git: f0865ec9906d - main - Add 'crypto/libecc/' from commit '736d663976d1768533badbf06581481d01fade4c'
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 01 Jan 2025 21:11:36 UTC
The branch main has been updated by kevans:
URL: https://cgit.FreeBSD.org/src/commit/?id=f0865ec9906d5a18fa2a3b61381f22ce16e606ad
commit f0865ec9906d5a18fa2a3b61381f22ce16e606ad
Merge: f59bb61e1eb4 736d663976d1
Author: Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2025-01-01 21:11:18 +0000
Commit: Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2025-01-01 21:11:18 +0000
Add 'crypto/libecc/' from commit '736d663976d1768533badbf06581481d01fade4c'
git-subtree-dir: crypto/libecc
git-subtree-mainline: f59bb61e1eb4d1e4fc3c60cc14779d0668267cb2
git-subtree-split: 736d663976d1768533badbf06581481d01fade4c
crypto/libecc/.github/workflows/libecc_cifuzz.yml | 26 +
.../.github/workflows/libecc_compilation_tests.yml | 57 +
.../.github/workflows/libecc_crossarch_tests.yml | 55 +
.../libecc/.github/workflows/libecc_examples.yml | 39 +
.../.github/workflows/libecc_meson_build.yml | 37 +
.../.github/workflows/libecc_python_tests.yml | 43 +
.../.github/workflows/libecc_runtime_tests.yml | 39 +
crypto/libecc/.gitignore | 4 +
crypto/libecc/.travis.yml | 287 +
crypto/libecc/LICENSE | 50 +
crypto/libecc/Makefile | 175 +
crypto/libecc/README.md | 1345 +
crypto/libecc/build/.gitignore | 3 +
crypto/libecc/common.mk | 349 +
crypto/libecc/include/libecc/curves/aff_pt.h | 136 +
crypto/libecc/include/libecc/curves/curves.h | 31 +
crypto/libecc/include/libecc/curves/curves_list.h | 248 +
crypto/libecc/include/libecc/curves/ec_edwards.h | 39 +
.../libecc/include/libecc/curves/ec_montgomery.h | 34 +
crypto/libecc/include/libecc/curves/ec_params.h | 91 +
crypto/libecc/include/libecc/curves/ec_shortw.h | 45 +
.../libecc/curves/known/ec_params_bign256v1.h | 315 +
.../libecc/curves/known/ec_params_bign384v1.h | 337 +
.../libecc/curves/known/ec_params_bign512v1.h | 359 +
.../curves/known/ec_params_brainpoolp192r1.h | 334 +
.../curves/known/ec_params_brainpoolp192t1.h | 316 +
.../curves/known/ec_params_brainpoolp224r1.h | 295 +
.../curves/known/ec_params_brainpoolp224t1.h | 333 +
.../curves/known/ec_params_brainpoolp256r1.h | 227 +
.../curves/known/ec_params_brainpoolp256t1.h | 333 +
.../curves/known/ec_params_brainpoolp320r1.h | 350 +
.../curves/known/ec_params_brainpoolp320t1.h | 350 +
.../curves/known/ec_params_brainpoolp384r1.h | 265 +
.../curves/known/ec_params_brainpoolp384t1.h | 367 +
.../curves/known/ec_params_brainpoolp512r1.h | 276 +
.../curves/known/ec_params_brainpoolp512t1.h | 401 +
.../libecc/curves/known/ec_params_external.h | 104 +
.../libecc/curves/known/ec_params_frp256v1.h | 233 +
.../libecc/curves/known/ec_params_gost256.h | 233 +
.../libecc/curves/known/ec_params_gost512.h | 286 +
...c_params_gost_R3410_2001_CryptoPro_A_ParamSet.h | 315 +
...c_params_gost_R3410_2001_CryptoPro_B_ParamSet.h | 324 +
...c_params_gost_R3410_2001_CryptoPro_C_ParamSet.h | 333 +
...arams_gost_R3410_2001_CryptoPro_XchA_ParamSet.h | 315 +
...arams_gost_R3410_2001_CryptoPro_XchB_ParamSet.h | 333 +
.../known/ec_params_gost_R3410_2001_TestParamSet.h | 324 +
.../ec_params_gost_R3410_2012_256_paramSetA.h | 316 +
.../ec_params_gost_R3410_2012_256_paramSetB.h | 315 +
.../ec_params_gost_R3410_2012_256_paramSetC.h | 324 +
.../ec_params_gost_R3410_2012_256_paramSetD.h | 333 +
.../ec_params_gost_R3410_2012_512_paramSetA.h | 359 +
.../ec_params_gost_R3410_2012_512_paramSetB.h | 380 +
.../ec_params_gost_R3410_2012_512_paramSetC.h | 359 +
.../ec_params_gost_R3410_2012_512_paramSetTest.h | 401 +
.../libecc/curves/known/ec_params_secp192k1.h | 307 +
.../libecc/curves/known/ec_params_secp192r1.h | 312 +
.../libecc/curves/known/ec_params_secp224k1.h | 320 +
.../libecc/curves/known/ec_params_secp224r1.h | 279 +
.../libecc/curves/known/ec_params_secp256k1.h | 318 +
.../libecc/curves/known/ec_params_secp256r1.h | 227 +
.../libecc/curves/known/ec_params_secp384r1.h | 250 +
.../libecc/curves/known/ec_params_secp521r1.h | 327 +
.../libecc/curves/known/ec_params_sm2p192test.h | 326 +
.../libecc/curves/known/ec_params_sm2p256test.h | 349 +
.../libecc/curves/known/ec_params_sm2p256v1.h | 350 +
.../libecc/curves/known/ec_params_wei25519.h | 334 +
.../include/libecc/curves/known/ec_params_wei448.h | 391 +
crypto/libecc/include/libecc/curves/prj_pt.h | 88 +
crypto/libecc/include/libecc/ecdh/ecccdh.h | 63 +
crypto/libecc/include/libecc/ecdh/ecdh.h | 21 +
crypto/libecc/include/libecc/ecdh/x25519_448.h | 62 +
crypto/libecc/include/libecc/external_deps/print.h | 34 +
crypto/libecc/include/libecc/external_deps/rand.h | 22 +
crypto/libecc/include/libecc/external_deps/time.h | 23 +
crypto/libecc/include/libecc/fp/fp.h | 98 +
crypto/libecc/include/libecc/fp/fp_add.h | 26 +
crypto/libecc/include/libecc/fp/fp_config.h | 25 +
crypto/libecc/include/libecc/fp/fp_montgomery.h | 30 +
crypto/libecc/include/libecc/fp/fp_mul.h | 26 +
crypto/libecc/include/libecc/fp/fp_mul_redc1.h | 25 +
crypto/libecc/include/libecc/fp/fp_pow.h | 22 +
crypto/libecc/include/libecc/fp/fp_rand.h | 22 +
crypto/libecc/include/libecc/fp/fp_sqrt.h | 25 +
crypto/libecc/include/libecc/hash/bash.h | 162 +
crypto/libecc/include/libecc/hash/bash224.h | 64 +
crypto/libecc/include/libecc/hash/bash256.h | 64 +
crypto/libecc/include/libecc/hash/bash384.h | 64 +
crypto/libecc/include/libecc/hash/bash512.h | 64 +
crypto/libecc/include/libecc/hash/belt-hash.h | 164 +
