internal/ed25519: rearrange VartimeDoubleBaseMul args

This way they line up with a*A + b*B (except B is implicit).

internal/edwards25519/scalarMul.go

@@ -157,7 +157,7 @@ func (v *ProjP3) MultiscalarMul(scalars []scalar.Scalar, points []*ProjP3) *Proj
 // Set v to a*A + b*B, where B is the Ed25519 basepoint, and return v.
 //
 // The scalar multiplication is done in variable time.
-func (v *ProjP3) VartimeDoubleBaseMul(a, b *scalar.Scalar, A *ProjP3) *ProjP3 {
+func (v *ProjP3) VartimeDoubleBaseMul(a *scalar.Scalar, A *ProjP3, b *scalar.Scalar) *ProjP3 {
 	// Similarly to the single variable-base approach, we compute
 	// digits and use them with a lookup table.  However, because
 	// we are allowed to do variable-time operations, we don't

internal/edwards25519/scalarMul_test.go

@@ -59,11 +59,11 @@ func TestBasepointMulVsDalek(t *testing.T) {
 func TestVartimeDoubleBaseMulVsDalek(t *testing.T) {
 	var p ProjP3
 	var z scalar.Scalar
-	p.VartimeDoubleBaseMul(&dalekScalar, &z, &B)
+	p.VartimeDoubleBaseMul(&dalekScalar, &B, &z)
 	if dalekScalarBasepoint.Equal(&p) != 1 {
 		t.Error("VartimeDoubleBaseMul fails with b=0")
 	}
-	p.VartimeDoubleBaseMul(&z, &dalekScalar, &B)
+	p.VartimeDoubleBaseMul(&z, &B, &dalekScalar)
 	if dalekScalarBasepoint.Equal(&p) != 1 {
 		t.Error("VartimeDoubleBaseMul fails with a=0")
 	}
@@ -175,7 +175,7 @@ func TestVartimeDoubleBaseMulMatchesBasepointMul(t *testing.T) {
 		y[31] &= 127
 		var p, q1, q2, check ProjP3
 
-		p.VartimeDoubleBaseMul(&x, &y, &B)
+		p.VartimeDoubleBaseMul(&x, &B, &y)
 
 		q1.BasepointMul(&x)
 		q2.BasepointMul(&y)
@@ -236,7 +236,7 @@ func BenchmarkVartimeDoubleBaseMul(t *testing.B) {
 	var p ProjP3
 
 	for i := 0; i < t.N; i++ {
-		p.VartimeDoubleBaseMul(&dalekScalar, &dalekScalar, &B)
+		p.VartimeDoubleBaseMul(&dalekScalar, &B, &dalekScalar)
 	}
 }