[GitHub] [incubator-teaclave-trustzone-sdk] DemesneGH commented on issue #84: Signature Verification example using ring crate

[GitBox <gi...@apache.org>]

DemesneGH commented on issue #84:
URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/issues/84#issuecomment-1209329221

   Hi @syedelec 
   
   
   > 1. is it safe and secure to use external crate in the TA for cryptographic operations instead of tee api?
   
   TEE Core APIs are defined in the standard specification and implemented differently in various TEE OS. OP-TEE uses [libtomcrypt](https://optee.readthedocs.io/en/latest/architecture/crypto.html#libtomcrypt) as its default implementation of the crypto APIs. It also supports adding a new software implementation.
   It's okay to use the third-party crypto libraries in TAs. Its security depends on the security of the crypto library itself.
   
   
   
   > 2\. why use a specific repo for ring and not the official crate? (https://crates.io/crates/ring)
   
   Ring in veracruz-project has been ported to OP-TEE (e.g. this [commit](https://github.com/veracruz-project/ring/commit/808f1f6184b72266ac633e2f0e9a05ad4942a77c)).
   
   
   > 3\. are there other crypto crate we could use in TA?
   
   Other crypto crates can be used in TA after they have been ported to OP-TEE's standard library. Ring is the only crypto crate supported now.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org
For additional commands, e-mail: dev-help@teaclave.apache.org