I am trying to implement the mbedtls_ecdh_compute_shared with the SE050. You can find the implementation in the attached file. I followed more or less the implementation in ecdh_alt_ax.c, except that I only covered the case for MBEDTLS_ECP_DP_SECP256R1.
Now on the last function call which is sss_key_store_get_key i get SM_ERR_ACCESS_DENIED_BASED_ON_POLICY using session-less access.
According to the APDU spec (SE050 APDU Specification - 22.214.171.124 Table 11) symmetric keys do not have the policy object POLICY_OBJ_ALLOW_READ but the implementation in the plug and trust MW in ecdh_alt_ax.c does read the shared secret anyways. (have not tried to run it though)
How can I read the key and write it to the mbedtls context?