1 /*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #pragma once
18
19 #include <optional>
20
21 #include <aidl/android/hardware/security/keymint/EcCurve.h>
22 #include <aidl/android/hardware/security/keymint/ErrorCode.h>
23 #include <keymasterV4_1/keymaster_tags.h>
24 #include <keymint_support/keymint_tags.h>
25
26 namespace V4_0 = ::android::hardware::keymaster::V4_0;
27 namespace V4_1 = ::android::hardware::keymaster::V4_1;
28 namespace KMV1 = ::aidl::android::hardware::security::keymint;
29
convert(V4_0::ErrorCode error)30 static KMV1::ErrorCode convert(V4_0::ErrorCode error) {
31 switch (error) {
32 case V4_0::ErrorCode::OK:
33 return KMV1::ErrorCode::OK;
34 case V4_0::ErrorCode::ROOT_OF_TRUST_ALREADY_SET:
35 return KMV1::ErrorCode::ROOT_OF_TRUST_ALREADY_SET;
36 case V4_0::ErrorCode::UNSUPPORTED_PURPOSE:
37 return KMV1::ErrorCode::UNSUPPORTED_PURPOSE;
38 case V4_0::ErrorCode::INCOMPATIBLE_PURPOSE:
39 return KMV1::ErrorCode::INCOMPATIBLE_PURPOSE;
40 case V4_0::ErrorCode::UNSUPPORTED_ALGORITHM:
41 return KMV1::ErrorCode::UNSUPPORTED_ALGORITHM;
42 case V4_0::ErrorCode::INCOMPATIBLE_ALGORITHM:
43 return KMV1::ErrorCode::INCOMPATIBLE_ALGORITHM;
44 case V4_0::ErrorCode::UNSUPPORTED_KEY_SIZE:
45 return KMV1::ErrorCode::UNSUPPORTED_KEY_SIZE;
46 case V4_0::ErrorCode::UNSUPPORTED_BLOCK_MODE:
47 return KMV1::ErrorCode::UNSUPPORTED_BLOCK_MODE;
48 case V4_0::ErrorCode::INCOMPATIBLE_BLOCK_MODE:
49 return KMV1::ErrorCode::INCOMPATIBLE_BLOCK_MODE;
50 case V4_0::ErrorCode::UNSUPPORTED_MAC_LENGTH:
51 return KMV1::ErrorCode::UNSUPPORTED_MAC_LENGTH;
52 case V4_0::ErrorCode::UNSUPPORTED_PADDING_MODE:
53 return KMV1::ErrorCode::UNSUPPORTED_PADDING_MODE;
54 case V4_0::ErrorCode::INCOMPATIBLE_PADDING_MODE:
55 return KMV1::ErrorCode::INCOMPATIBLE_PADDING_MODE;
56 case V4_0::ErrorCode::UNSUPPORTED_DIGEST:
57 return KMV1::ErrorCode::UNSUPPORTED_DIGEST;
58 case V4_0::ErrorCode::INCOMPATIBLE_DIGEST:
59 return KMV1::ErrorCode::INCOMPATIBLE_DIGEST;
60 case V4_0::ErrorCode::INVALID_EXPIRATION_TIME:
61 return KMV1::ErrorCode::INVALID_EXPIRATION_TIME;
62 case V4_0::ErrorCode::INVALID_USER_ID:
63 return KMV1::ErrorCode::INVALID_USER_ID;
64 case V4_0::ErrorCode::INVALID_AUTHORIZATION_TIMEOUT:
65 return KMV1::ErrorCode::INVALID_AUTHORIZATION_TIMEOUT;
66 case V4_0::ErrorCode::UNSUPPORTED_KEY_FORMAT:
67 return KMV1::ErrorCode::UNSUPPORTED_KEY_FORMAT;
68 case V4_0::ErrorCode::INCOMPATIBLE_KEY_FORMAT:
69 return KMV1::ErrorCode::INCOMPATIBLE_KEY_FORMAT;
70 case V4_0::ErrorCode::UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:
71 return KMV1::ErrorCode::UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM;
72 case V4_0::ErrorCode::UNSUPPORTED_KEY_VERIFICATION_ALGORITHM:
73 return KMV1::ErrorCode::UNSUPPORTED_KEY_VERIFICATION_ALGORITHM;
74 case V4_0::ErrorCode::INVALID_INPUT_LENGTH:
75 return KMV1::ErrorCode::INVALID_INPUT_LENGTH;
76 case V4_0::ErrorCode::KEY_EXPORT_OPTIONS_INVALID:
77 return KMV1::ErrorCode::KEY_EXPORT_OPTIONS_INVALID;
78 case V4_0::ErrorCode::DELEGATION_NOT_ALLOWED:
79 return KMV1::ErrorCode::DELEGATION_NOT_ALLOWED;
80 case V4_0::ErrorCode::KEY_NOT_YET_VALID:
81 return KMV1::ErrorCode::KEY_NOT_YET_VALID;
82 case V4_0::ErrorCode::KEY_EXPIRED:
83 return KMV1::ErrorCode::KEY_EXPIRED;
84 case V4_0::ErrorCode::KEY_USER_NOT_AUTHENTICATED:
85 return KMV1::ErrorCode::KEY_USER_NOT_AUTHENTICATED;
86 case V4_0::ErrorCode::OUTPUT_PARAMETER_NULL:
87 return KMV1::ErrorCode::OUTPUT_PARAMETER_NULL;
88 case V4_0::ErrorCode::INVALID_OPERATION_HANDLE:
89 return KMV1::ErrorCode::INVALID_OPERATION_HANDLE;
90 case V4_0::ErrorCode::INSUFFICIENT_BUFFER_SPACE:
91 return KMV1::ErrorCode::INSUFFICIENT_BUFFER_SPACE;
92 case V4_0::ErrorCode::VERIFICATION_FAILED:
93 return KMV1::ErrorCode::VERIFICATION_FAILED;
94 case V4_0::ErrorCode::TOO_MANY_OPERATIONS:
95 return KMV1::ErrorCode::TOO_MANY_OPERATIONS;
96 case V4_0::ErrorCode::UNEXPECTED_NULL_POINTER:
97 return KMV1::ErrorCode::UNEXPECTED_NULL_POINTER;
98 case V4_0::ErrorCode::INVALID_KEY_BLOB:
99 return KMV1::ErrorCode::INVALID_KEY_BLOB;
100 case V4_0::ErrorCode::IMPORTED_KEY_NOT_ENCRYPTED:
101 return KMV1::ErrorCode::IMPORTED_KEY_NOT_ENCRYPTED;
102 case V4_0::ErrorCode::IMPORTED_KEY_DECRYPTION_FAILED:
103 return KMV1::ErrorCode::IMPORTED_KEY_DECRYPTION_FAILED;
104 case V4_0::ErrorCode::IMPORTED_KEY_NOT_SIGNED:
105 return KMV1::ErrorCode::IMPORTED_KEY_NOT_SIGNED;
