Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 1 Jan 2025 21:11:36 GMT
From:      Kyle Evans <kevans@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: f0865ec9906d - main - Add 'crypto/libecc/' from commit '736d663976d1768533badbf06581481d01fade4c'
Message-ID:  <202501012111.501LBaOZ079926@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=f0865ec9906d5a18fa2a3b61381f22ce16e606ad

commit f0865ec9906d5a18fa2a3b61381f22ce16e606ad
Merge: f59bb61e1eb4 736d663976d1
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2025-01-01 21:11:18 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2025-01-01 21:11:18 +0000

    Add 'crypto/libecc/' from commit '736d663976d1768533badbf06581481d01fade4c'
    
    git-subtree-dir: crypto/libecc
    git-subtree-mainline: f59bb61e1eb4d1e4fc3c60cc14779d0668267cb2
    git-subtree-split: 736d663976d1768533badbf06581481d01fade4c

 crypto/libecc/.github/workflows/libecc_cifuzz.yml  |     26 +
 .../.github/workflows/libecc_compilation_tests.yml |     57 +
 .../.github/workflows/libecc_crossarch_tests.yml   |     55 +
 .../libecc/.github/workflows/libecc_examples.yml   |     39 +
 .../.github/workflows/libecc_meson_build.yml       |     37 +
 .../.github/workflows/libecc_python_tests.yml      |     43 +
 .../.github/workflows/libecc_runtime_tests.yml     |     39 +
 crypto/libecc/.gitignore                           |      4 +
 crypto/libecc/.travis.yml                          |    287 +
 crypto/libecc/LICENSE                              |     50 +
 crypto/libecc/Makefile                             |    175 +
 crypto/libecc/README.md                            |   1345 +
 crypto/libecc/build/.gitignore                     |      3 +
 crypto/libecc/common.mk                            |    349 +
 crypto/libecc/include/libecc/curves/aff_pt.h       |    136 +
 crypto/libecc/include/libecc/curves/curves.h       |     31 +
 crypto/libecc/include/libecc/curves/curves_list.h  |    248 +
 crypto/libecc/include/libecc/curves/ec_edwards.h   |     39 +
 .../libecc/include/libecc/curves/ec_montgomery.h   |     34 +
 crypto/libecc/include/libecc/curves/ec_params.h    |     91 +
 crypto/libecc/include/libecc/curves/ec_shortw.h    |     45 +
 .../libecc/curves/known/ec_params_bign256v1.h      |    315 +
 .../libecc/curves/known/ec_params_bign384v1.h      |    337 +
 .../libecc/curves/known/ec_params_bign512v1.h      |    359 +
 .../curves/known/ec_params_brainpoolp192r1.h       |    334 +
 .../curves/known/ec_params_brainpoolp192t1.h       |    316 +
 .../curves/known/ec_params_brainpoolp224r1.h       |    295 +
 .../curves/known/ec_params_brainpoolp224t1.h       |    333 +
 .../curves/known/ec_params_brainpoolp256r1.h       |    227 +
 .../curves/known/ec_params_brainpoolp256t1.h       |    333 +
 .../curves/known/ec_params_brainpoolp320r1.h       |    350 +
 .../curves/known/ec_params_brainpoolp320t1.h       |    350 +
 .../curves/known/ec_params_brainpoolp384r1.h       |    265 +
 .../curves/known/ec_params_brainpoolp384t1.h       |    367 +
 .../curves/known/ec_params_brainpoolp512r1.h       |    276 +
 .../curves/known/ec_params_brainpoolp512t1.h       |    401 +
 .../libecc/curves/known/ec_params_external.h       |    104 +
 .../libecc/curves/known/ec_params_frp256v1.h       |    233 +
 .../libecc/curves/known/ec_params_gost256.h        |    233 +
 .../libecc/curves/known/ec_params_gost512.h        |    286 +
 ...c_params_gost_R3410_2001_CryptoPro_A_ParamSet.h |    315 +
 ...c_params_gost_R3410_2001_CryptoPro_B_ParamSet.h |    324 +
 ...c_params_gost_R3410_2001_CryptoPro_C_ParamSet.h |    333 +
 ...arams_gost_R3410_2001_CryptoPro_XchA_ParamSet.h |    315 +
 ...arams_gost_R3410_2001_CryptoPro_XchB_ParamSet.h |    333 +
 .../known/ec_params_gost_R3410_2001_TestParamSet.h |    324 +
 .../ec_params_gost_R3410_2012_256_paramSetA.h      |    316 +
 .../ec_params_gost_R3410_2012_256_paramSetB.h      |    315 +
 .../ec_params_gost_R3410_2012_256_paramSetC.h      |    324 +
 .../ec_params_gost_R3410_2012_256_paramSetD.h      |    333 +
 .../ec_params_gost_R3410_2012_512_paramSetA.h      |    359 +
 .../ec_params_gost_R3410_2012_512_paramSetB.h      |    380 +
 .../ec_params_gost_R3410_2012_512_paramSetC.h      |    359 +
 .../ec_params_gost_R3410_2012_512_paramSetTest.h   |    401 +
 .../libecc/curves/known/ec_params_secp192k1.h      |    307 +
 .../libecc/curves/known/ec_params_secp192r1.h      |    312 +
 .../libecc/curves/known/ec_params_secp224k1.h      |    320 +
 .../libecc/curves/known/ec_params_secp224r1.h      |    279 +
 .../libecc/curves/known/ec_params_secp256k1.h      |    318 +
 .../libecc/curves/known/ec_params_secp256r1.h      |    227 +
 .../libecc/curves/known/ec_params_secp384r1.h      |    250 +
 .../libecc/curves/known/ec_params_secp521r1.h      |    327 +
 .../libecc/curves/known/ec_params_sm2p192test.h    |    326 +
 .../libecc/curves/known/ec_params_sm2p256test.h    |    349 +
 .../libecc/curves/known/ec_params_sm2p256v1.h      |    350 +
 .../libecc/curves/known/ec_params_wei25519.h       |    334 +
 .../include/libecc/curves/known/ec_params_wei448.h |    391 +
 crypto/libecc/include/libecc/curves/prj_pt.h       |     88 +
 crypto/libecc/include/libecc/ecdh/ecccdh.h         |     63 +
 crypto/libecc/include/libecc/ecdh/ecdh.h           |     21 +
 crypto/libecc/include/libecc/ecdh/x25519_448.h     |     62 +
 crypto/libecc/include/libecc/external_deps/print.h |     34 +
 crypto/libecc/include/libecc/external_deps/rand.h  |     22 +
 crypto/libecc/include/libecc/external_deps/time.h  |     23 +
 crypto/libecc/include/libecc/fp/fp.h               |     98 +
 crypto/libecc/include/libecc/fp/fp_add.h           |     26 +
 crypto/libecc/include/libecc/fp/fp_config.h        |     25 +
 crypto/libecc/include/libecc/fp/fp_montgomery.h    |     30 +
 crypto/libecc/include/libecc/fp/fp_mul.h           |     26 +
 crypto/libecc/include/libecc/fp/fp_mul_redc1.h     |     25 +
 crypto/libecc/include/libecc/fp/fp_pow.h           |     22 +
 crypto/libecc/include/libecc/fp/fp_rand.h          |     22 +
 crypto/libecc/include/libecc/fp/fp_sqrt.h          |     25 +
 crypto/libecc/include/libecc/hash/bash.h           |    162 +
 crypto/libecc/include/libecc/hash/bash224.h        |     64 +
 crypto/libecc/include/libecc/hash/bash256.h        |     64 +
 crypto/libecc/include/libecc/hash/bash384.h        |     64 +
 crypto/libecc/include/libecc/hash/bash512.h        |     64 +
 crypto/libecc/include/libecc/hash/belt-hash.h      |    164 +
 crypto/libecc/include/libecc/hash/hash_algs.h      |    554 +
 crypto/libecc/include/libecc/hash/hmac.h           |     38 +
 crypto/libecc/include/libecc/hash/keccak.h         |    112 +
