Rename keyguard to gatekeeper

Prevents confusion between this component and the
actual Keyguard that shows when the device is locked.

Change-Id: I47bc02b73947d56841ed126aae4eaf007749038a
diff --git a/Android.mk b/Android.mk
index 8a9bd86..20ebbcb 100644
--- a/Android.mk
+++ b/Android.mk
@@ -15,14 +15,14 @@
 LOCAL_PATH := $(call my-dir)
 
 ###
-# libkeyguard contains just the code necessary to communicate with a
-# GoogleKeyguard implementation, e.g. one running in TrustZone.
+# libgatekeeper contains just the code necessary to communicate with a
+# GoogleGateKeeper implementation, e.g. one running in TrustZone.
 ##
 include $(CLEAR_VARS)
-LOCAL_MODULE:= libkeyguard
+LOCAL_MODULE:= libgatekeeper
 LOCAL_SRC_FILES := \
-	keyguard_messages.cpp \
-	keyguard.cpp
+	gatekeeper_messages.cpp \
+	gatekeeper.cpp
 LOCAL_C_INCLUDES := \
 	$(LOCAL_PATH)/include
 LOCAL_CFLAGS = -Wall -Werror -g
diff --git a/keyguard.cpp b/gatekeeper.cpp
similarity index 88%
rename from keyguard.cpp
rename to gatekeeper.cpp
index 3e1f338..a63b221 100644
--- a/keyguard.cpp
+++ b/gatekeeper.cpp
@@ -18,9 +18,9 @@
 #include <iomanip>
 #include <UniquePtr.h>
 
-#include <keyguard/keyguard.h>
+#include <gatekeeper/gatekeeper.h>
 
-namespace keyguard {
+namespace gatekeeper {
 
 /**
  * Internal only structure for easy serialization
@@ -38,11 +38,11 @@
     uint8_t signature[32];
 };
 
-void Keyguard::Enroll(const EnrollRequest &request, EnrollResponse *response) {
+void GateKeeper::Enroll(const EnrollRequest &request, EnrollResponse *response) {
     if (response == NULL) return;
 
     if (!request.provided_password.buffer.get()) {
-        response->error = KG_ERROR_INVALID;
+        response->error = ERROR_INVALID;
         return;
     }
 
@@ -55,7 +55,7 @@
         GetRandom(&user_id, sizeof(secure_id_t));
     } else {
         if (!ValidatePasswordFile(request.user_id, request.password_handle)) {
-           response->error = KG_ERROR_INVALID;
+           response->error = ERROR_INVALID;
            return;
         } else {
             // Password handle matches password file
@@ -63,7 +63,7 @@
                 reinterpret_cast<password_handle_t *>(request.password_handle.buffer.get());
             if (!DoVerify(pw_handle, request.enrolled_password)) {
                 // incorrect old password
-                response->error = KG_ERROR_INVALID;
+                response->error = ERROR_INVALID;
                 return;
             }
 
@@ -82,7 +82,7 @@
     if(!CreatePasswordHandle(&password_handle,
             salt, user_id, authenticator_id, request.provided_password.buffer.get(),
             request.provided_password.length)) {
-        response->error = KG_ERROR_INVALID;
+        response->error = ERROR_INVALID;
         return;
     }
 
@@ -92,11 +92,11 @@
     response->SetEnrolledPasswordHandle(&password_handle);
 }
 
-void Keyguard::Verify(const VerifyRequest &request, VerifyResponse *response) {
+void GateKeeper::Verify(const VerifyRequest &request, VerifyResponse *response) {
     if (response == NULL) return;
 
     if (!request.provided_password.buffer.get() || !request.password_handle.buffer.get()) {
-        response->error = KG_ERROR_INVALID;
+        response->error = ERROR_INVALID;
         return;
     }
 
@@ -106,7 +106,7 @@
 
     // Sanity check
     if (password_handle->version != HANDLE_VERSION) {
-        response->error = KG_ERROR_INVALID;
+        response->error = ERROR_INVALID;
         return;
     }
 
@@ -133,11 +133,11 @@
                 user_id, authenticator_id);
         response->SetVerificationToken(&auth_token);
     } else {
-        response->error = KG_ERROR_INVALID;
+        response->error = ERROR_INVALID;
     }
 }
 
-bool Keyguard::CreatePasswordHandle(SizedBuffer *password_handle_buffer, salt_t salt,
+bool GateKeeper::CreatePasswordHandle(SizedBuffer *password_handle_buffer, salt_t salt,
         secure_id_t user_id, secure_id_t authenticator_id, const uint8_t *password,
         size_t password_length) {
     password_handle_buffer->buffer.reset(new uint8_t[sizeof(password_handle_t)]);
@@ -169,7 +169,7 @@
     return true;
 }
 
-bool Keyguard::DoVerify(const password_handle_t *expected_handle, const SizedBuffer &password) {
+bool GateKeeper::DoVerify(const password_handle_t *expected_handle, const SizedBuffer &password) {
     if (!password.buffer.get()) return false;
 
     SizedBuffer provided_handle;
@@ -181,7 +181,7 @@
     return memcmp_s(provided_handle.buffer.get(), expected_handle, sizeof(*expected_handle)) == 0;
 }
 
-bool Keyguard::ValidatePasswordFile(uint32_t uid, const SizedBuffer &provided_handle) {
+bool GateKeeper::ValidatePasswordFile(uint32_t uid, const SizedBuffer &provided_handle) {
     SizedBuffer stored_handle;
     ReadPasswordFile(uid, &stored_handle);
 
@@ -193,7 +193,7 @@
             == 0;
 }
 
-void Keyguard::MintAuthToken(UniquePtr<uint8_t> *auth_token, size_t *length,
+void GateKeeper::MintAuthToken(UniquePtr<uint8_t> *auth_token, size_t *length,
         uint32_t timestamp, secure_id_t user_id, secure_id_t authenticator_id) {
     if (auth_token == NULL) return;
 
diff --git a/keyguard_messages.cpp b/gatekeeper_messages.cpp
similarity index 86%
rename from keyguard_messages.cpp
rename to gatekeeper_messages.cpp
index 34c3c91..03f5b3f 100644
--- a/keyguard_messages.cpp
+++ b/gatekeeper_messages.cpp
@@ -15,12 +15,12 @@
  *
  */
 
-#include <keyguard/keyguard_messages.h>
+#include <gatekeeper/gatekeeper_messages.h>
 
 #include <string.h>
 
 
-namespace keyguard {
+namespace gatekeeper {
 
 /**
  * Methods for serializing/deserializing SizedBuffers
@@ -39,34 +39,34 @@
     }
 }
 
