1 /*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #pragma once
18
19 #include <aidl/android/hardware/security/keymint/ErrorCode.h>
20 #include <keymasterV4_1/keymaster_tags.h>
21 #include <keymint_support/keymint_tags.h>
22
23 namespace V4_0 = ::android::hardware::keymaster::V4_0;
24 namespace V4_1 = ::android::hardware::keymaster::V4_1;
25 namespace KMV1 = ::aidl::android::hardware::security::keymint;
26
convert(V4_0::ErrorCode error)27 static KMV1::ErrorCode convert(V4_0::ErrorCode error) {
28 switch (error) {
29 case V4_0::ErrorCode::OK:
30 return KMV1::ErrorCode::OK;
31 case V4_0::ErrorCode::ROOT_OF_TRUST_ALREADY_SET:
32 return KMV1::ErrorCode::ROOT_OF_TRUST_ALREADY_SET;
33 case V4_0::ErrorCode::UNSUPPORTED_PURPOSE:
34 return KMV1::ErrorCode::UNSUPPORTED_PURPOSE;
35 case V4_0::ErrorCode::INCOMPATIBLE_PURPOSE:
36 return KMV1::ErrorCode::INCOMPATIBLE_PURPOSE;
37 case V4_0::ErrorCode::UNSUPPORTED_ALGORITHM:
38 return KMV1::ErrorCode::UNSUPPORTED_ALGORITHM;
39 case V4_0::ErrorCode::INCOMPATIBLE_ALGORITHM:
40 return KMV1::ErrorCode::INCOMPATIBLE_ALGORITHM;
41 case V4_0::ErrorCode::UNSUPPORTED_KEY_SIZE:
42 return KMV1::ErrorCode::UNSUPPORTED_KEY_SIZE;
43 case V4_0::ErrorCode::UNSUPPORTED_BLOCK_MODE:
44 return KMV1::ErrorCode::UNSUPPORTED_BLOCK_MODE;
45 case V4_0::ErrorCode::INCOMPATIBLE_BLOCK_MODE:
46 return KMV1::ErrorCode::INCOMPATIBLE_BLOCK_MODE;
47 case V4_0::ErrorCode::UNSUPPORTED_MAC_LENGTH:
48 return KMV1::ErrorCode::UNSUPPORTED_MAC_LENGTH;
49 case V4_0::ErrorCode::UNSUPPORTED_PADDING_MODE:
50 return KMV1::ErrorCode::UNSUPPORTED_PADDING_MODE;
51 case V4_0::ErrorCode::INCOMPATIBLE_PADDING_MODE:
52 return KMV1::ErrorCode::INCOMPATIBLE_PADDING_MODE;
53 case V4_0::ErrorCode::UNSUPPORTED_DIGEST:
54 return KMV1::ErrorCode::UNSUPPORTED_DIGEST;
55 case V4_0::ErrorCode::INCOMPATIBLE_DIGEST:
56 return KMV1::ErrorCode::INCOMPATIBLE_DIGEST;
57 case V4_0::ErrorCode::INVALID_EXPIRATION_TIME:
58 return KMV1::ErrorCode::INVALID_EXPIRATION_TIME;
59 case V4_0::ErrorCode::INVALID_USER_ID:
60 return KMV1::ErrorCode::INVALID_USER_ID;
61 case V4_0::ErrorCode::INVALID_AUTHORIZATION_TIMEOUT:
62 return KMV1::ErrorCode::INVALID_AUTHORIZATION_TIMEOUT;
63 case V4_0::ErrorCode::UNSUPPORTED_KEY_FORMAT:
64 return KMV1::ErrorCode::UNSUPPORTED_KEY_FORMAT;
65 case V4_0::ErrorCode::INCOMPATIBLE_KEY_FORMAT:
66 return KMV1::ErrorCode::INCOMPATIBLE_KEY_FORMAT;
67 case V4_0::ErrorCode::UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:
68 return KMV1::ErrorCode::UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM;
69 case V4_0::ErrorCode::UNSUPPORTED_KEY_VERIFICATION_ALGORITHM:
70 return KMV1::ErrorCode::UNSUPPORTED_KEY_VERIFICATION_ALGORITHM;
71 case V4_0::ErrorCode::INVALID_INPUT_LENGTH:
72 return KMV1::ErrorCode::INVALID_INPUT_LENGTH;
73 case V4_0::ErrorCode::KEY_EXPORT_OPTIONS_INVALID:
74 return KMV1::ErrorCode::KEY_EXPORT_OPTIONS_INVALID;
