Rework backend selection code.

Each backend can now be selected by an individual feature:

- `u32_backend` for `backend::u32`;
- `u64_backend` for `backend::u64`;
- `avx2_backend` for `backend::avx2`;

The `u64_backend` is selected by default, since most people use X64 and we have
no way to select based on target (see discussion in #126).  However, these
changes mean that it is possible to select the backend explicitly, and if we
had the ability to select target-default features, we could do so easily.

.travis.yml

@@ -2,34 +2,28 @@ language: rust
 
 rust:
   - stable
-  - beta
   - nightly
 
 env:
-  - TEST_COMMAND=test EXTRA_FLAGS='' FEATURES=''
+  # Tests the u32 backend
+  - TEST_COMMAND=test EXTRA_FLAGS='--no-default-features' FEATURES='std u32_backend'
+  # Tests the u64 backend
+  - TEST_COMMAND=test EXTRA_FLAGS='--no-default-features' FEATURES='std u64_backend'
+  # Tests the avx2 backend
+  - TEST_COMMAND=test EXTRA_FLAGS='--no-default-features' FEATURES='std avx2_backend yolocrypto'
+  # Tests serde support and default feature selection
   - TEST_COMMAND=test EXTRA_FLAGS='' FEATURES='serde'
-  - TEST_COMMAND=test EXTRA_FLAGS='' FEATURES='nightly'
-  - TEST_COMMAND=test EXTRA_FLAGS='' FEATURES='yolocrypto nightly'
+  # Tests building without std
   - TEST_COMMAND=build EXTRA_FLAGS=--no-default-features FEATURES='' 
 
 matrix:
   exclude:
-    # Test nightly features, such as radix_51, only on nightly.
+    # Test the avx2 backend only on nightly
     - rust: stable
-      env: TEST_COMMAND=test EXTRA_FLAGS='' FEATURES='nightly'
-    - rust: beta
-      env: TEST_COMMAND=test EXTRA_FLAGS='' FEATURES='nightly'
-    - rust: stable
-      env: TEST_COMMAND=test EXTRA_FLAGS='' FEATURES='yolocrypto nightly'
-    - rust: beta
-      env: TEST_COMMAND=test EXTRA_FLAGS='' FEATURES='yolocrypto nightly'
+      env: TEST_COMMAND=test EXTRA_FLAGS='--no-default-features' FEATURES='std avx2_backend yolocrypto'
     # Test no_std only on nightly.
     - rust: stable
-      env: TEST_COMMAND=build EXTRA_FLAGS=--no-default-features FEATURES=''
-    - rust: beta
-      env: TEST_COMMAND=build EXTRA_FLAGS=--no-default-features FEATURES=''
-    - rust: nightly
-      env: TEST_COMMAND=build EXTRA_FLAGS=--no-default-features FEATURES='alloc'
+      env: TEST_COMMAND=build EXTRA_FLAGS=--no-default-features FEATURES='' 
 
 script:
   - cargo $TEST_COMMAND --features="$FEATURES" $EXTRA_FLAGS

Cargo.toml

@@ -60,15 +60,20 @@ serde = { version = "1.0", optional = true }
 rand = { version = "0.4", optional = false }
 
 [features]
-nightly = ["radix_51", "subtle/nightly", "clear_on_drop/nightly"]
-default = ["std"]
+nightly = ["subtle/nightly", "clear_on_drop/nightly"]
+default = ["std", "u64_backend"]
 std = ["rand", "subtle/std"]
 alloc = []
-yolocrypto = ["avx2_backend"]
-# Radix-51 arithmetic using u128
-radix_51 = []
-# experimental avx2 support
-avx2_backend = ["nightly"]
+yolocrypto = []
+
+# The u32 backend uses u32s with u64 products.
+u32_backend = []
+# The u64 backend uses u64s with u128 products.
+u64_backend = []
+# The AVX2 backend uses u32x8s with u64x4 products.
+# It uses the u64 code for serial operations.
+avx2_backend = ["nightly", "u64_backend"]
+
 # Signals that we're in the main build stage.  This is off by default,
 # to signal stage 1 of the build, where build.rs loads the library
 # into the build script. Then, the build.rs emits the stage2_build

README.md

@@ -59,25 +59,38 @@ extern crate curve25519_dalek;
 
 # Backends and Features
 
+The `yolocrypto` feature enables experimental features.  The name `yolocrypto`
+is meant to indicate that it is not considered production-ready, and we do not
+consider `yolocrypto` features to be covered by semver guarantees.
+
+The `std` feature is enabled by default, but it can be disabled.
+
+The `nightly` feature enables nightly-only features.  **It is recommended for security**.
+
 Curve arithmetic is implemented using one of the following backends:
 
 * a `u32` backend using `u64` products;
-* a `u64` backend using `u128` products, available using the `nightly` feature;
+* a `u64` backend using `u128` products;
 * an experimental AVX2 backend, available using the `yolocrypto` feature when
   compiling for a target with `target_feature=+avx2`.
 