crypto/libecc/include/libecc/hash/hash_algs.h | 554 +
crypto/libecc/include/libecc/hash/hmac.h | 38 +
crypto/libecc/include/libecc/hash/keccak.h | 112 +
crypto/libecc/include/libecc/hash/ripemd160.h | 73 +
crypto/libecc/include/libecc/hash/sha2.h | 219 +
crypto/libecc/include/libecc/hash/sha224.h | 79 +
crypto/libecc/include/libecc/hash/sha256.h | 79 +
crypto/libecc/include/libecc/hash/sha3-224.h | 69 +
crypto/libecc/include/libecc/hash/sha3-256.h | 69 +
crypto/libecc/include/libecc/hash/sha3-384.h | 69 +
crypto/libecc/include/libecc/hash/sha3-512.h | 69 +
crypto/libecc/include/libecc/hash/sha3.h | 46 +
crypto/libecc/include/libecc/hash/sha384.h | 79 +
crypto/libecc/include/libecc/hash/sha512-224.h | 71 +
crypto/libecc/include/libecc/hash/sha512-256.h | 71 +
crypto/libecc/include/libecc/hash/sha512.h | 71 +
crypto/libecc/include/libecc/hash/sha512_core.h | 46 +
crypto/libecc/include/libecc/hash/shake.h | 41 +
crypto/libecc/include/libecc/hash/shake256.h | 68 +
crypto/libecc/include/libecc/hash/sm3.h | 73 +
crypto/libecc/include/libecc/hash/streebog.h | 1301 +
crypto/libecc/include/libecc/hash/streebog256.h | 65 +
crypto/libecc/include/libecc/hash/streebog512.h | 65 +
crypto/libecc/include/libecc/lib_ecc_config.h | 134 +
crypto/libecc/include/libecc/lib_ecc_types.h | 288 +
crypto/libecc/include/libecc/libarith.h | 41 +
crypto/libecc/include/libecc/libec.h | 30 +
crypto/libecc/include/libecc/libsig.h | 37 +
crypto/libecc/include/libecc/meson.build | 156 +
crypto/libecc/include/libecc/nn/nn.h | 96 +
crypto/libecc/include/libecc/nn/nn_add.h | 32 +
crypto/libecc/include/libecc/nn/nn_config.h | 220 +
crypto/libecc/include/libecc/nn/nn_div.h | 43 +
crypto/libecc/include/libecc/nn/nn_div_public.h | 30 +
crypto/libecc/include/libecc/nn/nn_logical.h | 34 +
crypto/libecc/include/libecc/nn/nn_mod_pow.h | 23 +
crypto/libecc/include/libecc/nn/nn_modinv.h | 26 +
crypto/libecc/include/libecc/nn/nn_mul.h | 29 +
crypto/libecc/include/libecc/nn/nn_mul_public.h | 24 +
crypto/libecc/include/libecc/nn/nn_mul_redc1.h | 26 +
crypto/libecc/include/libecc/nn/nn_rand.h | 24 +
crypto/libecc/include/libecc/sig/bign.h | 40 +
crypto/libecc/include/libecc/sig/bign_common.h | 101 +
crypto/libecc/include/libecc/sig/bip0340.h | 73 +
crypto/libecc/include/libecc/sig/dbign.h | 40 +
crypto/libecc/include/libecc/sig/decdsa.h | 48 +
crypto/libecc/include/libecc/sig/ec_key.h | 224 +
crypto/libecc/include/libecc/sig/ecdsa.h | 48 +
crypto/libecc/include/libecc/sig/ecdsa_common.h | 88 +
crypto/libecc/include/libecc/sig/ecfsdsa.h | 94 +
crypto/libecc/include/libecc/sig/ecgdsa.h | 85 +
crypto/libecc/include/libecc/sig/eckcdsa.h | 84 +
crypto/libecc/include/libecc/sig/ecosdsa.h | 69 +
crypto/libecc/include/libecc/sig/ecrdsa.h | 85 +
crypto/libecc/include/libecc/sig/ecsdsa.h | 81 +
crypto/libecc/include/libecc/sig/ecsdsa_common.h | 51 +
crypto/libecc/include/libecc/sig/eddsa.h | 134 +
crypto/libecc/include/libecc/sig/fuzzing_ecdsa.h | 28 +
crypto/libecc/include/libecc/sig/fuzzing_ecgdsa.h | 28 +
crypto/libecc/include/libecc/sig/fuzzing_ecrdsa.h | 28 +
crypto/libecc/include/libecc/sig/sig_algs.h | 113 +
.../libecc/include/libecc/sig/sig_algs_internal.h | 650 +
crypto/libecc/include/libecc/sig/sm2.h | 83 +
crypto/libecc/include/libecc/utils/dbg_sig.h | 61 +
crypto/libecc/include/libecc/utils/print_buf.h | 18 +
crypto/libecc/include/libecc/utils/print_curves.h | 28 +
crypto/libecc/include/libecc/utils/print_fp.h | 28 +
crypto/libecc/include/libecc/utils/print_keys.h | 26 +
crypto/libecc/include/libecc/utils/print_nn.h | 24 +
crypto/libecc/include/libecc/utils/utils.h | 196 +
crypto/libecc/include/libecc/utils/utils_rand.h | 22 +
crypto/libecc/include/libecc/words/types.h | 163 +
crypto/libecc/include/libecc/words/words.h | 129 +
crypto/libecc/include/libecc/words/words_16.h | 73 +
crypto/libecc/include/libecc/words/words_32.h | 73 +
crypto/libecc/include/libecc/words/words_64.h | 74 +
crypto/libecc/meson.build | 282 +
crypto/libecc/meson.options | 127 +
crypto/libecc/scripts/crossbuild.sh | 315 +
crypto/libecc/scripts/crossrun.sh | 124 +
crypto/libecc/scripts/expand_libecc.py | 1956 +
crypto/libecc/scripts/gen_curves_tests.sh | 89 +
crypto/libecc/scripts/gen_openssl_curves_tests.sh | 52 +
crypto/libecc/scripts/sha3.py | 115 +
crypto/libecc/scripts/test_ec_utils.sh | 82 +
crypto/libecc/src/arithmetic_tests/Makefile | 26 +
.../libecc/src/arithmetic_tests/arithmetic_tests.c | 1233 +
.../arithmetic_tests/arithmetic_tests_generator.py | 2009 +
crypto/libecc/src/curves/aff_pt.c | 346 +
crypto/libecc/src/curves/aff_pt_edwards.c | 855 +
crypto/libecc/src/curves/aff_pt_montgomery.c | 579 +
crypto/libecc/src/curves/curves.c | 256 +
crypto/libecc/src/curves/ec_edwards.c | 79 +
crypto/libecc/src/curves/ec_montgomery.c | 85 +
crypto/libecc/src/curves/ec_params.c | 194 +
crypto/libecc/src/curves/ec_shortw.c | 107 +
crypto/libecc/src/curves/meson.build | 11 +
crypto/libecc/src/curves/prj_pt.c | 2113 +
crypto/libecc/src/ecdh/ecccdh.c | 242 +
crypto/libecc/src/ecdh/meson.build | 4 +
crypto/libecc/src/ecdh/x25519_448.c | 435 +
crypto/libecc/src/examples/Makefile | 50 +
crypto/libecc/src/examples/basic/Makefile | 43 +
.../src/examples/basic/curve_basic_examples.c | 401 +
crypto/libecc/src/examples/basic/curve_ecdh.c | 284 +
.../libecc/src/examples/basic/fp_square_residue.c | 131 +
crypto/libecc/src/examples/basic/nn_miller_rabin.c | 223 +
crypto/libecc/src/examples/basic/nn_pollard_rho.c | 259 +
