Merge "Remove android.security.remoteprovisioning interfaces"

7 files changed, 0 insertions, 377 deletions

diff --git a/keystore2/aidl/Android.bp b/keystore2/aidl/Android.bp
index e3961da3..8f5c13b0 100644
--- a/keystore2/aidl/Android.bp
+++ b/keystore2/aidl/Android.bp
@@ -103,28 +103,6 @@ aidl_interface {
 }
 
 aidl_interface {
-    name: "android.security.remoteprovisioning",
-    srcs: [ "android/security/remoteprovisioning/*.aidl" ],
-    imports: [
-        "android.hardware.security.keymint-V3",
-        "android.hardware.security.rkp-V3",
-    ],
-    unstable: true,
-    backend: {
-        java: {
-            platform_apis: true,
-        },
-        ndk: {
-            enabled: true,
-            apps_enabled: false,
-        },
-        rust: {
-            enabled: true,
-        },
-    },
-}
-
-aidl_interface {
     name: "android.security.maintenance",
     srcs: [ "android/security/maintenance/*.aidl" ],
     imports: [
diff --git a/keystore2/aidl/android/security/remoteprovisioning/AttestationPoolStatus.aidl b/keystore2/aidl/android/security/remoteprovisioning/AttestationPoolStatus.aidl
deleted file mode 100644
index 3528b423..00000000
--- a/keystore2/aidl/android/security/remoteprovisioning/AttestationPoolStatus.aidl
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.remoteprovisioning;
-
-/**
- * This parcelable provides information about the state of the attestation key pool.
- * @hide
- */
-parcelable AttestationPoolStatus {
-    /**
-     * The number of signed attestation certificate chains which will expire when the date provided
-     * to keystore to check against is reached.
-     */
-    int expiring;
-    /**
-     * The number of signed attestation certificate chains which have not yet been assigned to an
-     * app. This should be less than or equal to signed keys. The remainder of `signed` -
-     * `unassigned` gives the number of signed keys that have been assigned to an app.
-     */
-    int unassigned;
-    /**
-     * The number of signed attestation keys. This should be less than or equal to `total`. The
-     * remainder of `total` - `attested` gives the number of keypairs available to be sent off to
-     * the server for signing.
-     */
-    int attested;
-    /**
-     * The total number of attestation keys.
-     */
-    int total;
-}
diff --git a/keystore2/aidl/android/security/remoteprovisioning/IRemoteProvisioning.aidl b/keystore2/aidl/android/security/remoteprovisioning/IRemoteProvisioning.aidl
deleted file mode 100644
index ecdc7901..00000000
--- a/keystore2/aidl/android/security/remoteprovisioning/IRemoteProvisioning.aidl
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.remoteprovisioning;
-
-import android.hardware.security.keymint.DeviceInfo;
-import android.hardware.security.keymint.ProtectedData;
-import android.hardware.security.keymint.SecurityLevel;
-import android.security.remoteprovisioning.AttestationPoolStatus;
-import android.security.remoteprovisioning.ImplInfo;
-
-/**
- * `IRemoteProvisioning` is the interface provided to use the remote provisioning functionality
- * provided through KeyStore. The intent is for a higher level system component to use these
- * functions in order to drive the process through which the device can receive functioning
- * attestation certificates.
- *
- * ## Error conditions
- * Error conditions are reported as service specific errors.
- * Positive codes correspond to `android.security.remoteprovisioning.ResponseCode`
- * and indicate error conditions diagnosed by the Keystore 2.0 service.
- * TODO: Remote Provisioning HAL error code info
- *
- * `ResponseCode::PERMISSION_DENIED` if the caller does not have the permissions
- * to use the RemoteProvisioning API. This permission is defined under access_vectors in SEPolicy
- * in the keystore2 class: remotely_provision
- *
- * `ResponseCode::SYSTEM_ERROR` for any unexpected errors like IO or IPC failures.
- *
- * @hide
- */
-interface IRemoteProvisioning {
-
-    /**
-     * Returns the status of the attestation key pool in the database.
-     *
-     * @param expiredBy The date as seconds since epoch by which to judge expiration status of
-     *                        certificates.
-     *
-     * @param secLevel The security level to specify which KM instance to get the pool for.
-     *
-     * @return The `AttestationPoolStatus` parcelable contains fields communicating information
-     *                        relevant to making decisions about when to generate and provision
-     *                        more attestation keys.