75 case V4_0::ErrorCode::DELEGATION_NOT_ALLOWED:
76 return KMV1::ErrorCode::DELEGATION_NOT_ALLOWED;
77 case V4_0::ErrorCode::KEY_NOT_YET_VALID:
78 return KMV1::ErrorCode::KEY_NOT_YET_VALID;
79 case V4_0::ErrorCode::KEY_EXPIRED:
80 return KMV1::ErrorCode::KEY_EXPIRED;
81 case V4_0::ErrorCode::KEY_USER_NOT_AUTHENTICATED:
82 return KMV1::ErrorCode::KEY_USER_NOT_AUTHENTICATED;
83 case V4_0::ErrorCode::OUTPUT_PARAMETER_NULL:
84 return KMV1::ErrorCode::OUTPUT_PARAMETER_NULL;
85 case V4_0::ErrorCode::INVALID_OPERATION_HANDLE:
86 return KMV1::ErrorCode::INVALID_OPERATION_HANDLE;
87 case V4_0::ErrorCode::INSUFFICIENT_BUFFER_SPACE:
88 return KMV1::ErrorCode::INSUFFICIENT_BUFFER_SPACE;
89 case V4_0::ErrorCode::VERIFICATION_FAILED:
90 return KMV1::ErrorCode::VERIFICATION_FAILED;
91 case V4_0::ErrorCode::TOO_MANY_OPERATIONS:
92 return KMV1::ErrorCode::TOO_MANY_OPERATIONS;
93 case V4_0::ErrorCode::UNEXPECTED_NULL_POINTER:
94 return KMV1::ErrorCode::UNEXPECTED_NULL_POINTER;
95 case V4_0::ErrorCode::INVALID_KEY_BLOB:
96 return KMV1::ErrorCode::INVALID_KEY_BLOB;
97 case V4_0::ErrorCode::IMPORTED_KEY_NOT_ENCRYPTED:
98 return KMV1::ErrorCode::IMPORTED_KEY_NOT_ENCRYPTED;
99 case V4_0::ErrorCode::IMPORTED_KEY_DECRYPTION_FAILED:
100 return KMV1::ErrorCode::IMPORTED_KEY_DECRYPTION_FAILED;
101 case V4_0::ErrorCode::IMPORTED_KEY_NOT_SIGNED:
102 return KMV1::ErrorCode::IMPORTED_KEY_NOT_SIGNED;
103 case V4_0::ErrorCode::IMPORTED_KEY_VERIFICATION_FAILED:
104 return KMV1::ErrorCode::IMPORTED_KEY_VERIFICATION_FAILED;
105 case V4_0::ErrorCode::INVALID_ARGUMENT:
106 return KMV1::ErrorCode::INVALID_ARGUMENT;
107 case V4_0::ErrorCode::UNSUPPORTED_TAG:
108 return KMV1::ErrorCode::UNSUPPORTED_TAG;
109 case V4_0::ErrorCode::INVALID_TAG:
110 return KMV1::ErrorCode::INVALID_TAG;
111 case V4_0::ErrorCode::MEMORY_ALLOCATION_FAILED:
112 return KMV1::ErrorCode::MEMORY_ALLOCATION_FAILED;
113 case V4_0::ErrorCode::IMPORT_PARAMETER_MISMATCH:
114 return KMV1::ErrorCode::IMPORT_PARAMETER_MISMATCH;
115 case V4_0::ErrorCode::SECURE_HW_ACCESS_DENIED:
116 return KMV1::ErrorCode::SECURE_HW_ACCESS_DENIED;
117 case V4_0::ErrorCode::OPERATION_CANCELLED:
118 return KMV1::ErrorCode::OPERATION_CANCELLED;
119 case V4_0::ErrorCode::CONCURRENT_ACCESS_CONFLICT:
120 return KMV1::ErrorCode::CONCURRENT_ACCESS_CONFLICT;
121 case V4_0::ErrorCode::SECURE_HW_BUSY:
122 return KMV1::ErrorCode::SECURE_HW_BUSY;
123 case V4_0::ErrorCode::SECURE_HW_COMMUNICATION_FAILED:
124 return KMV1::ErrorCode::SECURE_HW_COMMUNICATION_FAILED;
125 case V4_0::ErrorCode::UNSUPPORTED_EC_FIELD:
126 return KMV1::ErrorCode::UNSUPPORTED_EC_FIELD;
127 case V4_0::ErrorCode::MISSING_NONCE:
128 return KMV1::ErrorCode::MISSING_NONCE;
129 case V4_0::ErrorCode::INVALID_NONCE:
130 return KMV1::ErrorCode::INVALID_NONCE;
131 case V4_0::ErrorCode::MISSING_MAC_LENGTH:
132 return KMV1::ErrorCode::MISSING_MAC_LENGTH;