crypto/libecc/src/examples/hash/Makefile | 37 +
crypto/libecc/src/examples/hash/gostr34_11_94.c | 631 +
crypto/libecc/src/examples/hash/gostr34_11_94.h | 193 +
crypto/libecc/src/examples/hash/hash.c | 510 +
crypto/libecc/src/examples/hash/hash.h | 106 +
crypto/libecc/src/examples/hash/md2.c | 228 +
crypto/libecc/src/examples/hash/md2.h | 63 +
crypto/libecc/src/examples/hash/md4.c | 264 +
crypto/libecc/src/examples/hash/md4.h | 136 +
crypto/libecc/src/examples/hash/md5.c | 265 +
crypto/libecc/src/examples/hash/md5.h | 137 +
crypto/libecc/src/examples/hash/mdc2.c | 305 +
crypto/libecc/src/examples/hash/mdc2.h | 102 +
crypto/libecc/src/examples/hash/sha0.c | 264 +
crypto/libecc/src/examples/hash/sha0.h | 135 +
crypto/libecc/src/examples/hash/sha1.c | 264 +
crypto/libecc/src/examples/hash/sha1.h | 135 +
crypto/libecc/src/examples/hash/tdes.c | 492 +
crypto/libecc/src/examples/hash/tdes.h | 77 +
crypto/libecc/src/examples/sig/Makefile | 52 +
crypto/libecc/src/examples/sig/common/common.h | 248 +
crypto/libecc/src/examples/sig/dsa/Makefile | 34 +
crypto/libecc/src/examples/sig/dsa/dsa.c | 555 +
crypto/libecc/src/examples/sig/dsa/dsa.h | 75 +
.../libecc/src/examples/sig/gostr34_10_94/Makefile | 34 +
.../src/examples/sig/gostr34_10_94/gostr34_10_94.c | 521 +
.../src/examples/sig/gostr34_10_94/gostr34_10_94.h | 72 +
crypto/libecc/src/examples/sig/kcdsa/Makefile | 37 +
crypto/libecc/src/examples/sig/kcdsa/kcdsa.c | 759 +
crypto/libecc/src/examples/sig/kcdsa/kcdsa.h | 72 +
crypto/libecc/src/examples/sig/rsa/Makefile | 36 +
crypto/libecc/src/examples/sig/rsa/rsa.c | 2057 +
crypto/libecc/src/examples/sig/rsa/rsa.h | 187 +
.../libecc/src/examples/sig/rsa/rsa_pkcs1_tests.h | 111724 +++
crypto/libecc/src/examples/sig/rsa/rsa_tests.h | 215 +
crypto/libecc/src/examples/sig/sdsa/Makefile | 34 +
crypto/libecc/src/examples/sig/sdsa/sdsa.c | 467 +
crypto/libecc/src/examples/sig/sdsa/sdsa.h | 72 +
crypto/libecc/src/examples/sss/Makefile | 44 +
crypto/libecc/src/examples/sss/sss.c | 772 +
crypto/libecc/src/examples/sss/sss.h | 98 +
crypto/libecc/src/examples/sss/sss_private.h | 30 +
crypto/libecc/src/external_deps/meson.build | 5 +
crypto/libecc/src/external_deps/print.c | 31 +
crypto/libecc/src/external_deps/rand.c | 121 +
crypto/libecc/src/external_deps/time.c | 72 +
crypto/libecc/src/fp/fp.c | 470 +
crypto/libecc/src/fp/fp_add.c | 140 +
crypto/libecc/src/fp/fp_montgomery.c | 91 +
crypto/libecc/src/fp/fp_mul.c | 138 +
crypto/libecc/src/fp/fp_mul_redc1.c | 112 +
crypto/libecc/src/fp/fp_pow.c | 79 +
crypto/libecc/src/fp/fp_rand.c | 34 +
crypto/libecc/src/fp/fp_sqrt.c | 281 +
crypto/libecc/src/fp/meson.build | 10 +
crypto/libecc/src/hash/bash.c | 138 +
crypto/libecc/src/hash/bash224.c | 110 +
crypto/libecc/src/hash/bash256.c | 110 +
crypto/libecc/src/hash/bash384.c | 114 +
crypto/libecc/src/hash/bash512.c | 110 +
crypto/libecc/src/hash/belt-hash.c | 471 +
crypto/libecc/src/hash/hash_algs.c | 429 +
crypto/libecc/src/hash/hmac.c | 185 +
crypto/libecc/src/hash/meson.build | 27 +
crypto/libecc/src/hash/ripemd160.c | 348 +
crypto/libecc/src/hash/sha224.c | 250 +
crypto/libecc/src/hash/sha256.c | 241 +
crypto/libecc/src/hash/sha3-224.c | 115 +
crypto/libecc/src/hash/sha3-256.c | 115 +
crypto/libecc/src/hash/sha3-384.c | 119 +
crypto/libecc/src/hash/sha3-512.c | 115 +
crypto/libecc/src/hash/sha3.c | 116 +
crypto/libecc/src/hash/sha384.c | 255 +
crypto/libecc/src/hash/sha512-224.c | 124 +
crypto/libecc/src/hash/sha512-256.c | 124 +
crypto/libecc/src/hash/sha512.c | 125 +
crypto/libecc/src/hash/sha512_core.c | 189 +
crypto/libecc/src/hash/shake.c | 103 +
crypto/libecc/src/hash/shake256.c | 96 +
crypto/libecc/src/hash/sm3.c | 360 +
crypto/libecc/src/hash/streebog.c | 344 +
crypto/libecc/src/nn/meson.build | 11 +
crypto/libecc/src/nn/nn.c | 608 +
crypto/libecc/src/nn/nn_add.c | 613 +
crypto/libecc/src/nn/nn_div.c | 1271 +
crypto/libecc/src/nn/nn_div.h | 43 +
crypto/libecc/src/nn/nn_logical.c | 577 +
crypto/libecc/src/nn/nn_mod_pow.c | 334 +
crypto/libecc/src/nn/nn_modinv.c | 587 +
crypto/libecc/src/nn/nn_mul.c | 197 +
crypto/libecc/src/nn/nn_mul.h | 29 +
crypto/libecc/src/nn/nn_mul_redc1.c | 342 +
crypto/libecc/src/nn/nn_rand.c | 133 +
crypto/libecc/src/sig/bign.c | 79 +
crypto/libecc/src/sig/bign_common.c | 1001 +
crypto/libecc/src/sig/bip0340.c | 1325 +
crypto/libecc/src/sig/dbign.c | 115 +
crypto/libecc/src/sig/decdsa.c | 121 +
crypto/libecc/src/sig/ec_key.c | 620 +
crypto/libecc/src/sig/ecdsa.c | 85 +
crypto/libecc/src/sig/ecdsa_common.c | 1039 +
crypto/libecc/src/sig/ecfsdsa.c | 1087 +
crypto/libecc/src/sig/ecgdsa.c | 621 +
crypto/libecc/src/sig/eckcdsa.c | 841 +
crypto/libecc/src/sig/ecosdsa.c | 99 +
crypto/libecc/src/sig/ecrdsa.c | 623 +
crypto/libecc/src/sig/ecsdsa.c | 97 +
crypto/libecc/src/sig/ecsdsa_common.c | 632 +
crypto/libecc/src/sig/eddsa.c | 2935 +
crypto/libecc/src/sig/fuzzing_ecdsa.c | 434 +
crypto/libecc/src/sig/fuzzing_ecgdsa.c | 391 +
crypto/libecc/src/sig/fuzzing_ecrdsa.c | 425 +
crypto/libecc/src/sig/meson.build | 26 +
crypto/libecc/src/sig/sig_algs.c | 1112 +
crypto/libecc/src/sig/sm2.c | 724 +
crypto/libecc/src/tests/bign_test_vectors.h | 448 +
crypto/libecc/src/tests/bip0340_test_vectors.h | 204 +
crypto/libecc/src/tests/dbign_test_vectors.h | 232 +
crypto/libecc/src/tests/decdsa_test_vectors.h | 1362 +
crypto/libecc/src/tests/ec_self_tests.c | 302 +
crypto/libecc/src/tests/ec_self_tests.h | 21 +
crypto/libecc/src/tests/ec_self_tests_core.c | 1975 +