 crypto/libecc/include/libecc/hash/ripemd160.h      |     73 +
 crypto/libecc/include/libecc/hash/sha2.h           |    219 +
 crypto/libecc/include/libecc/hash/sha224.h         |     79 +
 crypto/libecc/include/libecc/hash/sha256.h         |     79 +
 crypto/libecc/include/libecc/hash/sha3-224.h       |     69 +
 crypto/libecc/include/libecc/hash/sha3-256.h       |     69 +
 crypto/libecc/include/libecc/hash/sha3-384.h       |     69 +
 crypto/libecc/include/libecc/hash/sha3-512.h       |     69 +
 crypto/libecc/include/libecc/hash/sha3.h           |     46 +
 crypto/libecc/include/libecc/hash/sha384.h         |     79 +
 crypto/libecc/include/libecc/hash/sha512-224.h     |     71 +
 crypto/libecc/include/libecc/hash/sha512-256.h     |     71 +
 crypto/libecc/include/libecc/hash/sha512.h         |     71 +
 crypto/libecc/include/libecc/hash/sha512_core.h    |     46 +
 crypto/libecc/include/libecc/hash/shake.h          |     41 +
 crypto/libecc/include/libecc/hash/shake256.h       |     68 +
 crypto/libecc/include/libecc/hash/sm3.h            |     73 +
 crypto/libecc/include/libecc/hash/streebog.h       |   1301 +
 crypto/libecc/include/libecc/hash/streebog256.h    |     65 +
 crypto/libecc/include/libecc/hash/streebog512.h    |     65 +
 crypto/libecc/include/libecc/lib_ecc_config.h      |    134 +
 crypto/libecc/include/libecc/lib_ecc_types.h       |    288 +
 crypto/libecc/include/libecc/libarith.h            |     41 +
 crypto/libecc/include/libecc/libec.h               |     30 +
 crypto/libecc/include/libecc/libsig.h              |     37 +
 crypto/libecc/include/libecc/meson.build           |    156 +
 crypto/libecc/include/libecc/nn/nn.h               |     96 +
 crypto/libecc/include/libecc/nn/nn_add.h           |     32 +
 crypto/libecc/include/libecc/nn/nn_config.h        |    220 +
 crypto/libecc/include/libecc/nn/nn_div.h           |     43 +
 crypto/libecc/include/libecc/nn/nn_div_public.h    |     30 +
 crypto/libecc/include/libecc/nn/nn_logical.h       |     34 +
 crypto/libecc/include/libecc/nn/nn_mod_pow.h       |     23 +
 crypto/libecc/include/libecc/nn/nn_modinv.h        |     26 +
 crypto/libecc/include/libecc/nn/nn_mul.h           |     29 +
 crypto/libecc/include/libecc/nn/nn_mul_public.h    |     24 +
 crypto/libecc/include/libecc/nn/nn_mul_redc1.h     |     26 +
 crypto/libecc/include/libecc/nn/nn_rand.h          |     24 +
 crypto/libecc/include/libecc/sig/bign.h            |     40 +
 crypto/libecc/include/libecc/sig/bign_common.h     |    101 +
 crypto/libecc/include/libecc/sig/bip0340.h         |     73 +
 crypto/libecc/include/libecc/sig/dbign.h           |     40 +
 crypto/libecc/include/libecc/sig/decdsa.h          |     48 +
 crypto/libecc/include/libecc/sig/ec_key.h          |    224 +
 crypto/libecc/include/libecc/sig/ecdsa.h           |     48 +
 crypto/libecc/include/libecc/sig/ecdsa_common.h    |     88 +
 crypto/libecc/include/libecc/sig/ecfsdsa.h         |     94 +
 crypto/libecc/include/libecc/sig/ecgdsa.h          |     85 +
 crypto/libecc/include/libecc/sig/eckcdsa.h         |     84 +
 crypto/libecc/include/libecc/sig/ecosdsa.h         |     69 +
 crypto/libecc/include/libecc/sig/ecrdsa.h          |     85 +
 crypto/libecc/include/libecc/sig/ecsdsa.h          |     81 +
 crypto/libecc/include/libecc/sig/ecsdsa_common.h   |     51 +
 crypto/libecc/include/libecc/sig/eddsa.h           |    134 +
 crypto/libecc/include/libecc/sig/fuzzing_ecdsa.h   |     28 +
 crypto/libecc/include/libecc/sig/fuzzing_ecgdsa.h  |     28 +
 crypto/libecc/include/libecc/sig/fuzzing_ecrdsa.h  |     28 +
 crypto/libecc/include/libecc/sig/sig_algs.h        |    113 +
 .../libecc/include/libecc/sig/sig_algs_internal.h  |    650 +
 crypto/libecc/include/libecc/sig/sm2.h             |     83 +
 crypto/libecc/include/libecc/utils/dbg_sig.h       |     61 +
 crypto/libecc/include/libecc/utils/print_buf.h     |     18 +
 crypto/libecc/include/libecc/utils/print_curves.h  |     28 +
 crypto/libecc/include/libecc/utils/print_fp.h      |     28 +
 crypto/libecc/include/libecc/utils/print_keys.h    |     26 +
 crypto/libecc/include/libecc/utils/print_nn.h      |     24 +
 crypto/libecc/include/libecc/utils/utils.h         |    196 +
 crypto/libecc/include/libecc/utils/utils_rand.h    |     22 +
 crypto/libecc/include/libecc/words/types.h         |    163 +
 crypto/libecc/include/libecc/words/words.h         |    129 +
 crypto/libecc/include/libecc/words/words_16.h      |     73 +
 crypto/libecc/include/libecc/words/words_32.h      |     73 +
 crypto/libecc/include/libecc/words/words_64.h      |     74 +
 crypto/libecc/meson.build                          |    282 +
 crypto/libecc/meson.options                        |    127 +
 crypto/libecc/scripts/crossbuild.sh                |    315 +
 crypto/libecc/scripts/crossrun.sh                  |    124 +
 crypto/libecc/scripts/expand_libecc.py             |   1956 +
 crypto/libecc/scripts/gen_curves_tests.sh          |     89 +
 crypto/libecc/scripts/gen_openssl_curves_tests.sh  |     52 +
 crypto/libecc/scripts/sha3.py                      |    115 +
 crypto/libecc/scripts/test_ec_utils.sh             |     82 +
 crypto/libecc/src/arithmetic_tests/Makefile        |     26 +
 .../libecc/src/arithmetic_tests/arithmetic_tests.c |   1233 +
 .../arithmetic_tests/arithmetic_tests_generator.py |   2009 +
 crypto/libecc/src/curves/aff_pt.c                  |    346 +
 crypto/libecc/src/curves/aff_pt_edwards.c          |    855 +
 crypto/libecc/src/curves/aff_pt_montgomery.c       |    579 +
 crypto/libecc/src/curves/curves.c                  |    256 +
 crypto/libecc/src/curves/ec_edwards.c              |     79 +
 crypto/libecc/src/curves/ec_montgomery.c           |     85 +
 crypto/libecc/src/curves/ec_params.c               |    194 +
 crypto/libecc/src/curves/ec_shortw.c               |    107 +
 crypto/libecc/src/curves/meson.build               |     11 +
 crypto/libecc/src/curves/prj_pt.c                  |   2113 +
 crypto/libecc/src/ecdh/ecccdh.c                    |    242 +
 crypto/libecc/src/ecdh/meson.build                 |      4 +
 crypto/libecc/src/ecdh/x25519_448.c                |    435 +
 crypto/libecc/src/examples/Makefile                |     50 +
 crypto/libecc/src/examples/basic/Makefile          |     43 +
 .../src/examples/basic/curve_basic_examples.c      |    401 +
 crypto/libecc/src/examples/basic/curve_ecdh.c      |    284 +
 .../libecc/src/examples/basic/fp_square_residue.c  |    131 +
 crypto/libecc/src/examples/basic/nn_miller_rabin.c |    223 +
 crypto/libecc/src/examples/basic/nn_pollard_rho.c  |    259 +
 crypto/libecc/src/examples/hash/Makefile           |     37 +
