From 9b31a49c3633895d9a2bf08ddb2ea73f8e8d0c64 Mon Sep 17 00:00:00 2001
From: Shawn Willden <swillden@google.com>
Date: Mon, 11 May 2015 07:06:01 -0600
Subject: [PATCH] Remove rescoping.

Rescoping was never a very good solution to the problem of supporting
multiple sets of authorizations for a given key material.  For M we're
removing it and in the future a better solution will be provided.

Change-Id: I6f7585274487bd66e4d90e89014af41e9aa30411
(cherry picked from commit 7f10ab99fc63e99252d924b9e0bdfefef5374b40)
---
 include/hardware/keymaster1.h     | 42 ++-------------------------------------
 include/hardware/keymaster_defs.h |  4 ----
 2 files changed, 2 insertions(+), 44 deletions(-)

diff --git a/include/hardware/keymaster1.h b/include/hardware/keymaster1.h
index 4227f57..1d017fd 100644
--- a/include/hardware/keymaster1.h
+++ b/include/hardware/keymaster1.h
@@ -329,43 +329,6 @@ struct keymaster1_device {
                                                  keymaster_key_characteristics_t** characteristics);
 
     /**
-     * Change a key's authorizations.
-     *
-     * Update the authorizations associated with key_blob to the list specified in new_params, which
-     * must contain the complete set of authorizations desired (hw_enforced and sw_enforced).  Tags
-     * will be added, removed and/or updated only if the appropriate KM_TAG_RESCOPING_ADD and
-     * KM_TAG_RESCOPING_DEL tags exist in the key's authorizations, otherwise
-     * KM_ERROR_INVALID_RESCOPING will be returned and no changes will be made.
-     *
-     * \param[in] dev The keymaster device structure.
-     *
-     * \param[in] new_params The new authorization list to be associated with the key.
-     *
-     * \param[in] new_params_count The number of entries in \p new_params.
-     *
-     * \param[in] key_blob The key to update.
-     *
-     * \param[in] client_id The client ID associated with the key, or NULL if none is associated.
-     *
-     * \param[in] app_data The application data associated with the key, or NULL if none is
-     * associated.
-     *
-     * \param[out] rescoped_key_blob The key blob with the updated authorizations, if successful.
-     * The caller assumes ownership of rescoped_key_blob->key_material and must free() it.
-     *
-     * \param[out] characteristics If not null will contain the new key authorizations, divided into
-     * hw_enforced and sw_enforced lists.  The caller takes ownership and must call
-     * keymaster_free_characteristics() to free.
-     */
-    keymaster_error_t (*rescope)(const struct keymaster1_device* dev,
-                                 const keymaster_key_param_t* new_params, size_t new_params_count,
-                                 const keymaster_key_blob_t* key_blob,
-                                 const keymaster_blob_t* client_id,
-                                 const keymaster_blob_t* app_data,
-                                 keymaster_key_blob_t* rescoped_key_blob,
-                                 keymaster_key_characteristics_t** characteristics);
-
-    /**
      * Imports a key, or key pair, returning a key blob and/or a description of the key.
      *
      * Most key import parameters are defined as keymaster tag/value pairs, provided in "params".
@@ -445,9 +408,8 @@ struct keymaster1_device {
 
     /**
      * Deletes the key, or key pair, associated with the key blob.  After calling this function it
-     * will be impossible to use the key for any other operations (though rescoped versions may
-     * exist, and if so will be usable).  May be applied to keys from foreign roots of trust (keys
-     * not usable under the current root of trust).
+     * will be impossible to use the key for any other operations.  May be applied to keys from
+     * foreign roots of trust (keys not usable under the current root of trust).
      *
      * This function is optional and should be set to NULL if it is not implemented.
      *
diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h
index 9105ee9..1b43fb2 100644
--- a/include/hardware/keymaster_defs.h
+++ b/include/hardware/keymaster_defs.h
@@ -63,8 +63,6 @@ typedef enum {
     KM_TAG_CALLER_NONCE = KM_BOOL | 8,    /* Allow caller to specify nonce or IV. */
 
     /* Other hardware-enforced. */
-    KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101, /* Tags authorized for addition via rescoping. */
-    KM_TAG_RESCOPING_DEL = KM_ENUM_REP | 102, /* Tags authorized for removal via rescoping. */
     KM_TAG_BLOB_USAGE_REQUIREMENTS = KM_ENUM | 705, /* keymaster_key_blob_usage_requirements_t */
 
     /* Algorithm-specific. */
@@ -335,7 +333,6 @@ typedef enum {
     KM_ERROR_UNSUPPORTED_TAG = -39,
     KM_ERROR_INVALID_TAG = -40,
     KM_ERROR_MEMORY_ALLOCATION_FAILED = -41,
-    KM_ERROR_INVALID_RESCOPING = -42,
     KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44,
     KM_ERROR_SECURE_HW_ACCESS_DENIED = -45,
     KM_ERROR_OPERATION_CANCELLED = -46,
@@ -346,7 +343,6 @@ typedef enum {
     KM_ERROR_MISSING_NONCE = -51,
     KM_ERROR_INVALID_NONCE = -52,
     KM_ERROR_UNSUPPORTED_CHUNK_LENGTH = -53,
-    KM_ERROR_RESCOPABLE_KEY_NOT_USABLE = -54,
     KM_ERROR_CALLER_NONCE_PROHIBITED = -55,
 
     KM_ERROR_UNIMPLEMENTED = -100,
-- 
2.11.0