-     */
-    AttestationPoolStatus getPoolStatus(in long expiredBy, in SecurityLevel secLevel);
-
-    /**
-     * This is the primary entry point for beginning a remote provisioning flow. The caller
-     * specifies how many CSRs should be generated and provides an X25519 ECDH public key along
-     * with a challenge to encrypt privacy sensitive portions of the returned CBOR blob and
-     * guarantee freshness of the request to the certifying third party.
-     *
-     * ## Error conditions
-     * `ResponseCode::NO_UNSIGNED_KEYS` if there are no unsigned keypairs in the database that can
-     *                         be used for the CSRs.
-     *
-     * A RemoteProvisioning HAL response code may indicate backend errors such as failed EEK
-     *                         verification.
-     *
-     * @param testMode Whether or not the TA implementing the Remote Provisioning HAL should accept
-     *                         any EEK (Endpoint Encryption Key), or only one signed by a chain
-     *                         that verifies back to the Root of Trust baked into the TA. True
-     *                         means that any key is accepted.
-     *
-     * @param numCsr How many certificate signing requests should be generated.
-     *
-     * @param eek A chain of certificates terminating in an X25519 public key, the Endpoint
-     *                         Encryption Key.
-     *
-     * @param challenge A challenge to be included and MACed in the returned CBOR blob.
-     *
-     * @param secLevel The security level to specify which KM instance from which to generate a
-     *                         CSR.
-     *
-     * @param protectedData The encrypted CBOR blob generated by the remote provisioner
-     *
-     * @return A CBOR blob composed of various elements required by the server to verify the
-     *                         request.
-     */
-    byte[] generateCsr(in boolean testMode, in int numCsr, in byte[] eek, in byte[] challenge,
-        in SecurityLevel secLevel, out ProtectedData protectedData, out DeviceInfo deviceInfo);
-
-    /**
-     * This method provides a way for the returned attestation certificate chains to be provisioned
-     * to the attestation key database. When an app requests an attesation key, it will be assigned
-     * one of these certificate chains along with the corresponding private key.
-     *
-     * @param publicKey The raw public key encoded in the leaf certificate.
-     *
-     * @param batchCert The batch certificate corresponding to the attestation key. Separated for
-     *                          the purpose of making Subject lookup for KM attestation easier.
-     *
-     * @param certs An X.509, DER encoded certificate chain for the attestation key.
-     *
-     * @param expirationDate The expiration date on the certificate chain, provided by the caller
-     *                          for convenience.
-     *
-     * @param secLevel The security level representing the KM instance containing the key that this
-     *                          chain corresponds to.
-     */
-    void provisionCertChain(in byte[] publicKey, in byte[] batchCert, in byte[] certs,
-        in long expirationDate, in SecurityLevel secLevel);
-
-    /**
-     * This method allows the caller to instruct KeyStore to generate and store a key pair to be
-     * used for attestation in the `generateCsr` method. The caller should handle spacing out these
-     * requests so as not to jam up the KeyStore work queue.
-     *
-     * @param is_test_mode Instructs the underlying HAL interface to mark the generated key with a
-     *                        tag to indicate that it's for testing.
-     *
-     * @param secLevel The security level to specify which KM instance should generate a key pair.
-     */
-    void generateKeyPair(in boolean is_test_mode, in SecurityLevel secLevel);
-
-    /**
-     * This method returns implementation information for whichever instances of
-     * IRemotelyProvisionedComponent are running on the device. The RemoteProvisioner app needs to
-     * know which KM instances it should be generating and managing attestation keys for, and which
-     * EC curves are supported in those instances.
-     *
-     * @return The array of ImplInfo parcelables.
-     */
-     ImplInfo[] getImplementationInfo();
-
-    /**
-     * This method deletes all remotely provisioned attestation keys in the database, regardless
-     * of what state in their life cycle they are in. This is primarily useful to facilitate
-     * testing.
-     *
-     * @return Number of keys deleted
-     */
-    long deleteAllKeys();
-}
diff --git a/keystore2/aidl/android/security/remoteprovisioning/IRemotelyProvisionedKeyPool.aidl b/keystore2/aidl/android/security/remoteprovisioning/IRemotelyProvisionedKeyPool.aidl
deleted file mode 100644
index 7d45e52e..00000000
--- a/keystore2/aidl/android/security/remoteprovisioning/IRemotelyProvisionedKeyPool.aidl
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.remoteprovisioning;
-
-import android.security.remoteprovisioning.RemotelyProvisionedKey;
-
-/**
- * This is the interface providing access to remotely-provisioned attestation keys
- * for an `IRemotelyProvisionedComponent`.
