DemesneGH commented on issue #88: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/issues/88#issuecomment-1240357031
Hi @syedelec > In the [TEE Internal GlobalPlatform API](https://globalplatform.org/wp-content/uploads/2018/06/GPD_TEE_Internal_Core_API_Specification_v1.1.2.50_PublicReview.pdf), it's specified `if supported`, is it related to the reason these are not supported? Algorithms marked as `If supported` means they're not mandatorily implemented in TEE OSs. Those are optional features. > What would be the approximate effort to implement these algorithms in the Rust SDK? In Rust SDK we just wrap the TEE crypto APIs which are implemented in the OP-TEE Core. For example, I noticed that OP-TEE supports `TEE_ALG_DH_DERIVE_SHARED_SECRET`. To invoke this algorithm, we should allocate a `TransientObject` whose type is `TEE_TYPE_ECDH_KEYPAIR`. Allocation of an `ECDH_KEYPAIR` object is in `TEE_Generatekey()` which needs these arguments: `TEE_ATTR_ECC_CURVE`, `TEE_ATTR_ECC_PUBLIC_VALUE_X`, `TEE_ATTR_ECC_PUBLIC_VALUE_Y` and `TEE_ATTR_ECC_PRIVATE_VALUE`. (See the definitions in the GP Specification). In Rust SDK we can populate and pass those values to `TransientObject::generate_key()` (which is the wrapper of `TEE_Generatekey()`). Since OP-TEE supports `TEE_ALG_DH_DERIVE_SHARED_SECRET`, it is possible to invoke this algorithm in Rust but we've not tested for it. The function call is similar to the [Diffie-Hellman example](https://github.com/apache/incubator-teaclave-trustzone-sdk/tree/master/examples/diffie_hellman-rs). > Do you plan on supporting these algorithms? As mentioned above, there're just wrappers in Rust SDK and the algorithms are implemented in OP-TEE Core. Since Rust SDK supports using third-party crates, the other way is using Ring which supports the ECDH key agreement and other algorithms. Reference: https://docs.rs/ring/latest/ring/agreement/index.html -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