 crypto/libecc/src/examples/hash/gostr34_11_94.c    |    631 +
 crypto/libecc/src/examples/hash/gostr34_11_94.h    |    193 +
 crypto/libecc/src/examples/hash/hash.c             |    510 +
 crypto/libecc/src/examples/hash/hash.h             |    106 +
 crypto/libecc/src/examples/hash/md2.c              |    228 +
 crypto/libecc/src/examples/hash/md2.h              |     63 +
 crypto/libecc/src/examples/hash/md4.c              |    264 +
 crypto/libecc/src/examples/hash/md4.h              |    136 +
 crypto/libecc/src/examples/hash/md5.c              |    265 +
 crypto/libecc/src/examples/hash/md5.h              |    137 +
 crypto/libecc/src/examples/hash/mdc2.c             |    305 +
 crypto/libecc/src/examples/hash/mdc2.h             |    102 +
 crypto/libecc/src/examples/hash/sha0.c             |    264 +
 crypto/libecc/src/examples/hash/sha0.h             |    135 +
 crypto/libecc/src/examples/hash/sha1.c             |    264 +
 crypto/libecc/src/examples/hash/sha1.h             |    135 +
 crypto/libecc/src/examples/hash/tdes.c             |    492 +
 crypto/libecc/src/examples/hash/tdes.h             |     77 +
 crypto/libecc/src/examples/sig/Makefile            |     52 +
 crypto/libecc/src/examples/sig/common/common.h     |    248 +
 crypto/libecc/src/examples/sig/dsa/Makefile        |     34 +
 crypto/libecc/src/examples/sig/dsa/dsa.c           |    555 +
 crypto/libecc/src/examples/sig/dsa/dsa.h           |     75 +
 .../libecc/src/examples/sig/gostr34_10_94/Makefile |     34 +
 .../src/examples/sig/gostr34_10_94/gostr34_10_94.c |    521 +
 .../src/examples/sig/gostr34_10_94/gostr34_10_94.h |     72 +
 crypto/libecc/src/examples/sig/kcdsa/Makefile      |     37 +
 crypto/libecc/src/examples/sig/kcdsa/kcdsa.c       |    759 +
 crypto/libecc/src/examples/sig/kcdsa/kcdsa.h       |     72 +
 crypto/libecc/src/examples/sig/rsa/Makefile        |     36 +
 crypto/libecc/src/examples/sig/rsa/rsa.c           |   2057 +
 crypto/libecc/src/examples/sig/rsa/rsa.h           |    187 +
 .../libecc/src/examples/sig/rsa/rsa_pkcs1_tests.h  | 111724 +++
 crypto/libecc/src/examples/sig/rsa/rsa_tests.h     |    215 +
 crypto/libecc/src/examples/sig/sdsa/Makefile       |     34 +
 crypto/libecc/src/examples/sig/sdsa/sdsa.c         |    467 +
 crypto/libecc/src/examples/sig/sdsa/sdsa.h         |     72 +
 crypto/libecc/src/examples/sss/Makefile            |     44 +
 crypto/libecc/src/examples/sss/sss.c               |    772 +
 crypto/libecc/src/examples/sss/sss.h               |     98 +
 crypto/libecc/src/examples/sss/sss_private.h       |     30 +
 crypto/libecc/src/external_deps/meson.build        |      5 +
 crypto/libecc/src/external_deps/print.c            |     31 +
 crypto/libecc/src/external_deps/rand.c             |    121 +
 crypto/libecc/src/external_deps/time.c             |     72 +
 crypto/libecc/src/fp/fp.c                          |    470 +
 crypto/libecc/src/fp/fp_add.c                      |    140 +
 crypto/libecc/src/fp/fp_montgomery.c               |     91 +
 crypto/libecc/src/fp/fp_mul.c                      |    138 +
 crypto/libecc/src/fp/fp_mul_redc1.c                |    112 +
 crypto/libecc/src/fp/fp_pow.c                      |     79 +
 crypto/libecc/src/fp/fp_rand.c                     |     34 +
 crypto/libecc/src/fp/fp_sqrt.c                     |    281 +
 crypto/libecc/src/fp/meson.build                   |     10 +
 crypto/libecc/src/hash/bash.c                      |    138 +
 crypto/libecc/src/hash/bash224.c                   |    110 +
 crypto/libecc/src/hash/bash256.c                   |    110 +
 crypto/libecc/src/hash/bash384.c                   |    114 +
 crypto/libecc/src/hash/bash512.c                   |    110 +
 crypto/libecc/src/hash/belt-hash.c                 |    471 +
 crypto/libecc/src/hash/hash_algs.c                 |    429 +
 crypto/libecc/src/hash/hmac.c                      |    185 +
 crypto/libecc/src/hash/meson.build                 |     27 +
 crypto/libecc/src/hash/ripemd160.c                 |    348 +
 crypto/libecc/src/hash/sha224.c                    |    250 +
 crypto/libecc/src/hash/sha256.c                    |    241 +
 crypto/libecc/src/hash/sha3-224.c                  |    115 +
 crypto/libecc/src/hash/sha3-256.c                  |    115 +
 crypto/libecc/src/hash/sha3-384.c                  |    119 +
 crypto/libecc/src/hash/sha3-512.c                  |    115 +
 crypto/libecc/src/hash/sha3.c                      |    116 +
 crypto/libecc/src/hash/sha384.c                    |    255 +
 crypto/libecc/src/hash/sha512-224.c                |    124 +
 crypto/libecc/src/hash/sha512-256.c                |    124 +
 crypto/libecc/src/hash/sha512.c                    |    125 +
 crypto/libecc/src/hash/sha512_core.c               |    189 +
 crypto/libecc/src/hash/shake.c                     |    103 +
 crypto/libecc/src/hash/shake256.c                  |     96 +
 crypto/libecc/src/hash/sm3.c                       |    360 +
 crypto/libecc/src/hash/streebog.c                  |    344 +
 crypto/libecc/src/nn/meson.build                   |     11 +
 crypto/libecc/src/nn/nn.c                          |    608 +
 crypto/libecc/src/nn/nn_add.c                      |    613 +
 crypto/libecc/src/nn/nn_div.c                      |   1271 +
 crypto/libecc/src/nn/nn_div.h                      |     43 +
 crypto/libecc/src/nn/nn_logical.c                  |    577 +
 crypto/libecc/src/nn/nn_mod_pow.c                  |    334 +
 crypto/libecc/src/nn/nn_modinv.c                   |    587 +
 crypto/libecc/src/nn/nn_mul.c                      |    197 +
 crypto/libecc/src/nn/nn_mul.h                      |     29 +
 crypto/libecc/src/nn/nn_mul_redc1.c                |    342 +
 crypto/libecc/src/nn/nn_rand.c                     |    133 +
 crypto/libecc/src/sig/bign.c                       |     79 +
 crypto/libecc/src/sig/bign_common.c                |   1001 +
 crypto/libecc/src/sig/bip0340.c                    |   1325 +
 crypto/libecc/src/sig/dbign.c                      |    115 +
 crypto/libecc/src/sig/decdsa.c                     |    121 +
 crypto/libecc/src/sig/ec_key.c                     |    620 +
 crypto/libecc/src/sig/ecdsa.c                      |     85 +
 crypto/libecc/src/sig/ecdsa_common.c               |   1039 +
 crypto/libecc/src/sig/ecfsdsa.c                    |   1087 +
 crypto/libecc/src/sig/ecgdsa.c                     |    621 +
 crypto/libecc/src/sig/eckcdsa.c                    |    841 +
 crypto/libecc/src/sig/ecosdsa.c                    |     99 +
 crypto/libecc/src/sig/ecrdsa.c                     |    623 +
 crypto/libecc/src/sig/ecsdsa.c                     |     97 +