106 case V4_0::ErrorCode::IMPORTED_KEY_VERIFICATION_FAILED:
107 return KMV1::ErrorCode::IMPORTED_KEY_VERIFICATION_FAILED;
108 case V4_0::ErrorCode::INVALID_ARGUMENT:
109 return KMV1::ErrorCode::INVALID_ARGUMENT;
110 case V4_0::ErrorCode::UNSUPPORTED_TAG:
111 return KMV1::ErrorCode::UNSUPPORTED_TAG;
112 case V4_0::ErrorCode::INVALID_TAG:
113 return KMV1::ErrorCode::INVALID_TAG;
114 case V4_0::ErrorCode::MEMORY_ALLOCATION_FAILED:
115 return KMV1::ErrorCode::MEMORY_ALLOCATION_FAILED;
116 case V4_0::ErrorCode::IMPORT_PARAMETER_MISMATCH:
117 return KMV1::ErrorCode::IMPORT_PARAMETER_MISMATCH;
118 case V4_0::ErrorCode::SECURE_HW_ACCESS_DENIED:
119 return KMV1::ErrorCode::SECURE_HW_ACCESS_DENIED;
120 case V4_0::ErrorCode::OPERATION_CANCELLED:
121 return KMV1::ErrorCode::OPERATION_CANCELLED;
122 case V4_0::ErrorCode::CONCURRENT_ACCESS_CONFLICT:
123 return KMV1::ErrorCode::CONCURRENT_ACCESS_CONFLICT;
124 case V4_0::ErrorCode::SECURE_HW_BUSY:
125 return KMV1::ErrorCode::SECURE_HW_BUSY;
126 case V4_0::ErrorCode::SECURE_HW_COMMUNICATION_FAILED:
127 return KMV1::ErrorCode::SECURE_HW_COMMUNICATION_FAILED;
128 case V4_0::ErrorCode::UNSUPPORTED_EC_FIELD:
129 return KMV1::ErrorCode::UNSUPPORTED_EC_FIELD;
130 case V4_0::ErrorCode::MISSING_NONCE:
131 return KMV1::ErrorCode::MISSING_NONCE;
132 case V4_0::ErrorCode::INVALID_NONCE:
133 return KMV1::ErrorCode::INVALID_NONCE;
134 case V4_0::ErrorCode::MISSING_MAC_LENGTH:
135 return KMV1::ErrorCode::MISSING_MAC_LENGTH;
136 case V4_0::ErrorCode::KEY_RATE_LIMIT_EXCEEDED:
137 return KMV1::ErrorCode::KEY_RATE_LIMIT_EXCEEDED;
138 case V4_0::ErrorCode::CALLER_NONCE_PROHIBITED:
139 return KMV1::ErrorCode::CALLER_NONCE_PROHIBITED;
140 case V4_0::ErrorCode::KEY_MAX_OPS_EXCEEDED:
141 return KMV1::ErrorCode::KEY_MAX_OPS_EXCEEDED;
142 case V4_0::ErrorCode::INVALID_MAC_LENGTH:
143 return KMV1::ErrorCode::INVALID_MAC_LENGTH;
144 case V4_0::ErrorCode::MISSING_MIN_MAC_LENGTH:
145 return KMV1::ErrorCode::MISSING_MIN_MAC_LENGTH;
146 case V4_0::ErrorCode::UNSUPPORTED_MIN_MAC_LENGTH:
147 return KMV1::ErrorCode::UNSUPPORTED_MIN_MAC_LENGTH;
148 case V4_0::ErrorCode::UNSUPPORTED_KDF:
149 return KMV1::ErrorCode::UNSUPPORTED_KDF;
150 case V4_0::ErrorCode::UNSUPPORTED_EC_CURVE:
151 return KMV1::ErrorCode::UNSUPPORTED_EC_CURVE;
152 case V4_0::ErrorCode::KEY_REQUIRES_UPGRADE:
153 return KMV1::ErrorCode::KEY_REQUIRES_UPGRADE;
154 case V4_0::ErrorCode::ATTESTATION_CHALLENGE_MISSING:
155 return KMV1::ErrorCode::ATTESTATION_CHALLENGE_MISSING;
156 case V4_0::ErrorCode::KEYMASTER_NOT_CONFIGURED:
157 return KMV1::ErrorCode::KEYMINT_NOT_CONFIGURED;
158 case V4_0::ErrorCode::ATTESTATION_APPLICATION_ID_MISSING:
159 return KMV1::ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
160 case V4_0::ErrorCode::CANNOT_ATTEST_IDS:
161 return KMV1::ErrorCode::CANNOT_ATTEST_IDS;
162 case V4_0::ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE:
163 return KMV1::ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE;
164 case V4_0::ErrorCode::HARDWARE_TYPE_UNAVAILABLE:
165 return KMV1::ErrorCode::HARDWARE_TYPE_UNAVAILABLE;
166 case V4_0::ErrorCode::PROOF_OF_PRESENCE_REQUIRED:
167 return KMV1::ErrorCode::PROOF_OF_PRESENCE_REQUIRED;
168 case V4_0::ErrorCode::CONCURRENT_PROOF_OF_PRESENCE_REQUESTED:
169 return KMV1::ErrorCode::CONCURRENT_PROOF_OF_PRESENCE_REQUESTED;
170 case V4_0::ErrorCode::NO_USER_CONFIRMATION:
171 return KMV1::ErrorCode::NO_USER_CONFIRMATION;
172 case V4_0::ErrorCode::DEVICE_LOCKED:
173 return KMV1::ErrorCode::DEVICE_LOCKED;
174 case V4_0::ErrorCode::UNIMPLEMENTED:
175 return KMV1::ErrorCode::UNIMPLEMENTED;
176 case V4_0::ErrorCode::VERSION_MISMATCH:
177 return KMV1::ErrorCode::VERSION_MISMATCH;
178 case V4_0::ErrorCode::UNKNOWN_ERROR:
179 return KMV1::ErrorCode::UNKNOWN_ERROR;
180 }
181 }
182
convert(KMV1::KeyPurpose p)183 static std::optional<V4_0::KeyPurpose> convert(KMV1::KeyPurpose p) {
184 switch (p) {
185 case KMV1::KeyPurpose::ENCRYPT:
186 return V4_0::KeyPurpose::ENCRYPT;
187 case KMV1::KeyPurpose::DECRYPT:
188 return V4_0::KeyPurpose::DECRYPT;
189 case KMV1::KeyPurpose::SIGN:
190 return V4_0::KeyPurpose::SIGN;
191 case KMV1::KeyPurpose::VERIFY:
192 return V4_0::KeyPurpose::VERIFY;
193 case KMV1::KeyPurpose::WRAP_KEY:
194 return V4_0::KeyPurpose::WRAP_KEY;
195 default:
196 // Can end up here because KeyMint may have KeyPurpose values not in KM4.
