Cannot import ecdsa-sha2-nistp384

[nl6720]

ssh-tpm-keygen fails to import a nistp384 key (created using ssh-keygen -t ecdsa -b 384).

$ ssh-tpm-keygen --import ~/.ssh/id_ecdsa
Sealing an existing public/private ecdsa key pair.
/home/username/.ssh/id_ecdsa.pub already exists.
Overwrite (y/n)?y
Enter pin (empty for no pin): 
Confirm pin: 
panic: math/big: buffer too small to fit value
goroutine 1 [running]:
math/big.nat.bytes(...)
        /usr/lib/go/src/math/big/nat.go:1318
math/big.(*Int).FillBytes(0xc00002e860?, {0xc000022360?, 0x20?, 0x20?})
        /usr/lib/go/src/math/big/int.go:540 +0xec
github.com/foxboron/ssh-tpm-agent/key.ImportKey({0x5647fc58cbc8?, 0xc00002c200}, {0x5647fc577440?, 0xc00011fd58?}, {0x0, 0x0, 0x0}, {0xc000014520, 0xd, 0x10})
        /build/ssh-tpm-agent-git/src/ssh-tpm-agent.git/key/key.go:392 +0x165
main.main()
        /build/ssh-tpm-agent-git/src/ssh-tpm-agent.git/cmd/ssh-tpm-keygen/main.go:309 +0xd55

Using ssh-tpm-agent-git 0.2.0.r0.25e8edb-1 from AUR.

[Foxboron]

P384 is not supported, only P256.

Is this important to you?

[nl6720]

Of course it's important. 384 is a bigger number than 256!

Both my real fTPM and the emulated TPM in VirtualBox (on which I tested this), support P-384, so I'd like to be able to make use of that. :smiley:

[nl6720]

With ssh-tpm-agent 0.3.0-1, I'm getting:

$ ssh-tpm-keygen --import ~/.ssh/id_ecdsa
2024/03/08 16:17:41 invalid ecdsa key length: TPM does not support 0 bits

[Foxboron]

See https://github.com/Foxboron/ssh-tpm-agent/issues/42

Though I should test this

[nl6720]

Yeah, adding -b 384 at the end fixed it.