zanebeckwith
commented
6 years ago PR #43 added support for building with any curve supported by AMCL.
However, we still need to get AMCL support for the TPM BN256 curve.
Closed zanebeckwith closed 5 years ago
zanebeckwith
commented
6 years ago PR #43 added support for building with any curve supported by AMCL.
However, we still need to get AMCL support for the TPM BN256 curve.
zanebeckwith
commented
6 years ago PR #53 adds support for the TPM 256-bit curve (previously called "BN256" here, but AMCL calls it "FP256BN" and FIDO and the TPM spec call it "TPM_ECC_BN_P256".
However, there appears to be an issue comparing G2 points between AMCL and FIDO (which uses IAIK). Until that is resolved, and we are able to fully test against the FIDO reference implementation, this issue will remain open.
zanebeckwith
commented
5 years ago We're now using a more-up-to-date specification than the FIDO reference implementation. So, for now at least, resolving this comparison issue isn't feasible.
Using Xaptum's long-standing use of this implementation, with FP256BN, as justification, I'm closing this issue.
A separate issue, advocating the creation of test vectors (somehow, considering we don't have any other implementation) can be opened at another time.
Currently, we only support
BN254. AMCL supports two other curves, and its namespacing allows using different functions for different curves.Our most pressing concern is to support the 256-bit Barreto-Naehrig curve implemented in TPM2.0 and used by FIDO (so we can test against their implementation).
AMCL supports defining other curves, so let's add that 256-bit BN TPM curve.
The easiest path would be to adopt AMCL's convention, and use namespacing to distinguish our functions that use different curves (e.g.
ecdaa_signature_BN256TPM_sign).