-static inline keyguard_error_t read_from_buffer(const uint8_t **buffer, const uint8_t *end,
+static inline gatekeeper_error_t read_from_buffer(const uint8_t **buffer, const uint8_t *end,
         SizedBuffer *target) {
-    if (*buffer + sizeof(target->length) > end) return KG_ERROR_INVALID;
+    if (*buffer + sizeof(target->length) > end) return ERROR_INVALID;
 
     memcpy(&target->length, *buffer, sizeof(target->length));
     *buffer += sizeof(target->length);
     if (target->length != 0) {
         const uint8_t *buffer_end = *buffer + target->length;
-        if (buffer_end > end || buffer_end <= *buffer) return KG_ERROR_INVALID;
+        if (buffer_end > end || buffer_end <= *buffer) return ERROR_INVALID;
 
         target->buffer.reset(new uint8_t[target->length]);
         memcpy(target->buffer.get(), *buffer, target->length);
         *buffer += target->length;
     }
-    return KG_ERROR_OK;
+    return ERROR_NONE;
 }
 
 
-size_t KeyguardMessage::GetSerializedSize() const {
-    if (error == KG_ERROR_OK) {
+size_t GateKeeperMessage::GetSerializedSize() const {
+    if (error == ERROR_NONE) {
         return 2 * sizeof(uint32_t) + nonErrorSerializedSize();
     } else {
         return sizeof(uint32_t);
     }
 }
 
-uint8_t *KeyguardMessage::Serialize() const {
-    if (error != KG_ERROR_OK) {
+uint8_t *GateKeeperMessage::Serialize() const {
+    if (error != ERROR_NONE) {
         uint32_t *error_buf = new uint32_t;
         *error_buf = static_cast<uint32_t>(error);
         return reinterpret_cast<uint8_t *>(error_buf);
@@ -80,14 +80,14 @@
     }
 }
 
-keyguard_error_t KeyguardMessage::Deserialize(const uint8_t *payload, const uint8_t *end) {
+gatekeeper_error_t GateKeeperMessage::Deserialize(const uint8_t *payload, const uint8_t *end) {
     uint32_t error_value;
-    if (payload + sizeof(uint32_t) > end) return KG_ERROR_INVALID;
+    if (payload + sizeof(uint32_t) > end) return ERROR_INVALID;
     memcpy(&error_value, payload, sizeof(uint32_t));
-    error = static_cast<keyguard_error_t>(error_value);
+    error = static_cast<gatekeeper_error_t>(error_value);
     payload += sizeof(uint32_t);
-    if (error == KG_ERROR_OK) {
-        if (payload == end) return KG_ERROR_INVALID;
+    if (error == ERROR_NONE) {
+        if (payload == end) return ERROR_INVALID;
         user_id = *((uint32_t *) payload);
         error = nonErrorDeserialize(payload + sizeof(uint32_t), end);
     }
@@ -130,8 +130,8 @@
     append_to_buffer(&buffer, &provided_password);
 }
 
-keyguard_error_t VerifyRequest::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
-    keyguard_error_t error = KG_ERROR_OK;
+gatekeeper_error_t VerifyRequest::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
+    gatekeeper_error_t error = ERROR_NONE;
 
     if (password_handle.buffer.get()) {
         password_handle.buffer.reset();
@@ -143,7 +143,7 @@
     }
 
     error = read_from_buffer(&payload, end, &password_handle);
-    if (error != KG_ERROR_OK) return error;
+    if (error != ERROR_NONE) return error;
 
     return read_from_buffer(&payload, end, &provided_password);
 
@@ -178,7 +178,7 @@
     append_to_buffer(&buffer, &auth_token);
 }
 
-keyguard_error_t VerifyResponse::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
+gatekeeper_error_t VerifyResponse::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
     if (auth_token.buffer.get()) {
         auth_token.buffer.reset();
     }
@@ -243,8 +243,8 @@
     append_to_buffer(&buffer, &password_handle);
 }
 
-keyguard_error_t EnrollRequest::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
-    keyguard_error_t ret;
+gatekeeper_error_t EnrollRequest::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
+    gatekeeper_error_t ret;
     if (provided_password.buffer.get()) {
         memset_s(provided_password.buffer.get(), 0, provided_password.length);
         provided_password.buffer.reset();
@@ -261,12 +261,12 @@
     }
 
      ret = read_from_buffer(&payload, end, &provided_password);
-     if (ret != KG_ERROR_OK) {
+     if (ret != ERROR_NONE) {
          return ret;
      }
 
      ret = read_from_buffer(&payload, end, &enrolled_password);
-     if (ret != KG_ERROR_OK) {
+     if (ret != ERROR_NONE) {
          return ret;
      }
 
@@ -302,7 +302,7 @@
     append_to_buffer(&buffer, &enrolled_password_handle);
 }
 
-keyguard_error_t EnrollResponse::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
+gatekeeper_error_t EnrollResponse::nonErrorDeserialize(const uint8_t *payload, const uint8_t *end) {
     if (enrolled_password_handle.buffer.get()) {
         enrolled_password_handle.buffer.reset();
     }
diff --git a/include/keyguard/keyguard.h b/include/gatekeeper/gatekeeper.h
similarity index 92%
rename from include/keyguard/keyguard.h
rename to include/gatekeeper/gatekeeper.h
index 8141ce3..aaaba03 100644
--- a/include/keyguard/keyguard.h
+++ b/include/gatekeeper/gatekeeper.h
@@ -14,16 +14,16 @@
  * limitations under the License.
  */
 
-#ifndef KEYGUARD_H_
-#define KEYGUARD_H_
+#ifndef GATEKEEPER_H_
+#define GATEKEEPER_H_
 
 #include <memory>
 #include <stdint.h>
 #include <UniquePtr.h>
 
-#include "keyguard_messages.h"
+#include "gatekeeper_messages.h"
 
-namespace keyguard {
+namespace gatekeeper {
 
 typedef uint64_t secure_id_t;
 typedef uint64_t salt_t;
@@ -48,14 +48,14 @@
 struct password_handle_t;
 
 /**
- * Base class for keyguard implementations. Provides all functionality except
+ * Base class for gatekeeper implementations. Provides all functionality except
  * the ability to create/access keys and compute signatures. These are left up
  * to the platform-specific implementation.
  */
-class Keyguard {
+class GateKeeper {
 public:
-    Keyguard() {}
-    virtual ~Keyguard() {}
+    GateKeeper() {}
+    virtual ~GateKeeper() {}
 
     void Enroll(const EnrollRequest &request, EnrollResponse *response);
     void Verify(const VerifyRequest &request, VerifyResponse *response);
@@ -65,7 +65,7 @@
     // The following methods are intended to be implemented by concrete subclasses
 
     /**
-     * Retrieves the key used by Keyguard::MintAuthToken to sign the payload
+     * Retrieves the key used by GateKeeper::MintAuthToken to sign the payload
      * of the AuthToken. This is not cached as is may have changed due to an event such
      * as a password change.
      *
@@ -158,4 +158,4 @@
 
 }
 
-#endif // KEYGUARD_H_
+#endif // GATEKEEPER_H_
diff --git a/include/keyguard/keyguard_messages.h b/include/gatekeeper/gatekeeper_messages.h
similarity index 78%
rename from include/keyguard/keyguard_messages.h
rename to include/gatekeeper/gatekeeper_messages.h
index 87cb38a..3b48e35 100644
--- a/include/keyguard/keyguard_messages.h
+++ b/include/gatekeeper/gatekeeper_messages.h
@@ -13,23 +13,23 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-#ifndef KEYGUARD_MESSAGES_H_
-#define KEYGUARD_MESSAGES_H_
+#ifndef GATEKEEPER_MESSAGES_H_
+#define GATEKEEPER_MESSAGES_H_
 
