From 2d09ffd6367d4581ac57ed286c85eb1c5db1fdc0 Mon Sep 17 00:00:00 2001
From: Henry de Valence <hdevalence@hdevalence.ca>
Date: Thu, 9 May 2019 00:20:01 -0700
Subject: [PATCH] internal/ed25519: rearrange VartimeDoubleBaseMul args

This way they line up with a*A + b*B (except B is implicit).
---
 internal/edwards25519/scalarMul.go      | 2 +-
 internal/edwards25519/scalarMul_test.go | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/internal/edwards25519/scalarMul.go b/internal/edwards25519/scalarMul.go
index e560610..b6a0ccc 100644
--- a/internal/edwards25519/scalarMul.go
+++ b/internal/edwards25519/scalarMul.go
@@ -157,7 +157,7 @@ func (v *ProjP3) MultiscalarMul(scalars []scalar.Scalar, points []*ProjP3) *Proj
 // Set v to a*A + b*B, where B is the Ed25519 basepoint, and return v.
 //
 // The scalar multiplication is done in variable time.
-func (v *ProjP3) VartimeDoubleBaseMul(a, b *scalar.Scalar, A *ProjP3) *ProjP3 {
+func (v *ProjP3) VartimeDoubleBaseMul(a *scalar.Scalar, A *ProjP3, b *scalar.Scalar) *ProjP3 {
 	// Similarly to the single variable-base approach, we compute
 	// digits and use them with a lookup table.  However, because
 	// we are allowed to do variable-time operations, we don't
diff --git a/internal/edwards25519/scalarMul_test.go b/internal/edwards25519/scalarMul_test.go
index dccec8b..3eecb61 100644
--- a/internal/edwards25519/scalarMul_test.go
+++ b/internal/edwards25519/scalarMul_test.go
@@ -59,11 +59,11 @@ func TestBasepointMulVsDalek(t *testing.T) {
 func TestVartimeDoubleBaseMulVsDalek(t *testing.T) {
 	var p ProjP3
 	var z scalar.Scalar
-	p.VartimeDoubleBaseMul(&dalekScalar, &z, &B)
+	p.VartimeDoubleBaseMul(&dalekScalar, &B, &z)
 	if dalekScalarBasepoint.Equal(&p) != 1 {
 		t.Error("VartimeDoubleBaseMul fails with b=0")
 	}
-	p.VartimeDoubleBaseMul(&z, &dalekScalar, &B)
+	p.VartimeDoubleBaseMul(&z, &B, &dalekScalar)
 	if dalekScalarBasepoint.Equal(&p) != 1 {
 		t.Error("VartimeDoubleBaseMul fails with a=0")
 	}
@@ -175,7 +175,7 @@ func TestVartimeDoubleBaseMulMatchesBasepointMul(t *testing.T) {
 		y[31] &= 127
 		var p, q1, q2, check ProjP3
 
-		p.VartimeDoubleBaseMul(&x, &y, &B)
+		p.VartimeDoubleBaseMul(&x, &B, &y)
 
 		q1.BasepointMul(&x)
 		q2.BasepointMul(&y)
@@ -236,7 +236,7 @@ func BenchmarkVartimeDoubleBaseMul(t *testing.B) {
 	var p ProjP3
 
 	for i := 0; i < t.N; i++ {
-		p.VartimeDoubleBaseMul(&dalekScalar, &dalekScalar, &B)
+		p.VartimeDoubleBaseMul(&dalekScalar, &B, &dalekScalar)
 	}
 }