-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix bugs around creating ECDAA key #285
Conversation
TPM2_ECC_BN_P256 is 0x0010, not decimal number 10. https://trustedcomputinggroup.org/wp-content/uploads/TSS_Overview_Common_Structures_Version-0.9_Revision-03_Review_030918.pdf
The size of TPMS_SCHEME_ECDAA.count is 16 bit, not 32 bit. https://trustedcomputinggroup.org/wp-content/uploads/TSS_Overview_Common_Structures_Version-0.9_Revision-03_Review_030918.pdf
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
tpm2/constants.go
Outdated
@@ -426,7 +426,7 @@ const ( | |||
CurveNISTP384 | |||
CurveNISTP521 | |||
|
|||
CurveBNP256 = EllipticCurve(iota + 10) | |||
CurveBNP256 = EllipticCurve(0x10) | |||
CurveBNP638 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would you mind fixing this one too (0x11)? I'm fine replacing all the constants in this const block for EllipticCurve with explicit values from the spec, btw.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you mean the CurveBNP638
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I replaced them on a new commit!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change looks good, only a small fix for CurveBNP638.
BTW, we are doing a major refactor to the API in https://github.com/google/go-tpm/tree/tpmdirect - have you thought about how ECDAA could be exposed via the legacy command model, or do you want to build this in TPMDirect?
Replace all the constants in the const block for EllipticCurve with explicit values. https://github.com/google/go-tpm/pull/285/files/4d0c7e99a29dd204448d9071b53a503cda12b2f4#r907815166
Umm...now I'm trying to implement some TPM commands (e.g. TPM2_Commit #287) which are needed by ECDAA, to But I don't think that I develop ECDAA API (e.g. ECDAA_JOIN) directly, because there is some process that should not be in the scope of the TPM. |
Sounds good. Do you want to send a PR to the |
You are right! I will change the destination branch to |
But I am concerned that the master branch remains wrong about BN256 and ECDAA. I would like to confirm just in case; the tpmdirect branch will be merged with the master branch finally, right? |
That's right, in the long run we expect to merge tpmdirect to master and cut a new release where that is the default go-tpm API and the current one is deprecated. As far as timeline, depends on how long it takes to get it done and bake it - with your help on ECDAA it can be that much sooner :) |
@akakou, sorry for being unclear. Thanks for working on this. These files touched by this PR (constants.go and structures.go) are part of the "legacy" (non-direct) API. If you want to fix them for the master branch I'd be fine with it. Thus, this PR can go to go-tpm:master, however it'd be additional work to figure out how to expose ECDAA through the legacy API without breaking current users. IMHO that's not going to be worth the effort to build safely, given the number of different flavors of Sign in the legacy API. The alternative, if you're OK with depending on the tpmdirect branch for a while, would be to cancel this PR and send a different one to go-tpm:tpmdirect with:
|
This discussion was solved because we decided that contribute to |
There are the following bugs around creating ECDAA key:
0x10
toTPM2_ECC_BN_P256
but this library does not set so.count
(inTPMS_SCHEME_ECDAA
) size is wrongSo this PR fixes these bugs.
Reference