Abstract out verify logic for fe_inv{,_var}

sipa · sipa · commit a746648ab81b · 2022-01-28T19:20:51.000-05:00
diff --git a/src/field_10x26_impl.h b/src/field_10x26_impl.h
@@ -1081,23 +1081,13 @@ static void secp256k1_fe_from_signed30(secp256k1_fe *r, const secp256k1_modinv32
     r->n[7] = (a6 >>  2           ) & M26;
     r->n[8] = (a6 >> 28 | a7 <<  2) & M26;
     r->n[9] = (a7 >> 24 | a8 <<  6);
-
-#ifdef VERIFY
-    r->magnitude = 1;
-    r->normalized = 1;
-    secp256k1_fe_verify(r);
-#endif
 }
 
 static void secp256k1_fe_to_signed30(secp256k1_modinv32_signed30 *r, const secp256k1_fe *a) {
     const uint32_t M30 = UINT32_MAX >> 2;
     const uint64_t a0 = a->n[0], a1 = a->n[1], a2 = a->n[2], a3 = a->n[3], a4 = a->n[4],
                    a5 = a->n[5], a6 = a->n[6], a7 = a->n[7], a8 = a->n[8], a9 = a->n[9];
 
-#ifdef VERIFY
-    VERIFY_CHECK(a->normalized);
-#endif
-
     r->v[0] = (a0       | a1 << 26) & M30;
     r->v[1] = (a1 >>  4 | a2 << 22) & M30;
     r->v[2] = (a2 >>  8 | a3 << 18) & M30;
@@ -1115,30 +1105,24 @@ static const secp256k1_modinv32_modinfo secp256k1_const_modinfo_fe = {
     0x2DDACACFL
 };
 
-static void secp256k1_fe_inv(secp256k1_fe *r, const secp256k1_fe *x) {
-    secp256k1_fe tmp;
+static void secp256k1_fe_impl_inv(secp256k1_fe *r, const secp256k1_fe *x) {
+    secp256k1_fe tmp = *x;
     secp256k1_modinv32_signed30 s;
 
-    tmp = *x;
     secp256k1_fe_normalize(&tmp);
     secp256k1_fe_to_signed30(&s, &tmp);
     secp256k1_modinv32(&s, &secp256k1_const_modinfo_fe);
     secp256k1_fe_from_signed30(r, &s);
-
-    VERIFY_CHECK(secp256k1_fe_normalizes_to_zero(r) == secp256k1_fe_normalizes_to_zero(&tmp));
 }
 
-static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *x) {
-    secp256k1_fe tmp;
+static void secp256k1_fe_impl_inv_var(secp256k1_fe *r, const secp256k1_fe *x) {
+    secp256k1_fe tmp = *x;
     secp256k1_modinv32_signed30 s;
 
-    tmp = *x;
     secp256k1_fe_normalize_var(&tmp);
     secp256k1_fe_to_signed30(&s, &tmp);
     secp256k1_modinv32_var(&s, &secp256k1_const_modinfo_fe);
     secp256k1_fe_from_signed30(r, &s);
-
-    VERIFY_CHECK(secp256k1_fe_normalizes_to_zero(r) == secp256k1_fe_normalizes_to_zero(&tmp));
 }
 
 #endif /* SECP256K1_FIELD_REPR_IMPL_H */
diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h
@@ -397,22 +397,12 @@ static void secp256k1_fe_from_signed62(secp256k1_fe *r, const secp256k1_modinv64
     r->n[2] = (a1 >> 42 | a2 << 20) & M52;
     r->n[3] = (a2 >> 32 | a3 << 30) & M52;
     r->n[4] = (a3 >> 22 | a4 << 40);
-
-#ifdef VERIFY
-    r->magnitude = 1;
-    r->normalized = 1;
-    secp256k1_fe_verify(r);
-#endif
 }
 
 static void secp256k1_fe_to_signed62(secp256k1_modinv64_signed62 *r, const secp256k1_fe *a) {
     const uint64_t M62 = UINT64_MAX >> 2;
     const uint64_t a0 = a->n[0], a1 = a->n[1], a2 = a->n[2], a3 = a->n[3], a4 = a->n[4];
 
