Resolve calls to deprecated crypto APIs

[shizhMSFT]

What is the areas you would like to add the new feature to?

Go-COSE Library

Is your feature request related to a problem?

The golang 1.21 was just released and it marks most of the APIs in the crypto/elliptic package deprecated.

It impacts the following code in our code base:

go-cose/key.go

Line 720 in 4451940

bx, by = curve.ScalarBaseMult(d)

What solution do you propose?

No solutions yet.

What alternatives have you considered?

May be https://pkg.go.dev/filippo.io/nistec?

Any additional context?

No response

[OR13]

I'd recommend just throwing when compressed points are passed... and not doing the point compression, and that would eliminate the warning.

[hannestschofenig]

The challenge is that point compression requires extra functionality from crypto libraries. In this case access to low-level crypto primitives is needed to implement the point compression in COSE. In this case the underlying crypo library has deprecated the ability to access the needed APIs.

It needs to be determined who needs this functionality. In order to support it, the client-side (i.e. the IoT device) also needs to implement point compression. t_cose, as an popular COSE libary, does not support point compression. Other libraries might offer support but we need more input from developers, who want to use the point compression functionality.

Point compression has long been subject to IPRs and the standardization community has therefore been reluctant to use it in their specifications. See, for example, TLS. The situation has changed and the patents are older than 20 years now. The use cases where the bandwidth reduction for ECC public keys are, however, small and primarily focused on devices that are connected using low-power radio technologies, such as LoRaWAN or 6TISCH mesh networks.

By removing the feature we would trigger those communities that care about this issue to come back and let us know what they need. They might also be able to help with implementing the feature.

[shizhMSFT]

Although the deprecation message states that most scenarios can by replaced by a call in crypto/ecdh, the crypto/ecdh package does not expose the low-level group elements and we cannot simply replace crypto/elliptic with crypto/ecdh. Therefore, it seems filippo.io/nistec becomes the only solution.

I found a workaround.

[SteveLasker]

@shizhMSFT, is this something your team can help resolve the warning?

[shizhMSFT]

@SteveLasker This issue is now pending on #185. Could you initiate the discussion and move #185 to a proper milestone?

[shizhMSFT]

I will send out a PR for a potential fix for #168 and #185.

[SteveLasker]

Thanks, @shizhMSFT. Both #168 and #185 are now assigned to v1.3.0. We can pull it into 1.2 if we'd like.