commit 7bb5eddbeb72b18404c6a3b69d9a3ad4180b0258
author Paul Crowley <paulcrowley@google.com> Sat Mar 20 20:26:43 2021 -0700
committer Paul Crowley <paulcrowley@google.com> Wed Mar 24 13:13:04 2021 -0700
tree cd7bbd7c8d4f4022e201607c9237ccb5cb4ac3ec
parent ce05e932ac2e0135e35049dc9692572ae96f8703

ECDH encryption module

Add a module for encrypting using ECDH, HKDF, and AES-GCM.
Also, add serialization of EC private keys, and remove derivation
from secrets; it turns out this is a better fit for the way
superencryption currently works.

Add a more thorough ECDH test in the crypto module, which simulates an
ephemeral key being used to send a message to a long-term key. The
high-level module has a similar test.

Bug: 163866361
Test: keystore2_crypto_test_rust, keystore2_test
Change-Id: I4c2bb1d8938de078ea37b930619918acc3c28fbe

keystore2/src/crypto/error.rs

diff --git a/keystore2/src/crypto/error.rs b/keystore2/src/crypto/error.rs
index 1eec321..a369012 100644
--- a/keystore2/src/crypto/error.rs
+++ b/keystore2/src/crypto/error.rs
@@ -74,9 +74,13 @@
     #[error("Failed to generate key.")]
     ECKEYGenerateKeyFailed,
 
-    /// This is returned if the C implementation of ECKEYDeriveFromSecret returned null.
-    #[error("Failed to derive key.")]
-    ECKEYDeriveFailed,
+    /// This is returned if the C implementation of ECKEYMarshalPrivateKey returned 0.
+    #[error("Failed to marshal private key.")]
+    ECKEYMarshalPrivateKeyFailed,
+
+    /// This is returned if the C implementation of ECKEYParsePrivateKey returned null.
+    #[error("Failed to parse private key.")]
+    ECKEYParsePrivateKeyFailed,
 
     /// This is returned if the C implementation of ECPOINTPoint2Oct returned 0.
     #[error("Failed to convert point to oct.")]