Hello Stephan,
> Why do we need a second implementation of ECC? Why can't we reuse the existing
> ECC implementation in crypto/ecc.c? Or are there limitations in the existing
> ECC implementation that cannot be fixed?
The implementation of crypto/ecc.c is still relatively crude at present, and the implementation of a complete elliptic curve is still incomplete.
In the beginning I did develop based on crypto/ecc.c, but then I couldn't go on.
mpi/ec.c is based on the more mature mpi library, and mpi has been well implemented in the kernel. The interface definition and operations have a more mature interface, and this interface is compatible with the kernel. It's also very good, openssl also has a corresponding BIGNUM structure, a complete elliptic curve such as sm2, both encryption and decryption and signature algorithms, and there are many inconveniences based on crypto/ecc.c development. A more powerful The underlying algorithm library to support, mpi from libgcrypt is a good choice.
I think that if possible, you can also consider migrating crypto/ecc.c based algorithms to mpi/ec.c in the future, so that mpi/ec.c becomes a basic elliptic curve algorithm.
Here are some of my personal views, welcome everyone to discuss, and hope that the maintainers can think about it.
Thanks.
Tianjia