Remove android.security.remoteprovisioning interfaces
These interfaces are deprecated and replaced by
android.security.rkp_aidl ones.
Bug: 273325840
Test: m
Change-Id: I888ded721341ab6e6e89fe236c8fb0f7e6122b74
diff --git a/keystore2/aidl/Android.bp b/keystore2/aidl/Android.bp
index e3961da..8f5c13b 100644
--- a/keystore2/aidl/Android.bp
+++ b/keystore2/aidl/Android.bp
@@ -103,28 +103,6 @@
}
aidl_interface {
- name: "android.security.remoteprovisioning",
- srcs: [ "android/security/remoteprovisioning/*.aidl" ],
- imports: [
- "android.hardware.security.keymint-V3",
- "android.hardware.security.rkp-V3",
- ],
- unstable: true,
- backend: {
- java: {
- platform_apis: true,
- },
- ndk: {
- enabled: true,
- apps_enabled: false,
- },
- rust: {
- enabled: true,
- },
- },
-}
-
-aidl_interface {
name: "android.security.maintenance",
srcs: [ "android/security/maintenance/*.aidl" ],
imports: [
diff --git a/keystore2/aidl/android/security/remoteprovisioning/AttestationPoolStatus.aidl b/keystore2/aidl/android/security/remoteprovisioning/AttestationPoolStatus.aidl
deleted file mode 100644
index 3528b42..0000000
--- a/keystore2/aidl/android/security/remoteprovisioning/AttestationPoolStatus.aidl
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.remoteprovisioning;
-
-/**
- * This parcelable provides information about the state of the attestation key pool.
- * @hide
- */
-parcelable AttestationPoolStatus {
- /**
- * The number of signed attestation certificate chains which will expire when the date provided
- * to keystore to check against is reached.
- */
- int expiring;
- /**
- * The number of signed attestation certificate chains which have not yet been assigned to an
- * app. This should be less than or equal to signed keys. The remainder of `signed` -
- * `unassigned` gives the number of signed keys that have been assigned to an app.
- */
- int unassigned;
- /**
- * The number of signed attestation keys. This should be less than or equal to `total`. The
- * remainder of `total` - `attested` gives the number of keypairs available to be sent off to
- * the server for signing.
- */
- int attested;
- /**
- * The total number of attestation keys.
- */
- int total;
-}
diff --git a/keystore2/aidl/android/security/remoteprovisioning/IRemoteProvisioning.aidl b/keystore2/aidl/android/security/remoteprovisioning/IRemoteProvisioning.aidl
deleted file mode 100644
index ecdc790..0000000
--- a/keystore2/aidl/android/security/remoteprovisioning/IRemoteProvisioning.aidl
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.remoteprovisioning;
-
-import android.hardware.security.keymint.DeviceInfo;
-import android.hardware.security.keymint.ProtectedData;
-import android.hardware.security.keymint.SecurityLevel;
-import android.security.remoteprovisioning.AttestationPoolStatus;
-import android.security.remoteprovisioning.ImplInfo;
-
-/**
- * `IRemoteProvisioning` is the interface provided to use the remote provisioning functionality
- * provided through KeyStore. The intent is for a higher level system component to use these
- * functions in order to drive the process through which the device can receive functioning
- * attestation certificates.
- *
- * ## Error conditions
- * Error conditions are reported as service specific errors.
- * Positive codes correspond to `android.security.remoteprovisioning.ResponseCode`
- * and indicate error conditions diagnosed by the Keystore 2.0 service.
- * TODO: Remote Provisioning HAL error code info
- *
- * `ResponseCode::PERMISSION_DENIED` if the caller does not have the permissions
- * to use the RemoteProvisioning API. This permission is defined under access_vectors in SEPolicy
- * in the keystore2 class: remotely_provision
- *
- * `ResponseCode::SYSTEM_ERROR` for any unexpected errors like IO or IPC failures.
- *
- * @hide
- */
-interface IRemoteProvisioning {
-
- /**
- * Returns the status of the attestation key pool in the database.
- *
- * @param expiredBy The date as seconds since epoch by which to judge expiration status of
- * certificates.
- *
- * @param secLevel The security level to specify which KM instance to get the pool for.
