pw_crypto: Remove micro_ecc support

micro_ecc hasn't received upstream updates in more than a year, and there are no remaining easily-discoverable usages of this backend. Bug: b/359924206 Change-Id: Iee10cec1ffd568cbccd3acc2c5f720922875e37f Reviewed-on: https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/229672 Reviewed-by: Anthony DiGirolamo <[email protected]> Lint: Lint 🤖 <[email protected]> Presubmit-Verified: CQ Bot Account <[email protected]> Commit-Queue: Aaron Green <[email protected]>
google · Jan 8, 2025 · 483a24a · 483a24a
1 parent b03ff49
commit 483a24a
Show file tree

Hide file tree

Showing 15 changed files with 4 additions and 387 deletions.
diff --git a/BUILD.gn b/BUILD.gn
@@ -116,7 +116,6 @@ group("default") {
 #   boringssl
 #   freertos
 #   mbedtls
-#   micro-ecc
 #   nanopb
 #   pico_sdk
 #   protobuf

diff --git a/MODULE.bazel b/MODULE.bazel
@@ -280,16 +280,6 @@ use_repo(
 # are NOT in the BCR that downstream users may need to override/unify to their
 # expected version.
 
-new_git_repository = use_repo_rule("@bazel_tools//tools/build_defs/repo:git.bzl", "new_git_repository")
-
-# TODO: https://pwbug.dev/378531541 - Get micro_ecc from the BCR.
-new_git_repository(
-    name = "micro_ecc",
-    build_file = "//:third_party/micro_ecc/BUILD.micro_ecc",
-    commit = "b335ee812bfcca4cd3fb0e2a436aab39553a555a",
-    remote = "https://github.com/kmackay/micro-ecc.git",
-)
-
 # TODO: https://pwbug.dev/354749299 - Use the BCR version of mbedtls.
 http_archive(
     name = "mbedtls",

diff --git a/pw_crypto/BUILD.bazel b/pw_crypto/BUILD.bazel
@@ -130,20 +130,6 @@ cc_library(
     ],
 )
 
-cc_library(
-    name = "ecdsa_uecc",
-    srcs = [
-        "ecdsa_uecc.cc",
-    ],
-    # TODO: b/261603269 - Get this to build.
-    tags = ["manual"],
-    deps = [
-        ":ecdsa.facade",
-        "//pw_log",
-        "@micro_ecc//:uecc",
-    ],
-)
-
 pw_cc_test(
     name = "ecdsa_test",
     srcs = ["ecdsa_test.cc"],

diff --git a/pw_crypto/BUILD.gn b/pw_crypto/BUILD.gn
@@ -19,7 +19,6 @@ import("$dir_pw_build/facade.gni")
 import("$dir_pw_build/target_types.gni")
 import("$dir_pw_crypto/backend.gni")
 import("$dir_pw_docgen/docs.gni")
-import("$dir_pw_third_party/micro_ecc/micro_ecc.gni")
 import("$dir_pw_unit_test/test.gni")
 
 config("default_config") {
@@ -86,9 +85,6 @@ pw_test_group("tests") {
     ":sha256_mock_test",
     ":ecdsa_test",
   ]
-  if (dir_pw_third_party_micro_ecc != "") {
-    tests += [ ":ecdsa_uecc_little_endian_test" ]
-  }
 }
 
 # Sha256 tests against the selected real backend.
@@ -185,34 +181,6 @@ pw_source_set("ecdsa_mbedtls_v3") {
   public_deps = [ ":ecdsa.facade" ]
 }
 
-pw_source_set("ecdsa_uecc") {
-  sources = [ "ecdsa_uecc.cc" ]
-  deps = [
-    "$dir_pw_log",
-    "$dir_pw_third_party/micro_ecc",
-  ]
-  public_deps = [ ":ecdsa.facade" ]
-}
-
-if (dir_pw_third_party_micro_ecc != "") {
-  pw_source_set("ecdsa_uecc_little_endian") {
-    sources = [ "ecdsa_uecc.cc" ]
-    deps = [
-      "$dir_pw_log",
-      "$dir_pw_third_party/micro_ecc:micro_ecc_little_endian",
-    ]
-    public_deps = [ ":ecdsa.facade" ]
-  }
-
-  # This test targets the micro_ecc little endian backend specifically.
-  #
-  # TODO: b/273819841 - deduplicate all backend tests.
-  pw_test("ecdsa_uecc_little_endian_test") {
-    sources = [ "ecdsa_test.cc" ]
-    deps = [ ":ecdsa_uecc_little_endian" ]
-  }
-}
-
 # This test targets the specific backend pointed to by
 # pw_crypto_ECDSA_BACKEND.
 pw_test("ecdsa_test") {

diff --git a/pw_crypto/docs.rst b/pw_crypto/docs.rst
@@ -181,36 +181,8 @@ a code size of ~12KiB.
    #define MBEDTLS_ECP_NO_INTERNAL_RNG
    #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
 