133 case V4_0::ErrorCode::KEY_RATE_LIMIT_EXCEEDED:
134 return KMV1::ErrorCode::KEY_RATE_LIMIT_EXCEEDED;
135 case V4_0::ErrorCode::CALLER_NONCE_PROHIBITED:
136 return KMV1::ErrorCode::CALLER_NONCE_PROHIBITED;
137 case V4_0::ErrorCode::KEY_MAX_OPS_EXCEEDED:
138 return KMV1::ErrorCode::KEY_MAX_OPS_EXCEEDED;
139 case V4_0::ErrorCode::INVALID_MAC_LENGTH:
140 return KMV1::ErrorCode::INVALID_MAC_LENGTH;
141 case V4_0::ErrorCode::MISSING_MIN_MAC_LENGTH:
142 return KMV1::ErrorCode::MISSING_MIN_MAC_LENGTH;
143 case V4_0::ErrorCode::UNSUPPORTED_MIN_MAC_LENGTH:
144 return KMV1::ErrorCode::UNSUPPORTED_MIN_MAC_LENGTH;
145 case V4_0::ErrorCode::UNSUPPORTED_KDF:
146 return KMV1::ErrorCode::UNSUPPORTED_KDF;
147 case V4_0::ErrorCode::UNSUPPORTED_EC_CURVE:
148 return KMV1::ErrorCode::UNSUPPORTED_EC_CURVE;
149 case V4_0::ErrorCode::KEY_REQUIRES_UPGRADE:
150 return KMV1::ErrorCode::KEY_REQUIRES_UPGRADE;
151 case V4_0::ErrorCode::ATTESTATION_CHALLENGE_MISSING:
152 return KMV1::ErrorCode::ATTESTATION_CHALLENGE_MISSING;
153 case V4_0::ErrorCode::KEYMASTER_NOT_CONFIGURED:
154 return KMV1::ErrorCode::KEYMINT_NOT_CONFIGURED;
155 case V4_0::ErrorCode::ATTESTATION_APPLICATION_ID_MISSING:
156 return KMV1::ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
157 case V4_0::ErrorCode::CANNOT_ATTEST_IDS:
158 return KMV1::ErrorCode::CANNOT_ATTEST_IDS;
159 case V4_0::ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE:
160 return KMV1::ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE;
161 case V4_0::ErrorCode::HARDWARE_TYPE_UNAVAILABLE:
162 return KMV1::ErrorCode::HARDWARE_TYPE_UNAVAILABLE;
163 case V4_0::ErrorCode::PROOF_OF_PRESENCE_REQUIRED:
164 return KMV1::ErrorCode::PROOF_OF_PRESENCE_REQUIRED;
165 case V4_0::ErrorCode::CONCURRENT_PROOF_OF_PRESENCE_REQUESTED:
166 return KMV1::ErrorCode::CONCURRENT_PROOF_OF_PRESENCE_REQUESTED;
167 case V4_0::ErrorCode::NO_USER_CONFIRMATION:
168 return KMV1::ErrorCode::NO_USER_CONFIRMATION;
169 case V4_0::ErrorCode::DEVICE_LOCKED:
170 return KMV1::ErrorCode::DEVICE_LOCKED;
171 case V4_0::ErrorCode::UNIMPLEMENTED:
172 return KMV1::ErrorCode::UNIMPLEMENTED;
173 case V4_0::ErrorCode::VERSION_MISMATCH:
174 return KMV1::ErrorCode::VERSION_MISMATCH;
175 case V4_0::ErrorCode::UNKNOWN_ERROR:
176 return KMV1::ErrorCode::UNKNOWN_ERROR;
177 }
178 }
179
convert(KMV1::KeyPurpose p)180 static std::optional<V4_0::KeyPurpose> convert(KMV1::KeyPurpose p) {
181 switch (p) {
182 case KMV1::KeyPurpose::ENCRYPT:
183 return V4_0::KeyPurpose::ENCRYPT;
184 case KMV1::KeyPurpose::DECRYPT:
185 return V4_0::KeyPurpose::DECRYPT;
186 case KMV1::KeyPurpose::SIGN:
187 return V4_0::KeyPurpose::SIGN;
188 case KMV1::KeyPurpose::VERIFY:
189 return V4_0::KeyPurpose::VERIFY;
190 case KMV1::KeyPurpose::WRAP_KEY:
191 return V4_0::KeyPurpose::WRAP_KEY;
192 default:
193 // Can end up here because KeyMint may have KeyPurpose values not in KM4.
