Skip to content

Add support for 256 bit AES key encryption #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
hslatman wants to merge 7 commits into
base: surrogate
Choose a base branch
from
Draft

Add support for 256 bit AES key encryption #9

hslatman wants to merge 7 commits into from

Conversation

@hslatman
Copy link
Member

@hslatman hslatman commented Dec 5, 2025
edited
Loading

RSA 3072, RSA 4096, ECDSA P384 and ECDSA P521 EKs use a different AES key size for credential activation.

@hslatman
Add support for 256 bit AES block size encryption
2c2b580 
RSA 3072, RSA 4096, ECDSA P384 and ECDSA P512 EKs use a different
AES block size for credential activation.
@hslatman hslatman force-pushed the herman/rsa3072-aes256 branch from aa122c6 to 2c2b580 Compare December 5, 2025 16:13
@hslatman
Copy link
Member Author

hslatman commented Dec 5, 2025

Towards: DVC-212.

@hslatman hslatman changed the title Add support for 256 bit AES block size encryption Add support for 256 bit AES key encryption Dec 17, 2025
@hslatman
Use credential activation encryption block size patch
06804b5 
The `legacy/tpm2` package was using the length of the symmetric
key as the length for the IV. This is wrong, as AES256 has a 32
byte key, but the block size is 16.

By using `github.com/google/go-tpm@7d0adf0a5e3b`, we get the
correct IV size. The change was approved already, but it's waiting
to be merged.
@hslatman
Add test cases to guard against credential activation regressions
a348496
@hslatman
Use Go 1.22.x in CI
56a12c2
@hslatman
Use golangci-lint @ v1.64.8
eb2c080
@hslatman
Add comment to the go-tpm replace
83d9767
@hslatman
Copy link
Member Author

hslatman commented Dec 18, 2025

Had to bump some CI config because of the go-tpm upgrade.

@hslatman hslatman force-pushed the herman/rsa3072-aes256 branch from e549f4f to d56b55d Compare December 19, 2025 13:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hslatman