 #include <stdint.h>
 #include <UniquePtr.h>
 
 
-#include "keyguard_utils.h"
+#include "gatekeeper_utils.h"
 /**
- * Message serialization objects for communicating with the hardware keyguard.
+ * Message serialization objects for communicating with the hardware gatekeeper.
  */
-namespace keyguard {
+namespace gatekeeper {
 
 typedef enum {
-    KG_ERROR_OK = 0,
-    KG_ERROR_INVALID = 1,
-} keyguard_error_t;
+    ERROR_NONE = 0,
+    ERROR_INVALID = 1,
+} gatekeeper_error_t;
 
 struct SizedBuffer {
     SizedBuffer() {
@@ -68,10 +68,10 @@
  * elements like the error and user ID. Delegates specialized serialization
  * to protected pure virtual functions implemented by subclasses.
  */
-struct KeyguardMessage {
-    KeyguardMessage() : error(KG_ERROR_OK) {}
-    KeyguardMessage(keyguard_error_t error) : error(error) {}
-    virtual ~KeyguardMessage() {}
+struct GateKeeperMessage {
+    GateKeeperMessage() : error(ERROR_NONE) {}
+    GateKeeperMessage(gatekeeper_error_t error) : error(error) {}
+    virtual ~GateKeeperMessage() {}
 
     /**
      * Returns serialized size in bytes of the current state of the
@@ -88,7 +88,7 @@
     /**
      * Inflates the object from its serial representation.
      */
-    keyguard_error_t Deserialize(const uint8_t *payload, const uint8_t *end);
+    gatekeeper_error_t Deserialize(const uint8_t *payload, const uint8_t *end);
 
     /**
      * The following methods are intended to be implemented by subclasses.
@@ -111,15 +111,15 @@
     /**
      * Deserializes subclass specific data from payload without reading past end.
      */
-    virtual keyguard_error_t nonErrorDeserialize(const uint8_t *, const uint8_t *) {
-        return KG_ERROR_OK;
+    virtual gatekeeper_error_t nonErrorDeserialize(const uint8_t *, const uint8_t *) {
+        return ERROR_NONE;
     }
 
-    keyguard_error_t error;
+    gatekeeper_error_t error;
     uint32_t user_id;
 };
 
-struct VerifyRequest : public KeyguardMessage {
+struct VerifyRequest : public GateKeeperMessage {
     VerifyRequest(
             uint32_t user_id,
             SizedBuffer *enrolled_password_handle,
@@ -129,13 +129,13 @@
 
     virtual size_t nonErrorSerializedSize() const;
     virtual void nonErrorSerialize(uint8_t *buffer) const;
-    virtual keyguard_error_t nonErrorDeserialize(const uint8_t *payload, const uint8_t *end);
+    virtual gatekeeper_error_t nonErrorDeserialize(const uint8_t *payload, const uint8_t *end);
 
     SizedBuffer password_handle;
     SizedBuffer provided_password;
 };
 
-struct VerifyResponse : public KeyguardMessage {
+struct VerifyResponse : public GateKeeperMessage {
     VerifyResponse(uint32_t user_id, SizedBuffer *auth_token);
     VerifyResponse();
     ~VerifyResponse();
@@ -144,12 +144,12 @@
 
     virtual size_t nonErrorSerializedSize() const;
     virtual void nonErrorSerialize(uint8_t *buffer) const;
-    virtual keyguard_error_t nonErrorDeserialize(const uint8_t *payload, const uint8_t *end);
+    virtual gatekeeper_error_t nonErrorDeserialize(const uint8_t *payload, const uint8_t *end);
 
     SizedBuffer auth_token;
 };
 
-struct EnrollRequest : public KeyguardMessage {
+struct EnrollRequest : public GateKeeperMessage {
     EnrollRequest(uint32_t user_id, SizedBuffer *password_handle,
             SizedBuffer *provided_password, SizedBuffer *enrolled_password);
     EnrollRequest();
@@ -157,7 +157,7 @@
 
     virtual size_t nonErrorSerializedSize() const;
     virtual void nonErrorSerialize(uint8_t *buffer) const;
-    virtual keyguard_error_t nonErrorDeserialize(const uint8_t *payload, const uint8_t *end);
+    virtual gatekeeper_error_t nonErrorDeserialize(const uint8_t *payload, const uint8_t *end);
 
     /**
      * The password handle returned from the previous call to enroll or NULL
@@ -174,7 +174,7 @@
     SizedBuffer provided_password;
 };
 
-struct EnrollResponse : public KeyguardMessage {
+struct EnrollResponse : public GateKeeperMessage {
 public:
     EnrollResponse(uint32_t user_id, SizedBuffer *enrolled_password_handle);
     EnrollResponse();
@@ -184,10 +184,10 @@
 
     virtual size_t nonErrorSerializedSize() const;
     virtual void nonErrorSerialize(uint8_t *buffer) const;
-    virtual keyguard_error_t nonErrorDeserialize(const uint8_t *payload, const uint8_t *end);
+    virtual gatekeeper_error_t nonErrorDeserialize(const uint8_t *payload, const uint8_t *end);
 
    SizedBuffer enrolled_password_handle;
 };
 }
 
-#endif // KEYGUARD_MESSAGES_H_
+#endif // GATEKEEPER_MESSAGES_H_
diff --git a/include/keyguard/keyguard_utils.h b/include/gatekeeper/gatekeeper_utils.h
similarity index 92%
rename from include/keyguard/keyguard_utils.h
rename to include/gatekeeper/gatekeeper_utils.h
index fd00248..6439242 100644
--- a/include/keyguard/keyguard_utils.h
+++ b/include/gatekeeper/gatekeeper_utils.h
@@ -14,12 +14,12 @@
  * limitations under the License.
  *
  */
-#ifndef GOOGLE_KEYGUARD_UTILS_H_
-#define GOOGLE_KEYGUARD_UTILS_H_
+#ifndef GOOGLE_GATEKEEPER_UTILS_H_
+#define GOOGLE_GATEKEEPER_UTILS_H_
 
 #include <string.h>
 
-namespace keyguard {
+namespace gatekeeper {
 /**
  * Variant of memset() that uses GCC-specific pragmas to disable optimizations, so effect is not
  * optimized away.  This is important because we often need to wipe blocks of sensitive data from
@@ -54,4 +54,4 @@
 }
 
 };
-#endif //GOOGLE_KEYGUARD_UTILS_H_
+#endif //GOOGLE_GATEKEEPER_UTILS_H_
diff --git a/include/keyguard/soft_keyguard.h b/include/gatekeeper/soft_gatekeeper.h
similarity index 89%
rename from include/keyguard/soft_keyguard.h
rename to include/gatekeeper/soft_gatekeeper.h
index 56ba775..ce1fcc4 100644
--- a/include/keyguard/soft_keyguard.h
+++ b/include/gatekeeper/soft_gatekeeper.h
@@ -15,8 +15,8 @@
  *
  */
 