194 return {};
195 }
196 }
197
convert(V4_0::KeyPurpose p)198 static KMV1::KeyPurpose convert(V4_0::KeyPurpose p) {
199 switch (p) {
200 case V4_0::KeyPurpose::ENCRYPT:
201 return KMV1::KeyPurpose::ENCRYPT;
202 case V4_0::KeyPurpose::DECRYPT:
203 return KMV1::KeyPurpose::DECRYPT;
204 case V4_0::KeyPurpose::SIGN:
205 return KMV1::KeyPurpose::SIGN;
206 case V4_0::KeyPurpose::VERIFY:
207 return KMV1::KeyPurpose::VERIFY;
208 case V4_0::KeyPurpose::WRAP_KEY:
209 return KMV1::KeyPurpose::WRAP_KEY;
210 }
211 }
212
convert(KMV1::Algorithm a)213 static V4_0::Algorithm convert(KMV1::Algorithm a) {
214 switch (a) {
215 case KMV1::Algorithm::RSA:
216 return V4_0::Algorithm::RSA;
217 case KMV1::Algorithm::EC:
218 return V4_0::Algorithm::EC;
219 case KMV1::Algorithm::AES:
220 return V4_0::Algorithm::AES;
221 case KMV1::Algorithm::TRIPLE_DES:
222 return V4_0::Algorithm::TRIPLE_DES;
223 case KMV1::Algorithm::HMAC:
224 return V4_0::Algorithm::HMAC;
225 }
226 }
227
convert(V4_0::Algorithm a)228 static KMV1::Algorithm convert(V4_0::Algorithm a) {
229 switch (a) {
230 case V4_0::Algorithm::RSA:
231 return KMV1::Algorithm::RSA;
232 case V4_0::Algorithm::EC:
233 return KMV1::Algorithm::EC;
234 case V4_0::Algorithm::AES:
235 return KMV1::Algorithm::AES;
236 case V4_0::Algorithm::TRIPLE_DES:
237 return KMV1::Algorithm::TRIPLE_DES;
238 case V4_0::Algorithm::HMAC:
239 return KMV1::Algorithm::HMAC;
240 }
241 }
242
convert(KMV1::Digest d)243 static V4_0::Digest convert(KMV1::Digest d) {
244 switch (d) {
245 case KMV1::Digest::NONE:
246 return V4_0::Digest::NONE;
247 case KMV1::Digest::MD5:
248 return V4_0::Digest::MD5;
249 case KMV1::Digest::SHA1:
250 return V4_0::Digest::SHA1;
251 case KMV1::Digest::SHA_2_224:
252 return V4_0::Digest::SHA_2_224;
253 case KMV1::Digest::SHA_2_256:
254 return V4_0::Digest::SHA_2_256;
255 case KMV1::Digest::SHA_2_384:
256 return V4_0::Digest::SHA_2_384;
257 case KMV1::Digest::SHA_2_512:
258 return V4_0::Digest::SHA_2_512;
259 }
260 }
261
convert(V4_0::Digest d)262 static KMV1::Digest convert(V4_0::Digest d) {
263 switch (d) {
264 case V4_0::Digest::NONE:
265 return KMV1::Digest::NONE;
266 case V4_0::Digest::MD5:
267 return KMV1::Digest::MD5;
268 case V4_0::Digest::SHA1:
269 return KMV1::Digest::SHA1;
270 case V4_0::Digest::SHA_2_224:
271 return KMV1::Digest::SHA_2_224;
272 case V4_0::Digest::SHA_2_256:
273 return KMV1::Digest::SHA_2_256;
274 case V4_0::Digest::SHA_2_384:
275 return KMV1::Digest::SHA_2_384;
276 case V4_0::Digest::SHA_2_512:
277 return KMV1::Digest::SHA_2_512;
278 }
279 }
280
convert(KMV1::EcCurve e)281 static V4_0::EcCurve convert(KMV1::EcCurve e) {
282 switch (e) {
283 case KMV1::EcCurve::P_224:
284 return V4_0::EcCurve::P_224;
285 case KMV1::EcCurve::P_256:
286 return V4_0::EcCurve::P_256;
287 case KMV1::EcCurve::P_384:
288 return V4_0::EcCurve::P_384;
289 case KMV1::EcCurve::P_521:
290 return V4_0::EcCurve::P_521;
291 }
292 }
293
convert(V4_0::EcCurve e)294 static KMV1::EcCurve convert(V4_0::EcCurve e) {
295 switch (e) {
296 case V4_0::EcCurve::P_224:
297 return KMV1::EcCurve::P_224;
298 case V4_0::EcCurve::P_256:
299 return KMV1::EcCurve::P_256;
300 case V4_0::EcCurve::P_384:
301 return KMV1::EcCurve::P_384;