crypto/libecc/src/tests/ec_self_tests_core.h | 5757 +
crypto/libecc/src/tests/ec_utils.c | 1878 +
crypto/libecc/src/tests/ecccdh_test_vectors.h | 3750 +
crypto/libecc/src/tests/ed25519_test_vectors.h | 24610 +
crypto/libecc/src/tests/ed25519ctx_test_vectors.h | 138 +
crypto/libecc/src/tests/ed25519ph_test_vectors.h | 45 +
crypto/libecc/src/tests/ed448_test_vectors.h | 317 +
crypto/libecc/src/tests/ed448ph_test_vectors.h | 74 +
crypto/libecc/src/tests/meson.build | 55 +
crypto/libecc/src/tests/x25519_test_vectors.h | 142 +
crypto/libecc/src/tests/x448_test_vectors.h | 75 +
crypto/libecc/src/utils/meson.build | 15 +
crypto/libecc/src/utils/print_buf.c | 31 +
crypto/libecc/src/utils/print_curves.c | 76 +
crypto/libecc/src/utils/print_fp.c | 65 +
crypto/libecc/src/utils/print_keys.c | 42 +
crypto/libecc/src/utils/print_nn.c | 37 +
crypto/libecc/src/utils/utils.c | 233 +
crypto/libecc/src/utils/utils_rand.c | 51 +
crypto/libecc/src/utils/utils_rand.h | 22 +
crypto/libecc/src/wycheproof_tests/Makefile | 17 +
.../src/wycheproof_tests/libecc_wycheproof.c | 838 +
.../src/wycheproof_tests/libecc_wycheproof.h | 151 +
.../src/wycheproof_tests/libecc_wycheproof_tests.h | 728074 ++++++++++++++++++
crypto/libecc/support/meson/armv7em-noneabi.ini | 17 +
344 files changed, 959066 insertions(+)
diff --cc crypto/libecc/.github/workflows/libecc_cifuzz.yml
index 000000000000,d315da238fc6..d315da238fc6
mode 000000,100644..100644
--- a/crypto/libecc/.github/workflows/libecc_cifuzz.yml
+++ b/crypto/libecc/.github/workflows/libecc_cifuzz.yml
diff --cc crypto/libecc/.github/workflows/libecc_compilation_tests.yml
index 000000000000,76aae957f362..76aae957f362
mode 000000,100644..100644
--- a/crypto/libecc/.github/workflows/libecc_compilation_tests.yml
+++ b/crypto/libecc/.github/workflows/libecc_compilation_tests.yml
diff --cc crypto/libecc/.github/workflows/libecc_crossarch_tests.yml
index 000000000000,93dbca1b5719..93dbca1b5719
mode 000000,100644..100644
--- a/crypto/libecc/.github/workflows/libecc_crossarch_tests.yml
+++ b/crypto/libecc/.github/workflows/libecc_crossarch_tests.yml
diff --cc crypto/libecc/.github/workflows/libecc_examples.yml
index 000000000000,f50e6da9ee60..f50e6da9ee60
mode 000000,100644..100644
--- a/crypto/libecc/.github/workflows/libecc_examples.yml
+++ b/crypto/libecc/.github/workflows/libecc_examples.yml
diff --cc crypto/libecc/.github/workflows/libecc_meson_build.yml
index 000000000000,e942ae9c2470..e942ae9c2470
mode 000000,100644..100644
--- a/crypto/libecc/.github/workflows/libecc_meson_build.yml
+++ b/crypto/libecc/.github/workflows/libecc_meson_build.yml
diff --cc crypto/libecc/.github/workflows/libecc_python_tests.yml
index 000000000000,895760f7369e..895760f7369e
mode 000000,100644..100644
--- a/crypto/libecc/.github/workflows/libecc_python_tests.yml
+++ b/crypto/libecc/.github/workflows/libecc_python_tests.yml
diff --cc crypto/libecc/.github/workflows/libecc_runtime_tests.yml
index 000000000000,2432511a1be0..2432511a1be0
mode 000000,100644..100644
--- a/crypto/libecc/.github/workflows/libecc_runtime_tests.yml
+++ b/crypto/libecc/.github/workflows/libecc_runtime_tests.yml
diff --cc crypto/libecc/.gitignore
index 000000000000,000000000000..da8ab177478b
new file mode 100644
--- /dev/null
+++ b/crypto/libecc/.gitignore
@@@ -1,0 -1,0 +1,4 @@@
++*.o
++*.d
++*~
++*.su
diff --cc crypto/libecc/.travis.yml
index 000000000000,45f70324466f..45f70324466f
mode 000000,100644..100644
--- a/crypto/libecc/.travis.yml
+++ b/crypto/libecc/.travis.yml
diff --cc crypto/libecc/LICENSE
index 000000000000,20d677be5596..20d677be5596
mode 000000,100644..100644
--- a/crypto/libecc/LICENSE
+++ b/crypto/libecc/LICENSE
diff --cc crypto/libecc/Makefile
index 000000000000,000000000000..ead3dc3ce3cc
new file mode 100644
--- /dev/null
+++ b/crypto/libecc/Makefile
@@@ -1,0 -1,0 +1,175 @@@
++.SUFFIXES:
++
++# Where to put generated objects
++BUILD_DIR ?= build
++# Default to the previous behaviour and keep generated .o & .d files next to the source code
++OBJ_DIR ?=.
++include common.mk
++
++
++# Static libraries to build
++LIBS = $(LIBARITH) $(LIBEC) $(LIBSIGN)
++
++# Compile dynamic libraries if the user asked to
++ifeq ($(WITH_DYNAMIC_LIBS),1)
++LIBS += $(LIBARITH_DYN) $(LIBEC_DYN) $(LIBSIGN_DYN)
++endif
++
++# Executables to build
++TESTS_EXEC = $(BUILD_DIR)/ec_self_tests $(BUILD_DIR)/ec_utils
++# We also compile executables with dynamic linking if asked to
++ifeq ($(WITH_DYNAMIC_LIBS),1)
++TESTS_EXEC += $(BUILD_DIR)/ec_self_tests_dyn $(BUILD_DIR)/ec_utils_dyn
++endif
++
++EXEC_TO_CLEAN = $(BUILD_DIR)/ec_self_tests $(BUILD_DIR)/ec_utils $(BUILD_DIR)/ec_self_tests_dyn $(BUILD_DIR)/ec_utils_dyn
++
++# all and clean, as you might expect
++all: $(LIBS) $(TESTS_EXEC)
++
++# Default object files extension
++OBJ_FILES_EXTENSION ?= o
++
++clean:
++ @rm -f $(LIBS) $(EXEC_TO_CLEAN)
++ @find $(OBJ_DIR)/ -name '*.$(OBJ_FILES_EXTENSION)' -exec rm -f '{}' \;
++ @find $(OBJ_DIR)/ -name '*.d' -exec rm -f '{}' \;
++ @find $(BUILD_DIR)/ -name '*.a' -exec rm -f '{}' \;
++ @find $(BUILD_DIR)/ -name '*.so' -exec rm -f '{}' \;
++ @find . -name '*~' -exec rm -f '{}' \;
++
++
++
++# --- Source Code ---
++
++# external dependencies
++EXT_DEPS_SRC = $(wildcard src/external_deps/*.c)
++
++# utils module (for the ARITH layer, we only need
++# NN and FP - and not curves - related stuff. Same goes
++# for EC and SIGN. Hence the distinction between three
++# sets of utils objects.