197 return {};
198 }
199 }
200
convert(V4_0::KeyPurpose p)201 static KMV1::KeyPurpose convert(V4_0::KeyPurpose p) {
202 switch (p) {
203 case V4_0::KeyPurpose::ENCRYPT:
204 return KMV1::KeyPurpose::ENCRYPT;
205 case V4_0::KeyPurpose::DECRYPT:
206 return KMV1::KeyPurpose::DECRYPT;
207 case V4_0::KeyPurpose::SIGN:
208 return KMV1::KeyPurpose::SIGN;
209 case V4_0::KeyPurpose::VERIFY:
210 return KMV1::KeyPurpose::VERIFY;
211 case V4_0::KeyPurpose::WRAP_KEY:
212 return KMV1::KeyPurpose::WRAP_KEY;
213 }
214 }
215
convert(KMV1::Algorithm a)216 static V4_0::Algorithm convert(KMV1::Algorithm a) {
217 switch (a) {
218 case KMV1::Algorithm::RSA:
219 return V4_0::Algorithm::RSA;
220 case KMV1::Algorithm::EC:
221 return V4_0::Algorithm::EC;
222 case KMV1::Algorithm::AES:
223 return V4_0::Algorithm::AES;
224 case KMV1::Algorithm::TRIPLE_DES:
225 return V4_0::Algorithm::TRIPLE_DES;
226 case KMV1::Algorithm::HMAC:
227 return V4_0::Algorithm::HMAC;
228 }
229 }
230
convert(V4_0::Algorithm a)231 static KMV1::Algorithm convert(V4_0::Algorithm a) {
232 switch (a) {
233 case V4_0::Algorithm::RSA:
234 return KMV1::Algorithm::RSA;
235 case V4_0::Algorithm::EC:
236 return KMV1::Algorithm::EC;
237 case V4_0::Algorithm::AES:
238 return KMV1::Algorithm::AES;
239 case V4_0::Algorithm::TRIPLE_DES:
240 return KMV1::Algorithm::TRIPLE_DES;
241 case V4_0::Algorithm::HMAC:
242 return KMV1::Algorithm::HMAC;
243 }
244 }
245
convert(KMV1::Digest d)246 static V4_0::Digest convert(KMV1::Digest d) {
247 switch (d) {
248 case KMV1::Digest::NONE:
249 return V4_0::Digest::NONE;
250 case KMV1::Digest::MD5:
251 return V4_0::Digest::MD5;
252 case KMV1::Digest::SHA1:
253 return V4_0::Digest::SHA1;
254 case KMV1::Digest::SHA_2_224:
255 return V4_0::Digest::SHA_2_224;
256 case KMV1::Digest::SHA_2_256:
257 return V4_0::Digest::SHA_2_256;
258 case KMV1::Digest::SHA_2_384:
259 return V4_0::Digest::SHA_2_384;
260 case KMV1::Digest::SHA_2_512:
261 return V4_0::Digest::SHA_2_512;
262 }
263 }
264
convert(V4_0::Digest d)265 static KMV1::Digest convert(V4_0::Digest d) {
266 switch (d) {
267 case V4_0::Digest::NONE:
268 return KMV1::Digest::NONE;
269 case V4_0::Digest::MD5:
270 return KMV1::Digest::MD5;
271 case V4_0::Digest::SHA1:
272 return KMV1::Digest::SHA1;
273 case V4_0::Digest::SHA_2_224:
274 return KMV1::Digest::SHA_2_224;
275 case V4_0::Digest::SHA_2_256:
276 return KMV1::Digest::SHA_2_256;
277 case V4_0::Digest::SHA_2_384:
278 return KMV1::Digest::SHA_2_384;
279 case V4_0::Digest::SHA_2_512:
280 return KMV1::Digest::SHA_2_512;
281 }
282 }
283
convert(KMV1::EcCurve e)284 static std::optional<V4_0::EcCurve> convert(KMV1::EcCurve e) {
285 switch (e) {
286 case KMV1::EcCurve::P_224:
287 return V4_0::EcCurve::P_224;
288 case KMV1::EcCurve::P_256:
289 return V4_0::EcCurve::P_256;
290 case KMV1::EcCurve::P_384:
291 return V4_0::EcCurve::P_384;
292 case KMV1::EcCurve::P_521:
293 return V4_0::EcCurve::P_521;
294 case KMV1::EcCurve::CURVE_25519:
295 // KeyMaster did not support curve 25519
296 return std::nullopt;
297 }
298 return std::nullopt;
299 }
300
convert(V4_0::EcCurve e)301 static KMV1::EcCurve convert(V4_0::EcCurve e) {
302 switch (e) {
303 case V4_0::EcCurve::P_224:
304 return KMV1::EcCurve::P_224;
305 case V4_0::EcCurve::P_256:
306 return KMV1::EcCurve::P_256;
307 case V4_0::EcCurve::P_384:
308 return KMV1::EcCurve::P_384;
309 case V4_0::EcCurve::P_521:
310 return KMV1::EcCurve::P_521;
311 }
312 }
313
convert(KMV1::BlockMode b)314 static V4_0::BlockMode convert(KMV1::BlockMode b) {
315 switch (b) {
316 case KMV1::BlockMode::ECB:
317 return V4_0::BlockMode::ECB;
318 case KMV1::BlockMode::CBC:
319 return V4_0::BlockMode::CBC;
320 case KMV1::BlockMode::CTR:
321 return V4_0::BlockMode::CTR;
322 case KMV1::BlockMode::GCM:
323 return V4_0::BlockMode::GCM;
324 }
325 }
326
convert(V4_0::BlockMode b)327 static KMV1::BlockMode convert(V4_0::BlockMode b) {
328 switch (b) {
329 case V4_0::BlockMode::ECB:
330 return KMV1::BlockMode::ECB;
331 case V4_0::BlockMode::CBC:
332 return KMV1::BlockMode::CBC;
333 case V4_0::BlockMode::CTR:
334 return KMV1::BlockMode::CTR;
335 case V4_0::BlockMode::GCM:
336 return KMV1::BlockMode::GCM;
337 }
338 }
339
convert(KMV1::PaddingMode p)340 static V4_0::PaddingMode convert(KMV1::PaddingMode p) {
341 switch (p) {
342 case KMV1::PaddingMode::NONE:
343 return V4_0::PaddingMode::NONE;
344 case KMV1::PaddingMode::RSA_OAEP:
345 return V4_0::PaddingMode::RSA_OAEP;
346 case KMV1::PaddingMode::RSA_PSS:
347 return V4_0::PaddingMode::RSA_PSS;
348 case KMV1::PaddingMode::RSA_PKCS1_1_5_ENCRYPT:
349 return V4_0::PaddingMode::RSA_PKCS1_1_5_ENCRYPT;
350 case KMV1::PaddingMode::RSA_PKCS1_1_5_SIGN:
351 return V4_0::PaddingMode::RSA_PKCS1_1_5_SIGN;
352 case KMV1::PaddingMode::PKCS7:
353 return V4_0::PaddingMode::PKCS7;
354 }
355 }
356
convert(V4_0::PaddingMode p)357 static KMV1::PaddingMode convert(V4_0::PaddingMode p) {
358 switch (p) {
359 case V4_0::PaddingMode::NONE:
360 return KMV1::PaddingMode::NONE;
361 case V4_0::PaddingMode::RSA_OAEP:
362 return KMV1::PaddingMode::RSA_OAEP;
363 case V4_0::PaddingMode::RSA_PSS:
364 return KMV1::PaddingMode::RSA_PSS;
365 case V4_0::PaddingMode::RSA_PKCS1_1_5_ENCRYPT:
366 return KMV1::PaddingMode::RSA_PKCS1_1_5_ENCRYPT;
367 case V4_0::PaddingMode::RSA_PKCS1_1_5_SIGN:
368 return KMV1::PaddingMode::RSA_PKCS1_1_5_SIGN;
369 case V4_0::PaddingMode::PKCS7:
370 return KMV1::PaddingMode::PKCS7;
371 }
372 }
373
convert(KMV1::HardwareAuthenticatorType h)374 static V4_0::HardwareAuthenticatorType convert(KMV1::HardwareAuthenticatorType h) {
375 uint32_t result = 0;
376 uint32_t hat = static_cast<uint32_t>(h);
377 if (hat & static_cast<uint32_t>(KMV1::HardwareAuthenticatorType::PASSWORD)) {
378 result |= static_cast<uint32_t>(V4_0::HardwareAuthenticatorType::PASSWORD);
379 }
380 if (hat & static_cast<uint32_t>(KMV1::HardwareAuthenticatorType::FINGERPRINT)) {
381 result |= static_cast<uint32_t>(V4_0::HardwareAuthenticatorType::FINGERPRINT);
382 }
383 return static_cast<V4_0::HardwareAuthenticatorType>(result);
384 }
385
convert(V4_0::HardwareAuthenticatorType h)386 static KMV1::HardwareAuthenticatorType convert(V4_0::HardwareAuthenticatorType h) {
387 uint32_t result = 0;
388 if ((uint32_t)h & (uint32_t)V4_0::HardwareAuthenticatorType::PASSWORD) {
389 result |= (uint32_t)KMV1::HardwareAuthenticatorType::PASSWORD;
390 }
391 if ((uint32_t)h & (uint32_t)V4_0::HardwareAuthenticatorType::FINGERPRINT) {
392 result |= (uint32_t)KMV1::HardwareAuthenticatorType::FINGERPRINT;
393 }
394 return static_cast<KMV1::HardwareAuthenticatorType>(result);
395 }
396
convert(KMV1::SecurityLevel s)397 static V4_0::SecurityLevel convert(KMV1::SecurityLevel s) {
398 switch (s) {
399 case KMV1::SecurityLevel::SOFTWARE:
400 return V4_0::SecurityLevel::SOFTWARE;
401 case KMV1::SecurityLevel::TRUSTED_ENVIRONMENT:
402 return V4_0::SecurityLevel::TRUSTED_ENVIRONMENT;
403 case KMV1::SecurityLevel::STRONGBOX:
404 return V4_0::SecurityLevel::STRONGBOX;
405 case KMV1::SecurityLevel::KEYSTORE:
406 return V4_0::SecurityLevel::SOFTWARE;
407 }
408 }
409
convert(V4_0::SecurityLevel s)410 static KMV1::SecurityLevel convert(V4_0::SecurityLevel s) {
411 switch (s) {
412 case V4_0::SecurityLevel::SOFTWARE:
413 return KMV1::SecurityLevel::SOFTWARE;
414 case V4_0::SecurityLevel::TRUSTED_ENVIRONMENT:
415 return KMV1::SecurityLevel::TRUSTED_ENVIRONMENT;
416 case V4_0::SecurityLevel::STRONGBOX:
417 return KMV1::SecurityLevel::STRONGBOX;
418 }
419 }
420
convert(KMV1::KeyOrigin o)421 static V4_0::KeyOrigin convert(KMV1::KeyOrigin o) {
422 switch (o) {
423 case KMV1::KeyOrigin::GENERATED:
424 return V4_0::KeyOrigin::GENERATED;
425 case KMV1::KeyOrigin::DERIVED:
426 return V4_0::KeyOrigin::DERIVED;
427 case KMV1::KeyOrigin::IMPORTED:
428 return V4_0::KeyOrigin::IMPORTED;
429 case KMV1::KeyOrigin::RESERVED:
430 return V4_0::KeyOrigin::UNKNOWN;
431 case KMV1::KeyOrigin::SECURELY_IMPORTED:
432 return V4_0::KeyOrigin::SECURELY_IMPORTED;
433 }
434 }
435
convert(V4_0::KeyOrigin o)436 static KMV1::KeyOrigin convert(V4_0::KeyOrigin o) {
437 switch (o) {
438 case V4_0::KeyOrigin::GENERATED:
439 return KMV1::KeyOrigin::GENERATED;
440 case V4_0::KeyOrigin::DERIVED:
441 return KMV1::KeyOrigin::DERIVED;
442 case V4_0::KeyOrigin::IMPORTED:
443 return KMV1::KeyOrigin::IMPORTED;
444 case V4_0::KeyOrigin::UNKNOWN:
445 return KMV1::KeyOrigin::RESERVED;
446 case V4_0::KeyOrigin::SECURELY_IMPORTED:
447 return KMV1::KeyOrigin::SECURELY_IMPORTED;
448 }
449 }
450
convertKeyParameterToLegacy(const KMV1::KeyParameter & kp)451 static V4_0::KeyParameter convertKeyParameterToLegacy(const KMV1::KeyParameter& kp) {
452 switch (kp.tag) {
453 case KMV1::Tag::INVALID:
454 break;
455 case KMV1::Tag::PURPOSE:
456 if (auto v = KMV1::authorizationValue(KMV1::TAG_PURPOSE, kp)) {
457 std::optional<V4_0::KeyPurpose> purpose = convert(v->get());
458 if (purpose) {
459 return V4_0::makeKeyParameter(V4_0::TAG_PURPOSE, purpose.value());
460 }
461 }
462 break;
463 case KMV1::Tag::ALGORITHM:
464 if (auto v = KMV1::authorizationValue(KMV1::TAG_ALGORITHM, kp)) {
465 return V4_0::makeKeyParameter(V4_0::TAG_ALGORITHM, convert(v->get()));
466 }
467 break;
468 case KMV1::Tag::KEY_SIZE:
469 if (auto v = KMV1::authorizationValue(KMV1::TAG_KEY_SIZE, kp)) {
470 return V4_0::makeKeyParameter(V4_0::TAG_KEY_SIZE, v->get());
471 }
472 break;
473 case KMV1::Tag::BLOCK_MODE:
474 if (auto v = KMV1::authorizationValue(KMV1::TAG_BLOCK_MODE, kp)) {
475 return V4_0::makeKeyParameter(V4_0::TAG_BLOCK_MODE, convert(v->get()));
476 }
477 break;
478 case KMV1::Tag::DIGEST:
479 if (auto v = KMV1::authorizationValue(KMV1::TAG_DIGEST, kp)) {
480 return V4_0::makeKeyParameter(V4_0::TAG_DIGEST, convert(v->get()));
481 }
482 break;
483 case KMV1::Tag::PADDING:
484 if (auto v = KMV1::authorizationValue(KMV1::TAG_PADDING, kp)) {
485 return V4_0::makeKeyParameter(V4_0::TAG_PADDING, convert(v->get()));
486 }
487 break;
488 case KMV1::Tag::CALLER_NONCE:
489 if (auto v = KMV1::authorizationValue(KMV1::TAG_CALLER_NONCE, kp)) {
490 return V4_0::makeKeyParameter(V4_0::TAG_CALLER_NONCE, v->get());
491 }
492 break;
493 case KMV1::Tag::MIN_MAC_LENGTH:
494 if (auto v = KMV1::authorizationValue(KMV1::TAG_MIN_MAC_LENGTH, kp)) {
495 return V4_0::makeKeyParameter(V4_0::TAG_MIN_MAC_LENGTH, v->get());
496 }
497 break;
498 case KMV1::Tag::EC_CURVE:
499 if (auto v = KMV1::authorizationValue(KMV1::TAG_EC_CURVE, kp)) {
500 if (auto curve = convert(v->get())) {
501 return V4_0::makeKeyParameter(V4_0::TAG_EC_CURVE, curve.value());
502 }
503 }
504 break;
505 case KMV1::Tag::RSA_PUBLIC_EXPONENT:
