git: 05427f4639bc - main - secure: hook up libecc as libpkgecc
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 01 Jan 2025 21:11:39 UTC
The branch main has been updated by kevans:
URL: https://cgit.FreeBSD.org/src/commit/?id=05427f4639bcf2703329a9be9d25ec09bb782742
commit 05427f4639bcf2703329a9be9d25ec09bb782742
Author: Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2025-01-01 21:10:27 +0000
Commit: Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2025-01-01 21:11:22 +0000
secure: hook up libecc as libpkgecc
libecc is not intended to be general use, other applications should
really be using openssl. pkg(7) uses libecc to align with the pkg(8)
project and its goals. This will be used in the upcoming support for
ECC in pkg(7).
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D48117
---
secure/lib/Makefile | 2 +-
secure/lib/libpkgecc/Makefile | 137 +++++++++++++++++++++++++++++++++
secure/lib/libpkgecc/pkg_libecc_rand.c | 22 ++++++
share/mk/src.libnames.mk | 4 +
4 files changed, 164 insertions(+), 1 deletion(-)
diff --git a/secure/lib/Makefile b/secure/lib/Makefile
index 195fef28501c..6364327d7088 100644
--- a/secure/lib/Makefile
+++ b/secure/lib/Makefile
@@ -1,6 +1,6 @@
.include <src.opts.mk>
-SUBDIR=
+SUBDIR= libpkgecc
.if ${MK_OPENSSL} != "no"
SUBDIR+=libcrypto libssl
.if ${MK_OPENSSH} != "no"
diff --git a/secure/lib/libpkgecc/Makefile b/secure/lib/libpkgecc/Makefile
new file mode 100644
index 000000000000..476cd8635aeb
--- /dev/null
+++ b/secure/lib/libpkgecc/Makefile
@@ -0,0 +1,137 @@
+
+# STOP - This is not a general purpose library and is only for use by pkg(7)
+# to align with the implementation in pkg(8).
+LIB= pkgecc
+INTERNALLIB=
+
+.PATH: $(SRCTOP)/crypto/libecc
+SRCS+= pkg_libecc_rand.c
+
+# curves_mod_src
+.PATH: $(SRCTOP)/crypto/libecc/src/curves
+SRCS+= aff_pt.c \
+ aff_pt_montgomery.c \
+ ec_edwards.c \
+ ec_montgomery.c \
+ ec_params.c \
+ ec_shortw.c \
+ aff_pt_edwards.c \
+ curves.c \
+ prj_pt.c
+
+# utils_ec_src
+.PATH: $(SRCTOP)/crypto/libecc/src/utils
+SRCS+= print_curves.c
+
+# fp_mod_src
+.PATH: $(SRCTOP)/crypto/libecc/src/fp
+SRCS+= fp_add.c \
+ fp.c \
+ fp_montgomery.c \
+ fp_mul.c \
+ fp_mul_redc1.c \
+ fp_pow.c \
+ fp_rand.c \
+ fp_sqrt.c
+
+# nn_mod_src
+.PATH: $(SRCTOP)/crypto/libecc/src/nn
+SRCS+= nn_add.c \
+ nn.c \
+ nn_div.c \
+ nn_logical.c \
+ nn_modinv.c \
+ nn_mod_pow.c \
+ nn_mul.c \
+ nn_mul_redc1.c \
+ nn_rand.c
+
+# utils_arith_src
+SRCS+= utils.c \
+ utils_rand.c \
+ print_buf.c \
+ print_fp.c \
+ print_nn.c
+
+## libsign bits
+# hash_mod_src
+.PATH: $(SRCTOP)/crypto/libecc/src/hash
+SRCS+= hash_algs.c \
+ sm3.c \
+ streebog.c \
+ ripemd160.c \
+ belt-hash.c \
+ hmac.c \
+ bash224.c \
+ bash256.c \
+ bash384.c \