- *
- * @return The `AttestationPoolStatus` parcelable contains fields communicating information
- * relevant to making decisions about when to generate and provision
- * more attestation keys.
- */
- AttestationPoolStatus getPoolStatus(in long expiredBy, in SecurityLevel secLevel);
-
- /**
- * This is the primary entry point for beginning a remote provisioning flow. The caller
- * specifies how many CSRs should be generated and provides an X25519 ECDH public key along
- * with a challenge to encrypt privacy sensitive portions of the returned CBOR blob and
- * guarantee freshness of the request to the certifying third party.
- *
- * ## Error conditions
- * `ResponseCode::NO_UNSIGNED_KEYS` if there are no unsigned keypairs in the database that can
- * be used for the CSRs.
- *
- * A RemoteProvisioning HAL response code may indicate backend errors such as failed EEK
- * verification.
- *
- * @param testMode Whether or not the TA implementing the Remote Provisioning HAL should accept
- * any EEK (Endpoint Encryption Key), or only one signed by a chain
- * that verifies back to the Root of Trust baked into the TA. True
- * means that any key is accepted.
- *
- * @param numCsr How many certificate signing requests should be generated.
- *
- * @param eek A chain of certificates terminating in an X25519 public key, the Endpoint
- * Encryption Key.
- *
- * @param challenge A challenge to be included and MACed in the returned CBOR blob.
- *
- * @param secLevel The security level to specify which KM instance from which to generate a
- * CSR.
- *
- * @param protectedData The encrypted CBOR blob generated by the remote provisioner
- *
- * @return A CBOR blob composed of various elements required by the server to verify the
- * request.
- */
- byte[] generateCsr(in boolean testMode, in int numCsr, in byte[] eek, in byte[] challenge,
- in SecurityLevel secLevel, out ProtectedData protectedData, out DeviceInfo deviceInfo);
-
- /**
- * This method provides a way for the returned attestation certificate chains to be provisioned
- * to the attestation key database. When an app requests an attesation key, it will be assigned
- * one of these certificate chains along with the corresponding private key.
- *
- * @param publicKey The raw public key encoded in the leaf certificate.
- *
- * @param batchCert The batch certificate corresponding to the attestation key. Separated for
- * the purpose of making Subject lookup for KM attestation easier.
- *
- * @param certs An X.509, DER encoded certificate chain for the attestation key.
- *
- * @param expirationDate The expiration date on the certificate chain, provided by the caller
- * for convenience.
- *
- * @param secLevel The security level representing the KM instance containing the key that this
- * chain corresponds to.
- */
- void provisionCertChain(in byte[] publicKey, in byte[] batchCert, in byte[] certs,
- in long expirationDate, in SecurityLevel secLevel);
-
- /**
- * This method allows the caller to instruct KeyStore to generate and store a key pair to be
- * used for attestation in the `generateCsr` method. The caller should handle spacing out these
- * requests so as not to jam up the KeyStore work queue.
- *
- * @param is_test_mode Instructs the underlying HAL interface to mark the generated key with a
- * tag to indicate that it's for testing.
- *
- * @param secLevel The security level to specify which KM instance should generate a key pair.
- */
- void generateKeyPair(in boolean is_test_mode, in SecurityLevel secLevel);
-
- /**
- * This method returns implementation information for whichever instances of
- * IRemotelyProvisionedComponent are running on the device. The RemoteProvisioner app needs to
- * know which KM instances it should be generating and managing attestation keys for, and which
- * EC curves are supported in those instances.
- *
- * @return The array of ImplInfo parcelables.
- */
- ImplInfo[] getImplementationInfo();
-
- /**
- * This method deletes all remotely provisioned attestation keys in the database, regardless
- * of what state in their life cycle they are in. This is primarily useful to facilitate
- * testing.
- *
- * @return Number of keys deleted
- */
- long deleteAllKeys();
-}
diff --git a/keystore2/aidl/android/security/remoteprovisioning/IRemotelyProvisionedKeyPool.aidl b/keystore2/aidl/android/security/remoteprovisioning/IRemotelyProvisionedKeyPool.aidl
deleted file mode 100644
index 7d45e52..0000000
--- a/keystore2/aidl/android/security/remoteprovisioning/IRemotelyProvisionedKeyPool.aidl
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.remoteprovisioning;
-
-import android.security.remoteprovisioning.RemotelyProvisionedKey;
-
-/**
- * This is the interface providing access to remotely-provisioned attestation keys
- * for an `IRemotelyProvisionedComponent`.