- *
- * @hide
- */
-interface IRemotelyProvisionedKeyPool {
-
-    /**
-     * Fetches an attestation key for the given uid and `IRemotelyProvisionedComponent`, as
-     * identified by the given id.
-
-     * Callers require the keystore2::get_attestation_key permission.
-     *
-     * ## Error conditions
-     * `android.system.keystore2.ResponseCode::PERMISSION_DENIED` if the caller does not have the
-     *      `keystore2::get_attestation_key` permission
-     *
-     * @param clientUid The client application for which an attestation key is needed.
-     *
-     * @param irpcId The unique identifier for the `IRemotelyProvisionedComponent` for which a key
-     *      is requested. This id may be retrieved from a given component via the
-     *      `IRemotelyProvisionedComponent::getHardwareInfo` function.
-     *
-     * @return A `RemotelyProvisionedKey` parcelable containing a key and certification chain for
-     *      the given `IRemotelyProvisionedComponent`.
-     */
-    RemotelyProvisionedKey getAttestationKey(in int clientUid, in @utf8InCpp String irpcId);
-}
diff --git a/keystore2/aidl/android/security/remoteprovisioning/ImplInfo.aidl b/keystore2/aidl/android/security/remoteprovisioning/ImplInfo.aidl
deleted file mode 100644
index 9baeb24b..00000000
--- a/keystore2/aidl/android/security/remoteprovisioning/ImplInfo.aidl
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.remoteprovisioning;
-
-import android.hardware.security.keymint.SecurityLevel;
-
-/**
- * This parcelable provides information about the underlying IRemotelyProvisionedComponent
- * implementation.
- * @hide
- */
-parcelable ImplInfo {
-    /**
-     * The security level of the underlying implementation: TEE or StrongBox.
-     */
-    SecurityLevel secLevel;
-    /**
-     * An integer denoting which EC curve is supported in the underlying implementation. The current
-     * options are either P256 or 25519, with values defined in
-     * hardware/interfaces/security/keymint/aidl/.../RpcHardwareInfo.aidl
-     */
-    int supportedCurve;
-}
diff --git a/keystore2/aidl/android/security/remoteprovisioning/RemotelyProvisionedKey.aidl b/keystore2/aidl/android/security/remoteprovisioning/RemotelyProvisionedKey.aidl
deleted file mode 100644
index ae218550..00000000
--- a/keystore2/aidl/android/security/remoteprovisioning/RemotelyProvisionedKey.aidl
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.remoteprovisioning;
-
-/**
- * A `RemotelyProvisionedKey` holds an attestation key and the corresponding remotely provisioned
- * certificate chain.
- *
- * @hide
- */
-@RustDerive(Eq=true, PartialEq=true)
-parcelable RemotelyProvisionedKey {
-    /**
-     * The remotely-provisioned key that may be used to sign attestations. The format of this key
-     * is opaque, and need only be understood by the IRemotelyProvisionedComponent that generated
-     * it.
-     *
-     * Any private key material contained within this blob must be encrypted.
-     */
-    byte[] keyBlob;
-
-    /**
-     * Sequence of DER-encoded X.509 certificates that make up the attestation key's certificate
-     * chain. This is the binary encoding for a chain that is supported by Java's
-     * CertificateFactory.generateCertificates API.
-     */
-    byte[] encodedCertChain;
-}
diff --git a/keystore2/aidl/android/security/remoteprovisioning/ResponseCode.aidl b/keystore2/aidl/android/security/remoteprovisioning/ResponseCode.aidl
deleted file mode 100644
index c9877db5..00000000
--- a/keystore2/aidl/android/security/remoteprovisioning/ResponseCode.aidl
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.remoteprovisioning;
-
-@Backing(type="int")
-/** @hide */
-enum ResponseCode {
-    /**
-     * Returned if there are no keys available in the database to be used in a CSR
-     */
-    NO_UNSIGNED_KEYS = 1,
-    /**
-     * The caller has imrproper SELinux permissions to access the Remote Provisioning API.
-     */
-    PERMISSION_DENIED = 2,
-    /**
-     * An unexpected error occurred, likely with IO or IPC.
-     */
-    SYSTEM_ERROR = 3,
-}