+ bash512.c \
+ bash.c \
+ sha224.c \
+ sha256.c \
+ sha3-224.c \
+ sha3-256.c \
+ sha3-384.c \
+ sha3-512.c \
+ sha384.c \
+ sha3.c \
+ sha512-224.c \
+ sha512-256.c \
+ sha512.c \
+ sha512_core.c \
+ shake256.c \
+ shake.c
+
+# sig_mod_src
+.PATH: $(SRCTOP)/crypto/libecc/src/sig
+SRCS+= decdsa.c \
+ ecdsa.c \
+ ecfsdsa.c \
+ ecgdsa.c \
+ eckcdsa.c \
+ ecosdsa.c \
+ ecrdsa.c \
+ ecsdsa.c \
+ eddsa.c \
+ fuzzing_ecdsa.c \
+ fuzzing_ecgdsa.c \
+ fuzzing_ecrdsa.c \
+ ecdsa_common.c \
+ ecsdsa_common.c \
+ sig_algs.c \
+ sm2.c \
+ bign_common.c \
+ bign.c \
+ dbign.c \
+ bip0340.c
+
+# key_mod_src
+SRCS+= ec_key.c
+
+# utils_sign_src
+.PATH: $(SRCTOP)/crypto/libecc/src/sig
+SRCS+= print_keys.c
+
+# ecdh_mod_src
+.PATH: $(SRCTOP)/crypto/libecc/src/ecdh
+SRCS+= ecccdh.c \
+ x25519_448.c
+
+# external_deps
+.PATH: $(SRCTOP)/crypto/libecc/src/external_deps
+SRCS+= print.c
+
+CONFLICTS= -Dsha256_init=_libecc_sha256_init \
+ -Dsha256_update=_libecc_sha256_update \
+ -Dsha256_final=_libecc_sha256_final \
+ -Dsha512_224_init=_libecc_sha512_224_init \
+ -Dsha512_256_init=_libecc_sha512_256_init
+
+CFLAGS= -I$(SRCTOP)/crypto/libecc/include \
+ -ffreestanding \
+ -fno-builtin \
+ -DUSE_WARN_UNUSED_RET \
+ -DWITH_STDLIB \
+ $(CONFLICTS)
+
+.include <bsd.lib.mk>
diff --git a/secure/lib/libpkgecc/pkg_libecc_rand.c b/secure/lib/libpkgecc/pkg_libecc_rand.c
new file mode 100644
index 000000000000..c190c9094538
--- /dev/null
+++ b/secure/lib/libpkgecc/pkg_libecc_rand.c
@@ -0,0 +1,22 @@
+/* SPDX-License-Identifier: Unlicense */
+#include <sys/types.h>
+#include <stdlib.h>
+
+#include <libecc/external_deps/rand.h>
+
+int
+get_random(unsigned char *buf, uint16_t len)
+{
+
+ /*
+ * We need random numbers even in a sandbox, so we can't use
+ * /dev/urandom as the external_deps version of get_random() does on
+ * FreeBSD. arc4random_buf() is a better choice because it uses the
+ * underlying getrandom(2) instead of needing to open a device handle.
+ *
+ * We don't have any guarantees that this won't open a device on other
+ * platforms, but we also don't do any sandboxing on those platforms.
+ */
+ arc4random_buf(buf, len);
+ return 0;
+}
diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk
index f693e3ae7c16..02a495db7711 100644
--- a/share/mk/src.libnames.mk
+++ b/share/mk/src.libnames.mk
@@ -64,6 +64,7 @@ _INTERNALLIBS= \
parse \
pe \
pfctl \
+ pkgecc \
pmcstat \
sl \
sm \
@@ -644,6 +645,9 @@ LIBBSNMPTOOLS?= ${LIBBSNMPTOOLSDIR}/libbsnmptools${PIE_SUFFIX}.a
LIBBE?= ${LIBBEDIR}/libbe${PIE_SUFFIX}.a
+LIBPKGECCDIR= ${_LIB_OBJTOP}/secure/lib/libpkgecc
+LIBPKGECC?= ${LIBPKGECCDIR}/libpkgecc${PIE_SUFFIX}.a
+
LIBPMCSTATDIR= ${_LIB_OBJTOP}/lib/libpmcstat
LIBPMCSTAT?= ${LIBPMCSTATDIR}/libpmcstat${PIE_SUFFIX}.a