From: Daiki Ueno <dueno@redhat.com>
Date: Sat, 5 Aug 2017 07:43:47 +0000 (+0200)
Subject: ecc-eh-to-a, eddsa-sign: Parameterize hard-coded value
X-Git-Tag: nettle_3.6rc1~75^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6cf6abd68eb3d6c8c8e5ab217be734f9c537037f;p=thirdparty%2Fnettle.git

ecc-eh-to-a, eddsa-sign: Parameterize hard-coded value

This allows the same code to be reused in curve448 and Ed448.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
---

diff --git a/ecc-eh-to-a.c b/ecc-eh-to-a.c
index 2acaacb1..b9d412d2 100644
--- a/ecc-eh-to-a.c
+++ b/ecc-eh-to-a.c
@@ -73,7 +73,7 @@ ecc_eh_to_a (const struct ecc_curve *ecc,
 	     at all? Full reduction mod p is maybe sufficient. */
 	  unsigned shift;
 	  assert (ecc->p.bit_size == 255);
-	  shift = 252 - GMP_NUMB_BITS * (ecc->p.size - 1);
+	  shift = ecc->q.bit_size - 1 - GMP_NUMB_BITS * (ecc->p.size - 1);
 	  cy = mpn_submul_1 (r, ecc->q.m, ecc->p.size,
 			     r[ecc->p.size-1] >> shift);
 	  assert (cy < 2);
diff --git a/eddsa-sign.c b/eddsa-sign.c
index c1404f67..e5dc0e9d 100644
--- a/eddsa-sign.c
+++ b/eddsa-sign.c
@@ -92,7 +92,7 @@ _eddsa_sign (const struct ecc_curve *ecc,
     unsigned shift;
     mp_limb_t cy;
     assert (ecc->p.bit_size == 255);
-    shift = 252 - GMP_NUMB_BITS * (ecc->p.size - 1);
+    shift = ecc->q.bit_size - 1 - GMP_NUMB_BITS * (ecc->p.size - 1);
     cy = mpn_submul_1 (sp, ecc->q.m, ecc->p.size,
 		       sp[ecc->p.size-1] >> shift);
     assert (cy < 2);