modinv: Verify invariant of _modinfo struct #1216

issue real-or-random openend this issue on March 1, 2023
  1. real-or-random commented at 3:39 pm on March 1, 2023: contributor

    I wonder if it’s a good idea to add a function secp256k1_modinv32_modinfo verify that checks consistency and call it on entry of every function that reads modinfo, similar to how we do this for other data structures. But if yes, that should happen in a separate PR.

    Originally posted by @real-or-random in #979 (review)

  2. real-or-random renamed this:
    modinv: Verify invariat of _modinfo struct
    modinv: Verify invariant of _modinfo struct
    on Mar 1, 2023
  3. tusharv01 referenced this in commit cf657b858c on May 13, 2023
  4. real-or-random added the label assurance on Mar 5, 2024
  5. Srishti-j18 commented at 8:07 am on March 6, 2024: none

    Hi @real-or-random! After reviewing this issue, I have a question. To resolve this issue, I am examining the changes in this pull request: https://github.com/tusharv01/secp256k1/pull/1/files#diff-d2a3d09d59a89eaf101c5214c830763b7cc74e8ad55e15f0b987d5de6a600e11

    In this change, the function secp256k1_modinv32_modinfo_verify verifies that check, and in line 61, it is also called in the secp256k1_modinv32_do_something because this function reads modinfo. As we can see in line 62, there’s only an if statement when verify_result is true. However, what should be done if verify_result is false? Should I add a proper else statement here?

  6. real-or-random commented at 8:36 am on March 6, 2024: contributor

    Oh, hm, I suggest ignoring https://github.com/tusharv01/secp256k1/pull/1 entirely. It doesn’t make a lot of sense. (Note that this was not a PR to this repository, it’s a PR in a fork, so I assume it was just some experiment.)

    I think it’s a good idea to create a secp256k1_modinv32_modinfo_verify function. Then whenever we read modinfo, or after we write it, we would call VERIFY_CHECK(secp256k1_modinv32_modinfo_verify(...)). VERIFY_CHECK is a macro that we use to check assertions. It fails in tests if the assertion does not hold, but it does nothing in production. (We do the same kind of invariant checking for other types, see for example https://github.com/bitcoin-core/secp256k1/pull/1373/files for an example how a “verify” function is called every time we read or write a certain type.)

    But the first question is what are the invariants that we would like to check. You should be able to extract some from reading #979. I suggest posting a list here, and then we can take a look.

  7. Srishti-j18 commented at 5:13 pm on March 6, 2024: none

    Oh, hm, I suggest ignoring tusharv01#1 entirely. It doesn’t make a lot of sense. (Note that this was not a PR to this repository, it’s a PR in a fork, so I assume it was just some experiment.)

    I think it’s a good idea to create a secp256k1_modinv32_modinfo_verify function. Then whenever we read modinfo, or after we write it, we would call VERIFY_CHECK(secp256k1_modinv32_modinfo_verify(...)). VERIFY_CHECK is a macro that we use to check assertions. It fails in tests if the assertion does not hold, but it does nothing in production. (We do the same kind of invariant checking for other types, see for example https://github.com/bitcoin-core/secp256k1/pull/1373/files for an example how a “verify” function is called every time we read or write a certain type.)

    But the first question is what are the invariants that we would like to check. You should be able to extract some from reading #979. I suggest posting a list here, and then we can take a look.

    Hi! Please correct me if I’m wrong. As per my understanding, the secp256k1_modinv32_modinfo_verify function that I am going to create will check if the modulus is odd. This is because the secp256k1_modinv32_modinfo function requires an odd modulus. So, I am thinking that I have to write some conditions on ‘r’ here, where ‘r’ (r0, r1, r2, r3, r4, r5, r6, r7, r8) is the invariants. I think the argument of secp256k1_modinv32_modinfo_verify function should be r..Am I on the correct path? image

  8. real-or-random commented at 5:32 pm on March 6, 2024: contributor

    Hi! Please correct me if I’m wrong. As per my understanding, the secp256k1_modinv32_modinfo_verify function that I am going to create will check if the modulus is odd. This is because the secp256k1_modinv32_modinfo function requires an odd modulus.

    Yes, but I suspect there are more invariants. Maybe @sipa can comment.

    I think the argument of secp256k1_modinv32_modinfo_verify function should be r

    The function should take the entire modinfo. The function will need to extract the modulus to check it, but I doubt that’s r.


github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-23 13:15 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me