-#ifdef VERIFY
-    VERIFY_CHECK(a->normalized);
-#endif
-
     r->v[0] = (a0       | a1 << 52) & M62;
     r->v[1] = (a1 >> 10 | a2 << 42) & M62;
     r->v[2] = (a2 >> 20 | a3 << 32) & M62;
@@ -425,34 +415,24 @@ static const secp256k1_modinv64_modinfo secp256k1_const_modinfo_fe = {
     0x27C7F6E22DDACACFLL
 };
 
-static void secp256k1_fe_inv(secp256k1_fe *r, const secp256k1_fe *x) {
-    secp256k1_fe tmp;
+static void secp256k1_fe_impl_inv(secp256k1_fe *r, const secp256k1_fe *x) {
+    secp256k1_fe tmp = *x;
     secp256k1_modinv64_signed62 s;
 
-    tmp = *x;
     secp256k1_fe_normalize(&tmp);
     secp256k1_fe_to_signed62(&s, &tmp);
     secp256k1_modinv64(&s, &secp256k1_const_modinfo_fe);
     secp256k1_fe_from_signed62(r, &s);
-
-#ifdef VERIFY
-    VERIFY_CHECK(secp256k1_fe_normalizes_to_zero(r) == secp256k1_fe_normalizes_to_zero(&tmp));
-#endif
 }
 
-static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *x) {
-    secp256k1_fe tmp;
+static void secp256k1_fe_impl_inv_var(secp256k1_fe *r, const secp256k1_fe *x) {
+    secp256k1_fe tmp = *x;
     secp256k1_modinv64_signed62 s;
 
-    tmp = *x;
     secp256k1_fe_normalize_var(&tmp);
     secp256k1_fe_to_signed62(&s, &tmp);
     secp256k1_modinv64_var(&s, &secp256k1_const_modinfo_fe);
     secp256k1_fe_from_signed62(r, &s);
-
-#ifdef VERIFY
-    VERIFY_CHECK(secp256k1_fe_normalizes_to_zero(r) == secp256k1_fe_normalizes_to_zero(&tmp));
-#endif
 }
 
 #endif /* SECP256K1_FIELD_REPR_IMPL_H */
diff --git a/src/field_impl.h b/src/field_impl.h
@@ -336,4 +336,32 @@ SECP256K1_INLINE static void secp256k1_fe_from_storage(secp256k1_fe *r, const se
 #endif
 }
 
+static void secp256k1_fe_impl_inv(secp256k1_fe *r, const secp256k1_fe *x);
+SECP256K1_INLINE static void secp256k1_fe_inv(secp256k1_fe *r, const secp256k1_fe *x) {
+#ifdef VERIFY
+    int input_is_zero = secp256k1_fe_normalizes_to_zero(x);
+#endif
+    secp256k1_fe_impl_inv(r, x);
+#ifdef VERIFY
+    VERIFY_CHECK(secp256k1_fe_normalizes_to_zero(r) == input_is_zero);
+    r->magnitude = x->magnitude > 0;
+    r->normalized = 1;
+    secp256k1_fe_verify(r);
+#endif
+}
+
+static void secp256k1_fe_impl_inv_var(secp256k1_fe *r, const secp256k1_fe *x);
+SECP256K1_INLINE static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *x) {
+#ifdef VERIFY
+    int input_is_zero = secp256k1_fe_normalizes_to_zero(x);
+#endif
+    secp256k1_fe_impl_inv_var(r, x);
+#ifdef VERIFY
+    VERIFY_CHECK(secp256k1_fe_normalizes_to_zero(r) == input_is_zero);
+    r->magnitude = x->magnitude > 0;
+    r->normalized = 1;
+    secp256k1_fe_verify(r);
+#endif
+}
+
 #endif /* SECP256K1_FIELD_IMPL_H */
