Add support for MBEDTLS_ECP_DP_SECP256K1 (and ensure SECP384R1 compatibility) in curve creation/validation for ra_tls_attest #2165
Description
Description of the feature
We request extending the curve handling logic in the files
tools/sgx/ra-tls/ra_tls_attest.c
tools/sgx/ra-tls/ra_tls_attest.c
to explicitly support MBEDTLS_ECP_DP_SECP256K1 for both curve creation and verification. Additionally, please ensure compatibility with MBEDTLS_ECP_DP_SECP384R1 where applicable.
The blockchain domain widely relies on the secp256k1 curve. Enabling support for this curve in the attestation/ TLS flow will significantly broaden Gramine’s applicability within blockchain use cases.
SGX-based components are frequently used in blockchain-related environments, so adding secp256k1 support will streamline deployments and improve interoperability.
Update curve creation logic to initialize and handle MBEDTLS_ECP_DP_SECP256K1 parameters without breaking existing flows.
Update curve validation logic to correctly verify points on MBEDTLS_ECP_DP_SECP256K1, including edge cases and validation paths used in attestation.
Ensure that MBEDTLS_ECP_DP_SECP384R1 remains supported and unaffected; verify that existing tests pass and that there are no regressions in the SECP384R1 path.
Add or update unit tests to cover at least:
Correct key generation and point validation for SECP256K1
Correct handling of SECP384R1 alongside SECP256K1
Document any ABI/API changes or configuration flags introduced by enabling SECP256K1.
Why Gramine should implement it?
Improves Gramine’s compatibility with blockchain ecosystems.
Enables easier integration of SGX-based attestation in blockchain applications using secp256k1.