506 if (auto v = KMV1::authorizationValue(KMV1::TAG_RSA_PUBLIC_EXPONENT, kp)) {
507 return V4_0::makeKeyParameter(V4_0::TAG_RSA_PUBLIC_EXPONENT, v->get());
508 }
509 break;
510 case KMV1::Tag::INCLUDE_UNIQUE_ID:
511 if (auto v = KMV1::authorizationValue(KMV1::TAG_INCLUDE_UNIQUE_ID, kp)) {
512 return V4_0::makeKeyParameter(V4_0::TAG_INCLUDE_UNIQUE_ID, v->get());
513 }
514 break;
515 case KMV1::Tag::BOOTLOADER_ONLY:
516 if (auto v = KMV1::authorizationValue(KMV1::TAG_BOOTLOADER_ONLY, kp)) {
517 return V4_0::makeKeyParameter(V4_0::TAG_BOOTLOADER_ONLY, v->get());
518 }
519 break;
520 case KMV1::Tag::ROLLBACK_RESISTANCE:
521 if (auto v = KMV1::authorizationValue(KMV1::TAG_ROLLBACK_RESISTANCE, kp)) {
522 return V4_0::makeKeyParameter(V4_0::TAG_ROLLBACK_RESISTANCE, v->get());
523 }
524 break;
525 case KMV1::Tag::HARDWARE_TYPE:
526 if (auto v = KMV1::authorizationValue(KMV1::TAG_HARDWARE_TYPE, kp)) {
527 return V4_0::makeKeyParameter(V4_0::TAG_HARDWARE_TYPE, convert(v->get()));
528 }
529 break;
530 case KMV1::Tag::EARLY_BOOT_ONLY:
531 if (auto v = KMV1::authorizationValue(KMV1::TAG_EARLY_BOOT_ONLY, kp)) {
532 return V4_0::makeKeyParameter(V4_1::TAG_EARLY_BOOT_ONLY, v->get());
533 }
534 break;
535 case KMV1::Tag::ACTIVE_DATETIME:
536 if (auto v = KMV1::authorizationValue(KMV1::TAG_ACTIVE_DATETIME, kp)) {
537 return V4_0::makeKeyParameter(V4_0::TAG_ACTIVE_DATETIME, v->get());
538 }
539 break;
540 case KMV1::Tag::ORIGINATION_EXPIRE_DATETIME:
541 if (auto v = KMV1::authorizationValue(KMV1::TAG_ORIGINATION_EXPIRE_DATETIME, kp)) {
542 return V4_0::makeKeyParameter(V4_0::TAG_ORIGINATION_EXPIRE_DATETIME, v->get());
543 }
544 break;
545 case KMV1::Tag::USAGE_EXPIRE_DATETIME:
546 if (auto v = KMV1::authorizationValue(KMV1::TAG_USAGE_EXPIRE_DATETIME, kp)) {
547 return V4_0::makeKeyParameter(V4_0::TAG_USAGE_EXPIRE_DATETIME, v->get());
548 }
549 break;
550 case KMV1::Tag::MIN_SECONDS_BETWEEN_OPS:
551 if (auto v = KMV1::authorizationValue(KMV1::TAG_MIN_SECONDS_BETWEEN_OPS, kp)) {
552 return V4_0::makeKeyParameter(V4_0::TAG_MIN_SECONDS_BETWEEN_OPS, v->get());
553 }
554 break;
555 case KMV1::Tag::MAX_USES_PER_BOOT:
556 if (auto v = KMV1::authorizationValue(KMV1::TAG_MAX_USES_PER_BOOT, kp)) {
557 return V4_0::makeKeyParameter(V4_0::TAG_MAX_USES_PER_BOOT, v->get());
558 }
559 break;
560 case KMV1::Tag::USAGE_COUNT_LIMIT:
561 // Does not exist in KM < KeyMint 1.0.
562 break;
563 case KMV1::Tag::USER_ID:
564 if (auto v = KMV1::authorizationValue(KMV1::TAG_USER_ID, kp)) {
565 return V4_0::makeKeyParameter(V4_0::TAG_USER_ID, v->get());
566 }
567 break;
568 case KMV1::Tag::USER_SECURE_ID:
569 if (auto v = KMV1::authorizationValue(KMV1::TAG_USER_SECURE_ID, kp)) {
570 return V4_0::makeKeyParameter(V4_0::TAG_USER_SECURE_ID, v->get());
571 }
572 break;
573 case KMV1::Tag::NO_AUTH_REQUIRED:
574 if (auto v = KMV1::authorizationValue(KMV1::TAG_NO_AUTH_REQUIRED, kp)) {
575 return V4_0::makeKeyParameter(V4_0::TAG_NO_AUTH_REQUIRED, v->get());
576 }
577 break;
578 case KMV1::Tag::USER_AUTH_TYPE:
579 if (auto v = KMV1::authorizationValue(KMV1::TAG_USER_AUTH_TYPE, kp)) {
580 return V4_0::makeKeyParameter(V4_0::TAG_USER_AUTH_TYPE, convert(v->get()));
581 }
582 break;
583 case KMV1::Tag::AUTH_TIMEOUT:
584 if (auto v = KMV1::authorizationValue(KMV1::TAG_AUTH_TIMEOUT, kp)) {
585 return V4_0::makeKeyParameter(V4_0::TAG_AUTH_TIMEOUT, v->get());
586 }
587 break;
588 case KMV1::Tag::ALLOW_WHILE_ON_BODY:
589 if (auto v = KMV1::authorizationValue(KMV1::TAG_ALLOW_WHILE_ON_BODY, kp)) {
590 return V4_0::makeKeyParameter(V4_0::TAG_ALLOW_WHILE_ON_BODY, v->get());
591 }
592 break;
593 case KMV1::Tag::TRUSTED_USER_PRESENCE_REQUIRED:
594 if (auto v = KMV1::authorizationValue(KMV1::TAG_TRUSTED_USER_PRESENCE_REQUIRED, kp)) {
595 return V4_0::makeKeyParameter(V4_0::TAG_TRUSTED_USER_PRESENCE_REQUIRED, v->get());
596 }
597 break;
598 case KMV1::Tag::TRUSTED_CONFIRMATION_REQUIRED:
599 if (auto v = KMV1::authorizationValue(KMV1::TAG_TRUSTED_CONFIRMATION_REQUIRED, kp)) {
600 return V4_0::makeKeyParameter(V4_0::TAG_TRUSTED_CONFIRMATION_REQUIRED, v->get());
601 }
602 break;
603 case KMV1::Tag::UNLOCKED_DEVICE_REQUIRED:
604 if (auto v = KMV1::authorizationValue(KMV1::TAG_UNLOCKED_DEVICE_REQUIRED, kp)) {
605 return V4_0::makeKeyParameter(V4_0::TAG_UNLOCKED_DEVICE_REQUIRED, v->get());
606 }
607 break;
608 case KMV1::Tag::APPLICATION_ID:
609 if (auto v = KMV1::authorizationValue(KMV1::TAG_APPLICATION_ID, kp)) {
610 return V4_0::makeKeyParameter(V4_0::TAG_APPLICATION_ID, v->get());
611 }
612 break;
613 case KMV1::Tag::APPLICATION_DATA:
614 if (auto v = KMV1::authorizationValue(KMV1::TAG_APPLICATION_DATA, kp)) {
615 return V4_0::makeKeyParameter(V4_0::TAG_APPLICATION_DATA, v->get());
616 }
617 break;
618 case KMV1::Tag::CREATION_DATETIME:
619 if (auto v = KMV1::authorizationValue(KMV1::TAG_CREATION_DATETIME, kp)) {
620 return V4_0::makeKeyParameter(V4_0::TAG_CREATION_DATETIME, v->get());
621 }
622 break;
623 case KMV1::Tag::ORIGIN:
624 if (auto v = KMV1::authorizationValue(KMV1::TAG_ORIGIN, kp)) {
625 return V4_0::makeKeyParameter(V4_0::TAG_ORIGIN, convert(v->get()));
626 }
627 break;
628 case KMV1::Tag::ROOT_OF_TRUST:
629 if (auto v = KMV1::authorizationValue(KMV1::TAG_ROOT_OF_TRUST, kp)) {
630 return V4_0::makeKeyParameter(V4_0::TAG_ROOT_OF_TRUST, v->get());