- *
- * @hide
- */
-interface IRemotelyProvisionedKeyPool {
-
- /**
- * Fetches an attestation key for the given uid and `IRemotelyProvisionedComponent`, as
- * identified by the given id.
-
- * Callers require the keystore2::get_attestation_key permission.
- *
- * ## Error conditions
- * `android.system.keystore2.ResponseCode::PERMISSION_DENIED` if the caller does not have the
- * `keystore2::get_attestation_key` permission
- *
- * @param clientUid The client application for which an attestation key is needed.
- *
- * @param irpcId The unique identifier for the `IRemotelyProvisionedComponent` for which a key
- * is requested. This id may be retrieved from a given component via the
- * `IRemotelyProvisionedComponent::getHardwareInfo` function.
- *
- * @return A `RemotelyProvisionedKey` parcelable containing a key and certification chain for
- * the given `IRemotelyProvisionedComponent`.
- */
- RemotelyProvisionedKey getAttestationKey(in int clientUid, in @utf8InCpp String irpcId);
-}
diff --git a/keystore2/aidl/android/security/remoteprovisioning/ImplInfo.aidl b/keystore2/aidl/android/security/remoteprovisioning/ImplInfo.aidl
deleted file mode 100644
index 9baeb24..0000000
--- a/keystore2/aidl/android/security/remoteprovisioning/ImplInfo.aidl
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.remoteprovisioning;
-
-import android.hardware.security.keymint.SecurityLevel;
-
-/**
- * This parcelable provides information about the underlying IRemotelyProvisionedComponent
- * implementation.
- * @hide
- */
-parcelable ImplInfo {
- /**
- * The security level of the underlying implementation: TEE or StrongBox.
- */
- SecurityLevel secLevel;
- /**
- * An integer denoting which EC curve is supported in the underlying implementation. The current
- * options are either P256 or 25519, with values defined in
- * hardware/interfaces/security/keymint/aidl/.../RpcHardwareInfo.aidl
- */
- int supportedCurve;
-}
diff --git a/keystore2/aidl/android/security/remoteprovisioning/RemotelyProvisionedKey.aidl b/keystore2/aidl/android/security/remoteprovisioning/RemotelyProvisionedKey.aidl
deleted file mode 100644
index ae21855..0000000
--- a/keystore2/aidl/android/security/remoteprovisioning/RemotelyProvisionedKey.aidl
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.remoteprovisioning;
-
-/**
- * A `RemotelyProvisionedKey` holds an attestation key and the corresponding remotely provisioned
- * certificate chain.
- *
- * @hide
- */
-@RustDerive(Eq=true, PartialEq=true)
-parcelable RemotelyProvisionedKey {
- /**
- * The remotely-provisioned key that may be used to sign attestations. The format of this key
- * is opaque, and need only be understood by the IRemotelyProvisionedComponent that generated
- * it.
- *
- * Any private key material contained within this blob must be encrypted.
- */
- byte[] keyBlob;
-
- /**
- * Sequence of DER-encoded X.509 certificates that make up the attestation key's certificate
- * chain. This is the binary encoding for a chain that is supported by Java's
- * CertificateFactory.generateCertificates API.
- */
- byte[] encodedCertChain;
-}
diff --git a/keystore2/aidl/android/security/remoteprovisioning/ResponseCode.aidl b/keystore2/aidl/android/security/remoteprovisioning/ResponseCode.aidl
deleted file mode 100644
index c9877db..0000000
--- a/keystore2/aidl/android/security/remoteprovisioning/ResponseCode.aidl
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.remoteprovisioning;
-
-@Backing(type="int")
-/** @hide */
-enum ResponseCode {
- /**
- * Returned if there are no keys available in the database to be used in a CSR
- */
- NO_UNSIGNED_KEYS = 1,
- /**
- * The caller has imrproper SELinux permissions to access the Remote Provisioning API.
- */
- PERMISSION_DENIED = 2,
- /**
- * An unexpected error occurred, likely with IO or IPC.
- */
- SYSTEM_ERROR = 3,
-}