++UTILS_ARITH_SRC = src/utils/utils.c src/utils/utils_rand.c
++UTILS_ARITH_SRC += $(wildcard src/utils/*_nn.c)
++UTILS_ARITH_SRC += $(wildcard src/utils/*_fp.c)
++UTILS_ARITH_SRC += $(wildcard src/utils/*_buf.c)
++UTILS_EC_SRC = $(wildcard src/utils/*_curves.c)
++UTILS_SIGN_SRC = $(wildcard src/utils/*_keys.c)
++
++# nn module
++NN_SRC = $(wildcard src/nn/n*.c)
++
++# fp module
++FP_SRC = $(wildcard src/fp/fp*.c)
++
++# curve module
++CURVES_SRC = $(wildcard src/curves/*.c)
++
++# Hash module
++HASH_SRC = $(wildcard src/hash/sha*.c) $(wildcard src/hash/bash*.c) src/hash/hash_algs.c src/hash/sm3.c src/hash/streebog.c src/hash/ripemd160.c src/hash/belt-hash.c src/hash/hmac.c
++
++# Key/Signature/Verification/ECDH module
++SIG_SRC = $(wildcard src/sig/*dsa.c) src/sig/ecdsa_common.c src/sig/ecsdsa_common.c src/sig/sig_algs.c src/sig/sm2.c src/sig/bign_common.c src/sig/bign.c src/sig/dbign.c src/sig/bip0340.c
++ECDH_SRC = $(wildcard src/ecdh/*.c)
++KEY_SRC = src/sig/ec_key.c
++
++# Test elements
++TESTS_OBJECTS_CORE_SRC = src/tests/ec_self_tests_core.c
++TESTS_OBJECTS_SELF_SRC = src/tests/ec_self_tests.c
++TESTS_OBJECTS_UTILS_SRC = src/tests/ec_utils.c
++
++
++
++# --- Static Libraries ---
++
++LIBARITH_SRC = $(FP_SRC) $(NN_SRC) $(UTILS_ARITH_SRC)
++LIBARITH_OBJECTS = $(patsubst %,$(OBJ_DIR)/%.$(OBJ_FILES_EXTENSION),$(basename $(LIBARITH_SRC)))
++$(LIBARITH): $(LIBARITH_OBJECTS)
++ $(VERBOSE_MAKE)$(CROSS_COMPILE)$(AR) $(AR_FLAGS) $@ $^
++ $(VERBOSE_MAKE)$(CROSS_COMPILE)$(RANLIB) $(RANLIB_FLAGS) $@
++
++LIBEC_SRC = $(LIBARITH_SRC) $(CURVES_SRC) $(UTILS_EC_SRC)
++LIBEC_OBJECTS = $(patsubst %,$(OBJ_DIR)/%.$(OBJ_FILES_EXTENSION),$(basename $(LIBEC_SRC)))
++$(LIBEC): $(LIBEC_OBJECTS)
++ $(VERBOSE_MAKE)$(CROSS_COMPILE)$(AR) $(AR_FLAGS) $@ $^
++ $(VERBOSE_MAKE)$(CROSS_COMPILE)$(RANLIB) $(RANLIB_FLAGS) $@
++
++LIBSIGN_SRC = $(LIBEC_SRC) $(HASH_SRC) $(SIG_SRC) $(KEY_SRC) $(UTILS_SIGN_SRC) $(ECDH_SRC)
++LIBSIGN_OBJECTS = $(patsubst %,$(OBJ_DIR)/%.$(OBJ_FILES_EXTENSION),$(basename $(LIBSIGN_SRC)))
++$(LIBSIGN): $(LIBSIGN_OBJECTS)
++ $(VERBOSE_MAKE)$(CROSS_COMPILE)$(AR) $(AR_FLAGS) $@ $^
++ $(VERBOSE_MAKE)$(CROSS_COMPILE)$(RANLIB) $(RANLIB_FLAGS) $@
++
++
++
++# --- Dynamic Libraries ---
++
++$(LIBARITH_DYN): $(LIBARITH_OBJECTS)
++ $(VERBOSE_MAKE)$(CROSS_COMPILE)$(CC) $(LIB_CFLAGS) $(LIB_DYN_LDFLAGS) $^ -o $@
++
++$(LIBEC_DYN): $(LIBEC_OBJECTS)
++ $(VERBOSE_MAKE)$(CROSS_COMPILE)$(CC) $(LIB_CFLAGS) $(LIB_DYN_LDFLAGS) $^ -o $@
++
++$(LIBSIGN_DYN): $(LIBSIGN_OBJECTS)
++ $(VERBOSE_MAKE)$(CROSS_COMPILE)$(CC) $(LIB_CFLAGS) $(LIB_DYN_LDFLAGS) $^ -o $@
++
++
++
++# --- Executables (Static linkage with libsign object files) ---
++
++EC_SELF_TESTS_SRC = $(TESTS_OBJECTS_CORE_SRC) $(TESTS_OBJECTS_SELF_SRC) $(EXT_DEPS_SRC)
++EC_SELF_TESTS_OBJECTS = $(patsubst %,$(OBJ_DIR)/%.$(OBJ_FILES_EXTENSION),$(basename $(EC_SELF_TESTS_SRC)))
++$(BUILD_DIR)/ec_self_tests: $(EC_SELF_TESTS_OBJECTS) $(LIBSIGN_OBJECTS)
++ $(VERBOSE_MAKE)$(CROSS_COMPILE)$(CC) $(BIN_CFLAGS) $(BIN_LDFLAGS) $^ -o $@
++
++EC_UTILS_SRC = $(TESTS_OBJECTS_CORE_SRC) $(TESTS_OBJECTS_UTILS_SRC) $(EXT_DEPS_SRC)
++EC_UTILS_OBJECTS = $(patsubst %,$(OBJ_DIR)/%.$(OBJ_FILES_EXTENSION),$(basename $(EC_UTILS_SRC)))
++$(BUILD_DIR)/ec_utils: $(EC_UTILS_SRC) $(LIBSIGN_OBJECTS)
++ $(VERBOSE_MAKE)$(CROSS_COMPILE)$(CC) $(BIN_CFLAGS) $(BIN_LDFLAGS) -DWITH_STDLIB $^ -o $@
++
++
++
++# --- Excutables (Dynamic linkage with libsign shared library) ---
++
++$(BUILD_DIR)/ec_self_tests_dyn: $(EC_SELF_TESTS_OBJECTS)
++ $(VERBOSE_MAKE)$(CROSS_COMPILE)$(CC) $(BIN_CFLAGS) $(BIN_LDFLAGS) -L$(BUILD_DIR) $^ -lsign -o $@
++
++$(BUILD_DIR)/ec_utils_dyn: $(EC_UTILS_OBJECTS)
++ $(VERBOSE_MAKE)$(CROSS_COMPILE)$(CC) $(BIN_CFLAGS) $(BIN_LDFLAGS) -L$(BUILD_DIR) -DWITH_STDLIB $^ -lsign -o $@
++
++
++
++.PHONY: all clean 16 32 64 debug debug16 debug32 debug64 force_arch32 force_arch64
++
++# All source files, used to construct general rules
++SRC += $(EXT_DEPS_SRC) $(UTILS_ARITH_SRC) $(UTILS_EC_SRC) $(UTILS_SIGN_SRC)
++SRC += $(NN_SRC) $(FP_SRC) $(CURVES_SRC) $(HASH_SRC) $(SIG_SRC) $(ECDH_SRC)
++SRC += $(KEY_SRC) $(TESTS_OBJECTS_CORE_SRC) $(TESTS_OBJECTS_SELF_SRC)
++SRC += $(TESTS_OBJECTS_UTILS_SRC)
++
++# All object files
++OBJS = $(patsubst %,$(OBJ_DIR)/%.$(OBJ_FILES_EXTENSION),$(basename $(SRC)))
++
++# General dependency rule between .o and .d files
++DEPS = $(OBJS:.$(OBJ_FILES_EXTENSION)=.d)
++
++# General rule for creating .o (and .d) file from .c
++$(OBJ_DIR)/%.$(OBJ_FILES_EXTENSION): %.c
++ $(VERBOSE_MAKE)$(CROSS_COMPILE)$(CC) -c $(LIB_CFLAGS) -o $@ $<
++
++# Populate the directory structure to contain the .o and .d files, if necessary
++$(shell mkdir -p $(dir $(OBJS)) >/dev/null)
++$(shell mkdir -p $(BUILD_DIR) >/dev/null)
++
++# Make a note of the MAKEFILE_LIST at this stage of parsing the Makefile
++# It is important here to use the ':=' operator so it is evaluated only once,
++# and to do this before all the DEPS files are included as makefiles.
++MAKEFILES:=$(MAKEFILE_LIST)
++
++# Make object files depend on all makefiles used - this forces a rebuild if any
++# of the makefiles are changed
++$(OBJS) : $(MAKEFILES)
++
++# Dep files are makefiles that keep track of which header files are used by the
++# c source code. Include them to allow them to work correctly.