 crypto/libecc/src/sig/ecsdsa_common.c              |    632 +
 crypto/libecc/src/sig/eddsa.c                      |   2935 +
 crypto/libecc/src/sig/fuzzing_ecdsa.c              |    434 +
 crypto/libecc/src/sig/fuzzing_ecgdsa.c             |    391 +
 crypto/libecc/src/sig/fuzzing_ecrdsa.c             |    425 +
 crypto/libecc/src/sig/meson.build                  |     26 +
 crypto/libecc/src/sig/sig_algs.c                   |   1112 +
 crypto/libecc/src/sig/sm2.c                        |    724 +
 crypto/libecc/src/tests/bign_test_vectors.h        |    448 +
 crypto/libecc/src/tests/bip0340_test_vectors.h     |    204 +
 crypto/libecc/src/tests/dbign_test_vectors.h       |    232 +
 crypto/libecc/src/tests/decdsa_test_vectors.h      |   1362 +
 crypto/libecc/src/tests/ec_self_tests.c            |    302 +
 crypto/libecc/src/tests/ec_self_tests.h            |     21 +
 crypto/libecc/src/tests/ec_self_tests_core.c       |   1975 +
 crypto/libecc/src/tests/ec_self_tests_core.h       |   5757 +
 crypto/libecc/src/tests/ec_utils.c                 |   1878 +
 crypto/libecc/src/tests/ecccdh_test_vectors.h      |   3750 +
 crypto/libecc/src/tests/ed25519_test_vectors.h     |  24610 +
 crypto/libecc/src/tests/ed25519ctx_test_vectors.h  |    138 +
 crypto/libecc/src/tests/ed25519ph_test_vectors.h   |     45 +
 crypto/libecc/src/tests/ed448_test_vectors.h       |    317 +
 crypto/libecc/src/tests/ed448ph_test_vectors.h     |     74 +
 crypto/libecc/src/tests/meson.build                |     55 +
 crypto/libecc/src/tests/x25519_test_vectors.h      |    142 +
 crypto/libecc/src/tests/x448_test_vectors.h        |     75 +
 crypto/libecc/src/utils/meson.build                |     15 +
 crypto/libecc/src/utils/print_buf.c                |     31 +
 crypto/libecc/src/utils/print_curves.c             |     76 +
 crypto/libecc/src/utils/print_fp.c                 |     65 +
 crypto/libecc/src/utils/print_keys.c               |     42 +
 crypto/libecc/src/utils/print_nn.c                 |     37 +
 crypto/libecc/src/utils/utils.c                    |    233 +
 crypto/libecc/src/utils/utils_rand.c               |     51 +
 crypto/libecc/src/utils/utils_rand.h               |     22 +
 crypto/libecc/src/wycheproof_tests/Makefile        |     17 +
 .../src/wycheproof_tests/libecc_wycheproof.c       |    838 +
 .../src/wycheproof_tests/libecc_wycheproof.h       |    151 +
 .../src/wycheproof_tests/libecc_wycheproof_tests.h | 728074 ++++++++++++++++++
 crypto/libecc/support/meson/armv7em-noneabi.ini    |     17 +
 344 files changed, 959066 insertions(+)

diff --cc crypto/libecc/.github/workflows/libecc_cifuzz.yml
index 000000000000,d315da238fc6..d315da238fc6
mode 000000,100644..100644
--- a/crypto/libecc/.github/workflows/libecc_cifuzz.yml
+++ b/crypto/libecc/.github/workflows/libecc_cifuzz.yml
diff --cc crypto/libecc/.github/workflows/libecc_compilation_tests.yml
index 000000000000,76aae957f362..76aae957f362
mode 000000,100644..100644
--- a/crypto/libecc/.github/workflows/libecc_compilation_tests.yml
+++ b/crypto/libecc/.github/workflows/libecc_compilation_tests.yml
diff --cc crypto/libecc/.github/workflows/libecc_crossarch_tests.yml
index 000000000000,93dbca1b5719..93dbca1b5719
mode 000000,100644..100644
--- a/crypto/libecc/.github/workflows/libecc_crossarch_tests.yml
+++ b/crypto/libecc/.github/workflows/libecc_crossarch_tests.yml
diff --cc crypto/libecc/.github/workflows/libecc_examples.yml
index 000000000000,f50e6da9ee60..f50e6da9ee60
mode 000000,100644..100644
--- a/crypto/libecc/.github/workflows/libecc_examples.yml
+++ b/crypto/libecc/.github/workflows/libecc_examples.yml
diff --cc crypto/libecc/.github/workflows/libecc_meson_build.yml
index 000000000000,e942ae9c2470..e942ae9c2470
mode 000000,100644..100644
--- a/crypto/libecc/.github/workflows/libecc_meson_build.yml
+++ b/crypto/libecc/.github/workflows/libecc_meson_build.yml
diff --cc crypto/libecc/.github/workflows/libecc_python_tests.yml
index 000000000000,895760f7369e..895760f7369e
mode 000000,100644..100644
--- a/crypto/libecc/.github/workflows/libecc_python_tests.yml
+++ b/crypto/libecc/.github/workflows/libecc_python_tests.yml
diff --cc crypto/libecc/.github/workflows/libecc_runtime_tests.yml
index 000000000000,2432511a1be0..2432511a1be0
mode 000000,100644..100644
--- a/crypto/libecc/.github/workflows/libecc_runtime_tests.yml
+++ b/crypto/libecc/.github/workflows/libecc_runtime_tests.yml
diff --cc crypto/libecc/.gitignore
index 000000000000,000000000000..da8ab177478b
new file mode 100644
--- /dev/null
+++ b/crypto/libecc/.gitignore
@@@ -1,0 -1,0 +1,4 @@@
++*.o
++*.d
++*~
++*.su
diff --cc crypto/libecc/.travis.yml
index 000000000000,45f70324466f..45f70324466f
mode 000000,100644..100644
--- a/crypto/libecc/.travis.yml
+++ b/crypto/libecc/.travis.yml
diff --cc crypto/libecc/LICENSE
index 000000000000,20d677be5596..20d677be5596
mode 000000,100644..100644
--- a/crypto/libecc/LICENSE
+++ b/crypto/libecc/LICENSE
diff --cc crypto/libecc/Makefile
index 000000000000,000000000000..ead3dc3ce3cc
new file mode 100644
--- /dev/null
+++ b/crypto/libecc/Makefile
@@@ -1,0 -1,0 +1,175 @@@
++.SUFFIXES:
++
++# Where to put generated objects
++BUILD_DIR ?= build
++# Default to the previous behaviour and keep generated .o & .d files next to the source code
++OBJ_DIR ?=.
++include common.mk
++
++
++# Static libraries to build
++LIBS = $(LIBARITH) $(LIBEC) $(LIBSIGN)
++
++# Compile dynamic libraries if the user asked to
++ifeq ($(WITH_DYNAMIC_LIBS),1)
++LIBS += $(LIBARITH_DYN) $(LIBEC_DYN) $(LIBSIGN_DYN)
++endif
++
++# Executables to build
++TESTS_EXEC = $(BUILD_DIR)/ec_self_tests $(BUILD_DIR)/ec_utils
++# We also compile executables with dynamic linking if asked to
++ifeq ($(WITH_DYNAMIC_LIBS),1)
++TESTS_EXEC += $(BUILD_DIR)/ec_self_tests_dyn $(BUILD_DIR)/ec_utils_dyn
++endif
++
++EXEC_TO_CLEAN = $(BUILD_DIR)/ec_self_tests $(BUILD_DIR)/ec_utils $(BUILD_DIR)/ec_self_tests_dyn $(BUILD_DIR)/ec_utils_dyn
++
++# all and clean, as you might expect
++all: $(LIBS) $(TESTS_EXEC)
++
++# Default object files extension
++OBJ_FILES_EXTENSION ?= o
++
++clean:
++	@rm -f $(LIBS) $(EXEC_TO_CLEAN)
++	@find $(OBJ_DIR)/ -name '*.$(OBJ_FILES_EXTENSION)' -exec rm -f '{}' \;
++	@find $(OBJ_DIR)/ -name '*.d' -exec rm -f '{}' \;
++	@find $(BUILD_DIR)/ -name '*.a' -exec rm -f '{}' \;
++	@find $(BUILD_DIR)/ -name '*.so' -exec rm -f '{}' \;
++	@find . -name '*~'  -exec rm -f '{}' \;
++
++
++
++# --- Source Code ---
++
++# external dependencies
++EXT_DEPS_SRC = $(wildcard src/external_deps/*.c)
++
++# utils module (for the ARITH layer, we only need
++# NN and FP - and not curves - related stuff. Same goes
++# for EC and SIGN. Hence the distinction between three
++# sets of utils objects.
