Skip to content

Commit 5454534

Browse files
sipasipa
committed
Introduce VERIFY_CHECK_ONLY
1 parent 81951ac commit 5454534

7 files changed

+110
-151
lines changed

src/field_10x26_impl.h

+2-6
Original file line numberDiff line numberDiff line change
@@ -1134,9 +1134,7 @@ static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r,
11341134
}
11351135

11361136
static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a) {
1137-
#ifdef VERIFY
1138-
VERIFY_CHECK(a->normalized);
1139-
#endif
1137+
VERIFY_CHECK_ONLY(a->normalized);
11401138
r->n[0] = a->n[0] | a->n[1] << 26;
11411139
r->n[1] = a->n[1] >> 6 | a->n[2] << 20;
11421140
r->n[2] = a->n[2] >> 12 | a->n[3] << 14;
@@ -1205,9 +1203,7 @@ static void secp256k1_fe_to_signed30(secp256k1_modinv32_signed30 *r, const secp2
12051203
const uint64_t a0 = a->n[0], a1 = a->n[1], a2 = a->n[2], a3 = a->n[3], a4 = a->n[4],
12061204
a5 = a->n[5], a6 = a->n[6], a7 = a->n[7], a8 = a->n[8], a9 = a->n[9];
12071205

1208-
#ifdef VERIFY
1209-
VERIFY_CHECK(a->normalized);
1210-
#endif
1206+
VERIFY_CHECK_ONLY(a->normalized);
12111207

12121208
r->v[0] = (a0 | a1 << 26) & M30;
12131209
r->v[1] = (a1 >> 4 | a2 << 22) & M30;

src/field_5x52_impl.h

+2-6
Original file line numberDiff line numberDiff line change
@@ -477,9 +477,7 @@ static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r,
477477
}
478478

479479
static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a) {
480-
#ifdef VERIFY
481-
VERIFY_CHECK(a->normalized);
482-
#endif
480+
VERIFY_CHECK_ONLY(a->normalized);
483481
r->n[0] = a->n[0] | a->n[1] << 52;
484482
r->n[1] = a->n[1] >> 12 | a->n[2] << 40;
485483
r->n[2] = a->n[2] >> 24 | a->n[3] << 28;
@@ -528,9 +526,7 @@ static void secp256k1_fe_to_signed62(secp256k1_modinv64_signed62 *r, const secp2
528526
const uint64_t M62 = UINT64_MAX >> 2;
529527
const uint64_t a0 = a->n[0], a1 = a->n[1], a2 = a->n[2], a3 = a->n[3], a4 = a->n[4];
530528

531-
#ifdef VERIFY
532-
VERIFY_CHECK(a->normalized);
533-
#endif
529+
VERIFY_CHECK_ONLY(a->normalized);
534530

535531
r->v[0] = (a0 | a1 << 52) & M62;
536532
r->v[1] = (a1 >> 10 | a2 << 42) & M62;

src/modinv32_impl.h

+43-61
Original file line numberDiff line numberDiff line change
@@ -73,8 +73,8 @@ static void secp256k1_modinv32_normalize_30(secp256k1_modinv32_signed30 *r, int3
7373
VERIFY_CHECK(r->v[i] >= -M30);
7474
VERIFY_CHECK(r->v[i] <= M30);
7575
}
76-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(r, 9, &modinfo->modulus, -2) > 0); /* r > -2*modulus */
77-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(r, 9, &modinfo->modulus, 1) < 0); /* r < modulus */
76+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(r, 9, &modinfo->modulus, -2) > 0); /* r > -2*modulus */
77+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(r, 9, &modinfo->modulus, 1) < 0); /* r < modulus */
7878
#endif
7979

8080
/* In a first step, add the modulus if the input is negative, and then negate if requested.
@@ -144,7 +144,6 @@ static void secp256k1_modinv32_normalize_30(secp256k1_modinv32_signed30 *r, int3
144144
r->v[7] = r7;
145145
r->v[8] = r8;
146146

147-
#ifdef VERIFY
148147
VERIFY_CHECK(r0 >> 30 == 0);
149148
VERIFY_CHECK(r1 >> 30 == 0);
150149
VERIFY_CHECK(r2 >> 30 == 0);
@@ -154,9 +153,8 @@ static void secp256k1_modinv32_normalize_30(secp256k1_modinv32_signed30 *r, int3
154153
VERIFY_CHECK(r6 >> 30 == 0);
155154
VERIFY_CHECK(r7 >> 30 == 0);
156155
VERIFY_CHECK(r8 >> 30 == 0);
157-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(r, 9, &modinfo->modulus, 0) >= 0); /* r >= 0 */
158-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(r, 9, &modinfo->modulus, 1) < 0); /* r < modulus */
159-
#endif
156+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(r, 9, &modinfo->modulus, 0) >= 0); /* r >= 0 */
157+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(r, 9, &modinfo->modulus, 1) < 0); /* r < modulus */
160158
}
161159

