Welcome to the wolfSSL Forums!

k77 · 2016-12-17 19:44:19

k77
Member
Offline

Registered: 2016-12-17
Posts: 2

Topic: [SOLVED] interoperating w/ Android Trusted Execution Environment (TEE)

Hello,
My embedded device needs to securely exchange data with an Android smartphone app that uses the TEE. TEE apps use NIST P256-R1 curve. So my embedded device running wolfCrypt needs to perform ECHD (elliptic curve diffie helman) and support the ECDSA signature algorithm. For ECDH, can I simply create a keypair using wc_DhGenerateKeyPair() or do I also need to call wc_DhSetKey() and specify P256R1? If so, how is the curve specified? I'm new to WolfCrypt so any help is appreciated!

Kaleb J. Himes · 2016-12-19 09:44:51

Kaleb J. Himes
Moderator
Offline

From: Bozeman
Registered: 2014-05-09
Posts: 777

Re: [SOLVED] interoperating w/ Android Trusted Execution Environment (TEE)

Hi k77,

I believe the API's you are looking for will be defined in <wolfssl-root>/wolfssl/wolfcrypt/ecc.h since it is Elliptic Curve Diffie Helman and not just Diffie Helman (see section #ifdef HAVE_ECC_DHE in ecc.h header file). For creating a new key from scratch wc_ecc_make_key_ex (extended) should be used to address two of your questions as you can pass in specific curve to the extended API.

For the other parts of your question it's not entirely clear if you are trying to load in the key to wolfcrypt or if you are at the point in the algorithm where you have received the public key from the trusted execution environment and wish to generate a shared secret for passing information securely.

To generate a shared secret please use ecc_shared_secret. To load a key into wolfcrypt please the corresponding ecc_import API. (See section #ifdef HAVE_ECC_KEY_IMPORT in ecc.h header for list of API's)

Best Regards,

Kaleb

k77 · 2017-01-03 13:19:55

k77
Member
Offline

Registered: 2016-12-17
Posts: 2

Re: [SOLVED] interoperating w/ Android Trusted Execution Environment (TEE)

Thanks Kaleb. A follow-up: Can you tell me the difference between curve_id ECC_CURVE_DEF and ECC_SECP256R1?

Kaleb J. Himes · 2017-01-04 09:14:01

Kaleb J. Himes
Moderator
Offline

From: Bozeman
Registered: 2014-05-09
Posts: 777

Re: [SOLVED] interoperating w/ Android Trusted Execution Environment (TEE)

Hi k77,

ECC_SECP256R1 is a valid curve-id
ECC_CURVE_DEF (ECC CURVE DEFAULT) is a flag that tells our library to iterate through the list of SECP or NIST DEFAULT curves.

Warm Regards,

Kaleb

Welcome to the wolfSSL Forums!

[SOLVED] interoperating w/ Android Trusted Execution Environment (TEE)

Posts: 4

1 Topic by k77 2016-12-17 19:44:19

Topic: [SOLVED] interoperating w/ Android Trusted Execution Environment (TEE)

2 Reply by Kaleb J. Himes 2016-12-19 09:44:51

Re: [SOLVED] interoperating w/ Android Trusted Execution Environment (TEE)

3 Reply by k77 2017-01-03 13:19:55

Re: [SOLVED] interoperating w/ Android Trusted Execution Environment (TEE)

4 Reply by Kaleb J. Himes 2017-01-04 09:14:01

Re: [SOLVED] interoperating w/ Android Trusted Execution Environment (TEE)

Posts: 4