Enable Ed25519 when building with OPENSSL_SMALL.
OPENSSL_SMALL will still cause the smaller base-point table to be used
and so won't be as fast at signing as the full version, but Ed25519 will
now work in those builds.
Without OPENSSL_SMALL:
Did 20000 Ed25519 key generation operations in 1008347us (19834.4 ops/sec)
Did 20000 Ed25519 signing operations in 1025594us (19500.9 ops/sec)
Did 6138 Ed25519 verify operations in 1001712us (6127.5 ops/sec)
Did 21000 Curve25519 base-point multiplication operations in 1019237us (20603.6 ops/sec)
Did 7095 Curve25519 arbitrary point multiplication operations in 1065986us (6655.8 ops/sec)
With (on the same machine):
Did 8415 Ed25519 key generation operations in 1020958us (8242.3 ops/sec)
Did 8952 Ed25519 signing operations in 1077635us (8307.1 ops/sec)
Did 6358 Ed25519 verify operations in 1047533us (6069.5 ops/sec)
Did 6620 Curve25519 base-point multiplication operations in 1008922us (6561.5 ops/sec)
Did 7183 Curve25519 arbitrary point multiplication operations in 1096285us (6552.1 ops/sec)
Change-Id: Ib443c0e2bdfd11e044087e66efd55b651a5667e7
Reviewed-on: https://boringssl-review.googlesource.com/6772
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/curve25519/curve25519.c b/crypto/curve25519/curve25519.c
index 7bb3cab..d9c58cb 100644
--- a/crypto/curve25519/curve25519.c
+++ b/crypto/curve25519/curve25519.c
@@ -17,8 +17,7 @@
* public domain but this file has the ISC license just to keep licencing
* simple.
*
- * The field functions are shared by Ed25519 and X25519, although Ed25519 is
- * disabled when |OPENSSL_SMALL| is defined. */
+ * The field functions are shared by Ed25519 and X25519 where possible. */
#include <openssl/curve25519.h>
@@ -785,9 +784,6 @@
h[9] = h9;
}
-/* Ed25519 support is disabled when built with |OPENSSL_SMALL|. */
-#if !defined(OPENSSL_SMALL)
-
/* h = -f
*
* Preconditions:
@@ -1329,13 +1325,10 @@
fe_cmov(t->xy2d, u->xy2d, b);
}
-#if 0
+#if defined(OPENSSL_SMALL)
-/* At the moment, building with |OPENSSL_SMALL| causes Ed25519 to be disabled.
- * In the future we might enable it but, in that case, we'll still probably
- * want to keep the size down. This block of code replaces the standard
- * base-point table with a much smaller one. The standard table is 30,720 bytes
- * while this one is just 960.
+/* This block of code replaces the standard base-point table with a much smaller
+ * one. The standard table is 30,720 bytes while this one is just 960.
*
* This table contains 15 pairs of group elements, (x, y), where each field
* element is serialised with |fe_tobytes|. If |i| is the index of the group
@@ -4768,8 +4761,6 @@
return CRYPTO_memcmp(rcheck, rcopy, sizeof(rcheck)) == 0;
}
-#endif
-
static void x25519_scalar_mult_generic(uint8_t out[32],
const uint8_t scalar[32],
const uint8_t point[32]) {
@@ -4852,19 +4843,6 @@
return CRYPTO_memcmp(kZeros, out_shared_key, 32) != 0;
}
-#if defined(OPENSSL_SMALL)
-
-/* When |OPENSSL_SMALL| is set, base point multiplication is done with the
- * Montgomery ladder because the Ed25519 code isn't included. */
-
-void X25519_public_from_private(uint8_t out_public_value[32],
- const uint8_t private_key[32]) {
- static const uint8_t kMongomeryBasePoint[32] = {9};
- x25519_scalar_mult(out_public_value, private_key, kMongomeryBasePoint);
-}
-
-#else
-
void X25519_public_from_private(uint8_t out_public_value[32],
const uint8_t private_key[32]) {
#if defined(OPENSSL_ARM)
@@ -4893,5 +4871,3 @@
fe_mul(zplusy, zplusy, zminusy_inv);
fe_tobytes(out_public_value, zplusy);
}
-
-#endif
diff --git a/crypto/curve25519/ed25519_test.cc b/crypto/curve25519/ed25519_test.cc
index 38010aa..1b6a0b6 100644
--- a/crypto/curve25519/ed25519_test.cc
+++ b/crypto/curve25519/ed25519_test.cc
@@ -20,15 +20,6 @@
#include "../test/file_test.h"
-#if defined(OPENSSL_SMALL)
-
-int main(int argc, char **argv) {
- printf("PASS\n");
- return 0;
-}
-
-#else
-
static bool TestSignature(FileTest *t, void *arg) {
std::vector<uint8_t> private_key, public_key, message, expected_signature;
if (!t->GetBytes(&private_key, "PRIV") ||
@@ -70,5 +61,3 @@
return FileTestMain(TestSignature, nullptr, argv[1]);
}
-
-#endif /* OPENSSL_SMALL */
diff --git a/tool/speed.cc b/tool/speed.cc
index 6f14478..db7c5fa 100644
--- a/tool/speed.cc
+++ b/tool/speed.cc
@@ -405,7 +405,6 @@
TimeResults results;
-#if !defined(OPENSSL_SMALL)
uint8_t public_key[32], private_key[64];
if (!TimeFunction(&results, [&public_key, &private_key]() -> bool {
@@ -438,7 +437,6 @@
}
results.Print("Ed25519 verify");
-#endif
if (!TimeFunction(&results, []() -> bool {
uint8_t out[32], in[32];