302 case V4_0::EcCurve::P_521:
303 return KMV1::EcCurve::P_521;
304 }
305 }
306
convert(KMV1::BlockMode b)307 static V4_0::BlockMode convert(KMV1::BlockMode b) {
308 switch (b) {
309 case KMV1::BlockMode::ECB:
310 return V4_0::BlockMode::ECB;
311 case KMV1::BlockMode::CBC:
312 return V4_0::BlockMode::CBC;
313 case KMV1::BlockMode::CTR:
314 return V4_0::BlockMode::CTR;
315 case KMV1::BlockMode::GCM:
316 return V4_0::BlockMode::GCM;
317 }
318 }
319
convert(V4_0::BlockMode b)320 static KMV1::BlockMode convert(V4_0::BlockMode b) {
321 switch (b) {
322 case V4_0::BlockMode::ECB:
323 return KMV1::BlockMode::ECB;
324 case V4_0::BlockMode::CBC:
325 return KMV1::BlockMode::CBC;
326 case V4_0::BlockMode::CTR:
327 return KMV1::BlockMode::CTR;
328 case V4_0::BlockMode::GCM:
329 return KMV1::BlockMode::GCM;
330 }
331 }
332
convert(KMV1::PaddingMode p)333 static V4_0::PaddingMode convert(KMV1::PaddingMode p) {
334 switch (p) {
335 case KMV1::PaddingMode::NONE:
336 return V4_0::PaddingMode::NONE;
337 case KMV1::PaddingMode::RSA_OAEP:
338 return V4_0::PaddingMode::RSA_OAEP;
339 case KMV1::PaddingMode::RSA_PSS:
340 return V4_0::PaddingMode::RSA_PSS;
341 case KMV1::PaddingMode::RSA_PKCS1_1_5_ENCRYPT:
342 return V4_0::PaddingMode::RSA_PKCS1_1_5_ENCRYPT;
343 case KMV1::PaddingMode::RSA_PKCS1_1_5_SIGN:
344 return V4_0::PaddingMode::RSA_PKCS1_1_5_SIGN;
345 case KMV1::PaddingMode::PKCS7:
346 return V4_0::PaddingMode::PKCS7;
347 }
348 }
349
convert(V4_0::PaddingMode p)350 static KMV1::PaddingMode convert(V4_0::PaddingMode p) {
351 switch (p) {
352 case V4_0::PaddingMode::NONE:
353 return KMV1::PaddingMode::NONE;
354 case V4_0::PaddingMode::RSA_OAEP:
355 return KMV1::PaddingMode::RSA_OAEP;
356 case V4_0::PaddingMode::RSA_PSS:
357 return KMV1::PaddingMode::RSA_PSS;
358 case V4_0::PaddingMode::RSA_PKCS1_1_5_ENCRYPT:
359 return KMV1::PaddingMode::RSA_PKCS1_1_5_ENCRYPT;
360 case V4_0::PaddingMode::RSA_PKCS1_1_5_SIGN:
361 return KMV1::PaddingMode::RSA_PKCS1_1_5_SIGN;
362 case V4_0::PaddingMode::PKCS7:
363 return KMV1::PaddingMode::PKCS7;
364 }
365 }
366
convert(KMV1::HardwareAuthenticatorType h)367 static V4_0::HardwareAuthenticatorType convert(KMV1::HardwareAuthenticatorType h) {
368 uint32_t result = 0;
369 uint32_t hat = static_cast<uint32_t>(h);
370 if (hat & static_cast<uint32_t>(KMV1::HardwareAuthenticatorType::PASSWORD)) {
371 result |= static_cast<uint32_t>(V4_0::HardwareAuthenticatorType::PASSWORD);
372 }
373 if (hat & static_cast<uint32_t>(KMV1::HardwareAuthenticatorType::FINGERPRINT)) {
374 result |= static_cast<uint32_t>(V4_0::HardwareAuthenticatorType::FINGERPRINT);
375 }
376 return static_cast<V4_0::HardwareAuthenticatorType>(result);
377 }
378
convert(V4_0::HardwareAuthenticatorType h)379 static KMV1::HardwareAuthenticatorType convert(V4_0::HardwareAuthenticatorType h) {
380 uint32_t result = 0;
381 if ((uint32_t)h & (uint32_t)V4_0::HardwareAuthenticatorType::PASSWORD) {
382 result |= (uint32_t)KMV1::HardwareAuthenticatorType::PASSWORD;
383 }
384 if ((uint32_t)h & (uint32_t)V4_0::HardwareAuthenticatorType::FINGERPRINT) {
385 result |= (uint32_t)KMV1::HardwareAuthenticatorType::FINGERPRINT;
386 }
