Use X64 ASM ed25519 signatures on Linux/x64, which are about 10X faster. Will matter a lot for network controllers, not so much for other things.

2025-08-20 21:33:57 -07:00 · 2018-03-13 06:51:17 -07:00 · 2018-03-13 06:51:17 -07:00 · beb170e4fb
commit beb170e4fb
parent a59912f3af
68 changed files with 37123 additions and 68 deletions
--- a/ext/ed25519-amd64-asm/open.c
+++ b/ext/ed25519-amd64-asm/open.c
@ -0,0 +1,49 @@
+#include <string.h>
+#include "crypto_sign.h"
+#include "crypto_verify_32.h"
+#include "crypto_hash_sha512.h"
+#include "ge25519.h"
+
+int crypto_sign_open(
+    unsigned char *m,unsigned long long *mlen,
+    const unsigned char *sm,unsigned long long smlen,
+    const unsigned char *pk
+    )
+{
+  unsigned char pkcopy[32];
+  unsigned char rcopy[32];
+  unsigned char hram[64];
+  unsigned char rcheck[32];
+  ge25519 get1, get2;
+  sc25519 schram, scs;
+
+  if (smlen < 64) goto badsig;
+  if (sm[63] & 224) goto badsig;
+  if (ge25519_unpackneg_vartime(&get1,pk)) goto badsig;
+
+  memmove(pkcopy,pk,32);
+  memmove(rcopy,sm,32);
+
+  sc25519_from32bytes(&scs, sm+32);
+
+  memmove(m,sm,smlen);
+  memmove(m + 32,pkcopy,32);
+  crypto_hash_sha512(hram,m,smlen);
+
+  sc25519_from64bytes(&schram, hram);
+
+  ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &scs);
+  ge25519_pack(rcheck, &get2);
+
+  if (crypto_verify_32(rcopy,rcheck) == 0) {
+    memmove(m,m + 64,smlen - 64);
+    memset(m + smlen - 64,0,64);
+    *mlen = smlen - 64;
+    return 0;
+  }
+
+badsig:
+  *mlen = (unsigned long long) -1;
+  memset(m,0,smlen);
+  return -1;
+}