make dsmul for verify always take base point to simplify api

include/decaf.h

@@ -38,6 +38,7 @@
 #define NONNULL1 __attribute__((nonnull(1)))
 #define NONNULL2 __attribute__((nonnull(1,2)))
 #define NONNULL3 __attribute__((nonnull(1,2,3)))
+#define NONNULL4 __attribute__((nonnull(1,2,3,4)))
 #define NONNULL5 __attribute__((nonnull(1,2,3,4,5)))
 
 /* Internal word types */
@@ -407,13 +408,12 @@ void decaf_448_point_double_scalarmul (
 
 /**
  * @brief Multiply two base points by two scalars:
- * scaled = scalar1*base1 + scalar2*base2.
+ * scaled = scalar1*decaf_448_point_base + scalar2*base2.
  *
- * Otherwise quivalent to two calls to decaf_448_point_scalarmul, but may be
+ * Otherwise equivalent to decaf_448_point_double_scalarmul, but may be
  * faster.
  *
  * @param [out] scaled The scaled point base*scalar
- * @param [in] base1 A precomputed first point to be scaled.
  * @param [in] scalar1 A first scalar to multiply by.
  * @param [in] base2 A second point to be scaled.
  * @param [in] scalar2 A second scalar to multiply by.
@@ -421,13 +421,12 @@ void decaf_448_point_double_scalarmul (
  * @warning: This function takes variable time, and may leak the scalars
  * used.  It is designed for signature verification.
  */
-void decaf_448_precomputed_double_scalarmul_non_secret (
+void decaf_448_base_double_scalarmul_non_secret (
     decaf_448_point_t combo,
-    const decaf_448_precomputed_s *base1,
     const decaf_448_scalar_t scalar1,
     const decaf_448_point_t base2,
     const decaf_448_scalar_t scalar2
-) API_VIS NONNULL5 NOINLINE;
+) API_VIS NONNULL4 NOINLINE;
 
 /**
  * @brief Test that a point is valid, for debugging purposes.

src/decaf.c

@@ -805,12 +805,11 @@ void decaf_448_precomputed_scalarmul (
     decaf_448_point_scalarmul(a,b->p[0],scalar);
 }
 
-void decaf_448_precomputed_double_scalarmul_non_secret (
+void decaf_448_base_double_scalarmul_non_secret (
     decaf_448_point_t combo,
-    const decaf_448_precomputed_s *base1,
     const decaf_448_scalar_t scalar1,
     const decaf_448_point_t base2,
     const decaf_448_scalar_t scalar2
 ) {
-    decaf_448_point_double_scalarmul(combo, base1->p[0], scalar1, base2, scalar2);
+    decaf_448_point_double_scalarmul(combo, decaf_448_point_base, scalar1, base2, scalar2);
 }

src/decaf_crypto.c

@@ -186,10 +186,8 @@ decaf_448_verify_shake (
     ret &= decaf_448_point_decode(pubpoint, pub, DECAF_FALSE);
     ret &= decaf_448_scalar_decode(response, &sig[DECAF_448_SER_BYTES]);
 
-    decaf_448_precomputed_double_scalarmul_non_secret (
-        pubpoint,
-        decaf_448_precomputed_base, response,
-        pubpoint, challenge
+    decaf_448_base_double_scalarmul_non_secret (
+        pubpoint, response, pubpoint, challenge
     );
 
     ret &= decaf_448_point_eq(pubpoint, point);

src/decaf_fast.c

@@ -1417,9 +1417,8 @@ sv prepare_wnaf_table(
     }
 }
 
-void decaf_448_precomputed_double_scalarmul_non_secret (
+void decaf_448_base_double_scalarmul_non_secret (
     decaf_448_point_t combo,
-    const decaf_448_precomputed_s *base1,
     const decaf_448_scalar_t scalar1,
     const decaf_448_point_t base2,
     const decaf_448_scalar_t scalar2
@@ -1479,9 +1478,9 @@ void decaf_448_precomputed_double_scalarmul_non_secret (
                 tab &= (1<<(t-1)) - 1;
 
                 if (invert) {
-                    sub_niels_from_pt(combo, base1->table[(j<<(t-1)) + tab], j==n-1 && i);
+                    sub_niels_from_pt(combo, decaf_448_precomputed_base->table[(j<<(t-1)) + tab], j==n-1 && i);
                 } else {
-                    add_niels_to_pt(combo, base1->table[(j<<(t-1)) + tab], j==n-1 && i);
+                    add_niels_to_pt(combo, decaf_448_precomputed_base->table[(j<<(t-1)) + tab], j==n-1 && i);
                 }
             }
         }