secure: hook up libecc as libpkgecc

libecc is not intended to be general use, other applications should
really be using openssl.  pkg(7) uses libecc to align with the pkg(8)
project and its goals.  This will be used in the upcoming support for
ECC in pkg(7).

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D48117
This commit is contained in:
Kyle Evans
2025-01-01 15:10:27 -06:00
parent f0865ec990
commit 05427f4639
4 changed files with 164 additions and 1 deletions
+1 -1
View File
@@ -1,6 +1,6 @@
.include <src.opts.mk>
SUBDIR=
SUBDIR= libpkgecc
.if ${MK_OPENSSL} != "no"
SUBDIR+=libcrypto libssl
.if ${MK_OPENSSH} != "no"
+137
View File
@@ -0,0 +1,137 @@
# STOP - This is not a general purpose library and is only for use by pkg(7)
# to align with the implementation in pkg(8).
LIB= pkgecc
INTERNALLIB=
.PATH: $(SRCTOP)/crypto/libecc
SRCS+= pkg_libecc_rand.c
# curves_mod_src
.PATH: $(SRCTOP)/crypto/libecc/src/curves
SRCS+= aff_pt.c \
aff_pt_montgomery.c \
ec_edwards.c \
ec_montgomery.c \
ec_params.c \
ec_shortw.c \
aff_pt_edwards.c \
curves.c \
prj_pt.c
# utils_ec_src
.PATH: $(SRCTOP)/crypto/libecc/src/utils
SRCS+= print_curves.c
# fp_mod_src
.PATH: $(SRCTOP)/crypto/libecc/src/fp
SRCS+= fp_add.c \
fp.c \
fp_montgomery.c \
fp_mul.c \
fp_mul_redc1.c \
fp_pow.c \
fp_rand.c \
fp_sqrt.c
# nn_mod_src
.PATH: $(SRCTOP)/crypto/libecc/src/nn
SRCS+= nn_add.c \
nn.c \
nn_div.c \
nn_logical.c \
nn_modinv.c \
nn_mod_pow.c \
nn_mul.c \
nn_mul_redc1.c \
nn_rand.c
# utils_arith_src
SRCS+= utils.c \
utils_rand.c \
print_buf.c \
print_fp.c \
print_nn.c
## libsign bits
# hash_mod_src
.PATH: $(SRCTOP)/crypto/libecc/src/hash
SRCS+= hash_algs.c \
sm3.c \
streebog.c \
ripemd160.c \
belt-hash.c \
hmac.c \
bash224.c \
bash256.c \
bash384.c \
bash512.c \
bash.c \
sha224.c \
sha256.c \
sha3-224.c \
sha3-256.c \
sha3-384.c \
sha3-512.c \
sha384.c \
sha3.c \
sha512-224.c \
sha512-256.c \
sha512.c \
sha512_core.c \
shake256.c \
shake.c
# sig_mod_src
.PATH: $(SRCTOP)/crypto/libecc/src/sig
SRCS+= decdsa.c \
ecdsa.c \
ecfsdsa.c \
ecgdsa.c \
eckcdsa.c \
ecosdsa.c \
ecrdsa.c \
ecsdsa.c \
eddsa.c \
fuzzing_ecdsa.c \
fuzzing_ecgdsa.c \
fuzzing_ecrdsa.c \
ecdsa_common.c \
ecsdsa_common.c \
sig_algs.c \
sm2.c \
bign_common.c \
bign.c \
dbign.c \
bip0340.c
# key_mod_src
SRCS+= ec_key.c
# utils_sign_src
.PATH: $(SRCTOP)/crypto/libecc/src/sig
SRCS+= print_keys.c
# ecdh_mod_src
.PATH: $(SRCTOP)/crypto/libecc/src/ecdh
SRCS+= ecccdh.c \
x25519_448.c
# external_deps
.PATH: $(SRCTOP)/crypto/libecc/src/external_deps
SRCS+= print.c
CONFLICTS= -Dsha256_init=_libecc_sha256_init \
-Dsha256_update=_libecc_sha256_update \
-Dsha256_final=_libecc_sha256_final \
-Dsha512_224_init=_libecc_sha512_224_init \
-Dsha512_256_init=_libecc_sha512_256_init
CFLAGS= -I$(SRCTOP)/crypto/libecc/include \
-ffreestanding \
-fno-builtin \
-DUSE_WARN_UNUSED_RET \
-DWITH_STDLIB \
$(CONFLICTS)
.include <bsd.lib.mk>
+22
View File
@@ -0,0 +1,22 @@
/* SPDX-License-Identifier: Unlicense */
#include <sys/types.h>
#include <stdlib.h>
#include <libecc/external_deps/rand.h>
int
get_random(unsigned char *buf, uint16_t len)
{
/*
* We need random numbers even in a sandbox, so we can't use
* /dev/urandom as the external_deps version of get_random() does on
* FreeBSD. arc4random_buf() is a better choice because it uses the
* underlying getrandom(2) instead of needing to open a device handle.
*
* We don't have any guarantees that this won't open a device on other
* platforms, but we also don't do any sandboxing on those platforms.
*/
arc4random_buf(buf, len);
return 0;
}
+4
View File
@@ -64,6 +64,7 @@ _INTERNALLIBS= \
parse \
pe \
pfctl \
pkgecc \
pmcstat \
sl \
sm \
@@ -644,6 +645,9 @@ LIBBSNMPTOOLS?= ${LIBBSNMPTOOLSDIR}/libbsnmptools${PIE_SUFFIX}.a
LIBBE?= ${LIBBEDIR}/libbe${PIE_SUFFIX}.a
LIBPKGECCDIR= ${_LIB_OBJTOP}/secure/lib/libpkgecc
LIBPKGECC?= ${LIBPKGECCDIR}/libpkgecc${PIE_SUFFIX}.a
LIBPMCSTATDIR= ${_LIB_OBJTOP}/lib/libpmcstat
LIBPMCSTAT?= ${LIBPMCSTATDIR}/libpmcstat${PIE_SUFFIX}.a