Asymmetric Key Encryption and Decryption in the Secure OS

4.3.3

Test the performance of asymmetric key encryption and decryption in the secure OS.

See Test Networking.

1. The TrustZone kit has been burnt into the server and the TrustZone license has been activated.
2. The REE patch has been loaded to the server. The CA and TA can be loaded and can communicate with each other properly.

1. Log in to the REE OS and load the TrustZone REE patch tzdriver. (See Expected Result 1.)

   insmod tzdriver

   /usr/bin/teecd &

2. Write the CA and TA and make the following requirements on the CA and TA code. (See Expected Result 2.)
   • Generate an RSA 4096 key pair for the TA. Use the public key to encrypt data and the private key to decrypt data (use OAEP). Measure the encryption and decryption performance for 32 bytes, 64 bytes, 512 bytes, 2 KB, and 8 KB data. The data is generated in the TEE and the generation time is not counted.
   • Generate a 256-bit SM2 public and private key pair for the TA. Use the public key to encrypt data and the private key to decrypt data. Measure the encryption and decryption performance for 32 bytes, 64 bytes, 512 bytes, 2 KB, and 8 KB data. The data is generated in the TEE and the generation time is not counted.
   • Calculate the encryption duration: from the time when the CA delivers the command to the time when ciphertext data is returned.
   • Calculate the decryption duration: from the time when the CA transfers the ciphertext and the time when the TA completes the decryption.

1. The REE patch is loaded and no error information is displayed.
2. The performance data can be obtained.