search

google / go-tpm-tools

Go packages built on go-tpm providing a high-level API for using TPMs
Apache License 2.0
229 stars 71 forks source link

Use recommended crypto library to create ECC seed #480

Open yawangwang opened 2 months ago

yawangwang commented 2 months ago

Per discussions from https://github.com/google/go-tpm-tools/pull/471#discussion_r1725944593, remove curve P224 as it is not supported by crypto/ecdh

yawangwang commented 2 months ago

/gcbrun

yawangwang commented 2 months ago

I am not an expert here, so I'm not sure when someone would want to pick a given curve. However, we should not remove support for the deprecated library given the GCP vTPM supports P224 unless there's a good reason besides the deprecated library.

sudo tpm2_getcap ecc-curves
TPM2_ECC_NIST_P256: 0x3
TPM2_ECC_NIST_P521: 0x5
TPM2_ECC_NIST_P384: 0x4
TPM2_ECC_NIST_P224: 0x2

I agree to keep the deprecated library till P224 is supported by crypto/ecdh. There is a proposal https://github.com/golang/go/issues/59783 that seeks for this support. So I'll leave this PR open for now.