From f07c83a70716e15a2261dc92492899c2a554fdb6 Mon Sep 17 00:00:00 2001 From: Yawning Angel Date: Mon, 2 Aug 2021 13:25:04 +0000 Subject: [PATCH] primitives/x25519: Remove the `x/crypto/curve25519` fallback Upstream got rid of the assembly. This is marginally slower, but it will use fiat, and it's only a few percent. --- primitives/x25519/x25519.go | 16 +----------- primitives/x25519/x25519_amd64.go | 38 ----------------------------- primitives/x25519/x25519_generic.go | 35 -------------------------- primitives/x25519/x25519_test.go | 27 -------------------- 4 files changed, 1 insertion(+), 115 deletions(-) delete mode 100644 primitives/x25519/x25519_amd64.go delete mode 100644 primitives/x25519/x25519_generic.go diff --git a/primitives/x25519/x25519.go b/primitives/x25519/x25519.go index 29a77ae..a9862c3 100644 --- a/primitives/x25519/x25519.go +++ b/primitives/x25519/x25519.go @@ -37,8 +37,6 @@ import ( "crypto/subtle" "fmt" - xcurve "golang.org/x/crypto/curve25519" - "github.com/oasisprotocol/curve25519-voi/curve" "github.com/oasisprotocol/curve25519-voi/curve/scalar" _ "github.com/oasisprotocol/curve25519-voi/internal/toolchain" @@ -55,11 +53,7 @@ const ( // Basepoint is the canonical Curve25519 generator. var Basepoint []byte -var ( - basePoint = [32]byte{9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} - - debugNoXcurve bool -) +var basePoint = [32]byte{9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} // ScalarMult sets dst to the product in*base where dst and base are the x // coordinates of group points and all values are in little-endian form. @@ -68,14 +62,6 @@ var ( // zeroes, irrespective of the scalar. Instead, use the X25519 function, which // will return an error. func ScalarMult(dst, in, base *[32]byte) { - // If the `x/crypto/curve25519` package would be faster, and we - // are not exercising the implementation provided by this package - // (eg: testing or benchmarking), use that instead. - if xcurveFaster && !debugNoXcurve { - xcurve.ScalarMult(dst, in, base) - return - } - var ec [ScalarSize]byte copy(ec[:], in[:]) clampScalar(ec[:]) diff --git a/primitives/x25519/x25519_amd64.go b/primitives/x25519/x25519_amd64.go deleted file mode 100644 index 23d9d21..0000000 --- a/primitives/x25519/x25519_amd64.go +++ /dev/null @@ -1,38 +0,0 @@ -// Copyright (c) 2021 Oasis Labs Inc. All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are -// met: -// -// 1. Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// -// 2. Redistributions in binary form must reproduce the above copyright -// notice, this list of conditions and the following disclaimer in the -// documentation and/or other materials provided with the distribution. -// -// 3. Neither the name of the copyright holder nor the names of its -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS -// IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -// TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A -// PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -// LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -//go:build amd64 && !purego -// +build amd64,!purego - -package x25519 - -// If this is amd64, and assembly is not disabled via build tags, just -// use `x/crypto/curve25519`'s scalar multiply, because it will be -// faster by virtue of being entirely in assembly. -const xcurveFaster = true diff --git a/primitives/x25519/x25519_generic.go b/primitives/x25519/x25519_generic.go deleted file mode 100644 index 30e2b21..0000000 --- a/primitives/x25519/x25519_generic.go +++ /dev/null @@ -1,35 +0,0 @@ -// Copyright (c) 2021 Oasis Labs Inc. All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are -// met: -// -// 1. Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// -// 2. Redistributions in binary form must reproduce the above copyright -// notice, this list of conditions and the following disclaimer in the -// documentation and/or other materials provided with the distribution. -// -// 3. Neither the name of the copyright holder nor the names of its -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS -// IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -// TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A -// PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -// LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -//go:build !amd64 || purego -// +build !amd64 purego - -package x25519 - -const xcurveFaster = false diff --git a/primitives/x25519/x25519_test.go b/primitives/x25519/x25519_test.go index 66c9a04..3176dc9 100644 --- a/primitives/x25519/x25519_test.go +++ b/primitives/x25519/x25519_test.go @@ -66,15 +66,6 @@ func TestScalarBaseMult(t *testing.T) { func TestX25519(t *testing.T) { t.Run("voi", testX25519) - if xcurveFaster { - t.Run("voi/debugNoXcurve", func(t *testing.T) { - debugNoXcurve = true - defer func() { - debugNoXcurve = false - }() - testX25519(t) - }) - } } func testX25519(t *testing.T) { @@ -166,15 +157,6 @@ func testTestVectors(t *testing.T, scalarMult func(dst, scalar, point *[32]byte) func TestScalarMult(t *testing.T) { t.Run("voi", testScalarMult) - if xcurveFaster { - t.Run("voi/debugNoXcurve", func(t *testing.T) { - debugNoXcurve = true - defer func() { - debugNoXcurve = false - }() - testScalarMult(t) - }) - } } func testScalarMult(t *testing.T) { @@ -245,15 +227,6 @@ func benchScalarBaseMult(b *testing.B, scalarBaseMult func(dst, scalar *[32]byte func BenchmarkScalarMult(b *testing.B) { b.Run("voi", func(b *testing.B) { benchScalarMult(b, ScalarMult) }) - if xcurveFaster { - b.Run("voi/debugNoXcurve", func(b *testing.B) { - debugNoXcurve = true - defer func() { - debugNoXcurve = false - }() - benchScalarMult(b, ScalarMult) - }) - } b.Run("xcrypto", func(b *testing.B) { benchScalarMult(b, xcurve.ScalarMult) //nolint:staticcheck })