-Micro ECC
-=========
-
-.. Warning::
-  Micro ECC's upstream hasn't received any updates since April 2023.
-  Please investigate to make sure that it meets your product's security
-  requirements before use.
-
-To select Micro ECC, the library needs to be installed and configured.
-
-.. code-block:: sh
-
-   # Install and configure Micro ECC
-   pw package install micro-ecc
-   gn gen out --args='
-       dir_pw_third_party_micro_ecc=getenv("PW_PACKAGE_ROOT")+"/micro-ecc"
-       pw_crypto_ECDSA_BACKEND="//pw_crypto:ecdsa_uecc"
-   '
-
-The default micro-ecc backend uses big endian as is standard practice. It also
-has a little-endian configuration which can be used to slightly reduce call
-stack frame use and/or when non pw_crypto clients use the same micro-ecc
-with a little-endian configuration. The little-endian version of micro-ecc
-can be selected with ``pw_crypto_ECDSA_BACKEND="//pw_crypto:ecdsa_uecc_little_endian"``
-
-Note Micro-ECC does not implement any hashing functions, so you will need to use other backends for SHA256 functionality if needed.
-
 BoringSSL
 =========
-
 The BoringSSL project (`source
 <https://cs.opensource.google/boringssl/boringssl>`_, `GitHub mirror
 <https://github.com/google/boringssl>`_) is a fork of OpenSSL maintained by

diff --git a/pw_crypto/ecdsa_uecc.cc b/pw_crypto/ecdsa_uecc.cc
diff --git a/pw_package/py/BUILD.bazel b/pw_package/py/BUILD.bazel
@@ -37,7 +37,6 @@ py_library(
         "pw_package/packages/googletest.py",
         "pw_package/packages/mbedtls.py",
         "pw_package/packages/mcuxpresso.py",
-        "pw_package/packages/micro_ecc.py",
         "pw_package/packages/nanopb.py",
         "pw_package/packages/pico_sdk.py",
         "pw_package/packages/picotool.py",

diff --git a/pw_package/py/BUILD.gn b/pw_package/py/BUILD.gn
@@ -38,7 +38,6 @@ pw_python_package("py") {
     "pw_package/packages/googletest.py",
     "pw_package/packages/mbedtls.py",
     "pw_package/packages/mcuxpresso.py",
-    "pw_package/packages/micro_ecc.py",
     "pw_package/packages/nanopb.py",
     "pw_package/packages/pico_sdk.py",
     "pw_package/packages/picotool.py",

diff --git a/pw_package/py/pw_package/packages/micro_ecc.py b/pw_package/py/pw_package/packages/micro_ecc.py
diff --git a/pw_package/py/pw_package/pigweed_packages.py b/pw_package/py/pw_package/pigweed_packages.py
@@ -30,7 +30,6 @@
 from pw_package.packages import googletest
 from pw_package.packages import mbedtls
 from pw_package.packages import mcuxpresso
-from pw_package.packages import micro_ecc
 from pw_package.packages import nanopb
 from pw_package.packages import pico_sdk
 from pw_package.packages import picotool

diff --git a/pw_presubmit/py/pw_presubmit/pigweed_presubmit.py b/pw_presubmit/py/pw_presubmit/pigweed_presubmit.py
@@ -334,26 +334,6 @@ def gn_arm_build(ctx: PresubmitContext):
     ),
 )
 
-gn_crypto_micro_ecc_build = PigweedGnGenNinja(
-    name='gn_crypto_micro_ecc_build',
-    path_filter=_BUILD_FILE_FILTER,
-    packages=('micro-ecc',),
-    gn_args={
-        'dir_pw_third_party_micro_ecc': lambda ctx: '"{}"'.format(
-            ctx.package_root / 'micro-ecc'
-        ),
-        'pw_crypto_ECDSA_BACKEND': lambda ctx: '"{}"'.format(
-            ctx.root / 'pw_crypto:ecdsa_uecc'
-        ),
-        'pw_C_OPTIMIZATION_LEVELS': _OPTIMIZATION_LEVELS,
-    },
-    ninja_targets=(
-        *_at_all_optimization_levels(f'host_{_HOST_COMPILER}'),
-        # TODO: b/240982565 - SocketStream currently requires Linux.
-        *(('integration_tests',) if sys.platform.startswith('linux') else ()),
-    ),
-)
-
 gn_teensy_build = PigweedGnGenNinja(
     name='gn_teensy_build',
     path_filter=_BUILD_FILE_FILTER,
@@ -428,26 +408,23 @@ def gn_arm_build(ctx: PresubmitContext):
 gn_software_update_build = PigweedGnGenNinja(
     name='gn_software_update_build',
     path_filter=_BUILD_FILE_FILTER,
-    packages=('nanopb', 'protobuf', 'mbedtls', 'micro-ecc'),
+    packages=('nanopb', 'protobuf', 'mbedtls'),
     gn_args={
         'dir_pw_third_party_protobuf': lambda ctx: '"{}"'.format(
             ctx.package_root / 'protobuf'
         ),
         'dir_pw_third_party_nanopb': lambda ctx: '"{}"'.format(
             ctx.package_root / 'nanopb'
         ),
-        'dir_pw_third_party_micro_ecc': lambda ctx: '"{}"'.format(
-            ctx.package_root / 'micro-ecc'
-        ),
-        'pw_crypto_ECDSA_BACKEND': lambda ctx: '"{}"'.format(
-            ctx.root / 'pw_crypto:ecdsa_uecc'
-        ),
         'dir_pw_third_party_mbedtls': lambda ctx: '"{}"'.format(
             ctx.package_root / 'mbedtls'
         ),
         'pw_crypto_SHA256_BACKEND': lambda ctx: '"{}"'.format(
             ctx.root / 'pw_crypto:sha256_mbedtls_v3'
         ),
+        'pw_crypto_ECDSA_BACKEND': lambda ctx: '"{}"'.format(
+            ctx.root / 'pw_crypto:ecdsa_mbedtls_v3'
+        ),
         'pw_C_OPTIMIZATION_LEVELS': _OPTIMIZATION_LEVELS,
     },
     ninja_targets=_at_all_optimization_levels('host_clang'),
@@ -1792,7 +1769,6 @@ def owners_lint_checks(ctx: PresubmitContext):
 SECURITY = (
     # keep-sorted: start
     gn_crypto_mbedtls_build,
-    gn_crypto_micro_ecc_build,
     gn_software_update_build,
     # keep-sorted: end
 )