387 return static_cast<KMV1::HardwareAuthenticatorType>(result);
388 }
389
convert(KMV1::SecurityLevel s)390 static V4_0::SecurityLevel convert(KMV1::SecurityLevel s) {
391 switch (s) {
392 case KMV1::SecurityLevel::SOFTWARE:
393 return V4_0::SecurityLevel::SOFTWARE;
394 case KMV1::SecurityLevel::TRUSTED_ENVIRONMENT:
395 return V4_0::SecurityLevel::TRUSTED_ENVIRONMENT;
396 case KMV1::SecurityLevel::STRONGBOX:
397 return V4_0::SecurityLevel::STRONGBOX;
398 case KMV1::SecurityLevel::KEYSTORE:
399 return V4_0::SecurityLevel::SOFTWARE;
400 }
401 }
402
convert(V4_0::SecurityLevel s)403 static KMV1::SecurityLevel convert(V4_0::SecurityLevel s) {
404 switch (s) {
405 case V4_0::SecurityLevel::SOFTWARE:
406 return KMV1::SecurityLevel::SOFTWARE;
407 case V4_0::SecurityLevel::TRUSTED_ENVIRONMENT:
408 return KMV1::SecurityLevel::TRUSTED_ENVIRONMENT;
409 case V4_0::SecurityLevel::STRONGBOX:
410 return KMV1::SecurityLevel::STRONGBOX;
411 }
412 }
413
convert(KMV1::KeyOrigin o)414 static V4_0::KeyOrigin convert(KMV1::KeyOrigin o) {
415 switch (o) {
416 case KMV1::KeyOrigin::GENERATED:
417 return V4_0::KeyOrigin::GENERATED;
418 case KMV1::KeyOrigin::DERIVED:
419 return V4_0::KeyOrigin::DERIVED;
420 case KMV1::KeyOrigin::IMPORTED:
421 return V4_0::KeyOrigin::IMPORTED;
422 case KMV1::KeyOrigin::RESERVED:
423 return V4_0::KeyOrigin::UNKNOWN;
424 case KMV1::KeyOrigin::SECURELY_IMPORTED:
425 return V4_0::KeyOrigin::SECURELY_IMPORTED;
426 }
427 }
428
convert(V4_0::KeyOrigin o)429 static KMV1::KeyOrigin convert(V4_0::KeyOrigin o) {
430 switch (o) {
431 case V4_0::KeyOrigin::GENERATED:
432 return KMV1::KeyOrigin::GENERATED;
433 case V4_0::KeyOrigin::DERIVED:
434 return KMV1::KeyOrigin::DERIVED;
435 case V4_0::KeyOrigin::IMPORTED:
436 return KMV1::KeyOrigin::IMPORTED;
437 case V4_0::KeyOrigin::UNKNOWN:
438 return KMV1::KeyOrigin::RESERVED;
439 case V4_0::KeyOrigin::SECURELY_IMPORTED:
440 return KMV1::KeyOrigin::SECURELY_IMPORTED;
441 }
442 }
443
convertKeyParameterToLegacy(const KMV1::KeyParameter & kp)444 static V4_0::KeyParameter convertKeyParameterToLegacy(const KMV1::KeyParameter& kp) {
445 switch (kp.tag) {
446 case KMV1::Tag::INVALID:
447 break;
448 case KMV1::Tag::PURPOSE:
449 if (auto v = KMV1::authorizationValue(KMV1::TAG_PURPOSE, kp)) {
450 std::optional<V4_0::KeyPurpose> purpose = convert(v->get());
451 if (purpose) {
452 return V4_0::makeKeyParameter(V4_0::TAG_PURPOSE, purpose.value());
453 }
454 }
455 break;
456 case KMV1::Tag::ALGORITHM:
457 if (auto v = KMV1::authorizationValue(KMV1::TAG_ALGORITHM, kp)) {
458 return V4_0::makeKeyParameter(V4_0::TAG_ALGORITHM, convert(v->get()));
459 }
460 break;
461 case KMV1::Tag::KEY_SIZE:
462 if (auto v = KMV1::authorizationValue(KMV1::TAG_KEY_SIZE, kp)) {
463 return V4_0::makeKeyParameter(V4_0::TAG_KEY_SIZE, v->get());
464 }
465 break;
466 case KMV1::Tag::BLOCK_MODE:
467 if (auto v = KMV1::authorizationValue(KMV1::TAG_BLOCK_MODE, kp)) {
468 return V4_0::makeKeyParameter(V4_0::TAG_BLOCK_MODE, convert(v->get()));
469 }
470 break;
471 case KMV1::Tag::DIGEST:
472 if (auto v = KMV1::authorizationValue(KMV1::TAG_DIGEST, kp)) {
473 return V4_0::makeKeyParameter(V4_0::TAG_DIGEST, convert(v->get()));
474 }
475 break;