++UTILS_ARITH_SRC = src/utils/utils.c src/utils/utils_rand.c
++UTILS_ARITH_SRC += $(wildcard src/utils/*_nn.c)
++UTILS_ARITH_SRC += $(wildcard src/utils/*_fp.c)
++UTILS_ARITH_SRC += $(wildcard src/utils/*_buf.c)
++UTILS_EC_SRC = $(wildcard src/utils/*_curves.c)
++UTILS_SIGN_SRC = $(wildcard src/utils/*_keys.c)
++
++# nn module
++NN_SRC = $(wildcard src/nn/n*.c)
++
++# fp module
++FP_SRC = $(wildcard src/fp/fp*.c)
++
++# curve module
++CURVES_SRC = $(wildcard src/curves/*.c)
++
++# Hash module
++HASH_SRC = $(wildcard src/hash/sha*.c) $(wildcard src/hash/bash*.c) src/hash/hash_algs.c src/hash/sm3.c src/hash/streebog.c src/hash/ripemd160.c src/hash/belt-hash.c src/hash/hmac.c
++
++# Key/Signature/Verification/ECDH module
++SIG_SRC = $(wildcard src/sig/*dsa.c) src/sig/ecdsa_common.c src/sig/ecsdsa_common.c src/sig/sig_algs.c src/sig/sm2.c src/sig/bign_common.c src/sig/bign.c src/sig/dbign.c src/sig/bip0340.c
++ECDH_SRC = $(wildcard src/ecdh/*.c)
++KEY_SRC = src/sig/ec_key.c
++
++# Test elements
++TESTS_OBJECTS_CORE_SRC = src/tests/ec_self_tests_core.c
++TESTS_OBJECTS_SELF_SRC = src/tests/ec_self_tests.c
++TESTS_OBJECTS_UTILS_SRC = src/tests/ec_utils.c
++
++
++
++# --- Static Libraries ---
++
++LIBARITH_SRC = $(FP_SRC) $(NN_SRC) $(UTILS_ARITH_SRC)
++LIBARITH_OBJECTS = $(patsubst %,$(OBJ_DIR)/%.$(OBJ_FILES_EXTENSION),$(basename $(LIBARITH_SRC)))
++$(LIBARITH): $(LIBARITH_OBJECTS)
++	$(VERBOSE_MAKE)$(CROSS_COMPILE)$(AR) $(AR_FLAGS) $@ $^
++	$(VERBOSE_MAKE)$(CROSS_COMPILE)$(RANLIB) $(RANLIB_FLAGS) $@
++
++LIBEC_SRC = $(LIBARITH_SRC) $(CURVES_SRC) $(UTILS_EC_SRC)
++LIBEC_OBJECTS = $(patsubst %,$(OBJ_DIR)/%.$(OBJ_FILES_EXTENSION),$(basename $(LIBEC_SRC)))
++$(LIBEC): $(LIBEC_OBJECTS)
++	$(VERBOSE_MAKE)$(CROSS_COMPILE)$(AR) $(AR_FLAGS) $@ $^
++	$(VERBOSE_MAKE)$(CROSS_COMPILE)$(RANLIB) $(RANLIB_FLAGS) $@
++
++LIBSIGN_SRC = $(LIBEC_SRC) $(HASH_SRC) $(SIG_SRC) $(KEY_SRC) $(UTILS_SIGN_SRC) $(ECDH_SRC)
++LIBSIGN_OBJECTS = $(patsubst %,$(OBJ_DIR)/%.$(OBJ_FILES_EXTENSION),$(basename $(LIBSIGN_SRC)))
++$(LIBSIGN): $(LIBSIGN_OBJECTS)
++	$(VERBOSE_MAKE)$(CROSS_COMPILE)$(AR) $(AR_FLAGS) $@ $^
++	$(VERBOSE_MAKE)$(CROSS_COMPILE)$(RANLIB) $(RANLIB_FLAGS) $@
++
++
++
++# --- Dynamic Libraries ---
++
++$(LIBARITH_DYN): $(LIBARITH_OBJECTS)
++	$(VERBOSE_MAKE)$(CROSS_COMPILE)$(CC) $(LIB_CFLAGS) $(LIB_DYN_LDFLAGS) $^ -o $@
++
++$(LIBEC_DYN): $(LIBEC_OBJECTS)
++	$(VERBOSE_MAKE)$(CROSS_COMPILE)$(CC) $(LIB_CFLAGS) $(LIB_DYN_LDFLAGS) $^ -o $@
++
++$(LIBSIGN_DYN): $(LIBSIGN_OBJECTS)
++	$(VERBOSE_MAKE)$(CROSS_COMPILE)$(CC) $(LIB_CFLAGS) $(LIB_DYN_LDFLAGS) $^ -o $@
++
++
++
++# --- Executables (Static linkage with libsign object files) ---
++
++EC_SELF_TESTS_SRC = $(TESTS_OBJECTS_CORE_SRC) $(TESTS_OBJECTS_SELF_SRC) $(EXT_DEPS_SRC)
++EC_SELF_TESTS_OBJECTS = $(patsubst %,$(OBJ_DIR)/%.$(OBJ_FILES_EXTENSION),$(basename $(EC_SELF_TESTS_SRC)))
++$(BUILD_DIR)/ec_self_tests: $(EC_SELF_TESTS_OBJECTS) $(LIBSIGN_OBJECTS)
++	$(VERBOSE_MAKE)$(CROSS_COMPILE)$(CC) $(BIN_CFLAGS) $(BIN_LDFLAGS) $^ -o $@
++
++EC_UTILS_SRC = $(TESTS_OBJECTS_CORE_SRC) $(TESTS_OBJECTS_UTILS_SRC) $(EXT_DEPS_SRC)
++EC_UTILS_OBJECTS = $(patsubst %,$(OBJ_DIR)/%.$(OBJ_FILES_EXTENSION),$(basename $(EC_UTILS_SRC)))
++$(BUILD_DIR)/ec_utils: $(EC_UTILS_SRC) $(LIBSIGN_OBJECTS)
++	$(VERBOSE_MAKE)$(CROSS_COMPILE)$(CC) $(BIN_CFLAGS) $(BIN_LDFLAGS) -DWITH_STDLIB  $^ -o $@
++
++
++
++# --- Excutables (Dynamic linkage with libsign shared library) ---
++
++$(BUILD_DIR)/ec_self_tests_dyn: $(EC_SELF_TESTS_OBJECTS)
++	$(VERBOSE_MAKE)$(CROSS_COMPILE)$(CC) $(BIN_CFLAGS) $(BIN_LDFLAGS) -L$(BUILD_DIR) $^ -lsign -o $@
++
++$(BUILD_DIR)/ec_utils_dyn: $(EC_UTILS_OBJECTS)
++	$(VERBOSE_MAKE)$(CROSS_COMPILE)$(CC) $(BIN_CFLAGS) $(BIN_LDFLAGS) -L$(BUILD_DIR) -DWITH_STDLIB  $^ -lsign -o $@
++
++
++
++.PHONY: all clean 16 32 64 debug debug16 debug32 debug64 force_arch32 force_arch64
++
++# All source files, used to construct general rules
++SRC += $(EXT_DEPS_SRC) $(UTILS_ARITH_SRC) $(UTILS_EC_SRC) $(UTILS_SIGN_SRC)
++SRC += $(NN_SRC) $(FP_SRC) $(CURVES_SRC) $(HASH_SRC) $(SIG_SRC) $(ECDH_SRC)
++SRC += $(KEY_SRC) $(TESTS_OBJECTS_CORE_SRC) $(TESTS_OBJECTS_SELF_SRC)
++SRC += $(TESTS_OBJECTS_UTILS_SRC)
++
++# All object files
++OBJS = $(patsubst %,$(OBJ_DIR)/%.$(OBJ_FILES_EXTENSION),$(basename $(SRC)))
++
++# General dependency rule between .o and .d files
++DEPS = $(OBJS:.$(OBJ_FILES_EXTENSION)=.d)
++
++# General rule for creating .o (and .d) file from .c
++$(OBJ_DIR)/%.$(OBJ_FILES_EXTENSION): %.c
++	$(VERBOSE_MAKE)$(CROSS_COMPILE)$(CC) -c $(LIB_CFLAGS) -o $@ $<
++
++# Populate the directory structure to contain the .o and .d files, if necessary
++$(shell mkdir -p $(dir $(OBJS)) >/dev/null)
++$(shell mkdir -p $(BUILD_DIR) >/dev/null)
++
++# Make a note of the MAKEFILE_LIST at this stage of parsing the Makefile
++# It is important here to use the ':=' operator so it is evaluated only once,
++# and to do this before all the DEPS files are included as makefiles.
++MAKEFILES:=$(MAKEFILE_LIST)
++
++# Make object files depend on all makefiles used - this forces a rebuild if any
++# of the makefiles are changed
++$(OBJS) : $(MAKEFILES)
++
++# Dep files are makefiles that keep track of which header files are used by the
++# c source code. Include them to allow them to work correctly.