+By default the `u64` backend is selected.  To select a specific backend, use:
+```sh
+cargo build --no-default-features --features "std u32_backend"
+cargo build --no-default-features --features "std u64_backend"
+cargo build --no-default-features --features "std avx2_backend yolocrypto"
+```
+
 Benchmarks are run using [`criterion.rs`][criterion]:
 
 ```sh
-cargo bench                                 # u32 backend
-cargo bench --features="nightly"            # u64 backend
-cargo bench --features="nightly yolocrypto" # u64 or avx2 if available
+# You must set RUSTFLAGS to enable AVX2 support.
+export RUSTFLAGS="-C target_cpu=native"
+cargo bench --no-default-features --features "std u32_backend"
+cargo bench --no-default-features --features "std u64_backend"
+cargo bench --no-default-features --features "std avx2_backend yolocrypto"
 ```
 
-The `yolocrypto` feature enables experimental features.  The name `yolocrypto`
-is meant to indicate that it is not considered production-ready, and we do not
-consider `yolocrypto` features to be covered by semver guarantees.
-
 # Contributing
 
 Please see [CONTRIBUTING.md][contributing].

build.rs

@@ -75,12 +75,12 @@ fn main() {
     f.write_all(
         format!(
             "\n
-#[cfg(feature=\"radix_51\")]
-use backend::u64::field::FieldElement64;
-
-#[cfg(not(feature=\"radix_51\"))]
+#[cfg(feature = \"u32_backend\")]
 use backend::u32::field::FieldElement32;
 
+#[cfg(feature = \"u64_backend\")]
+use backend::u64::field::FieldElement64;
+
 use edwards::EdwardsBasepointTable;
 
 use curve_models::AffineNielsPoint;

src/backend/mod.rs

@@ -21,12 +21,12 @@
 //! `32bit` since identifiers can't start with letters, and the backends
 //! do use `u32`/`u64`, so this seems like a least-bad option.
 
-#[cfg(not(feature="radix_51"))]
+#[cfg(feature = "u32_backend")]
 pub mod u32;
 
-#[cfg(feature="radix_51")]
+#[cfg(feature = "u64_backend")]
 pub mod u64;
 
-#[cfg(all(feature="nightly", all(feature="avx2_backend", target_feature="avx2")))]
+#[cfg(all(feature = "avx2_backend", feature = "yolocrypto", target_feature="avx2"))]
 pub mod avx2;
 

src/constants.rs

@@ -33,9 +33,9 @@ use ristretto::CompressedRistretto;
 use montgomery::MontgomeryPoint;
 use scalar::Scalar;
 
-#[cfg(feature="radix_51")]
+#[cfg(feature = "u64_backend")]
 pub use backend::u64::constants::*;
-#[cfg(not(feature="radix_51"))]
+#[cfg(feature = "u32_backend")]
 pub use backend::u32::constants::*;
 
 /// The Ed25519 basepoint, in `CompressedEdwardsY` format.
@@ -149,8 +149,8 @@ mod test {
     }
 
     /// Test that d = -121665/121666
-    #[cfg(not(feature="radix_51"))]
     #[test]
+    #[cfg(feature = "u32_backend")]
     fn test_d_vs_ratio() {
         use backend::u32::field::FieldElement32;
         let a = -&FieldElement32([121665,0,0,0,0,0,0,0,0,0]);
@@ -162,8 +162,8 @@ mod test {
     }
 
     /// Test that d = -121665/121666
-    #[cfg(feature="radix_51")]
     #[test]
+    #[cfg(feature = "u64_backend")]
     fn test_d_vs_ratio() {
         use backend::u64::field::FieldElement64;
         let a = -&FieldElement64([121665,0,0,0,0]);

src/edwards.rs

@@ -490,13 +490,13 @@ impl<'a, 'b> Mul<&'b Scalar> for &'a EdwardsPoint {
     /// `EdwardsBasepointTable` is approximately 4x faster.
     fn mul(self, scalar: &'b Scalar) -> EdwardsPoint {
         // If we built with AVX2, use the AVX2 backend.
-        #[cfg(all(feature="nightly", all(feature="avx2_backend", target_feature="avx2")))]
+        #[cfg(all(feature="avx2_backend", target_feature="avx2"))]
         {
             use backend::avx2::scalar_mul::variable_base::mul;
             mul(self, scalar)
         }
         // Otherwise, use the serial backend:
-        #[cfg(not(all(feature="nightly", all(feature="avx2_backend", target_feature="avx2"))))]
+        #[cfg(not(all(feature="avx2_backend", target_feature="avx2")))]
         {
             use scalar_mul::variable_base::mul;
             mul(self, scalar)
@@ -571,13 +571,13 @@ pub fn multiscalar_mul<I, J>(scalars: I, points: J) -> EdwardsPoint
     // delegate based on the iter's size hint -- hdevalence
 