++-include $(DEPS)
diff --cc crypto/libecc/README.md
index 000000000000,000000000000..2972ab1708bb
new file mode 100644
--- /dev/null
+++ b/crypto/libecc/README.md
@@@ -1,0 -1,0 +1,1345 @@@
++[](https://github.com/libecc/libecc/actions/workflows/libecc_compilation_tests.yml)
++[](https://github.com/libecc/libecc/actions/workflows/libecc_runtime_tests.yml)
++[](https://github.com/libecc/libecc/actions/workflows/libecc_crossarch_tests.yml)
++[](https://github.com/libecc/libecc/actions/workflows/libecc_python_tests.yml)
++[](https://github.com/libecc/libecc/actions/workflows/libecc_examples.yml)
++
++
++# libecc project
++
++## Copyright and license
++Copyright (C) 2017-2023
++
++This software is licensed under a dual BSD and GPL v2 license.
++See [LICENSE](LICENSE) file at the root folder of the project.
++
++## Authors
++
++ * Ryad BENADJILA (<mailto:ryadbenadjila@gmail.com>)
++ * Arnaud EBALARD (<mailto:arnaud.ebalard@ssi.gouv.fr>)
++ * Jean-Pierre FLORI (<mailto:jpflori@gmail.com>)
++
++## Contributors
++ * Nicolas VIVET (<mailto:nicolas.vivet@ssi.gouv.fr>)
++ * Karim KHALFALLAH (<mailto:karim.khalfallah@ssi.gouv.fr>)
++ * Niels SAMWEL (<mailto:nsamwel@google.com>)
++
++## Description
++This software implements a library for elliptic curves based
++cryptography (ECC). The API supports signature algorithms specified
++in the [ISO 14888-3:2018](https://www.iso.org/standard/76382.html)
++standard and some other signature algorithms as well as ECDH primitives, with the following specific curves and hash functions:
++
++ * **Signatures**:
++ * Core ISO 14888-3:2018 algorithms: ECDSA, ECKCDSA, ECGDSA, ECRDSA, EC{,O}SDSA, ECFSDSA, SM2.
++ * EdDSA (25519 and 448 as specified in [RFC 8032](https://datatracker.ietf.org/doc/html/rfc8032)).
++ * BIGN (as standardized in [STB 34.101.45-2013](https://github.com/bcrypto/bign)). We allow a more lax usage of
++ BIGN than in the standard as we allow any curve and any hash function.
++ * BIP0340, also known as the "Schnorr" Bitcoin proposal, as specified in [bip-0340](https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki).
++ We allow a more lax usage of BIP0340 than the standard as we allow any curve and any hash function (the standard mandates SECP256K1 with SHA-256).
++
++ * **ECDH**:
++ * ECC-CDH (Elliptic Curve Cryptography Cofactor Diffie-Hellman) as described in [section 5.7.1.2 of the NIST SP 800-56A Rev. 3](https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final) standard.
++ * X25519 and X448 as specified in [RFC7748](https://datatracker.ietf.org/doc/html/rfc7748) (with some specificities, see the details below).
++ * **Curves**: SECP{192,224,256,384,521}R1, SECP{192,224,256}K1, BRAINPOOLP{192,224,256,320,384,512}{R1,T1},
++ FRP256V1, GOST{256,512}, GOSTR3410-2001-CryptoPro{A,B,C,XchA,XchB,Test}-ParamSet, GOSTR3410-2012-{256,512}-ParamSet{A,B,C}, GOSTR3410-2012-256-ParamSetD, GOSTR3410-2012-512-ParamSetTest, SM2P256V1, SM2P{192,256}Test, WEI{25519,448}, BIGN{256,384,512}V1. The library can be easily expanded with
++ user defined curves using a standalone helper script.
++ * **Hash functions**: SHA-2 and SHA-3 hash functions (224, 256, 384, 512), SM3, RIPEMD-160,
++GOST 34.11-2012 as described in [RFC 6986](https://datatracker.ietf.org/doc/html/rfc6986)
++(also known as [Streebog](https://tc26.ru/en/events/research-projects-competition/streebog-competition.html)),
++SHAKE256 in its restricted version with 114 bytes output (mainly for Ed448), BELT-HASH (as standardized in
++[STB 34.101.31-2011](https://github.com/bcrypto/belt)), and BASH-{224,256,384,512} (as standardized in
++[STB 34.101.77-2020](http://apmi.bsu.by/assets/files/std/bash-spec24.pdf)).
++**HMAC** based on any of these hash functions is also included.
++
++ECDSA comes in two variants: the classical non-deterministic one, and the **deterministic** ECDSA
++as described in [RFC 6979](https://datatracker.ietf.org/doc/html/rfc6979). The deterministic version
++generates nonces using a HMAC-DRBG process, and is suitable for situations where there is
++no RNG or where entropy sources are considered weak (please note that any leak on these nonces
++bits can lead to devastating attacks exploiting the [Hidden Number Problem](https://eprint.iacr.org/2020/615.pdf)).
++On the downside, the deterministic version of ECDSA is susceptible to [fault attacks](https://eprint.iacr.org/2017/1014.pdf).
++Hence, one will have to **carefully select** the suitable version to use depending on the usage and
++attack context (i.e. which of side-channel attacks or fault attacks are easier to perform).
++The same applies to BIGN that comes in two flavours as standardized in [STB 34.101.45-2013](https://github.com/bcrypto/bign):
++non-deterministic and deterministic (following an iterative generation process using the BELT hash function and its underlying block cipher).
++
++The library also supports EdDSA (Ed25519 and Ed448) as defined in [RFC 8032](https://datatracker.ietf.org/doc/html/rfc8032) with
++all their variants (with context, pre-hashed).
++Since the core of the library supports short Weierstrass curves, and as
++EdDSA uses instead Twisted Edwards curves with dedicated formulas, we use
++**isogenies** as described in the [lwig-curve-representations](https://datatracker.ietf.org/doc/html/draft-ietf-lwig-curve-representations)
++draft. Isogenies are transformations (homomorphisms that are almost isomorphisms) between
++curves models, allowing to implement operations on one model by operating with
++formulas on another model. Concretely, in our case we perform computations on
++the Weierstrass WEI25519 that is isogenic to Ed25519 (Twisted Edwards)
++and Curve25519 (Montgomery) curves. This, of course, induces overheads in computations
++while having the great benefit of keeping the library core mathematical foundations simple
++and keep the defense-in-depth (regarding software security and side-channels) focused on
++a rather limited part: see the discussions below on libecc efforts with regards to security.
++
++Please note that as for deterministic ECDSA and BIGN, EdDSA signatures are trivially susceptible to
++[fault attacks](https://eprint.iacr.org/2017/1014.pdf) without having a non-deterministic
++variant. Hence, when using EdDSA one will have to either ensure that the usage context naturally prevents
++such attacks, that the platform implements countermeasures (e.g. using secure MCUs, etc.) or that
++other means allow to detect/mitigate such attacks (e.g. on the compilation toolchain side).
++
++Please refer to [this CFRG thread](https://mailarchive.ietf.org/arch/browse/cfrg/?gbt=1&index=5l3XCLHLCVfOmnkcv4mo2-pEV94)
++for more insight on why deterministic versus non-deterministic EC signature schemes is still an open debate
++and how the usage context and **attack model** is **crucial** when choosing to use one or the other.
++
++
++**Batch verification** is implemented for the signature algorithms that support it - the signature schemes
++that preserve some "reversible" projective point coordinate information in the signature value.
++This is the case for some "Schnorr" based schemes, namely ECFSDSA ("full Schnorr" from ISO14888-3), EdDSA and BIP0340.
++Batch verification allows (thanks to the Bos-Coster algorithm) to bring speedups between 2 to 6.5 times
++the regular verification for batches of at least 10 signatures, which is not negligible depending on the usage.
++Beware that for the specific case of BIP0340, results might depend on the underlying prime of the curve, since
++the batch verification makes heavy use of square root residues and the Tonelli-Shanks algorithm complexity
++is sensitive to the prime "form" (e.g. is equal to 1 modulo 4, etc.). Finally, beware that the speedup of
++batch verification comes at an increased memory cost: the Bos-Coster algorithm requires a scratchpad memory space
++that increases linearly with the number of signatures to be checked.