++-include $(DEPS)
diff --cc crypto/libecc/README.md
index 000000000000,000000000000..2972ab1708bb
new file mode 100644
--- /dev/null
+++ b/crypto/libecc/README.md
@@@ -1,0 -1,0 +1,1345 @@@
++[![compilation](https://github.com/libecc/libecc/actions/workflows/libecc_compilation_tests.yml/badge.svg?branch=master)](https://github.com/libecc/libecc/actions/workflows/libecc_compilation_tests.yml)
++[![runtime](https://github.com/libecc/libecc/actions/workflows/libecc_runtime_tests.yml/badge.svg?branch=master)](https://github.com/libecc/libecc/actions/workflows/libecc_runtime_tests.yml)
++[![crossarch](https://github.com/libecc/libecc/actions/workflows/libecc_crossarch_tests.yml/badge.svg?branch=master)](https://github.com/libecc/libecc/actions/workflows/libecc_crossarch_tests.yml)
++[![python](https://github.com/libecc/libecc/actions/workflows/libecc_python_tests.yml/badge.svg?branch=master)](https://github.com/libecc/libecc/actions/workflows/libecc_python_tests.yml)
++[![examples](https://github.com/libecc/libecc/actions/workflows/libecc_examples.yml/badge.svg?branch=master)](https://github.com/libecc/libecc/actions/workflows/libecc_examples.yml)
++
++
++# libecc project
++
++## Copyright and license
++Copyright (C) 2017-2023
++
++This software is licensed under a dual BSD and GPL v2 license.
++See [LICENSE](LICENSE) file at the root folder of the project.
++
++## Authors
++
++  * Ryad BENADJILA (<mailto:ryadbenadjila@gmail.com>)
++  * Arnaud EBALARD (<mailto:arnaud.ebalard@ssi.gouv.fr>)
++  * Jean-Pierre FLORI (<mailto:jpflori@gmail.com>)
++
++## Contributors
++  * Nicolas VIVET (<mailto:nicolas.vivet@ssi.gouv.fr>)
++  * Karim KHALFALLAH (<mailto:karim.khalfallah@ssi.gouv.fr>)
++  * Niels SAMWEL (<mailto:nsamwel@google.com>)
++
++## Description
++This software implements a library for elliptic curves based
++cryptography (ECC). The API supports signature algorithms specified
++in the [ISO 14888-3:2018](https://www.iso.org/standard/76382.html)
++standard and some other signature algorithms as well as ECDH primitives, with the following specific curves and hash functions:
++
++  * **Signatures**:
++    * Core ISO 14888-3:2018 algorithms: ECDSA, ECKCDSA, ECGDSA, ECRDSA, EC{,O}SDSA, ECFSDSA, SM2.
++    * EdDSA (25519 and 448 as specified in [RFC 8032](https://datatracker.ietf.org/doc/html/rfc8032)).
++    * BIGN (as standardized in [STB 34.101.45-2013](https://github.com/bcrypto/bign)). We allow a more lax usage of
++    BIGN than in the standard as we allow any curve and any hash function.
++    * BIP0340, also known as the "Schnorr" Bitcoin proposal, as specified in [bip-0340](https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki).
++    We allow a more lax usage of BIP0340 than the standard as we allow any curve and any hash function (the standard mandates SECP256K1 with SHA-256).
++
++  * **ECDH**:
++    * ECC-CDH (Elliptic Curve Cryptography Cofactor Diffie-Hellman) as described in [section 5.7.1.2 of the NIST SP 800-56A Rev. 3](https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final) standard.
++    * X25519 and X448 as specified in [RFC7748](https://datatracker.ietf.org/doc/html/rfc7748) (with some specificities, see the details below).
++  * **Curves**: SECP{192,224,256,384,521}R1, SECP{192,224,256}K1, BRAINPOOLP{192,224,256,320,384,512}{R1,T1},
++  FRP256V1, GOST{256,512}, GOSTR3410-2001-CryptoPro{A,B,C,XchA,XchB,Test}-ParamSet, GOSTR3410-2012-{256,512}-ParamSet{A,B,C}, GOSTR3410-2012-256-ParamSetD, GOSTR3410-2012-512-ParamSetTest, SM2P256V1, SM2P{192,256}Test, WEI{25519,448}, BIGN{256,384,512}V1. The library can be easily expanded with
++  user defined curves using a standalone helper script.
++  * **Hash functions**: SHA-2 and SHA-3 hash functions (224, 256, 384, 512), SM3, RIPEMD-160,
++GOST 34.11-2012 as described in [RFC 6986](https://datatracker.ietf.org/doc/html/rfc6986)
++(also known as [Streebog](https://tc26.ru/en/events/research-projects-competition/streebog-competition.html)),
++SHAKE256 in its restricted version with 114 bytes output (mainly for Ed448), BELT-HASH (as standardized in
++[STB 34.101.31-2011](https://github.com/bcrypto/belt)), and BASH-{224,256,384,512} (as standardized in
++[STB 34.101.77-2020](http://apmi.bsu.by/assets/files/std/bash-spec24.pdf)).
++**HMAC** based on any of these hash functions is also included.
++
++ECDSA comes in two variants: the classical non-deterministic one, and the **deterministic** ECDSA
++as described in [RFC 6979](https://datatracker.ietf.org/doc/html/rfc6979). The deterministic version
++generates nonces using a HMAC-DRBG process, and is suitable for situations where there is
++no RNG or where entropy sources are considered weak (please note that any leak on these nonces
++bits can lead to devastating attacks exploiting the [Hidden Number Problem](https://eprint.iacr.org/2020/615.pdf)).
++On the downside, the deterministic version of ECDSA is susceptible to [fault attacks](https://eprint.iacr.org/2017/1014.pdf).
++Hence, one will have to **carefully select** the suitable version to use depending on the usage and
++attack context (i.e. which of side-channel attacks or fault attacks are easier to perform).
++The same applies to BIGN that comes in two flavours as standardized in [STB 34.101.45-2013](https://github.com/bcrypto/bign):
++non-deterministic and deterministic (following an iterative generation process using the BELT hash function and its underlying block cipher).
++
++The library also supports EdDSA (Ed25519 and Ed448) as defined in [RFC 8032](https://datatracker.ietf.org/doc/html/rfc8032) with
++all their variants (with context, pre-hashed).
++Since the core of the library supports short Weierstrass curves, and as
++EdDSA uses instead Twisted Edwards curves with dedicated formulas, we use
++**isogenies** as described in the [lwig-curve-representations](https://datatracker.ietf.org/doc/html/draft-ietf-lwig-curve-representations)
++draft. Isogenies are transformations (homomorphisms that are almost isomorphisms) between
++curves models, allowing to implement operations on one model by operating with
++formulas on another model. Concretely, in our case we perform computations on
++the Weierstrass WEI25519 that is isogenic to Ed25519 (Twisted Edwards)
++and Curve25519 (Montgomery) curves. This, of course, induces overheads in computations
++while having the great benefit of keeping the library core mathematical foundations simple
++and keep the defense-in-depth (regarding software security and side-channels) focused on
++a rather limited part: see the discussions below on libecc efforts with regards to security.
++
++Please note that as for deterministic ECDSA and BIGN, EdDSA signatures are trivially susceptible to
++[fault attacks](https://eprint.iacr.org/2017/1014.pdf) without having a non-deterministic
++variant. Hence, when using EdDSA one will have to either ensure that the usage context naturally prevents
++such attacks, that the platform implements countermeasures (e.g. using secure MCUs, etc.) or that
++other means allow to detect/mitigate such attacks (e.g. on the compilation toolchain side).
++
++Please refer to [this CFRG thread](https://mailarchive.ietf.org/arch/browse/cfrg/?gbt=1&index=5l3XCLHLCVfOmnkcv4mo2-pEV94)
++for more insight on why deterministic versus non-deterministic EC signature schemes is still an open debate
++and how the usage context and **attack model** is **crucial** when choosing to use one or the other.
++
++
++**Batch verification** is implemented for the signature algorithms that support it - the signature schemes
++that preserve some "reversible" projective point coordinate information in the signature value.
++This is the case for some "Schnorr" based schemes, namely ECFSDSA ("full Schnorr" from ISO14888-3), EdDSA and BIP0340.
++Batch verification allows (thanks to the Bos-Coster algorithm) to bring speedups between 2 to 6.5 times
++the regular verification for batches of at least 10 signatures, which is not negligible depending on the usage.