162160
/* Data type for transition matrices (see section 3 of explanation).
@@ -330,16 +328,14 @@ static void secp256k1_modinv32_update_de_30(secp256k1_modinv32_signed30 *d, secp
330328
int32_t di, ei, md, me, sd, se;
331329
int64_t cd, ce;
332330
int i;
333-
#ifdef VERIFY
334-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, -2) > 0); /* d > -2*modulus */
335-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, 1) < 0); /* d < modulus */
336-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, -2) > 0); /* e > -2*modulus */
337-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, 1) < 0); /* e < modulus */
331+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, -2) > 0); /* d > -2*modulus */
332+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, 1) < 0); /* d < modulus */
333+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, -2) > 0); /* e > -2*modulus */
334+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, 1) < 0); /* e < modulus */
338335
VERIFY_CHECK((labs(u) + labs(v)) >= 0); /* |u|+|v| doesn't overflow */
339336
VERIFY_CHECK((labs(q) + labs(r)) >= 0); /* |q|+|r| doesn't overflow */
340337
VERIFY_CHECK((labs(u) + labs(v)) <= M30 + 1); /* |u|+|v| <= 2^30 */
341338
VERIFY_CHECK((labs(q) + labs(r)) <= M30 + 1); /* |q|+|r| <= 2^30 */
342-
#endif
343339
/* [md,me] start as zero; plus [u,q] if d is negative; plus [v,r] if e is negative. */
344340
sd = d->v[8] >> 31;
345341
se = e->v[8] >> 31;
@@ -374,12 +370,10 @@ static void secp256k1_modinv32_update_de_30(secp256k1_modinv32_signed30 *d, secp
374370
/* What remains is limb 9 of t*[d,e]+modulus*[md,me]; store it as output limb 8. */
375371
d->v[8] = (int32_t)cd;
376372
e->v[8] = (int32_t)ce;
377-
#ifdef VERIFY
378-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, -2) > 0); /* d > -2*modulus */
379-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, 1) < 0); /* d < modulus */
380-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, -2) > 0); /* e > -2*modulus */
381-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, 1) < 0); /* e < modulus */
382-
#endif
373+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, -2) > 0); /* d > -2*modulus */
374+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, 1) < 0); /* d < modulus */
375+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, -2) > 0); /* e > -2*modulus */
376+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, 1) < 0); /* e < modulus */
383377
}
384378

385379
/* Compute (t/2^30) * [f, g], where t is a transition matrix for 30 divsteps.
@@ -469,35 +463,29 @@ static void secp256k1_modinv32(secp256k1_modinv32_signed30 *x, const secp256k1_m
469463
/* Update d,e using that transition matrix. */
470464
secp256k1_modinv32_update_de_30(&d, &e, &t, modinfo);
471465
/* Update f,g using that transition matrix. */
472-
#ifdef VERIFY
473-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, -1) > 0); /* f > -modulus */
474-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, 1) <= 0); /* f <= modulus */
475-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, 9, &modinfo->modulus, -1) > 0); /* g > -modulus */
476-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, 9, &modinfo->modulus, 1) < 0); /* g < modulus */
477-
#endif
466+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, -1) > 0); /* f > -modulus */
467+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, 1) <= 0); /* f <= modulus */
468+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&g, 9, &modinfo->modulus, -1) > 0); /* g > -modulus */
469+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&g, 9, &modinfo->modulus, 1) < 0); /* g < modulus */
478470
secp256k1_modinv32_update_fg_30(&f, &g, &t);
479-
#ifdef VERIFY
480-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, -1) > 0); /* f > -modulus */
481-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, 1) <= 0); /* f <= modulus */
482-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, 9, &modinfo->modulus, -1) > 0); /* g > -modulus */
483-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, 9, &modinfo->modulus, 1) < 0); /* g < modulus */
484-
#endif
471+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, -1) > 0); /* f > -modulus */
472+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, 1) <= 0); /* f <= modulus */
473+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&g, 9, &modinfo->modulus, -1) > 0); /* g > -modulus */
474+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&g, 9, &modinfo->modulus, 1) < 0); /* g < modulus */
485475
}
486476