++
++
++Regarding the specific case of ECRDSA (the Russian standard), libecc implements by default the
++[RFC 7091](https://datatracker.ietf.org/doc/html/rfc7091) and [draft-deremin-rfc4491-bis](https://datatracker.ietf.org/doc/html/draft-deremin-rfc4491-bis)
++versions to comply with the standard test vectors (provided in the form of X.509 certificates).
++This version of the algorithm **differs** from the ISO/IEC 14888-3 description and test vectors,
++the main difference coming from the way the hash of the message to be signed/verified is processed:
++in the RFCs, the little endian representation of the hash is taken as big number while in ISO/IEC the big endian
++representation is used. This seems (to be confirmed) to be a discrepancy of ISO/IEC 14888-3 algorithm description
++that must be fixed there. In order to allow users to still be able to reproduce the ISO/IEC behavior, we provide
++a compilation toggle that will force this mode `USE_ISO14888_3_ECRDSA=1`:
++
++<pre>
++ $ USE_ISO14888_3_ECRDSA=1 make
++</pre>
++
++**ECDH (Elliptic Curve Diffie-Hellman)** variants are also implemented in the
++library. Classical ECDH over Weierstrass curves is implemented in the form
++of ECC-CDH (Elliptic Curve Cryptography Cofactor Diffie-Hellman) as described
++in [section 5.7.1.2 of the NIST SP 800-56A Rev. 3](https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final) standard. Montgomery curves
++based algorithms (Curve25519 and Curve448) are included as specified in [RFC7748](https://datatracker.ietf.org/doc/html/rfc7748),
++although the implementation somehow diverges from the canonical ones as u coordinates on the curve
++quadratic twist are rejected (this is due to the underlying usage of isogenies to
++handle Montgomery curves). This divergence does not impact the ECDH use case though.
++
++
++Advanced usages of this library also include the possible implementation
++of elliptic curve based protocols as well as any algorithm
++on top of prime fields based elliptic curves (or prime fields, or rings
++of integers). Many examples are present in the [src/examples](src/examples)
++folder, notable ones being:
++ * Pollard-Rho, Miller-Rabin and square residues over finite fields.
++ * The RSA cryptosystem as defined in the PKCS#1 [RFC8017](https://datatracker.ietf.org/doc/html/rfc8017)
++standard. This implementation also comes with the integration of deprecated hash
++functions such as MD2, MD4, MD5, SHA-0, SHA-1, MDC-2, GOSTR34-11-94 and so on in order to be compliant with existing
++signatures (e.g. in X.509). These primitives are **not** included in the core
++library on purpose: they are **dangerous and broken** and must only be used for
++tests purposes.
++ * The DSA cryptosystem as defined in [FIPS 186-4](https://csrc.nist.gov/publications/detail/fips/186/4/final).
++ * The SDSA (Schnorr DSA) as defined in ISO14888-3
++ * The KCDSA (Korean DSA) as defined in ISO14888-3
++ * The GOSTR34-10-94 function as defined in [RFC4491](https://www.rfc-editor.org/rfc/rfc4491)
++ * The SSS (Shamir Secret Sharing) algorithm over a prime field of 256 bits.
++
++
++**NOTE**: for all the primitives (specifically relevant for signature primitives), a maximum
++allowed size for big numbers is **4096 bits** with word size **64 bits** (this will be less
++for word sizes 16 and 32 bits). This is due to an internal limitation of libecc
++on big numbers allocation documented [here](include/libecc/nn/nn_config.h). We can live with
++this limitation as the library is primarily intended to focus on ECC based algorithms.
++However, one should be aware that for example RSA with modulus > 4096 will fail (as well
++and DSA and other El-Gamal based algorithms): these primitives are only included as
++examples and should be used with care.
++
++**NOTE**: handling 4096 bits NN numbers must be explicitly configured at compilation
++time using the `-DUSER_NN_BIT_LEN=4096` toggle in the `CFLAGS` or `EXTRA_CFLAGS` as explained
++in [the dedicated section](https://github.com/ANSSI-FR/libecc#modifying-the-big-numbers-size).
++
++
++Compared to other cryptographic libraries providing such
++features, the differentiating points are:
++
++ * A focus on code readability and auditability. The code is pure C99,
++ with no dynamic allocation and includes pre/post-asserts in the code.
++ Hence, this library is a good candidate for embedded targets (it should be
++ easily portable accross various platforms).
++ * A clean layer separation for all needed mathematical abstractions and
++ operations. Strong typing (as "strong" as C99 allows, of course) of
++ mathematical objects has been used in each layer.
++ * The library has NOT been designed to break performance records, though
++ it does a decent job (see the [performance section discussion](#performance)). Similarly,
++ the library memory footprint (in terms of ROM and RAM usage) is not the
++ smallest achievable one (though some efforts have been made to limit it
++ and fit "common" platforms, see the [dedicated section](#constrained-devices)).
++ * libecc library core has **no external dependency** (not even the standard
++ libc library) to make it portable. See the
++ [section about portability](#compatibility-and-portability) for more information.
++
++## Building
++
++### Building the static libraries and the signature self tests
++
++The main [Makefile](Makefile) is in the root directory, and compiling is as simple as
++executing:
++
++<pre>
++ $ make
++</pre>
++
++By default, compilation is quiet. **Verbose compilation** (i.e. showing all the compilation
++executed commands) can be achieved using the `VERBOSE=1` toggle:
++
++<pre>
++ $ VERBOSE=1 make
++</pre>
++
++This will compile different elements in the [build](build/) directory:
++
++ * Three **archive** static libraries, each one containing (based on) the previous ones:
++ * **libarith.a**: this library contains the Natural Numbers (NN) and Finite field over primes
++ (Fp) arithmetic layers.
++ * **libec.a**: this library is based on libarith.a and contains the EC curves implementation
++ (points abstraction, point addition/doubling formulas and scalar multiplication).
++ * **libsign.a**: this library is based on libec.a and contains all our ISO 14888-3 signature
++ algorithms over some statically defined curves and hash functions.
++ * Two binaries based on the libsign.a static library:
++ * **ec\_self\_tests**: the self tests for signature/verification algorithm of ISO 14888-3
++ with known and random test vectors, as well as performance tests. Launching the self tests without
++ an argument will execute the three tests (known and fixed test vectors, random sign/verify
++ checks, and performance measurements). One can also launch each test separately.
++
++ For known test vectors:
++<pre>
++ $ ./build/ec_self_tests vectors
++ ======= Known test vectors test ===================
++ [+] ECDSA-SHA224/secp224r1 selftests: known test vectors sig/verif ok
++ [+] ECDSA-SHA256/secp256r1 selftests: known test vectors sig/verif ok
++ [+] ECDSA-SHA512/secp256r1 selftests: known test vectors sig/verif ok
++ ...
++</pre>
++
++ For sign/verify checks (with random key pairs and random data):
++
++<pre>
++ $ ./build/ec_self_tests rand
++ ======= Random sig/verif test ===================
++ [+] ECDSA-SHA224/FRP256V1 randtests: random import/export with sig(0)/verif(0) ok
++ [+] ECDSA-SHA224/SECP224R1 randtests: random import/export with sig(0)/verif(0) ok
++ ...
++</pre>
++
++ For performance measurements:
++
++<pre>
++ $ ./build/ec_self_tests perf
++ ======= Performance test =====================
++ [+] ECDSA-SHA224/FRP256V1 perf: 462 sign/s and 243 verif/s
++ [+] ECDSA-SHA224/SECP224R1 perf: 533 sign/s and 276 verif/s
++ ...
++</pre>
++
++**NOTE**: it is possible to parallelize self tests (known and random) using the
++[OpenMP](https://en.wikipedia.org/wiki/OpenMP) framework (usually packaged with
++most distros) by using the `OPENMP_SELF_TESTS=1` compilation toggle. This requires
++the `WITH_STDLIB` option (as it obviously uses the standard library). Performance
++tests are not parallelized due to possible shared ressources exhaustion between CPUs and cores
++(e.g. caches, Branch Prediction Units, etc.).