631 }
632 break;
633 case KMV1::Tag::OS_VERSION:
634 if (auto v = KMV1::authorizationValue(KMV1::TAG_OS_VERSION, kp)) {
635 return V4_0::makeKeyParameter(V4_0::TAG_OS_VERSION, v->get());
636 }
637 break;
638 case KMV1::Tag::OS_PATCHLEVEL:
639 if (auto v = KMV1::authorizationValue(KMV1::TAG_OS_PATCHLEVEL, kp)) {
640 return V4_0::makeKeyParameter(V4_0::TAG_OS_PATCHLEVEL, v->get());
641 }
642 break;
643 case KMV1::Tag::UNIQUE_ID:
644 if (auto v = KMV1::authorizationValue(KMV1::TAG_UNIQUE_ID, kp)) {
645 return V4_0::makeKeyParameter(V4_0::TAG_UNIQUE_ID, v->get());
646 }
647 break;
648 case KMV1::Tag::ATTESTATION_CHALLENGE:
649 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_CHALLENGE, kp)) {
650 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_CHALLENGE, v->get());
651 }
652 break;
653 case KMV1::Tag::ATTESTATION_APPLICATION_ID:
654 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_APPLICATION_ID, kp)) {
655 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_APPLICATION_ID, v->get());
656 }
657 break;
658 case KMV1::Tag::ATTESTATION_ID_BRAND:
659 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_ID_BRAND, kp)) {
660 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_ID_BRAND, v->get());
661 }
662 break;
663 case KMV1::Tag::ATTESTATION_ID_DEVICE:
664 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_ID_DEVICE, kp)) {
665 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_ID_DEVICE, v->get());
666 }
667 break;
668 case KMV1::Tag::ATTESTATION_ID_PRODUCT:
669 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_ID_PRODUCT, kp)) {
670 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_ID_PRODUCT, v->get());
671 }
672 break;
673 case KMV1::Tag::ATTESTATION_ID_SERIAL:
674 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_ID_SERIAL, kp)) {
675 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_ID_SERIAL, v->get());
676 }
677 break;
678 case KMV1::Tag::ATTESTATION_ID_IMEI:
679 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_ID_IMEI, kp)) {
680 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_ID_IMEI, v->get());
681 }
682 break;
683 case KMV1::Tag::ATTESTATION_ID_MEID:
684 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_ID_MEID, kp)) {
685 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_ID_MEID, v->get());
686 }
687 break;
688 case KMV1::Tag::ATTESTATION_ID_MANUFACTURER:
689 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_ID_MANUFACTURER, kp)) {
690 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_ID_MANUFACTURER, v->get());
691 }
692 break;
693 case KMV1::Tag::ATTESTATION_ID_MODEL:
694 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_ID_MODEL, kp)) {
695 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_ID_MODEL, v->get());
696 }
697 break;
698 case KMV1::Tag::VENDOR_PATCHLEVEL:
699 if (auto v = KMV1::authorizationValue(KMV1::TAG_VENDOR_PATCHLEVEL, kp)) {
700 return V4_0::makeKeyParameter(V4_0::TAG_VENDOR_PATCHLEVEL, v->get());
701 }
702 break;
703 case KMV1::Tag::BOOT_PATCHLEVEL:
704 if (auto v = KMV1::authorizationValue(KMV1::TAG_BOOT_PATCHLEVEL, kp)) {
705 return V4_0::makeKeyParameter(V4_0::TAG_BOOT_PATCHLEVEL, v->get());
706 }
707 break;
708 case KMV1::Tag::DEVICE_UNIQUE_ATTESTATION:
709 if (auto v = KMV1::authorizationValue(KMV1::TAG_DEVICE_UNIQUE_ATTESTATION, kp)) {
710 return V4_0::makeKeyParameter(V4_1::TAG_DEVICE_UNIQUE_ATTESTATION, v->get());
711 }
712 break;
713 case KMV1::Tag::IDENTITY_CREDENTIAL_KEY:
714 if (auto v = KMV1::authorizationValue(KMV1::TAG_IDENTITY_CREDENTIAL_KEY, kp)) {
715 return V4_0::makeKeyParameter(V4_1::TAG_IDENTITY_CREDENTIAL_KEY, v->get());
716 }
717 break;
718 case KMV1::Tag::STORAGE_KEY:
719 if (auto v = KMV1::authorizationValue(KMV1::TAG_STORAGE_KEY, kp)) {
720 return V4_0::makeKeyParameter(V4_1::TAG_STORAGE_KEY, v->get());
721 }
722 break;
723 case KMV1::Tag::ASSOCIATED_DATA:
724 if (auto v = KMV1::authorizationValue(KMV1::TAG_ASSOCIATED_DATA, kp)) {
725 return V4_0::makeKeyParameter(V4_0::TAG_ASSOCIATED_DATA, v->get());
726 }
727 break;
728 case KMV1::Tag::NONCE:
729 if (auto v = KMV1::authorizationValue(KMV1::TAG_NONCE, kp)) {
730 return V4_0::makeKeyParameter(V4_0::TAG_NONCE, v->get());
731 }
732 break;
733 case KMV1::Tag::MAC_LENGTH:
734 if (auto v = KMV1::authorizationValue(KMV1::TAG_MAC_LENGTH, kp)) {
735 return V4_0::makeKeyParameter(V4_0::TAG_MAC_LENGTH, v->get());
736 }
737 break;
738 case KMV1::Tag::RESET_SINCE_ID_ROTATION:
739 if (auto v = KMV1::authorizationValue(KMV1::TAG_RESET_SINCE_ID_ROTATION, kp)) {
740 return V4_0::makeKeyParameter(V4_0::TAG_RESET_SINCE_ID_ROTATION, v->get());
741 }
742 break;
743 case KMV1::Tag::CONFIRMATION_TOKEN:
744 if (auto v = KMV1::authorizationValue(KMV1::TAG_CONFIRMATION_TOKEN, kp)) {
745 return V4_0::makeKeyParameter(V4_0::TAG_CONFIRMATION_TOKEN, v->get());
746 }
747 break;
748 case KMV1::Tag::RSA_OAEP_MGF_DIGEST:
749 case KMV1::Tag::CERTIFICATE_SERIAL:
750 case KMV1::Tag::CERTIFICATE_SUBJECT:
751 case KMV1::Tag::CERTIFICATE_NOT_BEFORE:
752 case KMV1::Tag::CERTIFICATE_NOT_AFTER:
753 case KMV1::Tag::ATTESTATION_ID_SECOND_IMEI:
754 // These tags do not exist in KM < KeyMint 1.0.
755 break;
756 case KMV1::Tag::MAX_BOOT_LEVEL:
757 // Does not exist in API level 30 or below.