-#ifndef SOFT_KEYGUARD_H_
-#define SOFT_KEYGUARD_H_
+#ifndef SOFT_GATEKEEPER_H_
+#define SOFT_GATEKEEPER_H_
 
 extern "C" {
 #include <openssl/rand.h>
@@ -24,22 +24,22 @@
 }
 
 #include <UniquePtr.h>
-#include <keyguard/keyguard.h>
+#include <gatekeeper/gatekeeper.h>
 #include <iostream>
 
-namespace keyguard {
+namespace gatekeeper {
 
 /**
  * Convenience class for easily switching out a testing implementation
  */
-class KeyguardFileIo {
+class GateKeeperFileIo {
 public:
-    virtual ~KeyguardFileIo() {}
+    virtual ~GateKeeperFileIo() {}
     virtual void Write(const char *filename, const uint8_t *bytes, size_t length) = 0;
     virtual size_t Read(const char *filename, UniquePtr<uint8_t> *bytes) const = 0;
 };
 
-class SoftKeyguard : public Keyguard {
+class SoftGateKeeper : public GateKeeper {
 public:
     static const size_t SALT_LENGTH = 8;
     static const size_t SIGNATURE_LENGTH = 16;
@@ -51,11 +51,11 @@
 
     static const int MAX_UINT_32_CHARS = 11;
 
-    SoftKeyguard(KeyguardFileIo *file_io) {
+    SoftGateKeeper(GateKeeperFileIo *file_io) {
         file_io_ = file_io;
     }
 
-    virtual ~SoftKeyguard() {
+    virtual ~SoftGateKeeper() {
         delete file_io_;
     }
 
@@ -107,9 +107,9 @@
     }
 
 private:
-    KeyguardFileIo *file_io_;
+    GateKeeperFileIo *file_io_;
 };
 }
 
-#endif // SOFT_KEYGUARD_H_
+#endif // SOFT_GATEKEEPER_H_
 
diff --git a/softkeyguard/Android.mk b/softgatekeeper/Android.mk
similarity index 89%
rename from softkeyguard/Android.mk
rename to softgatekeeper/Android.mk
index 9eb67a4..7851ea2 100644
--- a/softkeyguard/Android.mk
+++ b/softgatekeeper/Android.mk
@@ -18,13 +18,13 @@
 ifeq ($(USE_32_BIT_KEYSTORE), true)
 LOCAL_MULTILIB := 32
 endif
-LOCAL_MODULE := keyguard.default
+LOCAL_MODULE := gatekeeper.default
 LOCAL_MODULE_RELATIVE_PATH := hw
 LOCAL_SRC_FILES := \
 	module.cpp \
-	soft_keyguard_device.cpp
+	soft_gatekeeper_device.cpp
 LOCAL_CFLAGS = -fvisibility=hidden -Wall -Werror
-LOCAL_SHARED_LIBRARIES := libcrypto libkeyguard
+LOCAL_SHARED_LIBRARIES := libcrypto libgatekeeper
 LOCAL_STATIC_LIBRARIES := libscrypt_static
 LOCAL_C_INCLUDES := external/scrypt/lib/crypto
 LOCAL_MODULE_TAGS := optional
diff --git a/softkeyguard/module.cpp b/softgatekeeper/module.cpp
similarity index 73%
rename from softkeyguard/module.cpp
rename to softgatekeeper/module.cpp
index 07f1ec0..4c0b624 100644
--- a/softkeyguard/module.cpp
+++ b/softgatekeeper/module.cpp
@@ -13,9 +13,9 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-#include "soft_keyguard_device.h"
+#include "soft_gatekeeper_device.h"
 
-extern struct keyguard_module soft_keyguard_device_module;
+extern struct gatekeeper_module soft_gatekeeper_device_module;
 
-struct keyguard_module HAL_MODULE_INFO_SYM __attribute__((visibility("default")))
-    = soft_keyguard_device_module;
+struct gatekeeper_module HAL_MODULE_INFO_SYM __attribute__((visibility("default")))
+    = soft_gatekeeper_device_module;
diff --git a/softkeyguard/native_keyguard_file_io.h b/softgatekeeper/native_gatekeeper_file_io.h
similarity index 77%
rename from softkeyguard/native_keyguard_file_io.h
rename to softgatekeeper/native_gatekeeper_file_io.h
index 61a75de..b16dcf1 100644
--- a/softkeyguard/native_keyguard_file_io.h
+++ b/softgatekeeper/native_gatekeeper_file_io.h
@@ -14,14 +14,14 @@
  * limitations under the License.
  */
 
-#ifndef KEYGUARD_FILE_IO_
-#define KEYGUARD_FILE_IO_
+#ifndef NATIVE_GATEKEEPER_FILE_IO_H
+#define NATIVE_GATEKEEPER_FILE_IO_H
 
-#include <keyguard/soft_keyguard.h>
+#include <gatekeeper/soft_gatekeeper.h>
 
-namespace keyguard {
+namespace gatekeeper {
 
-class NativeKeyguardFileIo : public ::keyguard::KeyguardFileIo {
+class NativeGateKeeperFileIo : public ::gatekeeper::GateKeeperFileIo {
 public:
     virtual void Write(const char *filename, const uint8_t *bytes, size_t length) {
         // TODO
@@ -35,4 +35,4 @@
 };
 }
 
-#endif // KEYGUARD_FILE_IO_
+#endif // NATIVE_GATEKEEPER_FILE_IO_H
diff --git a/softkeyguard/soft_keyguard_device.cpp b/softgatekeeper/soft_gatekeeper_device.cpp
similarity index 72%
rename from softkeyguard/soft_keyguard_device.cpp
rename to softgatekeeper/soft_gatekeeper_device.cpp
index 8781b74..03cc686 100644
--- a/softkeyguard/soft_keyguard_device.cpp
+++ b/softgatekeeper/soft_gatekeeper_device.cpp
@@ -14,15 +14,15 @@
  * limitations under the License.
  */
 
-#include "soft_keyguard_device.h"
-#include "native_keyguard_file_io.h"
+#include "soft_gatekeeper_device.h"
+#include "native_gatekeeper_file_io.h"
 
 __attribute__((visibility("default")))
-int softkeyguard_device_open(const hw_module_t *module, const char *name, hw_device_t **device) {
-    if (device == NULL || strcmp(name, HARDWARE_KEYGUARD) != 0)
+int softgatekeeper_device_open(const hw_module_t *module, const char *name, hw_device_t **device) {
+    if (device == NULL || strcmp(name, HARDWARE_GATEKEEPER) != 0)
         return -EINVAL;
 
-    keyguard::SoftKeyguardDevice *dev = new keyguard::SoftKeyguardDevice(module);
+    gatekeeper::SoftGateKeeperDevice *dev = new gatekeeper::SoftGateKeeperDevice(module);
     if (dev == NULL)
         return -ENOMEM;
 
@@ -31,39 +31,39 @@
 }
 
 
-static struct hw_module_methods_t keyguard_module_methods  = {
-    .open = softkeyguard_device_open,
+static struct hw_module_methods_t gatekeeper_module_methods  = {
+    .open = softgatekeeper_device_open,
 };
 
