From d49011f54c2b31807158bdf06364f331558cccc7 Mon Sep 17 00:00:00 2001 From: Tim Ruffing Date: Wed, 12 Jun 2019 15:49:28 +0200 Subject: [PATCH 1/2] Make _set_fe_int( . , 0 ) set magnitude to 0 --- src/field.h | 7 ++++--- src/field_10x26_impl.h | 2 +- src/field_5x52_impl.h | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/field.h b/src/field.h index 854aaebab..4ccadebf9 100644 --- a/src/field.h +++ b/src/field.h @@ -14,8 +14,8 @@ * - Each field element can be normalized or not. * - Each field element has a magnitude, which represents how far away * its representation is away from normalization. Normalized elements - * always have a magnitude of 1, but a magnitude of 1 doesn't imply - * normality. + * always have a magnitude of 0 or 1, but a magnitude of 1 doesn't + * imply normality. */ #if defined HAVE_CONFIG_H @@ -50,7 +50,8 @@ static int secp256k1_fe_normalizes_to_zero(const secp256k1_fe *r); * without constant-time guarantee. */ static int secp256k1_fe_normalizes_to_zero_var(const secp256k1_fe *r); -/** Set a field element equal to a small integer. Resulting field element is normalized. */ +/** Set a field element equal to a small integer. Resulting field element is normalized; it has + * magnitude 0 if a == 0, and magnitude 1 otherwise. */ static void secp256k1_fe_set_int(secp256k1_fe *r, int a); /** Sets a field element equal to zero, initializing all fields. */ diff --git a/src/field_10x26_impl.h b/src/field_10x26_impl.h index 724474906..cf6456e82 100644 --- a/src/field_10x26_impl.h +++ b/src/field_10x26_impl.h @@ -267,7 +267,7 @@ SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { r->n[0] = a; r->n[1] = r->n[2] = r->n[3] = r->n[4] = r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0; #ifdef VERIFY - r->magnitude = 1; + r->magnitude = (a != 0); r->normalized = 1; secp256k1_fe_verify(r); #endif diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h index ed52297e9..afea1c48e 100644 --- a/src/field_5x52_impl.h +++ b/src/field_5x52_impl.h @@ -230,7 +230,7 @@ SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { r->n[0] = a; r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0; #ifdef VERIFY - r->magnitude = 1; + r->magnitude = (a != 0); r->normalized = 1; secp256k1_fe_verify(r); #endif From 2888640132eb64ed30a8a208931f27447c3e0366 Mon Sep 17 00:00:00 2001 From: Russell O'Connor Date: Thu, 13 May 2021 10:40:50 -0400 Subject: [PATCH 2/2] VERIFY_CHECK precondition for secp256k1_fe_set_int. --- src/field.h | 5 +++-- src/field_10x26_impl.h | 1 + src/field_5x52_impl.h | 1 + 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/field.h b/src/field.h index 4ccadebf9..55679a2fc 100644 --- a/src/field.h +++ b/src/field.h @@ -50,8 +50,9 @@ static int secp256k1_fe_normalizes_to_zero(const secp256k1_fe *r); * without constant-time guarantee. */ static int secp256k1_fe_normalizes_to_zero_var(const secp256k1_fe *r); -/** Set a field element equal to a small integer. Resulting field element is normalized; it has - * magnitude 0 if a == 0, and magnitude 1 otherwise. */ +/** Set a field element equal to a small (not greater than 0x7FFF), non-negative integer. + * Resulting field element is normalized; it has magnitude 0 if a == 0, and magnitude 1 otherwise. + */ static void secp256k1_fe_set_int(secp256k1_fe *r, int a); /** Sets a field element equal to zero, initializing all fields. */ diff --git a/src/field_10x26_impl.h b/src/field_10x26_impl.h index cf6456e82..4363e727e 100644 --- a/src/field_10x26_impl.h +++ b/src/field_10x26_impl.h @@ -264,6 +264,7 @@ static int secp256k1_fe_normalizes_to_zero_var(const secp256k1_fe *r) { } SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { + VERIFY_CHECK(0 <= a && a <= 0x7FFF); r->n[0] = a; r->n[1] = r->n[2] = r->n[3] = r->n[4] = r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0; #ifdef VERIFY diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h index afea1c48e..b56bdd135 100644 --- a/src/field_5x52_impl.h +++ b/src/field_5x52_impl.h @@ -227,6 +227,7 @@ static int secp256k1_fe_normalizes_to_zero_var(const secp256k1_fe *r) { } SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { + VERIFY_CHECK(0 <= a && a <= 0x7FFF); r->n[0] = a; r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0; #ifdef VERIFY