syedelec commented on issue #88: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/issues/88#issuecomment-1240395366
> Algorithms marked as If supported means they're not mandatorily implemented in TEE OSs. Those are optional features. Thanks I understood. These algorithms are implemented in TEE OS part. > For example, I noticed that OP-TEE supports TEE_ALG_DH_DERIVE_SHARED_SECRET. To invoke this algorithm, we should allocate a TransientObject whose type is TEE_TYPE_ECDH_KEYPAIR. Allocation of an ECDH_KEYPAIR object is in TEE_Generatekey() which needs these arguments: TEE_ATTR_ECC_CURVE, TEE_ATTR_ECC_PUBLIC_VALUE_X, TEE_ATTR_ECC_PUBLIC_VALUE_Y and TEE_ATTR_ECC_PRIVATE_VALUE. (See the definitions in the GP Specification). Let me know if I am mistaken but the: `TEE_ALG_DH_DERIVE_SHARED_SECRET` should ONLY work with `DH_KEYPAIR` and `TEE_ALG_ECDH_DERIVE_SHARED_SECRET` should ONLY work with `ECDH_KEYPAIR` As you mentioned in the: [Diffie-Hellman example](https://github.com/apache/incubator-teaclave-trustzone-sdk/tree/master/examples/diffie_hellman-rs), the `DH_KEYPAIR` is used instead of `ECDH_KEYPAIR` (which is supported) In the Rust SDK, the `TEE_ALG_ECDH_DERIVE_SHARED_SECRET 0x80000042` define is missing so we cannot derive shared secret using `ECDH_KEYPAIR` [Same for the algorithms in my initial screenshots `TEE_ALG_ECDSA_SHAXXX` so EC signatures are not availables] > As mentioned above, there're just wrappers in Rust SDK and the algorithms are implemented in OP-TEE Core. Since Rust SDK supports using third-party crates, the other way is using Ring which supports the ECDH key agreement and other algorithms. Reference: https://docs.rs/ring/latest/ring/agreement/index.html Yes I am using also this crate but I just wanted to try the wrappers. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