 __attribute__((visibility("default")))
-struct keyguard_module soft_keyguard_device_module = {
+struct gatekeeper_module soft_gatekeeper_device_module = {
     .common =
         {
          .tag = HARDWARE_MODULE_TAG,
-         .module_api_version = KEYGUARD_MODULE_API_VERSION_0_1,
+         .module_api_version = GATEKEEPER_MODULE_API_VERSION_0_1,
          .hal_api_version = HARDWARE_HAL_API_VERSION,
-         .id = KEYGUARD_HARDWARE_MODULE_ID,
-         .name = "Keyguard SCrypt HAL",
+         .id = GATEKEEPER_HARDWARE_MODULE_ID,
+         .name = "GateKeeper SCrypt HAL",
          .author = "The Android Open Source Project",
-         .methods = &keyguard_module_methods,
+         .methods = &gatekeeper_module_methods,
          .dso = 0,
          .reserved = {},
         },
 };
 
-namespace keyguard {
+namespace gatekeeper {
 
-SoftKeyguardDevice::SoftKeyguardDevice(const hw_module_t *module)
-    : impl_(new SoftKeyguard(new NativeKeyguardFileIo())) {
+SoftGateKeeperDevice::SoftGateKeeperDevice(const hw_module_t *module)
+    : impl_(new SoftGateKeeper(new NativeGateKeeperFileIo())) {
 #if __cplusplus >= 201103L || defined(__GXX_EXPERIMENTAL_CXX0X__)
-    static_assert(std::is_standard_layout<SoftKeyguardDevice>::value,
-                  "SoftKeyguardDevice must be standard layout");
-    static_assert(offsetof(SoftKeyguardDevice, device_) == 0,
+    static_assert(std::is_standard_layout<SoftGateKeeperDevice>::value,
+                  "SoftGateKeeperDevice must be standard layout");
+    static_assert(offsetof(SoftGateKeeperDevice, device_) == 0,
                   "device_ must be the first member of KeymasterOpenSsl");
-    static_assert(offsetof(SoftKeyguardDevice, device_.common) == 0,
+    static_assert(offsetof(SoftGateKeeperDevice, device_.common) == 0,
                   "common must be the first member of keymaster_device");
 #else
-    assert(reinterpret_cast<keyguard_device*>(this) == &device_);
+    assert(reinterpret_cast<gatekeeper_device*>(this) == &device_);
     assert(reinterpret_cast<hw_device_t*>(this) == &(device_.common));
 #endif
 
@@ -77,21 +77,21 @@
     device_.enroll = Enroll;
 }
 
-hw_device_t *SoftKeyguardDevice::hw_device() {
+hw_device_t *SoftGateKeeperDevice::hw_device() {
     return &device_.common;
 }
 
-static inline SoftKeyguardDevice *convert_device(const struct keyguard_device *dev) {
-    return reinterpret_cast<SoftKeyguardDevice *>(const_cast<keyguard_device *>(dev));
+static inline SoftGateKeeperDevice *convert_device(const struct gatekeeper_device *dev) {
+    return reinterpret_cast<SoftGateKeeperDevice *>(const_cast<gatekeeper_device *>(dev));
 }
 
 /* static */
-int SoftKeyguardDevice::close_device(hw_device_t* dev) {
-    delete reinterpret_cast<SoftKeyguardDevice *>(dev);
+int SoftGateKeeperDevice::close_device(hw_device_t* dev) {
+    delete reinterpret_cast<SoftGateKeeperDevice *>(dev);
     return 0;
 }
 
-int SoftKeyguardDevice::Enroll(const struct keyguard_device *dev, uint32_t uid,
+int SoftGateKeeperDevice::Enroll(const struct gatekeeper_device *dev, uint32_t uid,
             const uint8_t *current_password_handle, size_t current_password_handle_length,
             const uint8_t *current_password, size_t current_password_length,
             const uint8_t *desired_password, size_t desired_password_length,
@@ -131,7 +131,7 @@
 
     convert_device(dev)->impl_->Enroll(request, &response);
 
-    if (response.error != KG_ERROR_OK)
+    if (response.error != ERROR_NONE)
         return -EINVAL;
 
     *enrolled_password_handle = response.enrolled_password_handle.buffer.release();
@@ -139,7 +139,7 @@
     return 0;
 }
 
-int SoftKeyguardDevice::Verify(const struct keyguard_device *dev, uint32_t uid,
+int SoftGateKeeperDevice::Verify(const struct gatekeeper_device *dev, uint32_t uid,
         const uint8_t *enrolled_password_handle, size_t enrolled_password_handle_length,
         const uint8_t *provided_password, size_t provided_password_length,
         uint8_t **auth_token, size_t *auth_token_length) {
@@ -159,7 +159,7 @@
 
     convert_device(dev)->impl_->Verify(request, &response);
 
-    if (response.error != KG_ERROR_OK)
+    if (response.error != ERROR_NONE)
        return -EINVAL;
 
     if (auth_token != NULL && auth_token_length != NULL) {
diff --git a/softkeyguard/soft_keyguard_device.h b/softgatekeeper/soft_gatekeeper_device.h
similarity index 76%
rename from softkeyguard/soft_keyguard_device.h
rename to softgatekeeper/soft_gatekeeper_device.h
index 23bc944..88bb59f 100644
--- a/softkeyguard/soft_keyguard_device.h
+++ b/softgatekeeper/soft_gatekeeper_device.h
@@ -14,33 +14,33 @@
  * limitations under the License.
  */
 
-#ifndef SYSTEM_SOFT_KEYGUARD_DEVICE_H_
-#define SYSTEM_SOFT_KEYGUARD_DEVICE_H_
+#ifndef SOFT_GATEKEEPER_DEVICE_H_
+#define SOFT_GATEKEEPER_DEVICE_H_
 
-#include <keyguard/soft_keyguard.h>
-#include <hardware/keyguard.h>
+#include <gatekeeper/soft_gatekeeper.h>
+#include <hardware/gatekeeper.h>
 #include <UniquePtr.h>
 
-namespace keyguard {
+namespace gatekeeper {
 
 /**
- * Software based Keyguard implementation
+ * Software based GateKeeper implementation
  *
  * IMPORTANT MAINTAINER NOTE: Pointers to instances of this class must be castable to hw_device_t
- * and keyguard. This means it must remain a standard layout class (no virtual functions and
+ * and gatekeeper. This means it must remain a standard layout class (no virtual functions and
  * no data members which aren't standard layout), and device_ must be the first data member.
  * Assertions in the constructor validate compliance with those constraints.
  */
-class SoftKeyguardDevice {
+class SoftGateKeeperDevice {
 public:
-   SoftKeyguardDevice(const hw_module_t *module);
+   SoftGateKeeperDevice(const hw_module_t *module);
 
    hw_device_t *hw_device();
 
 private:
     static int close_device(hw_device_t* dev);
 
-   // Wrappers to translate the keyguard HAL API to the Kegyuard Messages API.
+   // Wrappers to translate the gatekeeper HAL API to the Kegyuard Messages API.
 
