ECDH encryption module Add a module for encrypting using ECDH, HKDF, and AES-GCM. Also, add serialization of EC private keys, and remove derivation from secrets; it turns out this is a better fit for the way superencryption currently works. Add a more thorough ECDH test in the crypto module, which simulates an ephemeral key being used to send a message to a long-term key. The high-level module has a similar test. Bug: 163866361 Test: keystore2_crypto_test_rust, keystore2_test Change-Id: I4c2bb1d8938de078ea37b930619918acc3c28fbe

commit: 7bb5eddbeb72b18404c6a3b69d9a3ad4180b0258 [log] [tgz]
author: Paul Crowley <paulcrowley@google.com> Sat Mar 20 20:26:43 2021 -0700
committer: Paul Crowley <paulcrowley@google.com> Wed Mar 24 13:13:04 2021 -0700
tree: cd7bbd7c8d4f4022e201607c9237ccb5cb4ac3ec
parent: ce05e932ac2e0135e35049dc9692572ae96f8703 [diff] [blame]
diff --git a/keystore2/src/crypto/Android.bp b/keystore2/src/crypto/Android.bp
index e386735..21c9b74 100644
--- a/keystore2/src/crypto/Android.bp
+++ b/keystore2/src/crypto/Android.bp

@@ -68,7 +68,8 @@
         "--whitelist-function", "HKDFExpand",
         "--whitelist-function", "ECDHComputeKey",
         "--whitelist-function", "ECKEYGenerateKey",
-        "--whitelist-function", "ECKEYDeriveFromSecret",
+        "--whitelist-function", "ECKEYMarshalPrivateKey",
+        "--whitelist-function", "ECKEYParsePrivateKey",
         "--whitelist-function", "EC_KEY_get0_public_key",
         "--whitelist-function", "ECPOINTPoint2Oct",
         "--whitelist-function", "ECPOINTOct2Point",
commit	7bb5eddbeb72b18404c6a3b69d9a3ad4180b0258	[log] [tgz]
author	Paul Crowley <paulcrowley@google.com>	Sat Mar 20 20:26:43 2021 -0700
committer	Paul Crowley <paulcrowley@google.com>	Wed Mar 24 13:13:04 2021 -0700
tree	cd7bbd7c8d4f4022e201607c9237ccb5cb4ac3ec
parent	ce05e932ac2e0135e35049dc9692572ae96f8703 [diff] [blame]