A failure to get the IAuthGraphKeyExchange/nonsecure instance might
be because it's not registered (likely on most non-Cuttlefish devices)
or it might be for some other reason, such as SELinux denial.
So detect other kinds of failure to get the service, and also change
the VTS to require root so SELinux denials don't happen.
Also tweak the expected return code when a source is given a corrupt
key; now that replay protection is implemented, the reference
implementation rejects this earlier (and with a different error)
because the session lookup fails.
Test: VtsAidlAuthGraphRoleTest
Bug: 291228560
Change-Id: I032600ac809f43a3642fa9ef9aae788d3ca2378f
This CL updates description of the `Nonce` used in key exchange as per
API council review.
Additionally, this includes updates to the documentation that are found
to be suitable as per further proof reading.
Test: N/A
Change-Id: Ie59e3a10eb8844fcfac9dad60c9d431ae499ee40
Add VTS tests that just exercise a single role, sink or source.
Use the AuthGraph core library to provide the implementation of the
other role. This means that the tests are best written in Rust.
Put the test code into a library, so that other HALs which include
AuthGraph as a component can exercise the AuthGraph parts in their own
VTS tests.
Test: VtsAidlAuthGraphRoleTest
Bug: 284470121
Change-Id: I73f6aa277b41cc728587d707d7a6f82f0d18e08f
Use the core library's new service implementation, which wraps a
channel to the TA.
In this nonsecure case, the TA is local in-process, so use the core
library's AuthGraphTa, and implement the SerializedChannel as just
a direct invocation of the TA.
Move this code into a _nonsecure library, so the main.rs just has
the code needed to start the executable and register the service.
Test: VtsAidlAuthGraphSessionTest
Bug: 284470121
Change-Id: I738d3876872a8cd248f0ebec708676d1173b6e37
The authgraph_hal library should only depend on libauthgraph_wire, not
on libauthgraph_core, so adjust error processing accordingly.
Test: VtsAidlAuthGraphSessionTest
Bug: 284470121
Change-Id: I48056db6ceeab409d0f165f8e051809129643c6f
Add an implementation for the AuthGraph key exchange HAL, to allow
testing and policy compliance.
In real use, IAuthGraphKeyExchange instances are expected to be
retrieved from some other HAL, allowing the AuthGraph instance to be
specifically correlated with the component that uses it.
Bug: 284470121
Bug: 291228560
Test: hal_implementation_test
Test: VtsAidlAuthGraphSessionTest
Change-Id: Ib064292d60bead663af7721fd1406f2a9b5d8ecd
Introduce the AIDL methods for key exchange and the CDDLs for
the relevant input/output types that are CBOR encoded.
Use a standard comment format in CDDL files to indicate where additional
structure definitions can be found, in the hope that one day tooling
will be available to automatically check schema syntax.
Add authgraph to compatibility matrix
This CL merges the CLs: aosp/2750484, aosp/2750485, aosp/2750486 by
drysdale@google.com
Co-authored-by: David Drysdale <drysdale@google.com>
Bug: 284470121
Test: validate schemas with https://cddl.anweiss.tech/
Test: VtsAidlAuthGraphSessionTest (with nonsecure default impl)
Change-Id: I2793666ede028f8abe91569587c09dcac21c67e0
