Abstract out verify logic for fe_normalize

sipa · sipa · commit b6b6f9cb97f6 · 2023-05-11T06:18:40.000-04:00
diff --git a/src/field.h b/src/field.h
@@ -75,10 +75,13 @@ static const secp256k1_fe secp256k1_const_beta = SECP256K1_FE_CONST(
 /* In non-VERIFY mode, we #define the fe operations to be identical to their
  * internal field implementation, to avoid the potential overhead of a
  * function call (even though presumably inlinable). */
+#  define secp256k1_fe_normalize secp256k1_fe_impl_normalize
 #endif /* !defined(VERIFY) */
 
-/** Normalize a field element. This brings the field element to a canonical representation, reduces
- *  its magnitude to 1, and reduces it modulo field size `p`.
+/** Normalize a field element.
+ *
+ * On input, r must be a valid field element.
+ * On output, r represents the same value but has normalized=1 and magnitude=1.
  */
 static void secp256k1_fe_normalize(secp256k1_fe *r);
 
diff --git a/src/field_10x26_impl.h b/src/field_10x26_impl.h
@@ -58,7 +58,7 @@ static void secp256k1_fe_get_bounds(secp256k1_fe *r, int m) {
 #endif
 }
 
-static void secp256k1_fe_normalize(secp256k1_fe *r) {
+static void secp256k1_fe_impl_normalize(secp256k1_fe *r) {
     uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4],
              t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9];
 
@@ -105,12 +105,6 @@ static void secp256k1_fe_normalize(secp256k1_fe *r) {
 
     r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4;
     r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9;
-
-#ifdef VERIFY
-    r->magnitude = 1;
-    r->normalized = 1;
-    secp256k1_fe_verify(r);
-#endif
 }
 
 static void secp256k1_fe_normalize_weak(secp256k1_fe *r) {
diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h
@@ -52,7 +52,7 @@ static void secp256k1_fe_get_bounds(secp256k1_fe *r, int m) {
 #endif
 }
 
-static void secp256k1_fe_normalize(secp256k1_fe *r) {
+static void secp256k1_fe_impl_normalize(secp256k1_fe *r) {
     uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4];
 
     /* Reduce t4 at the start so there will be at most a single carry from the first pass */
@@ -87,12 +87,6 @@ static void secp256k1_fe_normalize(secp256k1_fe *r) {
     t4 &= 0x0FFFFFFFFFFFFULL;
 
     r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4;
-
-#ifdef VERIFY
-    r->magnitude = 1;
-    r->normalized = 1;
-    secp256k1_fe_verify(r);
-#endif
 }
 
 static void secp256k1_fe_normalize_weak(secp256k1_fe *r) {
diff --git a/src/field_impl.h b/src/field_impl.h
@@ -147,6 +147,15 @@ static void secp256k1_fe_verify(const secp256k1_fe *a) {
     /* Invoke implementation-specific checks. */
     secp256k1_fe_impl_verify(a);
 }
+
+static void secp256k1_fe_impl_normalize(secp256k1_fe *r);
+SECP256K1_INLINE static void secp256k1_fe_normalize(secp256k1_fe *r) {
+    secp256k1_fe_verify(r);
+    secp256k1_fe_impl_normalize(r);
+    r->magnitude = 1;
+    r->normalized = 1;
+    secp256k1_fe_verify(r);
+}
 #endif /* defined(VERIFY) */
 
 #endif /* SECP256K1_FIELD_IMPL_H */