++
++- **ec\_utils**: a tool for signing and verifying user defined files, with a user
++provided signature algorithm/curve/hash function triplet. The tool can also be
++used to generate signature keys.
++
++ Generate keys for ECKCDSA over the BRAINPOOLP512R1 curve, with
++the 'mykeypair' prefix:
++<pre>
++ $ ./build/ec_utils gen_keys BRAINPOOLP512R1 ECKCDSA mykeypair
++</pre>
++
++ This will create four files. Two
++binary '.bin' files corresponding to the private key (mykeypair\_private\_key.bin)
++and the public key (mykeypair\_public\_key.bin). Two header '.h' files are also
++created, corresponding to a C style header version of the keys so that these can
++be included and used in a C program using libecc. Note that both kind of keys
++(public and private) include leading metadata (type, algorithm, curve, etc) for
++possible sanity checks when they are used (e.g. to detect passing of an ECDSA
++private key to an ECKCDSA signature call, etc).
++
++ Once the key pair has been created,
++one can sign a raw binary file named 'myfile' and store the signature in
++'sig.bin'. In the example below, we use SHA3\_512 as the hash function for
++the signature. BRAINPOOLP512R1 and ECKCDSA are explicitly given (matching the
++type of key we generated during previous step). Note that the call would yield
++an error if invalid parameters were given (thanks to the metadata elements
++described above).
++<pre>
++ $ ./build/ec_utils sign BRAINPOOLP512R1 ECKCDSA SHA3_512 myfile mykeypair_private_key.bin sig.bin
++</pre>
++ After this, a raw signature is created, mainly consisting of the ECKCDSA (r, s) big
++numbers concatenated (the length of this file should be 1024 bits = 2 x 512 bits). The signature can now be verified with
++the 'verify' command and the public key, the result being either **OK** or **failed**:
++<pre>
++ $ ./build/ec_utils verify BRAINPOOLP512R1 ECKCDSA SHA3_512 myfile mykeypair_public_key.bin sig.bin
++ Signature check of myfile OK
++</pre>
++
++ The ec\_utils tool can also be used to produce/verify **structured binaries**
++containing a header, raw binary and their signature (see the 'struct\_sign' and 'struct\_verify' commands for a help on
++this mode). The rationale behind these commands is to ease the production/verification of self-contained signed images
++(which can be useful when dealing with embedded firmware updates for instance).
++
++### Building the user examples
++
++Since it is possible to use libecc as a NN (**positive** Natural Numbers), Fp (Finite field over primes) or EC curve layer library,
++we provide some examples in the [src/examples](src/examples) folder. Compiling these examples is as simple as:
++<pre>
++ $ cd src/examples
++ $ make
++</pre>
++
++* NN layer examples:
++ * [src/examples/basic/nn_miller_rabin.c](src/examples/basic/nn_miller_rabin.c): this example implements the
++ [Miller-Rabin](https://en.wikipedia.org/wiki/Miller%E2%80%93Rabin_primality_test) composition (or probabilistic primality) test as
++ described in the [Handbook of Applied Cryptography (4.29)](http://cacr.uwaterloo.ca/hac/about/chap4.pdf).
++ * [src/examples/basic/nn_pollard_rho.c](src/examples/nn_pollard_rho.c): this example is a straightforward
++ implementation of the [Pollard's Rho](https://en.wikipedia.org/wiki/Pollard%27s_rho_algorithm) integer factorization
++ algorithm as specified in the [Handbook of Applied Cryptography (3.9)](http://cacr.uwaterloo.ca/hac/about/chap3.pdf).
++
++* Fp layer examples:
++ * [src/examples/basic/fp_square_residue.c](src/examples/basic/fp_square_residue.c): this is an implementation of
++ the [Tonelli-Shanks](https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm) algorithm for finding quadratic residues
++ over a prime field Fp. Given a prime field element x, the algorithm finds y so that y<sup>2</sup> = x (or informs that there
++ is no solution if this is the case).
++
++* Curves layer examples:
++ * [src/examples/basic/curve_basic_examples.c](src/examples/basic/curve_basic_examples.c): this example shows basic
++ features of libec for playing with elliptic curves group arithmetic, namely loading defined named curves, generating random points on
++ these curves, checking point addition and doubling formulas as well as scalar multiplication (both Montgomery and non Montgomery based).
++
++ * [src/examples/basic/curve_ecdh.c](src/examples/basic/curve_ecdh.c): the purpose of this code is to provide a toy example of
++ how to implement an [Elliptic Curve Diffie-Hellman](https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman) protocol between two
++ entities 'Alice' and 'Bob' in order to produce a shared secret over a public channel.
++
++**WARNING**: these examples are **toy implementations** not to be used in a production environment (for instance, the code
++has neither been designed to be efficient nor robust against side channel attacks). Their purpose is only to show basic usage of the
++libarith and libec libraries.
++
++The **public headers** containing the functions to be used by higher level code are [include/libecc/libarith.h](include/libecc/libarith.h),
++[include/libecc/libec.h](include/libecc/libec.h) and [include/libecc/libsig.h](include/libecc/libsig.h): they are respectively used for the NN and Fp arithmetic layers,
++the Elliptic Curves layer, and the signature layer.
++
++More advanced examples are present in the examples folder:
++
++* Obsolete hash algorithms as an expansion to libecc core algorithms, in [src/examples/hash](src/examples/hash) (MD2, MD4, MD5, MDC2, SHA-0,
++SHA-1, and TDES for supporting MDC2). Please **be careful** when using them, it is advised to use them as toy primitives in **non-production code**
++(e.g. for checking old protocols and cipher suites).
++
++* Pre-ECC Signature schemes (based on Fp finite fields discrete logarithm) in [src/examples/sig](src/examples/sig) (RSA, DSA, SDSA, KCDSA,
++GOSTR34-10-94). Beware that for these signatures, you will have to expand the NN size to bigger values than the default (e.g. supporting RSA 4096
++will need a size of at least 4096 bits for NN, see how to expand the size in the documentation [here](include/libecc/nn/nn_config.h)). Although some
++efforts have been made when developing these signature algorithms, using them in production code should be decided with care (e.g. regarding
++side-channel attack and so on).
++
++* SSS (Shamir Secret Sharing) in [src/examples/sss](src/examples/sss).
++
++
++### Building the NN and Fp arithmetic tests
++
++libecc is provided with arithmetic random tests for the low level NN and Fp routines (addition, subtraction, logical
++operations, multiplication and Montgomery multiplication, ...).
++
++These tests are located inside the [src/arithmetic_tests/](src/arithmetic_tests/) folder. More specifically, the tests
++are split in two files:
++
++* [src/arithmetic_tests/arithmetic_tests.c](src/arithmetic_tests/arithmetic_tests.c): a '.c' file to be compiled and linked with libecc
++static library and performing a set of tests given on the standard input or in a file. The tests have a specific ASCII
++format with expected input/output as big numbers, and crafted **opcodes** defining the operation type (addition over
++NN, over Fp, ...).
++* [src/arithmetic_tests/arithmetic_tests_generator.py](src/arithmetic_tests/arithmetic_tests_generator.py): a python
++script that generates a set of arithmetic tests.
++
++### Building with the meson build system
++
++In parallel to the `Makefile` build system, a migration to the newer and more user friendly `meson` build is a
++**work in progress**. Compiling with `meson` can be simply achieved with:
++
++<pre>
++ $ meson setup builddir && cd builddir && meson dist
++</pre>
++
++Please note that you will need `meson`, `ninja` and `dunamai` (that can be installed from the Python `pip` installer).
++
++Most of libecc compilation options have been migrated, please check the output of the `meson configure` command to get
++a complete list of these (in the 'Project options' category). For instance, compiling libecc with a word size of 32 and
++a debug mode can be triggered with:
++
++<pre>
++ $ meson setup -Dwith_wordsize=32 -Dwith_debug=true builddir && cd builddir && meson dist
++</pre>
++
++## Configuring the libecc library
++
*** 2624 LINES SKIPPED ***