README.tor (1918B)
1 2 We've made the following changes to the stock ed25519-donna from 3 as of 8757bd4cd209cb032853ece0ce413f122eef212c. 4 5 * Tor uses copies of `ed25519-donna.h` and `ed25519.c`, named 6 `ed25519_donna_tor.h` and `ed25591_tor.c`. 7 8 The main functional differences between the standard ed25519-donna 9 and the Tor specific version are: 10 11 * The external interface has been reworked to match that provided 12 by Tor's copy of the SUPERCOP `ref10` code. 13 14 * The secret (aka private) key is now stored/used in expanded form. 15 16 * The internal math tests from `test-internals.c` have been wrapped 17 in a function and the entire file is included to allow for 18 runtime validation. 19 20 * There's an implementation of multiplicative key blinding so we 21 can use it for next-gen hidden service descriptors. 22 23 * There's an implementation of 'convert a curve25519 key to an 24 ed25519 key' so we can do cross-certification with curve25519 25 keys. 26 27 * `ED25519_FN(ed25519_randombytes_unsafe)` is now static. 28 29 * `ed25519-randombytes-custom.h` has the appropriate code to call 30 Tor's `crypto_rand()` routine, instead of directly using OpenSSL's 31 CSPRNG. 32 33 * OSX pollutes the global namespace with an `ALIGN` macro, which is 34 undef-ed right before the donna `ALIGN` macro is defined. 35 36 * If building with Clang's AddressSanitizer, disable inline assembly 37 since the compilation will fail in `ge25519_scalarmult_base_choose_niels` 38 on x86_64 targets due to running out of registers. 39 40 * On non-x86 targets, GCC's Stack Protector dislikes variables that have 41 alignment constraints greater than that of other primitive types. 42 The `ALIGN` macro is thus no-oped for all non-SSE2 builds. 43 44 * On 32 bit x86 targets that the compiler thinks supports SSE2, always 45 enable SSE2 support by force defining ED25519_SSE2 (x86_64 would also 46 always support this, but that code path is slower).