Initialize field elements when resulting in infinity

elichai · deadalnix · commit 13f2aeb050a2 · 2020-09-28T18:35:29.000+02:00
Summary: * Added test with additions resulting in infinity * Clear field elements when writing infinity This is a backport of secp256k1 [[bitcoin-core/secp256k1#699 | PR699]] Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, jasonbcox Reviewed By: #bitcoin_abc, jasonbcox Subscribers: jasonbcox Differential Revision: https://reviews.bitcoinabc.org/D7611
diff --git a/src/secp256k1/src/group_impl.h b/src/secp256k1/src/group_impl.h
@@ -399,7 +399,7 @@ static void secp256k1_gej_add_var(secp256k1_gej *r, const secp256k1_gej *a, cons
             if (rzr != NULL) {
                 secp256k1_fe_set_int(rzr, 0);
             }
-            r->infinity = 1;
+            secp256k1_gej_set_infinity(r);
         }
         return;
     }
@@ -449,7 +449,7 @@ static void secp256k1_gej_add_ge_var(secp256k1_gej *r, const secp256k1_gej *a, c
             if (rzr != NULL) {
                 secp256k1_fe_set_int(rzr, 0);
             }
-            r->infinity = 1;
+            secp256k1_gej_set_infinity(r);
         }
         return;
     }
@@ -508,7 +508,7 @@ static void secp256k1_gej_add_zinv_var(secp256k1_gej *r, const secp256k1_gej *a,
         if (secp256k1_fe_normalizes_to_zero_var(&i)) {
             secp256k1_gej_double_var(r, a, NULL);
         } else {
-            r->infinity = 1;
+            secp256k1_gej_set_infinity(r);
         }
         return;
     }
diff --git a/src/secp256k1/src/tests.c b/src/secp256k1/src/tests.c
@@ -2307,6 +2307,39 @@ void test_ge(void) {
     free(zinv);
 }
 
+
+void test_intialized_inf(void) {
+    secp256k1_ge p;
+    secp256k1_gej pj, npj, infj1, infj2, infj3;
+    secp256k1_fe zinv;
+
+    /* Test that adding P+(-P) results in a fully initalized infinity*/
+    random_group_element_test(&p);
+    secp256k1_gej_set_ge(&pj, &p);
+    secp256k1_gej_neg(&npj, &pj);
+
+    secp256k1_gej_add_var(&infj1, &pj, &npj, NULL);
+    CHECK(secp256k1_gej_is_infinity(&infj1));
+    CHECK(secp256k1_fe_is_zero(&infj1.x));
+    CHECK(secp256k1_fe_is_zero(&infj1.y));
+    CHECK(secp256k1_fe_is_zero(&infj1.z));
+
+    secp256k1_gej_add_ge_var(&infj2, &npj, &p, NULL);
+    CHECK(secp256k1_gej_is_infinity(&infj2));
+    CHECK(secp256k1_fe_is_zero(&infj2.x));
+    CHECK(secp256k1_fe_is_zero(&infj2.y));
+    CHECK(secp256k1_fe_is_zero(&infj2.z));
+
+    secp256k1_fe_set_int(&zinv, 1);
+    secp256k1_gej_add_zinv_var(&infj3, &npj, &p, &zinv);
+    CHECK(secp256k1_gej_is_infinity(&infj3));
+    CHECK(secp256k1_fe_is_zero(&infj3.x));
+    CHECK(secp256k1_fe_is_zero(&infj3.y));
+    CHECK(secp256k1_fe_is_zero(&infj3.z));
+
+
+}
+
 void test_add_neg_y_diff_x(void) {
     /* The point of this test is to check that we can add two points
      * whose y-coordinates are negatives of each other but whose x
@@ -2380,6 +2413,7 @@ void run_ge(void) {
         test_ge();
     }
     test_add_neg_y_diff_x();
+    test_intialized_inf();
 }
 
 void test_ec_combine(void) {

Original file line number	Diff line number	Diff line change
`@@ -399,7 +399,7 @@ static void secp256k1_gej_add_var(secp256k1_gej r, const secp256k1_gej a, cons`
`399`	`399`	`if (rzr != NULL) {`
`400`	`400`	`secp256k1_fe_set_int(rzr, 0);`
`401`	`401`	`}`
`402`		`- r->infinity = 1;`
	`402`	`+ secp256k1_gej_set_infinity(r);`
`403`	`403`	`}`
`404`	`404`	`return;`
`405`	`405`	`}`
`@@ -449,7 +449,7 @@ static void secp256k1_gej_add_ge_var(secp256k1_gej r, const secp256k1_gej a, c`
`449`	`449`	`if (rzr != NULL) {`
`450`	`450`	`secp256k1_fe_set_int(rzr, 0);`
`451`	`451`	`}`
`452`		`- r->infinity = 1;`
	`452`	`+ secp256k1_gej_set_infinity(r);`
`453`	`453`	`}`
`454`	`454`	`return;`
`455`	`455`	`}`
`@@ -508,7 +508,7 @@ static void secp256k1_gej_add_zinv_var(secp256k1_gej r, const secp256k1_gej a,`
`508`	`508`	`if (secp256k1_fe_normalizes_to_zero_var(&i)) {`
`509`	`509`	`secp256k1_gej_double_var(r, a, NULL);`
`510`	`510`	`} else {`
`511`		`- r->infinity = 1;`
	`511`	`+ secp256k1_gej_set_infinity(r);`
`512`	`512`	`}`
`513`	`513`	`return;`
`514`	`514`	`}`