1_fe_verify(a); +SECP256K1_INLINE static void secp256k1_fe_impl_add(secp256k1_fe *r, const secp256k1_fe *a) { r->n[0] += a->n[0]; r->n[1] += a->n[1]; r->n[2] += a->n[2]; @@ -395,11 +394,6 @@ SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_f r->n[7] += a->n[7]; r->n[8] += a->n[8]; r->n[9] += a->n[9]; -#ifdef VERIFY - r->magnitude += a->magnitude; - r->normalized = 0; - secp256k1_fe_verify(r); -#endif } SECP256K1_INLINE static void secp256k1_fe_add_int(secp256k1_fe *r, int a) { diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h index f5091373405bf..8bd084ff27985 100644 --- a/src/field_5x52_impl.h +++ b/src/field_5x52_impl.h @@ -353,18 +353,12 @@ SECP256K1_INLINE static void secp256k1_fe_add_int(secp256k1_fe *r, int a) { #endif } -SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a) { - secp256k1_fe_verify(a); +SECP256K1_INLINE static void secp256k1_fe_impl_add(secp256k1_fe *r, const secp256k1_fe *a) { r->n[0] += a->n[0]; r->n[1] += a->n[1]; r->n[2] += a->n[2]; r->n[3] += a->n[3]; r->n[4] += a->n[4]; -#ifdef VERIFY - r->magnitude += a->magnitude; - r->normalized = 0; - secp256k1_fe_verify(r); -#endif } static void secp256k1_fe_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe * SECP256K1_RESTRICT b) { diff --git a/src/field_impl.h b/src/field_impl.h index 8bd18c61ab09a..172b846d89e45 100644 --- a/src/field_impl.h +++ b/src/field_impl.h @@ -275,6 +275,17 @@ SECP256K1_INLINE static void secp256k1_fe_mul_int(secp256k1_fe *r, int a) { r->normalized = 0; secp256k1_fe_verify(r); } + +static void secp256k1_fe_impl_add(secp256k1_fe *r, const secp256k1_fe *a); +SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a) { + secp256k1_fe_verify(r); + secp256k1_fe_verify(a); + VERIFY_CHECK(r->magnitude + a->magnitude <= 32); + secp256k1_fe_impl_add(r, a); + r->magnitude += a->magnitude; + r->normalized = 0; + secp256k1_fe_verify(r); +} #endif /* defined(VERIFY) */ #endif /* SECP256K1_FIELD_IMPL_H */