487477
/* At this point sufficient iterations have been performed that g must have reached 0
488478
* and (if g was not originally 0) f must now equal +/- GCD of the initial f, g
489479
* values i.e. +/- 1, and d now contains +/- the modular inverse. */
490-
#ifdef VERIFY
491480
/* g == 0 */
492-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, 9, &SECP256K1_SIGNED30_ONE, 0) == 0);
481+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&g, 9, &SECP256K1_SIGNED30_ONE, 0) == 0);
493482
/* |f| == 1, or (x == 0 and d == 0 and |f|=modulus) */
494-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, 9, &SECP256K1_SIGNED30_ONE, -1) == 0 ||
495-
secp256k1_modinv32_mul_cmp_30(&f, 9, &SECP256K1_SIGNED30_ONE, 1) == 0 ||
496-
(secp256k1_modinv32_mul_cmp_30(x, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 &&
497-
secp256k1_modinv32_mul_cmp_30(&d, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 &&
498-
(secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, 1) == 0 ||
499-
secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, -1) == 0)));
500-
#endif
483+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&f, 9, &SECP256K1_SIGNED30_ONE, -1) == 0 ||
484+
secp256k1_modinv32_mul_cmp_30(&f, 9, &SECP256K1_SIGNED30_ONE, 1) == 0 ||
485+
(secp256k1_modinv32_mul_cmp_30(x, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 &&
486+
secp256k1_modinv32_mul_cmp_30(&d, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 &&
487+
(secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, 1) == 0 ||
488+
secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, -1) == 0)));
501489

502490
/* Optionally negate d, normalize to [0,modulus), and return it. */
503491
secp256k1_modinv32_normalize_30(&d, f.v[8], modinfo);
@@ -526,12 +514,10 @@ static void secp256k1_modinv32_var(secp256k1_modinv32_signed30 *x, const secp256
526514
/* Update d,e using that transition matrix. */
527515
secp256k1_modinv32_update_de_30(&d, &e, &t, modinfo);
528516
/* Update f,g using that transition matrix. */
529-
#ifdef VERIFY
530-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */
531-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */
532-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, -1) > 0); /* g > -modulus */
533-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */
534-
#endif
517+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */
518+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */
519+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, -1) > 0); /* g > -modulus */
520+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */
535521
secp256k1_modinv32_update_fg_30_var(len, &f, &g, &t);
536522
/* If the bottom limb of g is 0, there is a chance g=0. */
537523
if (g.v[0] == 0) {
@@ -556,28 +542,24 @@ static void secp256k1_modinv32_var(secp256k1_modinv32_signed30 *x, const secp256
556542
g.v[len - 2] |= (uint32_t)gn << 30;
557543
--len;
558544
}
559-
#ifdef VERIFY
560-
VERIFY_CHECK(++i < 25); /* We should never need more than 25*30 = 750 divsteps */
561-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */
562-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */
563-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, -1) > 0); /* g > -modulus */
564-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */
565-
#endif
545+
VERIFY_CHECK_ONLY(++i < 25); /* We should never need more than 25*30 = 750 divsteps */
546+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */
547+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */
548+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, -1) > 0); /* g > -modulus */
549+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */
566550
}
567551

568552
/* At this point g is 0 and (if g was not originally 0) f must now equal +/- GCD of
569553
* the initial f, g values i.e. +/- 1, and d now contains +/- the modular inverse. */
570-
#ifdef VERIFY
571554
/* g == 0 */
572-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &SECP256K1_SIGNED30_ONE, 0) == 0);
555+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&g, len, &SECP256K1_SIGNED30_ONE, 0) == 0);
573556
/* |f| == 1, or (x == 0 and d == 0 and |f|=modulus) */
574-
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, len, &SECP256K1_SIGNED30_ONE, -1) == 0 ||
575-
secp256k1_modinv32_mul_cmp_30(&f, len, &SECP256K1_SIGNED30_ONE, 1) == 0 ||
576-
(secp256k1_modinv32_mul_cmp_30(x, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 &&
577-
secp256k1_modinv32_mul_cmp_30(&d, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 &&
578-
(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) == 0 ||
579-
secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, -1) == 0)));
580-
#endif
557+
VERIFY_CHECK_ONLY(secp256k1_modinv32_mul_cmp_30(&f, len, &SECP256K1_SIGNED30_ONE, -1) == 0 ||
558+
secp256k1_modinv32_mul_cmp_30(&f, len, &SECP256K1_SIGNED30_ONE, 1) == 0 ||
559+
(secp256k1_modinv32_mul_cmp_30(x, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 &&
560+
secp256k1_modinv32_mul_cmp_30(&d, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 &&
561+
(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) == 0 ||
562+
secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, -1) == 0)));
581563

582564
/* Optionally negate d, normalize to [0,modulus), and return it. */
583565
secp256k1_modinv32_normalize_30(&d, f.v[len - 1], modinfo);

0 commit comments

Comments
 (0)