++Beware that for the specific case of BIP0340, results might depend on the underlying prime of the curve, since
++the batch verification makes heavy use of square root residues and the Tonelli-Shanks algorithm complexity
++is sensitive to the prime "form" (e.g. is equal to 1 modulo 4, etc.). Finally, beware that the speedup of
++batch verification comes at an increased memory cost: the Bos-Coster algorithm requires a scratchpad memory space
++that increases linearly with the number of signatures to be checked.
++
++
++Regarding the specific case of ECRDSA (the Russian standard), libecc implements by default the
++[RFC 7091](https://datatracker.ietf.org/doc/html/rfc7091) and [draft-deremin-rfc4491-bis](https://datatracker.ietf.org/doc/html/draft-deremin-rfc4491-bis)
++versions to comply with the standard test vectors (provided in the form of X.509 certificates).
++This version of the algorithm **differs** from the ISO/IEC 14888-3 description and test vectors,
++the main difference coming from the way the hash of the message to be signed/verified is processed:
++in the RFCs, the little endian representation of the hash is taken as big number while in ISO/IEC the big endian
++representation is used. This seems (to be confirmed) to be a discrepancy of ISO/IEC 14888-3 algorithm description
++that must be fixed there. In order to allow users to still be able to reproduce the ISO/IEC behavior, we provide
++a compilation toggle that will force this mode `USE_ISO14888_3_ECRDSA=1`:
++
++<pre>
++	$ USE_ISO14888_3_ECRDSA=1 make
++</pre>
++
++**ECDH (Elliptic Curve Diffie-Hellman)** variants are also implemented in the
++library. Classical ECDH over Weierstrass curves is implemented in the form
++of ECC-CDH (Elliptic Curve Cryptography Cofactor Diffie-Hellman) as described
++in [section 5.7.1.2 of the NIST SP 800-56A Rev. 3](https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final) standard. Montgomery curves
++based algorithms (Curve25519 and Curve448) are included as specified in [RFC7748](https://datatracker.ietf.org/doc/html/rfc7748),
++although the implementation somehow diverges from the canonical ones as u coordinates on the curve
++quadratic twist are rejected (this is due to the underlying usage of isogenies to
++handle Montgomery curves). This divergence does not impact the ECDH use case though.
++
++
++Advanced usages of this library also include the possible implementation
++of elliptic curve based protocols as well as any algorithm
++on top of prime fields based elliptic curves (or prime fields, or rings
++of integers). Many examples are present in the [src/examples](src/examples)
++folder, notable ones being:
++  * Pollard-Rho, Miller-Rabin and square residues over finite fields.
++  * The RSA cryptosystem as defined in the PKCS#1 [RFC8017](https://datatracker.ietf.org/doc/html/rfc8017)
++standard. This implementation also comes with the integration of deprecated hash
++functions such as MD2, MD4, MD5, SHA-0, SHA-1, MDC-2, GOSTR34-11-94 and so on in order to be compliant with existing
++signatures (e.g. in X.509). These primitives are **not** included in the core
++library on purpose: they are **dangerous and broken** and must only be used for
++tests purposes.
++  * The DSA cryptosystem as defined in [FIPS 186-4](https://csrc.nist.gov/publications/detail/fips/186/4/final).
++  * The SDSA (Schnorr DSA) as defined in ISO14888-3
++  * The KCDSA (Korean DSA) as defined in ISO14888-3
++  * The GOSTR34-10-94 function as defined in [RFC4491](https://www.rfc-editor.org/rfc/rfc4491)
++  * The SSS (Shamir Secret Sharing) algorithm over a prime field of 256 bits.
++
++
++**NOTE**: for all the primitives (specifically relevant for signature primitives), a maximum
++allowed size for big numbers is **4096 bits** with word size **64 bits** (this will be less
++for word sizes 16 and 32 bits). This is due to an internal limitation of libecc
++on big numbers allocation documented [here](include/libecc/nn/nn_config.h). We can live with
++this limitation as the library is primarily intended to focus on ECC based algorithms.
++However, one should be aware that for example RSA with modulus > 4096 will fail (as well
++and DSA and other El-Gamal based algorithms): these primitives are only included as
++examples and should be used with care.
++
++**NOTE**: handling 4096 bits NN numbers must be explicitly configured at compilation
++time using the `-DUSER_NN_BIT_LEN=4096` toggle in the `CFLAGS` or `EXTRA_CFLAGS` as explained
++in [the dedicated section](https://github.com/ANSSI-FR/libecc#modifying-the-big-numbers-size).
++
++
++Compared to other cryptographic libraries providing such
++features, the differentiating points are:
++
++  * A focus on code readability and auditability. The code is pure C99,
++	with no dynamic allocation and includes pre/post-asserts in the code.
++	Hence, this library is a good candidate for embedded targets (it should be
++	easily portable accross various platforms).
++  * A clean layer separation for all needed mathematical abstractions and
++	operations. Strong typing (as "strong" as C99 allows, of course) of
++	mathematical objects has been used in each layer.
++  * The library has NOT been designed to break performance records, though
++	it does a decent job (see the [performance section discussion](#performance)). Similarly,
++	the library memory footprint (in terms of ROM and RAM usage) is not the
++	smallest achievable one (though some efforts have been made to limit it
++	and fit "common" platforms, see the [dedicated section](#constrained-devices)).
++  * libecc library core has **no external dependency** (not even the standard
++	libc library) to make it portable. See the
++	[section about portability](#compatibility-and-portability) for more information.
++
++## Building
++
++### Building the static libraries and the signature self tests
++
++The main [Makefile](Makefile) is in the root directory, and compiling is as simple as
++executing:
++
++<pre>
++	$ make
++</pre>
++
++By default, compilation is quiet. **Verbose compilation** (i.e. showing all the compilation
++executed commands) can be achieved using the `VERBOSE=1` toggle:
++
++<pre>
++	$ VERBOSE=1 make
++</pre>
++
++This will compile different elements in the [build](build/) directory:
++
++  * Three **archive** static libraries, each one containing (based on) the previous ones:
++	* **libarith.a**: this library contains the Natural Numbers (NN) and Finite field over primes
++        (Fp) arithmetic layers.
++	* **libec.a**: this library is based on libarith.a and contains the EC curves implementation
++	(points abstraction, point addition/doubling formulas and scalar multiplication).
++	* **libsign.a**: this library is based on libec.a and contains all our ISO 14888-3 signature
++	algorithms over some statically defined curves and hash functions.
++  * Two binaries based on the libsign.a static library:
++	* **ec\_self\_tests**: the self tests for signature/verification algorithm of ISO 14888-3
++	with known and random test vectors, as well as performance tests. Launching the self tests without
++	an argument will execute the three tests (known and fixed test vectors, random sign/verify
++	checks, and performance measurements). One can also launch each test separately.
++
++&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; For known test vectors:
++<pre>
++	$ ./build/ec_self_tests vectors
++	======= Known test vectors test ===================
++	[+] ECDSA-SHA224/secp224r1 selftests: known test vectors sig/verif ok
++	[+] ECDSA-SHA256/secp256r1 selftests: known test vectors sig/verif ok
++	[+] ECDSA-SHA512/secp256r1 selftests: known test vectors sig/verif ok
++	...
++</pre>
++
++&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; For sign/verify checks (with random key pairs and random data):
++
++<pre>
++	$ ./build/ec_self_tests rand
++	======= Random sig/verif test ===================
++	[+]  ECDSA-SHA224/FRP256V1 randtests: random import/export with sig(0)/verif(0) ok
++	[+] ECDSA-SHA224/SECP224R1 randtests: random import/export with sig(0)/verif(0) ok
++	...
++</pre>
++
++&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; For performance measurements:
++
++<pre>
++	$ ./build/ec_self_tests perf
++	======= Performance test =====================
++	[+]  ECDSA-SHA224/FRP256V1 perf: 462 sign/s and 243 verif/s
++	[+] ECDSA-SHA224/SECP224R1 perf: 533 sign/s and 276 verif/s
++	...
++</pre>
++
++**NOTE**: it is possible to parallelize self tests (known and random) using the
++[OpenMP](https://en.wikipedia.org/wiki/OpenMP) framework (usually packaged with
++most distros) by using the `OPENMP_SELF_TESTS=1` compilation toggle. This requires
++the `WITH_STDLIB` option (as it obviously uses the standard library). Performance
++tests are not parallelized due to possible shared ressources exhaustion between CPUs and cores
++(e.g. caches, Branch Prediction Units, etc.).