     /**
      * Enrolls password_payload, which should be derived from a user selected pin or password,
@@ -50,7 +50,7 @@
      * Returns: 0 on success or an error code less than 0 on error.
      * On error, enrolled_password_handle will not be allocated.
      */
-    static int Enroll(const struct keyguard_device *dev, uint32_t uid,
+    static int Enroll(const struct gatekeeper_device *dev, uint32_t uid,
             const uint8_t *current_password_handle, size_t current_password_handle_length,
             const uint8_t *current_password, size_t current_password_length,
             const uint8_t *desired_password, size_t desired_password_length,
@@ -68,15 +68,15 @@
      * Returns: 0 on success or an error code less than 0 on error
      * On error, verification token will not be allocated
      */
-    static int Verify(const struct keyguard_device *dev, uint32_t uid,
+    static int Verify(const struct gatekeeper_device *dev, uint32_t uid,
             const uint8_t *enrolled_password_handle, size_t enrolled_password_handle_length,
             const uint8_t *provided_password, size_t provided_password_length,
             uint8_t **auth_token, size_t *auth_token_length);
 
-    keyguard_device device_;
-    UniquePtr<Keyguard> impl_;
+    gatekeeper_device device_;
+    UniquePtr<GateKeeper> impl_;
 };
 
-} // namespace keyguard
+} // namespace gatekeeper
 
-#endif //SYSTEM_SOFT_KEYGUARD_DEVICE_H_
+#endif //SOFT_GATEKEEPER_DEVICE_H_
diff --git a/tests/Android.mk b/tests/Android.mk
index fff72ca..f1238af 100644
--- a/tests/Android.mk
+++ b/tests/Android.mk
@@ -17,14 +17,14 @@
 LOCAL_PATH:= $(call my-dir)
 
 include $(CLEAR_VARS)
-LOCAL_MODULE := keyguard-unit-tests
+LOCAL_MODULE := gatekeeper-unit-tests
 LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
 LOCAL_CFLAGS += -g -Wall -Werror -std=gnu++11 -Wno-missing-field-initializers
-LOCAL_SHARED_LIBRARIES := libkeyguard libcrypto libhardware
+LOCAL_SHARED_LIBRARIES := libgatekeeper libcrypto libhardware
 LOCAL_STATIC_LIBRARIES := libscrypt_static
 LOCAL_C_INCLUDES := external/scrypt/lib/crypto
 LOCAL_SRC_FILES := \
-	keyguard_messages_test.cpp \
-	keyguard_test.cpp \
-	keyguard_device_test.cpp
+	gatekeeper_messages_test.cpp \
+	gatekeeper_test.cpp \
+	gatekeeper_device_test.cpp
 include $(BUILD_NATIVE_TEST)
diff --git a/tests/keyguard_device_test.cpp b/tests/gatekeeper_device_test.cpp
similarity index 78%
rename from tests/keyguard_device_test.cpp
rename to tests/gatekeeper_device_test.cpp
index b3f3b21..c5ad9c3 100644
--- a/tests/keyguard_device_test.cpp
+++ b/tests/gatekeeper_device_test.cpp
@@ -14,39 +14,39 @@
  * limitations under the License.
  */
 #include <gtest/gtest.h>
-#include <hardware/keyguard.h>
+#include <hardware/gatekeeper.h>
 
 using ::testing::Test;
 
-class KeyguardDeviceTest : public virtual Test {
+class GateKeeperDeviceTest : public virtual Test {
 public:
-    KeyguardDeviceTest() {}
-    virtual ~KeyguardDeviceTest() {}
+    GateKeeperDeviceTest() {}
+    virtual ~GateKeeperDeviceTest() {}
 
     virtual void SetUp() {
-        keyguard_device_initialize(&device);
+        gatekeeper_device_initialize(&device);
     }
 
     virtual void TearDown() {
-        keyguard_close(device);
+        gatekeeper_close(device);
     }
 
-    static void keyguard_device_initialize(keyguard_device_t **dev) {
+    static void gatekeeper_device_initialize(gatekeeper_device_t **dev) {
         int ret;
         const hw_module_t *mod;
-        ret = hw_get_module_by_class(KEYGUARD_HARDWARE_MODULE_ID, NULL, &mod);
+        ret = hw_get_module_by_class(GATEKEEPER_HARDWARE_MODULE_ID, NULL, &mod);
 
         ASSERT_EQ(0, ret);
 
-        ret = keyguard_open(mod, dev);
+        ret = gatekeeper_open(mod, dev);
 
         ASSERT_EQ(0, ret);
     }
 
-    keyguard_device_t *device;
+    gatekeeper_device_t *device;
 };
 
-TEST_F(KeyguardDeviceTest, EnrollAndVerify) {
+TEST_F(GateKeeperDeviceTest, EnrollAndVerify) {
     size_t password_len = 50;
     uint8_t password_payload[password_len];
     uint8_t *password_handle;
@@ -66,7 +66,7 @@
     ASSERT_EQ(0, ret);
 }
 
-TEST_F(KeyguardDeviceTest, EnrollAndVerifyBadPassword) {
+TEST_F(GateKeeperDeviceTest, EnrollAndVerifyBadPassword) {
     size_t password_len = 50;
     uint8_t password_payload[password_len];
     uint8_t *password_handle;
diff --git a/tests/keyguard_messages_test.cpp b/tests/gatekeeper_messages_test.cpp
similarity index 95%
rename from tests/keyguard_messages_test.cpp
rename to tests/gatekeeper_messages_test.cpp
index fd70c07..e58db04 100644
--- a/tests/keyguard_messages_test.cpp
+++ b/tests/gatekeeper_messages_test.cpp
@@ -19,14 +19,14 @@
 #include <stdlib.h>
 #include <stdio.h>
 
-#include <keyguard/keyguard_messages.h>
+#include <gatekeeper/gatekeeper_messages.h>
 
-using ::keyguard::SizedBuffer;
+using ::gatekeeper::SizedBuffer;
 using ::testing::Test;
-using ::keyguard::EnrollRequest;
-using ::keyguard::EnrollResponse;
-using ::keyguard::VerifyRequest;
-using ::keyguard::VerifyResponse;
+using ::gatekeeper::EnrollRequest;
+using ::gatekeeper::EnrollResponse;
+using ::gatekeeper::VerifyRequest;
+using ::gatekeeper::VerifyResponse;
 using std::cout;
 using std::endl;
 
@@ -57,7 +57,7 @@
     deserialized_req.Deserialize(serialized_req, serialized_req + req.GetSerializedSize());
     delete[] serialized_req;
 
-    ASSERT_EQ(keyguard::keyguard_error_t::KG_ERROR_OK,
+    ASSERT_EQ(gatekeeper::gatekeeper_error_t::ERROR_NONE,
             deserialized_req.error);
 
     deserialized_password = &deserialized_req.provided_password;
@@ -84,7 +84,7 @@
     deserialized_req.Deserialize(serialized_req, serialized_req + req.GetSerializedSize());
     delete[] serialized_req;
 
