ecc-eh-to-a, eddsa-sign: Parameterize hard-coded value

This allows the same code to be reused in curve448 and Ed448.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

diff --git a/ecc-eh-to-a.c b/ecc-eh-to-a.c
index 2acaacb182723dca044e11624fe78e91a5bd58c4..b9d412d21a7a5dc70da7d0cd9b56a3c9c236fc60 100644 (file)
--- a/ecc-eh-to-a.c
+++ b/ecc-eh-to-a.c
@@ -73,7 +73,7 @@ ecc_eh_to_a (const struct ecc_curve *ecc,
             at all? Full reduction mod p is maybe sufficient. */
          unsigned shift;
          assert (ecc->p.bit_size == 255);
-         shift = 252 - GMP_NUMB_BITS * (ecc->p.size - 1);
+         shift = ecc->q.bit_size - 1 - GMP_NUMB_BITS * (ecc->p.size - 1);
          cy = mpn_submul_1 (r, ecc->q.m, ecc->p.size,
                             r[ecc->p.size-1] >> shift);
          assert (cy < 2);

diff --git a/eddsa-sign.c b/eddsa-sign.c
index c1404f67139550aebd6b518f49fe5b5f9f414f86..e5dc0e9d2a3849ffb3643a9ad61ca97f306df04a 100644 (file)
--- a/eddsa-sign.c
+++ b/eddsa-sign.c
@@ -92,7 +92,7 @@ _eddsa_sign (const struct ecc_curve *ecc,
     unsigned shift;
     mp_limb_t cy;
     assert (ecc->p.bit_size == 255);
-    shift = 252 - GMP_NUMB_BITS * (ecc->p.size - 1);
+    shift = ecc->q.bit_size - 1 - GMP_NUMB_BITS * (ecc->p.size - 1);
     cy = mpn_submul_1 (sp, ecc->q.m, ecc->p.size,
                       sp[ecc->p.size-1] >> shift);
     assert (cy < 2);