++
++- **ec\_utils**: a tool for signing and verifying user defined files, with a user
++provided signature algorithm/curve/hash function triplet. The tool can also be
++used to generate signature keys.
++
++&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Generate keys for ECKCDSA over the BRAINPOOLP512R1 curve, with
++the 'mykeypair' prefix:
++<pre>
++	$ ./build/ec_utils gen_keys BRAINPOOLP512R1 ECKCDSA mykeypair
++</pre>
++
++&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; This will create four files. Two
++binary '.bin' files corresponding to the private key (mykeypair\_private\_key.bin)
++and the public key (mykeypair\_public\_key.bin). Two header '.h' files are also
++created, corresponding to a C style header version of the keys so that these can
++be included and used in a C program using libecc. Note that both kind of keys
++(public and private) include leading metadata (type, algorithm, curve, etc) for
++possible sanity checks when they are used (e.g. to detect passing of an ECDSA
++private key to an ECKCDSA signature call, etc).
++
++&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Once the key pair has been created,
++one can sign a raw binary file named 'myfile' and store the signature in
++'sig.bin'. In the example below, we use SHA3\_512 as the hash function for
++the signature. BRAINPOOLP512R1 and ECKCDSA are explicitly given (matching the
++type of key we generated during previous step). Note that the call would yield
++an error if invalid parameters were given (thanks to the metadata elements
++described above).
++<pre>
++	$ ./build/ec_utils sign BRAINPOOLP512R1 ECKCDSA SHA3_512 myfile mykeypair_private_key.bin sig.bin
++</pre>
++&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; After this, a raw signature is created, mainly consisting of the ECKCDSA (r, s) big
++numbers concatenated (the length of this file should be 1024 bits = 2 x 512 bits). The signature can now be verified with
++the 'verify' command and the public key, the result being either **OK** or **failed**:
++<pre>
++	$ ./build/ec_utils verify BRAINPOOLP512R1 ECKCDSA SHA3_512 myfile mykeypair_public_key.bin sig.bin
++	  Signature check of myfile OK
++</pre>
++
++&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; The ec\_utils tool can also be used to produce/verify **structured binaries**
++containing a header, raw binary and their signature (see the 'struct\_sign' and 'struct\_verify' commands for a help on
++this mode). The rationale behind these commands is to ease the production/verification of self-contained signed images
++(which can be useful when dealing with embedded firmware updates for instance).
++
++### Building the user examples
++
++Since it is possible to use libecc as a NN (**positive** Natural Numbers), Fp (Finite field over primes) or EC curve layer library,
++we provide some examples in the [src/examples](src/examples) folder. Compiling these examples is as simple as:
++<pre>
++	$ cd src/examples
++	$ make
++</pre>
++
++* NN layer examples:
++  * [src/examples/basic/nn&lowbar;miller&lowbar;rabin.c](src/examples/basic/nn_miller_rabin.c): this example implements the
++    [Miller-Rabin](https://en.wikipedia.org/wiki/Miller%E2%80%93Rabin_primality_test) composition (or probabilistic primality) test as
++    described in the [Handbook of Applied Cryptography (4.29)](http://cacr.uwaterloo.ca/hac/about/chap4.pdf).
++  * [src/examples/basic/nn&lowbar;pollard&lowbar;rho.c](src/examples/nn_pollard_rho.c): this example is a straightforward
++    implementation of the [Pollard's Rho](https://en.wikipedia.org/wiki/Pollard%27s_rho_algorithm) integer factorization
++    algorithm as specified in the [Handbook of Applied Cryptography (3.9)](http://cacr.uwaterloo.ca/hac/about/chap3.pdf).
++
++* Fp layer examples:
++  * [src/examples/basic/fp&lowbar;square&lowbar;residue.c](src/examples/basic/fp_square_residue.c): this is an implementation of
++  the [Tonelli-Shanks](https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm) algorithm for finding quadratic residues
++  over a prime field Fp. Given a prime field element x, the algorithm finds y so that y<sup>2</sup> = x (or informs that there
++  is no solution if this is the case).
++
++* Curves layer examples:
++  * [src/examples/basic/curve&lowbar;basic&lowbar;examples.c](src/examples/basic/curve_basic_examples.c): this example shows basic
++  features of libec for playing with elliptic curves group arithmetic, namely loading defined named curves, generating random points on
++  these curves, checking point addition and doubling formulas as well as scalar multiplication (both Montgomery and non Montgomery based).
++  
++  * [src/examples/basic/curve&lowbar;ecdh.c](src/examples/basic/curve_ecdh.c): the purpose of this code is to provide a toy example of
++  how to implement an [Elliptic Curve Diffie-Hellman](https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman) protocol between two
++  entities 'Alice' and 'Bob' in order to produce a shared secret over a public channel.
++
++**WARNING**: these examples are **toy implementations** not to be used in a production environment (for instance, the code
++has neither been designed to be efficient nor robust against side channel attacks). Their purpose is only to show basic usage of the
++libarith and libec libraries.
++
++The **public headers** containing the functions to be used by higher level code are [include/libecc/libarith.h](include/libecc/libarith.h),
++[include/libecc/libec.h](include/libecc/libec.h) and [include/libecc/libsig.h](include/libecc/libsig.h): they are respectively used for the NN and Fp arithmetic layers,
++the Elliptic Curves layer, and the signature layer.
++
++More advanced examples are present in the examples folder:
++
++* Obsolete hash algorithms as an expansion to libecc core algorithms, in [src/examples/hash](src/examples/hash) (MD2, MD4, MD5, MDC2, SHA-0,
++SHA-1, and TDES for supporting MDC2). Please **be careful** when using them, it is advised to use them as toy primitives in **non-production code**
++(e.g. for checking old protocols and cipher suites).
++
++* Pre-ECC Signature schemes (based on Fp finite fields discrete logarithm) in [src/examples/sig](src/examples/sig) (RSA, DSA, SDSA, KCDSA,
++GOSTR34-10-94). Beware that for these signatures, you will have to expand the NN size to bigger values than the default (e.g. supporting RSA 4096
++will need a size of at least 4096 bits for NN, see how to expand the size in the documentation [here](include/libecc/nn/nn_config.h)). Although some
++efforts have been made when developing these signature algorithms, using them in production code should be decided with care (e.g. regarding
++side-channel attack and so on).
++
++* SSS (Shamir Secret Sharing) in [src/examples/sss](src/examples/sss).
++
++
++### Building the NN and Fp arithmetic tests
++
++libecc is provided with arithmetic random tests for the low level NN and Fp routines (addition, subtraction, logical
++operations, multiplication and Montgomery multiplication, ...).
++
++These tests are located inside the [src/arithmetic&lowbar;tests/](src/arithmetic_tests/) folder. More specifically, the tests
++are split in two files:
++
++* [src/arithmetic&lowbar;tests/arithmetic&lowbar;tests.c](src/arithmetic_tests/arithmetic_tests.c): a '.c' file to be compiled and linked with libecc
++static library and performing a set of tests given on the standard input or in a file. The tests have a specific ASCII
++format with expected input/output as big numbers, and crafted **opcodes** defining the operation type (addition over
++NN, over Fp, ...).
++* [src/arithmetic&lowbar;tests/arithmetic&lowbar;tests&lowbar;generator.py](src/arithmetic_tests/arithmetic_tests_generator.py): a python
++script that generates a set of arithmetic tests.
++
++### Building with the meson build system
++
++In parallel to the `Makefile` build system, a migration to the newer and more user friendly `meson` build is a
++**work in progress**. Compiling with `meson` can be simply achieved with:
++
++<pre>
++	$ meson setup builddir && cd builddir && meson dist
++</pre>
++
++Please note that you will need `meson`, `ninja` and `dunamai` (that can be installed from the Python `pip` installer).
++
++Most of libecc compilation options have been migrated, please check the output of the `meson configure` command to get
++a complete list of these (in the 'Project options' category). For instance, compiling libecc with a word size of 32 and
++a debug mode can be triggered with:
++
++<pre>
++	$ meson setup -Dwith_wordsize=32 -Dwith_debug=true builddir && cd builddir && meson dist
++</pre>
++
++## Configuring the libecc library
++
*** 2624 LINES SKIPPED ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202501012111.501LBaOZ079926>