Update git submodules
* Update platform/system/security from branch 'master'
to ceb7564ed55d5ba681e293af9faaa3ed76e3d9e0
- Merge "keystore2: Implement ECDH in wrapper."
- keystore2: Implement ECDH in wrapper.
This change makes available ECDH functionality in the case where the
device doesn't have a KeyMint HAL. It's implemented by selectively
routing IKeyMintDevice calls to a software implementation of the
KeyMint HAL instead of to the KeyMaster 4 HAL already present on the
device.
A side-effect of this is that ECDH keys are not created in Secure HW
but the application can easily test for this using GetSecurityLevel()
or by inspecting the returned attestation certificate.
This change changes the key blobs returned by the compat wrapper by
prefixing whether a blob originates from the real underlying KeyMaster
HAL or from soft-KeyMint. The prefix itself has a magic marker
("pKMblob") which can be used to identify if a blob has a prefix at
all (it's assumed that any valid blob from KeyMint or KeyMaster HALs
never starts with the magic). This is needed because blobs persisted
to disk prior to using this code will not have the prefix and we want
those blobs to continue working.
Bug: 160623310
Test: atest android.keystore.cts.KeyAgreementTest (on emulator and crosshatch)
Change-Id: I6349c4b55d62bd5530c723f80f3a1b51b0ab3c9d
1 file changed