-    ASSERT_EQ(keyguard::keyguard_error_t::KG_ERROR_OK,
+    ASSERT_EQ(gatekeeper::gatekeeper_error_t::ERROR_NONE,
             deserialized_req.error);
 
     deserialized_password = &deserialized_req.provided_password;
@@ -113,7 +113,7 @@
     deserialized_req.Deserialize(serialized_req, serialized_req + req.GetSerializedSize());
     delete[] serialized_req;
 
-    ASSERT_EQ(keyguard::keyguard_error_t::KG_ERROR_OK,
+    ASSERT_EQ(gatekeeper::gatekeeper_error_t::ERROR_NONE,
             deserialized_req.error);
 
     deserialized_password = &deserialized_req.provided_password;
@@ -143,7 +143,7 @@
     deserialized_req.Deserialize(serialized_req, serialized_req + req.GetSerializedSize());
     delete[] serialized_req;
 
-    ASSERT_EQ(keyguard::keyguard_error_t::KG_ERROR_OK,
+    ASSERT_EQ(gatekeeper::gatekeeper_error_t::ERROR_NONE,
             deserialized_req.error);
 
     deserialized_password = &deserialized_req.enrolled_password_handle;
@@ -164,7 +164,7 @@
     VerifyRequest deserialized_req;
     deserialized_req.Deserialize(serialized_req, serialized_req + req.GetSerializedSize());
 
-    ASSERT_EQ(keyguard::keyguard_error_t::KG_ERROR_OK,
+    ASSERT_EQ(gatekeeper::gatekeeper_error_t::ERROR_NONE,
             deserialized_req.error);
 
     ASSERT_EQ(USER_ID, deserialized_req.user_id);
@@ -190,7 +190,7 @@
     deserialized_req.Deserialize(serialized_req, serialized_req + req.GetSerializedSize());
     delete[] serialized_req;
 
-    ASSERT_EQ(keyguard::keyguard_error_t::KG_ERROR_OK,
+    ASSERT_EQ(gatekeeper::gatekeeper_error_t::ERROR_NONE,
             deserialized_req.error);
 
     ASSERT_EQ(USER_ID, deserialized_req.user_id);
diff --git a/tests/keyguard_test.cpp b/tests/gatekeeper_test.cpp
similarity index 66%
rename from tests/keyguard_test.cpp
rename to tests/gatekeeper_test.cpp
index 02a6c34..2c91295 100644
--- a/tests/keyguard_test.cpp
+++ b/tests/gatekeeper_test.cpp
@@ -18,21 +18,21 @@
 #include <UniquePtr.h>
 #include <iostream>
 
-#include <keyguard/soft_keyguard.h>
+#include <gatekeeper/soft_gatekeeper.h>
 
-using ::keyguard::SizedBuffer;
+using ::gatekeeper::SizedBuffer;
 using ::testing::Test;
-using ::keyguard::EnrollRequest;
-using ::keyguard::EnrollResponse;
-using ::keyguard::VerifyRequest;
-using ::keyguard::VerifyResponse;
-using ::keyguard::SoftKeyguard;
-using ::keyguard::AuthToken;
-using ::keyguard::secure_id_t;
+using ::gatekeeper::EnrollRequest;
+using ::gatekeeper::EnrollResponse;
+using ::gatekeeper::VerifyRequest;
+using ::gatekeeper::VerifyResponse;
+using ::gatekeeper::SoftGateKeeper;
+using ::gatekeeper::AuthToken;
+using ::gatekeeper::secure_id_t;
 
-class TestKeyguardFileIo : public ::keyguard::KeyguardFileIo {
+class TestGateKeeperFileIo : public ::gatekeeper::GateKeeperFileIo {
 public:
-    TestKeyguardFileIo() {
+    TestGateKeeperFileIo() {
         bytes_.length = 0;
     }
 
@@ -56,7 +56,7 @@
     SizedBuffer bytes_;
 };
 
-static void do_enroll(SoftKeyguard &keyguard, EnrollResponse *response) {
+static void do_enroll(SoftGateKeeper &gatekeeper, EnrollResponse *response) {
     SizedBuffer password;
 
     password.buffer.reset(new uint8_t[16]);
@@ -64,30 +64,30 @@
     memset(password.buffer.get(), 0, 16);
     EnrollRequest request(0, NULL, &password, NULL);
 
-    keyguard.Enroll(request, response);
+    gatekeeper.Enroll(request, response);
 }
 
-TEST(KeyguardTest, EnrollSuccess) {
-    SoftKeyguard keyguard(new TestKeyguardFileIo());
+TEST(GateKeeperTest, EnrollSuccess) {
+    SoftGateKeeper gatekeeper(new TestGateKeeperFileIo());
     EnrollResponse response;
-    do_enroll(keyguard, &response);
-    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, response.error);
+    do_enroll(gatekeeper, &response);
+    ASSERT_EQ(::gatekeeper::gatekeeper_error_t::ERROR_NONE, response.error);
 }
 
-TEST(KeyguardTest, EnrollBogusData) {
-    SoftKeyguard keyguard(new TestKeyguardFileIo());
+TEST(GateKeeperTest, EnrollBogusData) {
+    SoftGateKeeper gatekeeper(new TestGateKeeperFileIo());
     SizedBuffer password;
     EnrollResponse response;
 
     EnrollRequest request(0, NULL, &password, NULL);
 
-    keyguard.Enroll(request, &response);
+    gatekeeper.Enroll(request, &response);
 
-    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_INVALID, response.error);
+    ASSERT_EQ(::gatekeeper::gatekeeper_error_t::ERROR_INVALID, response.error);
 }
 
-TEST(KeyguardTest, VerifySuccess) {
-    SoftKeyguard keyguard(new TestKeyguardFileIo());
+TEST(GateKeeperTest, VerifySuccess) {
+    SoftGateKeeper gatekeeper(new TestGateKeeperFileIo());
     SizedBuffer provided_password;
     EnrollResponse enroll_response;
 
@@ -95,15 +95,15 @@
     provided_password.length = 16;
     memset(provided_password.buffer.get(), 0, 16);
 
-    do_enroll(keyguard, &enroll_response);
-    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, enroll_response.error);
+    do_enroll(gatekeeper, &enroll_response);
+    ASSERT_EQ(::gatekeeper::gatekeeper_error_t::ERROR_NONE, enroll_response.error);
     VerifyRequest request(0, &enroll_response.enrolled_password_handle,
             &provided_password);
     VerifyResponse response;
 
-    keyguard.Verify(request, &response);
+    gatekeeper.Verify(request, &response);
 
-    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, response.error);
+    ASSERT_EQ(::gatekeeper::gatekeeper_error_t::ERROR_NONE, response.error);
 
     AuthToken *auth_token =
         reinterpret_cast<AuthToken *>(response.auth_token.buffer.get());
@@ -114,24 +114,24 @@
     ASSERT_NE((uint64_t) 0, auth_token->auxiliary_secure_user_id);
 }
 
