Because Keystore2 always requires valid auth tokens for user keys, this
copies and extends the existing in-guest GateKeeper implementation to
negotiate a shared secret key with Keymint in order to generate a
session key for signing auth tokens.
This implementation also uses AIDL rather than HIDL to interact with the
framework. It's also packaged in an APEX.
The files are cobbled together from a few sources:
- SoftGateKeeper.h is based on hardware/interfaces/gatekeeper/1.0/software/SoftGateKeeper.h
- GateKeeper.{cpp,h} are based on device/google/cuttlefish/guest/hals/gatekeeper/remote/remote_gatekeeper.{cpp,h}
- SharedSecret.{cpp,h} are based on device/google/cuttlefish/guest/hals/keymint/remote/remote_shared_secret.{cpp,h}
- Apex files are based on device/google/cuttlefish/guest/hals/keymint/rust/
Keymint modifications to use BOOT_TIME are lifted from
https://android-review.git.corp.google.com/c/platform/hardware/interfaces/+/2856649/6..8/security/keymint/aidl/default/ta/clock.rs#38
Bug: 332376454
Change-Id: I81845d5e6370bdddb1a24d67437964e03a5fb243
Test: Run with rust-nonsecure keymint on Cuttlefish
Test that Gatekeeper doesn't truncate passwords, either due to them
containing NUL bytes or being long.
This is https://r.android.com/2151558 ported to the AIDL test. Even
though the AIDL test wasn't added until after my change, it was forked
from an earlier version of the HIDL test that didn't have my change.
Bug: 238919794
Test: atest VtsHalGatekeeperTargetTest # on Cuttlefish
Change-Id: I6fec951e67a35d5275a67244fbef07d1435c9f4f
Imported interfaces are versioned, i.e. bumping an interface version
necessiates bumping the version of importing interfaces.
Keystore and Identity import KM. We are uprevving KM, so all three need
to be bumped at the same time.
Test: m
Change-Id: I46b253e72f2f245bd628ed2ae1f2f4e0572827e7
Added vts tests to test the gatekeeper stable aidl implementation.
Bug: 205760843
Test: run vts -m VtsHalGatekeeperTarget
Change-Id: I8ff66855490ec1bd01069512654bbf240773b2dd
Conversion of the gatekeeper hidl interface to stable aidl interface.
Bug: 205760843
Test: run vts -m VtsHalGatekeeperTarget
Change-Id: Iacba60935581c38348437875b452aeb4b5121f9e
