Skip to content

Deduplicate crypto libraries, saving ~49KB flash#1632

Open
ViezeVingertjes wants to merge 4 commits into
meshcore-dev:devfrom
ViezeVingertjes:reduce-crypto-duplication
Open

Deduplicate crypto libraries, saving ~49KB flash#1632
ViezeVingertjes wants to merge 4 commits into
meshcore-dev:devfrom
ViezeVingertjes:reduce-crypto-duplication

Conversation

@ViezeVingertjes

@ViezeVingertjes ViezeVingertjes commented Feb 8, 2026

Copy link
Copy Markdown
Contributor

Fixes a stack overflow in ed25519_verify() by making large local variables static, removing the need for rweather's Ed25519::verify() workaround.

Only vendors the AES128+SHA256 subset of rweather/Crypto instead of all 37 files.

No issues observed so far. Additional testing and confirmation are welcome. This change frees up stack space for future improvements and improves support for resource-limited devices.

@ViezeVingertjes
ViezeVingertjes marked this pull request as ready for review February 8, 2026 15:36

@weebl2000 weebl2000 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice improvement — vendoring the minimal subset is clean and the stack savings are real (~1.8KB moved to BSS). One concern about the static locals in ge.c.

Comment thread lib/ed25519/ge.c

@JosiahWI JosiahWI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code looks great. I'm giving my capstone team an opportunity to build this PR and test it and then I'll approve. :)

Comment thread src/helpers/RegionMap.cpp
Comment thread src/Identity.cpp
@ViezeVingertjes
ViezeVingertjes force-pushed the reduce-crypto-duplication branch from 25b64dd to 48019bf Compare February 9, 2026 21:45

@JosiahWI JosiahWI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reduction in program size from this PR will be very useful for my school capstone. One of my teammates has built our branch with it and confirmed that the Flash saving makes it possible to fit the program on an nRF52840 Dongle alongside an InternalFS and DFU bootloader.

Edit: The above is only possible if you are not using a display.

@nextgens

Copy link
Copy Markdown
Contributor

I'd go even further than this: we don't keep key schedules around -> we should only keep AESTiny128 and AESTiny256.

You can get rid of AESSmall* and friends.

@nextgens

nextgens commented Mar 27, 2026

Copy link
Copy Markdown
Contributor

I've ended up benchmarking this (see PR above) on ESP32... the specific implementation does not make much difference for our usecase. We definitely don't need all of them though ;)

The most we ever encrypt is packet-length:

AES128 (184 bytes): 371 ms for 500 iterations (0.74 ms avg)
AESTiny128 (184 bytes): 361 ms for 500 iterations (0.72 ms avg)
AESSmall128 (184 bytes): 370 ms for 500 iterations (0.74 ms avg)
AES128_ESP (184 bytes): 370 ms for 500 iterations (0.74 ms avg)

AESTiny is bugged and stops encrypting after a bit, I haven't looked into why

@ViezeVingertjes
ViezeVingertjes force-pushed the reduce-crypto-duplication branch from 9753e26 to 6b00297 Compare May 14, 2026 10:18
@ViezeVingertjes

ViezeVingertjes commented May 14, 2026

Copy link
Copy Markdown
Contributor Author

Rebased this branch onto the current dev branch and resolved merge conflicts while preserving the PR scope (vendored crypto subset plus ed25519 reentrancy fixes).

Perhaps we can get this one through if one could validate it on a different setup than mine? More space more better.

@weebl2000

Copy link
Copy Markdown
Contributor

Rebased this branch onto the current dev branch and resolved merge conflicts while preserving the PR scope (vendored crypto subset plus ed25519 reentrancy fixes).

Perhaps we can get this one through if one could validate it on a different setup than mine? More space more better.

Which devices/platforms have you tested it on? I can have a go on devices I have.

Comment thread src/Identity.cpp
@ViezeVingertjes

Copy link
Copy Markdown
Contributor Author

Rebased this branch onto the current dev branch and resolved merge conflicts while preserving the PR scope (vendored crypto subset plus ed25519 reentrancy fixes).
Perhaps we can get this one through if one could validate it on a different setup than mine? More space more better.

Which devices/platforms have you tested it on? I can have a go on devices I have.

T-Echo and T-Beam back then, currently runs on my Wismesh Tag.

  • Flashed it over my existing firmware which was all fine.
  • Erase + flash to make sure nothing odd happens there.

Later imported my own key etc again and now using it normally.
Probably more than needed as it triggers the same code paths, but better safe than sorry.

@ViezeVingertjes

Copy link
Copy Markdown
Contributor Author

Added tests, rebased so its back in business, retested on ESP32 / nRF.

Fixes ed25519_verify() stack overflow by making large locals static,
removing the need for rweather's Ed25519::verify() workaround. Vendors
only the AES128+SHA256 subset of rweather/Crypto instead of all 37 files.
…_verify to ensure thread safety during concurrent calls.
@ViezeVingertjes
ViezeVingertjes force-pushed the reduce-crypto-duplication branch from 30d65fc to 5978665 Compare July 17, 2026 04:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants