ECDH encryption module Add a module for encrypting using ECDH, HKDF, and AES-GCM. Also, add serialization of EC private keys, and remove derivation from secrets; it turns out this is a better fit for the way superencryption currently works. Add a more thorough ECDH test in the crypto module, which simulates an ephemeral key being used to send a message to a long-term key. The high-level module has a similar test. Bug: 163866361 Test: keystore2_crypto_test_rust, keystore2_test Change-Id: I4c2bb1d8938de078ea37b930619918acc3c28fbe

commit: 7bb5eddbeb72b18404c6a3b69d9a3ad4180b0258 [log] [tgz]
author: Paul Crowley <paulcrowley@google.com> Sat Mar 20 20:26:43 2021 -0700
committer: Paul Crowley <paulcrowley@google.com> Wed Mar 24 13:13:04 2021 -0700
tree: cd7bbd7c8d4f4022e201607c9237ccb5cb4ac3ec
parent: ce05e932ac2e0135e35049dc9692572ae96f8703 [diff] [blame]
diff --git a/keystore2/src/crypto/crypto.hpp b/keystore2/src/crypto/crypto.hpp
index 6686c8c..f841eb3 100644
--- a/keystore2/src/crypto/crypto.hpp
+++ b/keystore2/src/crypto/crypto.hpp

@@ -55,7 +55,9 @@
 
   EC_KEY* ECKEYGenerateKey();
 
-  EC_KEY* ECKEYDeriveFromSecret(const uint8_t *secret, size_t secret_len);
+  size_t ECKEYMarshalPrivateKey(const EC_KEY *priv_key, uint8_t *buf, size_t len);
+
+  EC_KEY* ECKEYParsePrivateKey(const uint8_t *buf, size_t len);
 
   size_t ECPOINTPoint2Oct(const EC_POINT *point, uint8_t *buf, size_t len);
commit	7bb5eddbeb72b18404c6a3b69d9a3ad4180b0258	[log] [tgz]
author	Paul Crowley <paulcrowley@google.com>	Sat Mar 20 20:26:43 2021 -0700
committer	Paul Crowley <paulcrowley@google.com>	Wed Mar 24 13:13:04 2021 -0700
tree	cd7bbd7c8d4f4022e201607c9237ccb5cb4ac3ec
parent	ce05e932ac2e0135e35049dc9692572ae96f8703 [diff] [blame]