758 break;
759 }
760 return V4_0::KeyParameter{.tag = V4_0::Tag::INVALID};
761 }
762
convertKeyParameterFromLegacy(const V4_0::KeyParameter & kp)763 static KMV1::KeyParameter convertKeyParameterFromLegacy(const V4_0::KeyParameter& kp) {
764 auto unwrapper = [](auto v) -> auto {
765 if (v.isOk()) {
766 return std::optional(std::reference_wrapper(v.value()));
767 } else {
768 return std::optional<decltype(std::reference_wrapper(v.value()))>{};
769 }
770 };
771 switch (kp.tag) {
772 case V4_0::Tag::INVALID:
773 break;
774 case V4_0::Tag::PURPOSE:
775 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_PURPOSE, kp))) {
776 return KMV1::makeKeyParameter(KMV1::TAG_PURPOSE, convert(v->get()));
777 }
778 break;
779 case V4_0::Tag::ALGORITHM:
780 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ALGORITHM, kp))) {
781 return KMV1::makeKeyParameter(KMV1::TAG_ALGORITHM, convert(v->get()));
782 }
783 break;
784 case V4_0::Tag::KEY_SIZE:
785 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_KEY_SIZE, kp))) {
786 return KMV1::makeKeyParameter(KMV1::TAG_KEY_SIZE, v->get());
787 }
788 break;
789 case V4_0::Tag::BLOCK_MODE:
790 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_BLOCK_MODE, kp))) {
791 return KMV1::makeKeyParameter(KMV1::TAG_BLOCK_MODE, convert(v->get()));
792 }
793 break;
794 case V4_0::Tag::DIGEST:
795 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_DIGEST, kp))) {
796 return KMV1::makeKeyParameter(KMV1::TAG_DIGEST, convert(v->get()));
797 }
798 break;
799 case V4_0::Tag::PADDING:
800 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_PADDING, kp))) {
801 return KMV1::makeKeyParameter(KMV1::TAG_PADDING, convert(v->get()));
802 }
803 break;
804 case V4_0::Tag::CALLER_NONCE:
805 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_CALLER_NONCE, kp))) {
806 return KMV1::makeKeyParameter(KMV1::TAG_CALLER_NONCE, v->get());
807 }
808 break;
809 case V4_0::Tag::MIN_MAC_LENGTH:
810 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_MIN_MAC_LENGTH, kp))) {
811 return KMV1::makeKeyParameter(KMV1::TAG_MIN_MAC_LENGTH, v->get());
812 }
813 break;
814 case V4_0::Tag::EC_CURVE:
815 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_EC_CURVE, kp))) {
816 return KMV1::makeKeyParameter(KMV1::TAG_EC_CURVE, convert(v->get()));
817 }
818 break;
819 case V4_0::Tag::RSA_PUBLIC_EXPONENT:
820 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_RSA_PUBLIC_EXPONENT, kp))) {
821 return KMV1::makeKeyParameter(KMV1::TAG_RSA_PUBLIC_EXPONENT, v->get());
822 }
823 break;
824 case V4_0::Tag::INCLUDE_UNIQUE_ID:
825 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_INCLUDE_UNIQUE_ID, kp))) {
826 return KMV1::makeKeyParameter(KMV1::TAG_INCLUDE_UNIQUE_ID, v->get());
827 }
828 break;
829 case V4_0::Tag::BLOB_USAGE_REQUIREMENTS:
830 // This tag has been removed. Mapped on invalid.
831 break;
832 case V4_0::Tag::BOOTLOADER_ONLY:
833 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_BOOTLOADER_ONLY, kp))) {
834 return KMV1::makeKeyParameter(KMV1::TAG_BOOTLOADER_ONLY, v->get());
835 }
836 break;
837 case V4_0::Tag::ROLLBACK_RESISTANCE:
838 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ROLLBACK_RESISTANCE, kp))) {
839 return KMV1::makeKeyParameter(KMV1::TAG_ROLLBACK_RESISTANCE, v->get());
840 }
841 break;
842 case V4_0::Tag::HARDWARE_TYPE:
843 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_HARDWARE_TYPE, kp))) {
844 return KMV1::makeKeyParameter(KMV1::TAG_HARDWARE_TYPE, convert(v->get()));
845 }
846 break;
847 case V4_0::Tag::ACTIVE_DATETIME:
848 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ACTIVE_DATETIME, kp))) {
849 return KMV1::makeKeyParameter(KMV1::TAG_ACTIVE_DATETIME, v->get());
850 }
851 break;
852 case V4_0::Tag::ORIGINATION_EXPIRE_DATETIME:
853 if (auto v =
854 unwrapper(V4_0::authorizationValue(V4_0::TAG_ORIGINATION_EXPIRE_DATETIME, kp))) {
855 return KMV1::makeKeyParameter(KMV1::TAG_ORIGINATION_EXPIRE_DATETIME, v->get());
856 }
857 break;
858 case V4_0::Tag::USAGE_EXPIRE_DATETIME:
859 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_USAGE_EXPIRE_DATETIME, kp))) {
860 return KMV1::makeKeyParameter(KMV1::TAG_USAGE_EXPIRE_DATETIME, v->get());
861 }
862 break;
863 case V4_0::Tag::MIN_SECONDS_BETWEEN_OPS:
864 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_MIN_SECONDS_BETWEEN_OPS, kp))) {
865 return KMV1::makeKeyParameter(KMV1::TAG_MIN_SECONDS_BETWEEN_OPS, v->get());
866 }
867 break;
868 case V4_0::Tag::MAX_USES_PER_BOOT:
869 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_MAX_USES_PER_BOOT, kp))) {
870 return KMV1::makeKeyParameter(KMV1::TAG_MAX_USES_PER_BOOT, v->get());
871 }
872 break;
873 case V4_0::Tag::USER_ID:
874 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_USER_ID, kp))) {
875 return KMV1::makeKeyParameter(KMV1::TAG_USER_ID, v->get());
876 }
877 break;
878 case V4_0::Tag::USER_SECURE_ID:
879 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_USER_SECURE_ID, kp))) {
880 return KMV1::makeKeyParameter(KMV1::TAG_USER_SECURE_ID, v->get());
881 }
882 break;
883 case V4_0::Tag::NO_AUTH_REQUIRED:
884 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_NO_AUTH_REQUIRED, kp))) {
885 return KMV1::makeKeyParameter(KMV1::TAG_NO_AUTH_REQUIRED, v->get());
886 }
887 break;
888 case V4_0::Tag::USER_AUTH_TYPE:
889 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_USER_AUTH_TYPE, kp))) {
890 return KMV1::makeKeyParameter(KMV1::TAG_USER_AUTH_TYPE, convert(v->get()));
891 }
892 break;
893 case V4_0::Tag::AUTH_TIMEOUT:
894 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_AUTH_TIMEOUT, kp))) {
895 return KMV1::makeKeyParameter(KMV1::TAG_AUTH_TIMEOUT, v->get());
896 }
897 break;
898 case V4_0::Tag::ALLOW_WHILE_ON_BODY:
899 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ALLOW_WHILE_ON_BODY, kp))) {
900 return KMV1::makeKeyParameter(KMV1::TAG_ALLOW_WHILE_ON_BODY, v->get());
901 }
902 break;
903 case V4_0::Tag::TRUSTED_USER_PRESENCE_REQUIRED:
904 if (auto v =
905 unwrapper(V4_0::authorizationValue(V4_0::TAG_TRUSTED_USER_PRESENCE_REQUIRED, kp))) {
906 return KMV1::makeKeyParameter(KMV1::TAG_TRUSTED_USER_PRESENCE_REQUIRED, v->get());
907 }
908 break;
909 case V4_0::Tag::TRUSTED_CONFIRMATION_REQUIRED:
910 if (auto v =
911 unwrapper(V4_0::authorizationValue(V4_0::TAG_TRUSTED_CONFIRMATION_REQUIRED, kp))) {
912 return KMV1::makeKeyParameter(KMV1::TAG_TRUSTED_CONFIRMATION_REQUIRED, v->get());
913 }
914 break;
915 case V4_0::Tag::UNLOCKED_DEVICE_REQUIRED:
916 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_UNLOCKED_DEVICE_REQUIRED, kp))) {