476 case KMV1::Tag::PADDING:
477 if (auto v = KMV1::authorizationValue(KMV1::TAG_PADDING, kp)) {
478 return V4_0::makeKeyParameter(V4_0::TAG_PADDING, convert(v->get()));
479 }
480 break;
481 case KMV1::Tag::CALLER_NONCE:
482 if (auto v = KMV1::authorizationValue(KMV1::TAG_CALLER_NONCE, kp)) {
483 return V4_0::makeKeyParameter(V4_0::TAG_CALLER_NONCE, v->get());
484 }
485 break;
486 case KMV1::Tag::MIN_MAC_LENGTH:
487 if (auto v = KMV1::authorizationValue(KMV1::TAG_MIN_MAC_LENGTH, kp)) {
488 return V4_0::makeKeyParameter(V4_0::TAG_MIN_MAC_LENGTH, v->get());
489 }
490 break;
491 case KMV1::Tag::EC_CURVE:
492 if (auto v = KMV1::authorizationValue(KMV1::TAG_EC_CURVE, kp)) {
493 return V4_0::makeKeyParameter(V4_0::TAG_EC_CURVE, convert(v->get()));
494 }
495 break;
496 case KMV1::Tag::RSA_PUBLIC_EXPONENT:
497 if (auto v = KMV1::authorizationValue(KMV1::TAG_RSA_PUBLIC_EXPONENT, kp)) {
498 return V4_0::makeKeyParameter(V4_0::TAG_RSA_PUBLIC_EXPONENT, v->get());
499 }
500 break;
501 case KMV1::Tag::INCLUDE_UNIQUE_ID:
502 if (auto v = KMV1::authorizationValue(KMV1::TAG_INCLUDE_UNIQUE_ID, kp)) {
503 return V4_0::makeKeyParameter(V4_0::TAG_INCLUDE_UNIQUE_ID, v->get());
504 }
505 break;
506 case KMV1::Tag::BOOTLOADER_ONLY:
507 if (auto v = KMV1::authorizationValue(KMV1::TAG_BOOTLOADER_ONLY, kp)) {
508 return V4_0::makeKeyParameter(V4_0::TAG_BOOTLOADER_ONLY, v->get());
509 }
510 break;
511 case KMV1::Tag::ROLLBACK_RESISTANCE:
512 if (auto v = KMV1::authorizationValue(KMV1::TAG_ROLLBACK_RESISTANCE, kp)) {
513 return V4_0::makeKeyParameter(V4_0::TAG_ROLLBACK_RESISTANCE, v->get());
514 }
515 break;
516 case KMV1::Tag::HARDWARE_TYPE:
517 if (auto v = KMV1::authorizationValue(KMV1::TAG_HARDWARE_TYPE, kp)) {
518 return V4_0::makeKeyParameter(V4_0::TAG_HARDWARE_TYPE, convert(v->get()));
519 }
520 break;
521 case KMV1::Tag::EARLY_BOOT_ONLY:
522 if (auto v = KMV1::authorizationValue(KMV1::TAG_EARLY_BOOT_ONLY, kp)) {
523 return V4_0::makeKeyParameter(V4_1::TAG_EARLY_BOOT_ONLY, v->get());
524 }
525 break;
526 case KMV1::Tag::ACTIVE_DATETIME:
527 if (auto v = KMV1::authorizationValue(KMV1::TAG_ACTIVE_DATETIME, kp)) {
528 return V4_0::makeKeyParameter(V4_0::TAG_ACTIVE_DATETIME, v->get());
529 }
530 break;
531 case KMV1::Tag::ORIGINATION_EXPIRE_DATETIME:
532 if (auto v = KMV1::authorizationValue(KMV1::TAG_ORIGINATION_EXPIRE_DATETIME, kp)) {
533 return V4_0::makeKeyParameter(V4_0::TAG_ORIGINATION_EXPIRE_DATETIME, v->get());
534 }
535 break;
536 case KMV1::Tag::USAGE_EXPIRE_DATETIME:
537 if (auto v = KMV1::authorizationValue(KMV1::TAG_USAGE_EXPIRE_DATETIME, kp)) {
538 return V4_0::makeKeyParameter(V4_0::TAG_USAGE_EXPIRE_DATETIME, v->get());
539 }
540 break;
541 case KMV1::Tag::MIN_SECONDS_BETWEEN_OPS:
542 if (auto v = KMV1::authorizationValue(KMV1::TAG_MIN_SECONDS_BETWEEN_OPS, kp)) {
543 return V4_0::makeKeyParameter(V4_0::TAG_MIN_SECONDS_BETWEEN_OPS, v->get());
544 }
545 break;
546 case KMV1::Tag::MAX_USES_PER_BOOT:
547 if (auto v = KMV1::authorizationValue(KMV1::TAG_MAX_USES_PER_BOOT, kp)) {
548 return V4_0::makeKeyParameter(V4_0::TAG_MAX_USES_PER_BOOT, v->get());
549 }
550 break;
551 case KMV1::Tag::USAGE_COUNT_LIMIT:
552 // Does not exist in KM < KeyMint 1.0.