-TEST(KeyguardTest, VerifyBadPwFile) {
-    TestKeyguardFileIo *fw = new TestKeyguardFileIo();
-    SoftKeyguard keyguard(fw);
+TEST(GateKeeperTest, VerifyBadPwFile) {
+    TestGateKeeperFileIo *fw = new TestGateKeeperFileIo();
+    SoftGateKeeper gatekeeper(fw);
     SizedBuffer provided_password;
     EnrollResponse enroll_response;
 
     provided_password.buffer.reset(new uint8_t[16]);
     provided_password.length = 16;
     memset(provided_password.buffer.get(), 0, 16);
-    do_enroll(keyguard, &enroll_response);
-    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, enroll_response.error);
+    do_enroll(gatekeeper, &enroll_response);
+    ASSERT_EQ(::gatekeeper::gatekeeper_error_t::ERROR_NONE, enroll_response.error);
 
     VerifyRequest request(0, &enroll_response.enrolled_password_handle,
             &provided_password);
     VerifyResponse response;
     fw->bytes_.buffer.reset();
-    keyguard.Verify(request, &response);
-    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, response.error);
+    gatekeeper.Verify(request, &response);
+    ASSERT_EQ(::gatekeeper::gatekeeper_error_t::ERROR_NONE, response.error);
 
     AuthToken *auth_token =
         reinterpret_cast<AuthToken *>(response.auth_token.buffer.get());
@@ -142,8 +142,8 @@
     ASSERT_EQ((uint64_t) 0, auth_token->auxiliary_secure_user_id);
 }
 
-TEST(KeyguardTest, TrustedReEnroll) {
-    SoftKeyguard keyguard(new TestKeyguardFileIo());
+TEST(GateKeeperTest, TrustedReEnroll) {
+    SoftGateKeeper gatekeeper(new TestGateKeeperFileIo());
     SizedBuffer provided_password;
     EnrollResponse enroll_response;
     SizedBuffer password_handle;
@@ -152,8 +152,8 @@
     provided_password.buffer.reset(new uint8_t[16]);
     provided_password.length = 16;
     memset(provided_password.buffer.get(), 0, 16);
-    do_enroll(keyguard, &enroll_response);
-    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, enroll_response.error);
+    do_enroll(gatekeeper, &enroll_response);
+    ASSERT_EQ(::gatekeeper::gatekeeper_error_t::ERROR_NONE, enroll_response.error);
 
     // keep a copy of the handle
     password_handle.buffer.reset(new uint8_t[enroll_response.enrolled_password_handle.length]);
@@ -165,8 +165,8 @@
     VerifyRequest request(0, &enroll_response.enrolled_password_handle,
             &provided_password);
     VerifyResponse response;
-    keyguard.Verify(request, &response);
-    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, response.error);
+    gatekeeper.Verify(request, &response);
+    ASSERT_EQ(::gatekeeper::gatekeeper_error_t::ERROR_NONE, response.error);
     AuthToken *auth_token =
         reinterpret_cast<AuthToken *>(response.auth_token.buffer.get());
 
@@ -181,8 +181,8 @@
     memset(password.buffer.get(), 1, 16);
     password.length = 16;
     EnrollRequest enroll_request(0, &password_handle, &password, &provided_password);
-    keyguard.Enroll(enroll_request, &enroll_response);
-    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, enroll_response.error);
+    gatekeeper.Enroll(enroll_request, &enroll_response);
+    ASSERT_EQ(::gatekeeper::gatekeeper_error_t::ERROR_NONE, enroll_response.error);
 
     // verify new password
     password.buffer.reset(new uint8_t[16]);
@@ -190,15 +190,15 @@
     password.length = 16;
     VerifyRequest new_request(0, &enroll_response.enrolled_password_handle,
             &password);
-    keyguard.Verify(new_request, &response);
-    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, response.error);
+    gatekeeper.Verify(new_request, &response);
+    ASSERT_EQ(::gatekeeper::gatekeeper_error_t::ERROR_NONE, response.error);
     ASSERT_EQ(secure_id,
         reinterpret_cast<AuthToken *>(response.auth_token.buffer.get())->root_secure_user_id);
 }
 
 
-TEST(KeyguardTest, UntrustedReEnroll) {
-    SoftKeyguard keyguard(new TestKeyguardFileIo());
+TEST(GateKeeperTest, UntrustedReEnroll) {
+    SoftGateKeeper gatekeeper(new TestGateKeeperFileIo());
     SizedBuffer provided_password;
     EnrollResponse enroll_response;
 
@@ -206,15 +206,15 @@
     provided_password.buffer.reset(new uint8_t[16]);
     provided_password.length = 16;
     memset(provided_password.buffer.get(), 0, 16);
-    do_enroll(keyguard, &enroll_response);
-    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, enroll_response.error);
+    do_enroll(gatekeeper, &enroll_response);
+    ASSERT_EQ(::gatekeeper::gatekeeper_error_t::ERROR_NONE, enroll_response.error);
 
     // verify first password
     VerifyRequest request(0, &enroll_response.enrolled_password_handle,
             &provided_password);
     VerifyResponse response;
-    keyguard.Verify(request, &response);
-    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, response.error);
+    gatekeeper.Verify(request, &response);
+    ASSERT_EQ(::gatekeeper::gatekeeper_error_t::ERROR_NONE, response.error);
     AuthToken *auth_token =
         reinterpret_cast<AuthToken *>(response.auth_token.buffer.get());
 
@@ -226,8 +226,8 @@
     memset(password.buffer.get(), 1, 16);
     password.length = 16;
     EnrollRequest enroll_request(0, NULL, &password, NULL);
-    keyguard.Enroll(enroll_request, &enroll_response);
-    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, enroll_response.error);
+    gatekeeper.Enroll(enroll_request, &enroll_response);
+    ASSERT_EQ(::gatekeeper::gatekeeper_error_t::ERROR_NONE, enroll_response.error);
 
     // verify new password
     password.buffer.reset(new uint8_t[16]);
@@ -235,22 +235,22 @@
     password.length = 16;
     VerifyRequest new_request(0, &enroll_response.enrolled_password_handle,
             &password);
-    keyguard.Verify(new_request, &response);
-    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, response.error);
+    gatekeeper.Verify(new_request, &response);
+    ASSERT_EQ(::gatekeeper::gatekeeper_error_t::ERROR_NONE, response.error);
     ASSERT_NE(secure_id,
         reinterpret_cast<AuthToken *>(response.auth_token.buffer.get())->root_secure_user_id);
 }
 
 
-TEST(KeyguardTest, VerifyBogusData) {
-    SoftKeyguard keyguard(new TestKeyguardFileIo());
+TEST(GateKeeperTest, VerifyBogusData) {
+    SoftGateKeeper gatekeeper(new TestGateKeeperFileIo());
     SizedBuffer provided_password;
     SizedBuffer password_handle;
     VerifyResponse response;
 
     VerifyRequest request(0, &provided_password, &password_handle);
 
-    keyguard.Verify(request, &response);
+    gatekeeper.Verify(request, &response);
 
-    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_INVALID, response.error);
+    ASSERT_EQ(::gatekeeper::gatekeeper_error_t::ERROR_INVALID, response.error);
 }