     // If we built with AVX2, use the AVX2 backend.
-    #[cfg(all(feature="nightly", all(feature="avx2_backend", target_feature="avx2")))]
+    #[cfg(all(feature="avx2_backend", target_feature="avx2"))]
     {
         use backend::avx2::scalar_mul::straus::multiscalar_mul;
         multiscalar_mul(scalars, points)
     }
     // Otherwise, proceed as normal:
-    #[cfg(not(all(feature="nightly", all(feature="avx2_backend", target_feature="avx2"))))]
+    #[cfg(not(all(feature="avx2_backend", target_feature="avx2")))]
     {
         use scalar_mul::straus::multiscalar_mul;
         multiscalar_mul(scalars, points)
@@ -844,13 +844,13 @@ pub mod vartime {
         // XXX later when we do more fancy multiscalar mults, we can delegate
         // based on the iter's size hint -- hdevalence
         // If we built with AVX2, use the AVX2 backend.
-        #[cfg(all(feature="nightly", all(feature="avx2_backend", target_feature="avx2")))]
+        #[cfg(all(feature="avx2_backend", target_feature="avx2"))]
         {
             use backend::avx2::scalar_mul::vartime_straus::multiscalar_mul;
             multiscalar_mul(scalars, points)
         }
         // Otherwise, proceed as normal:
-        #[cfg(not(all(feature="nightly", all(feature="avx2_backend", target_feature="avx2"))))]
+        #[cfg(not(all(feature="avx2_backend", target_feature="avx2")))]
         {
             use scalar_mul::vartime_straus::multiscalar_mul;
             multiscalar_mul(scalars, points)
@@ -861,13 +861,13 @@ pub mod vartime {
     #[cfg(feature="stage2_build")]
     pub fn double_scalar_mul_basepoint(a: &Scalar, A: &EdwardsPoint, b: &Scalar) -> EdwardsPoint {
         // If we built with AVX2, use the AVX2 backend.
-        #[cfg(all(feature="nightly", all(feature="avx2_backend", target_feature="avx2")))]
+        #[cfg(all(feature="avx2_backend", target_feature="avx2"))]
         {
             use backend::avx2::scalar_mul::vartime_double_base::mul;
             mul(a, A, b)
         }
         // Otherwise, proceed as normal:
-        #[cfg(not(all(feature="nightly", all(feature="avx2_backend", target_feature="avx2"))))]
+        #[cfg(not(all(feature="avx2_backend", target_feature="avx2")))]
         {
             use scalar_mul::vartime_double_base::mul;
             mul(a, A, b)
@@ -1169,7 +1169,7 @@ mod test {
     /// and enable `debug_assert!()`.  This performs many scalar
     /// multiplications to attempt to trigger possible overflows etc.
     ///
-    /// For instance, the `radix_51` `Mul` implementation for
+    /// For instance, the `u64` `Mul` implementation for
     /// `FieldElements` requires the input `Limb`s to be bounded by
     /// 2^54, but we cannot enforce this dynamically at runtime, or
     /// statically at compile time (until Rust gets type-level

src/field.rs

@@ -32,24 +32,24 @@ use subtle::ConstantTimeEq;
 use constants;
 use backend;
 
-#[cfg(feature="radix_51")]
+#[cfg(feature = "u64_backend")]
 pub use backend::u64::field::*;
 /// A `FieldElement` represents an element of the field
 /// \\( \mathbb Z / (2\^{255} - 19)\\).
 ///
 /// The `FieldElement` type is an alias for one of the platform-specific
 /// implementations.
-#[cfg(feature="radix_51")]
+#[cfg(feature = "u64_backend")]
 pub type FieldElement = backend::u64::field::FieldElement64;
 
-#[cfg(not(feature="radix_51"))]
+#[cfg(feature = "u32_backend")]
 pub use backend::u32::field::*;
 /// A `FieldElement` represents an element of the field
 /// \\( \mathbb Z / (2\^{255} - 19)\\).
 ///
 /// The `FieldElement` type is an alias for one of the platform-specific
 /// implementations.
-#[cfg(not(feature="radix_51"))]
+#[cfg(feature = "u32_backend")]
 pub type FieldElement = backend::u32::field::FieldElement32;
 
 impl Eq for FieldElement {}

src/lib.rs

@@ -12,7 +12,6 @@
 
 #![cfg_attr(feature = "alloc", feature(alloc))]
 
-#![cfg_attr(feature = "nightly", feature(i128_type))]
 #![cfg_attr(feature = "nightly", feature(cfg_target_feature))]
 #![cfg_attr(feature = "nightly", feature(external_doc))]
 #![cfg_attr(all(feature = "nightly", feature = "yolocrypto"), feature(stdsimd))]

src/scalar.rs

@@ -39,14 +39,14 @@ use constants;
 ///
 /// This is a type alias for one of the scalar types in the `backend`
 /// module.
-#[cfg(feature="radix_51")]
+#[cfg(feature = "u64_backend")]
 type UnpackedScalar = backend::u64::scalar::Scalar64;
 
 /// An `UnpackedScalar` represents an element of the field GF(l), optimized for speed.
 ///
 /// This is a type alias for one of the scalar types in the `backend`
 /// module.
-#[cfg(not(feature="radix_51"))]
+#[cfg(feature = "u32_backend")]
 type UnpackedScalar = backend::u32::scalar::Scalar32;