nmshd/rust-crypto: Question about Android DH Exchange Implementation (lib.rs vs. todo!())

[patmuk]

Hello nmshd/rust-crypto team,

Perhaps I'm overlooking something, but I noticed a potential inconsistency regarding the Diffie-Hellman (DH) Exchange functionality for the Android platform.

In lib.rs, the ANDROID_PROVIDER is listed in the capabilities table with a checkmark for "DH Exchange":

// From lib.rs
pub(crate) static ANDROID_PROVIDER: ProviderImpl = ProviderImpl {
    // ...
    capabilities: ProviderCapabilities {
        // ...
        dh_exchange: true, // <--- Claimed capability
        // ...
    },
    // ...
};

However, the AndroidProvider's start_ephemeral_dh_exchange method in lib.rs currently contains a todo!():

// In lib.rs within AndroidProvider
fn start_ephemeral_dh_exchange(&self) -> Result<DHExchange, CalError> {
    // TODO: implement AndroidDHExchange and use it
    todo!()
}

Additionally, the DHKeyExchangeImplEnum in src/common/traits/key_handle.rs doesn't seem to include an Android-specific implementation variant yet:

// From src/common/traits/key_handle.rs
#[enum_dispatch]
#[derive(Debug)]
pub(crate) enum DHKeyExchangeImplEnum {
    StubDHKeyExchange,
    #[cfg(feature = "software")]
    SoftwareDHExchange,
}

This led me to wonder about the current status and future plans for this feature.

Questions:

Is the implementation of hardware-backed ECDH/KCDH for Android within the AndroidProvider a planned future addition?
If so, are there any insights you could share regarding the roadmap for this for both Android (e.g., using StrongBox Keymaster) and iOS (e.g., using Apple Secure Enclave)?

Thank you for your time and any clarification you can provide!

[stnmtz]

Hi Patrick,

thanks for reaching out!

Is the implementation of hardware-backed ECDH/KCDH for Android within the AndroidProvider a planned future addition?

We're currently developing the rust-crypto wrapper for exactly those usecases (Flutter / NodeJS -> Rust -> Secure Element of whatever device), however more with focus of digital signatures (signing ephemeral software ECDH keys with a signature key which never leaves the secure element). What is your purpose of using the ECDH capabilities?

If so, are there any insights you could share regarding the roadmap for this for both Android (e.g., using StrongBox Keymaster) and iOS (e.g., using Apple Secure Enclave)?

There are already some StrongBox and Secure Enclave prototypes, but afaik nothing for ECDH. We also do not have a roadmap for this, as we're currently primarily working on storing symmetric keys and signature keys.

Cheers
Thomas