[wip] [PATCH] use ed25519 from openssl when possible (openssl-1.1.1+)

[Yuriy M. Kaminskiy]

On 17.02.2019 15:46, Yuriy M. Kaminskiy wrote:
> See attached:
> 
> I hacked a bit regress/unittests/kex, and benchmarked
>     do_kex_with_key("curve25519-sha256 at libssh.org", KEY_ED25519, 256);
> Before:
>   0.3295s per call
> After:
>   0.2183s per call
> 
> That is, 50% speedup; assuming ed25519 (added to openssl in 1.1.1) takes about same time as ecdh/x25519,
> there are potential for total 200% speedup in KEX.

(Very slightly tested) patch attached.

Guess what? I was wrong:
    0.0113s per call (with both curve25519 and ed25519 patches applied, and openssl-1.1.1a)

2800% faster.

openssh's ed25519 was not just slow. It was *very* slow.

FWIW, ecdh-sha2-nistp256/ecdsa-sha2-nistp256:
    0.0288s per call

(still 1000% faster than current openssh's {ed,curve}25519 combo)

(I also attached patch I used for benchmarking, it is *not* for upstream inclusion for sure)

> P.S. given amount of feedback I received so far, it seems everyone follows motto "it cannot be secure
> if it is not slow".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: master-0001-use-ed25519-sig-from-openssl-when-possible.patch
Type: text/x-patch
Size: 10900 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20190218/8df648e6/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test_kex-benchmark.patch
Type: text/x-patch
Size: 1005 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20190218/8df648e6/attachment-0003.bin>