917 return KMV1::makeKeyParameter(KMV1::TAG_UNLOCKED_DEVICE_REQUIRED, v->get());
918 }
919 break;
920 case V4_0::Tag::APPLICATION_ID:
921 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_APPLICATION_ID, kp))) {
922 return KMV1::makeKeyParameter(KMV1::TAG_APPLICATION_ID, v->get());
923 }
924 break;
925 case V4_0::Tag::APPLICATION_DATA:
926 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_APPLICATION_DATA, kp))) {
927 return KMV1::makeKeyParameter(KMV1::TAG_APPLICATION_DATA, v->get());
928 }
929 break;
930 case V4_0::Tag::CREATION_DATETIME:
931 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_CREATION_DATETIME, kp))) {
932 return KMV1::makeKeyParameter(KMV1::TAG_CREATION_DATETIME, v->get());
933 }
934 break;
935 case V4_0::Tag::ORIGIN:
936 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ORIGIN, kp))) {
937 return KMV1::makeKeyParameter(KMV1::TAG_ORIGIN, convert(v->get()));
938 }
939 break;
940 case V4_0::Tag::ROOT_OF_TRUST:
941 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ROOT_OF_TRUST, kp))) {
942 return KMV1::makeKeyParameter(KMV1::TAG_ROOT_OF_TRUST, v->get());
943 }
944 break;
945 case V4_0::Tag::OS_VERSION:
946 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_OS_VERSION, kp))) {
947 return KMV1::makeKeyParameter(KMV1::TAG_OS_VERSION, v->get());
948 }
949 break;
950 case V4_0::Tag::OS_PATCHLEVEL:
951 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_OS_PATCHLEVEL, kp))) {
952 return KMV1::makeKeyParameter(KMV1::TAG_OS_PATCHLEVEL, v->get());
953 }
954 break;
955 case V4_0::Tag::UNIQUE_ID:
956 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_UNIQUE_ID, kp))) {
957 return KMV1::makeKeyParameter(KMV1::TAG_UNIQUE_ID, v->get());
958 }
959 break;
960 case V4_0::Tag::ATTESTATION_CHALLENGE:
961 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_CHALLENGE, kp))) {
962 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_CHALLENGE, v->get());
963 }
964 break;
965 case V4_0::Tag::ATTESTATION_APPLICATION_ID:
966 if (auto v =
967 unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_APPLICATION_ID, kp))) {
968 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_APPLICATION_ID, v->get());
969 }
970 break;
971 case V4_0::Tag::ATTESTATION_ID_BRAND:
972 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_ID_BRAND, kp))) {
973 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_ID_BRAND, v->get());
974 }
975 break;
976 case V4_0::Tag::ATTESTATION_ID_DEVICE:
977 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_ID_DEVICE, kp))) {
978 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_ID_DEVICE, v->get());
979 }
980 break;
981 case V4_0::Tag::ATTESTATION_ID_PRODUCT:
982 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_ID_PRODUCT, kp))) {
983 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_ID_PRODUCT, v->get());
984 }
985 break;
986 case V4_0::Tag::ATTESTATION_ID_SERIAL:
987 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_ID_SERIAL, kp))) {
988 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_ID_SERIAL, v->get());
989 }
990 break;
991 case V4_0::Tag::ATTESTATION_ID_IMEI:
992 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_ID_IMEI, kp))) {
993 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_ID_IMEI, v->get());
994 }
995 break;
996 case V4_0::Tag::ATTESTATION_ID_MEID:
997 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_ID_MEID, kp))) {
998 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_ID_MEID, v->get());
999 }
1000 break;
1001 case V4_0::Tag::ATTESTATION_ID_MANUFACTURER:
1002 if (auto v =
1003 unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_ID_MANUFACTURER, kp))) {
1004 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_ID_MANUFACTURER, v->get());
1005 }
1006 break;
1007 case V4_0::Tag::ATTESTATION_ID_MODEL:
1008 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_ID_MODEL, kp))) {
1009 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_ID_MODEL, v->get());
1010 }
1011 break;
1012 case V4_0::Tag::VENDOR_PATCHLEVEL:
1013 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_VENDOR_PATCHLEVEL, kp))) {
1014 return KMV1::makeKeyParameter(KMV1::TAG_VENDOR_PATCHLEVEL, v->get());
1015 }
1016 break;
1017 case V4_0::Tag::BOOT_PATCHLEVEL:
1018 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_BOOT_PATCHLEVEL, kp))) {
1019 return KMV1::makeKeyParameter(KMV1::TAG_BOOT_PATCHLEVEL, v->get());
1020 }
1021 break;
1022 case V4_0::Tag::ASSOCIATED_DATA:
1023 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ASSOCIATED_DATA, kp))) {
1024 return KMV1::makeKeyParameter(KMV1::TAG_ASSOCIATED_DATA, v->get());
1025 }
1026 break;
1027 case V4_0::Tag::NONCE:
1028 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_NONCE, kp))) {
1029 return KMV1::makeKeyParameter(KMV1::TAG_NONCE, v->get());
1030 }
1031 break;
1032 case V4_0::Tag::MAC_LENGTH:
1033 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_MAC_LENGTH, kp))) {
1034 return KMV1::makeKeyParameter(KMV1::TAG_MAC_LENGTH, v->get());
1035 }
1036 break;
1037 case V4_0::Tag::RESET_SINCE_ID_ROTATION:
1038 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_RESET_SINCE_ID_ROTATION, kp))) {
1039 return KMV1::makeKeyParameter(KMV1::TAG_RESET_SINCE_ID_ROTATION, v->get());
1040 }
1041 break;
1042 case V4_0::Tag::CONFIRMATION_TOKEN:
1043 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_CONFIRMATION_TOKEN, kp))) {
1044 return KMV1::makeKeyParameter(KMV1::TAG_CONFIRMATION_TOKEN, v->get());
1045 }
1046 break;
1047 default:
1048 break;
1049 }
1050
1051 switch (static_cast<V4_1::Tag>(kp.tag)) {
1052 case V4_1::Tag::EARLY_BOOT_ONLY:
1053 if (auto v = unwrapper(V4_0::authorizationValue(V4_1::TAG_EARLY_BOOT_ONLY, kp))) {
1054 return KMV1::makeKeyParameter(KMV1::TAG_EARLY_BOOT_ONLY, v->get());
1055 }
1056 break;
1057 case V4_1::Tag::DEVICE_UNIQUE_ATTESTATION:
1058 if (auto v = unwrapper(V4_0::authorizationValue(V4_1::TAG_DEVICE_UNIQUE_ATTESTATION, kp))) {
1059 return KMV1::makeKeyParameter(KMV1::TAG_DEVICE_UNIQUE_ATTESTATION, v->get());
1060 }
1061 break;
1062 case V4_1::Tag::IDENTITY_CREDENTIAL_KEY:
1063 if (auto v = unwrapper(V4_0::authorizationValue(V4_1::TAG_IDENTITY_CREDENTIAL_KEY, kp))) {
1064 return KMV1::makeKeyParameter(KMV1::TAG_IDENTITY_CREDENTIAL_KEY, v->get());
1065 }
1066 break;
1067 case V4_1::Tag::STORAGE_KEY:
1068 if (auto v = unwrapper(V4_0::authorizationValue(V4_1::TAG_STORAGE_KEY, kp))) {
1069 return KMV1::makeKeyParameter(KMV1::TAG_STORAGE_KEY, v->get());
1070 }
1071 break;
1072 default:
1073 break;
1074 }
1075
1076 return KMV1::makeKeyParameter(KMV1::TAG_INVALID);
1077 }
1078