553 break;
554 case KMV1::Tag::USER_ID:
555 if (auto v = KMV1::authorizationValue(KMV1::TAG_USER_ID, kp)) {
556 return V4_0::makeKeyParameter(V4_0::TAG_USER_ID, v->get());
557 }
558 break;
559 case KMV1::Tag::USER_SECURE_ID:
560 if (auto v = KMV1::authorizationValue(KMV1::TAG_USER_SECURE_ID, kp)) {
561 return V4_0::makeKeyParameter(V4_0::TAG_USER_SECURE_ID, v->get());
562 }
563 break;
564 case KMV1::Tag::NO_AUTH_REQUIRED:
565 if (auto v = KMV1::authorizationValue(KMV1::TAG_NO_AUTH_REQUIRED, kp)) {
566 return V4_0::makeKeyParameter(V4_0::TAG_NO_AUTH_REQUIRED, v->get());
567 }
568 break;
569 case KMV1::Tag::USER_AUTH_TYPE:
570 if (auto v = KMV1::authorizationValue(KMV1::TAG_USER_AUTH_TYPE, kp)) {
571 return V4_0::makeKeyParameter(V4_0::TAG_USER_AUTH_TYPE, convert(v->get()));
572 }
573 break;
574 case KMV1::Tag::AUTH_TIMEOUT:
575 if (auto v = KMV1::authorizationValue(KMV1::TAG_AUTH_TIMEOUT, kp)) {
576 return V4_0::makeKeyParameter(V4_0::TAG_AUTH_TIMEOUT, v->get());
577 }
578 break;
579 case KMV1::Tag::ALLOW_WHILE_ON_BODY:
580 if (auto v = KMV1::authorizationValue(KMV1::TAG_ALLOW_WHILE_ON_BODY, kp)) {
581 return V4_0::makeKeyParameter(V4_0::TAG_ALLOW_WHILE_ON_BODY, v->get());
582 }
583 break;
584 case KMV1::Tag::TRUSTED_USER_PRESENCE_REQUIRED:
585 if (auto v = KMV1::authorizationValue(KMV1::TAG_TRUSTED_USER_PRESENCE_REQUIRED, kp)) {
586 return V4_0::makeKeyParameter(V4_0::TAG_TRUSTED_USER_PRESENCE_REQUIRED, v->get());
587 }
588 break;
589 case KMV1::Tag::TRUSTED_CONFIRMATION_REQUIRED:
590 if (auto v = KMV1::authorizationValue(KMV1::TAG_TRUSTED_CONFIRMATION_REQUIRED, kp)) {
591 return V4_0::makeKeyParameter(V4_0::TAG_TRUSTED_CONFIRMATION_REQUIRED, v->get());
592 }
593 break;
594 case KMV1::Tag::UNLOCKED_DEVICE_REQUIRED:
595 if (auto v = KMV1::authorizationValue(KMV1::TAG_UNLOCKED_DEVICE_REQUIRED, kp)) {
596 return V4_0::makeKeyParameter(V4_0::TAG_UNLOCKED_DEVICE_REQUIRED, v->get());
597 }
598 break;
599 case KMV1::Tag::APPLICATION_ID:
600 if (auto v = KMV1::authorizationValue(KMV1::TAG_APPLICATION_ID, kp)) {
601 return V4_0::makeKeyParameter(V4_0::TAG_APPLICATION_ID, v->get());
602 }
603 break;
604 case KMV1::Tag::APPLICATION_DATA:
605 if (auto v = KMV1::authorizationValue(KMV1::TAG_APPLICATION_DATA, kp)) {
606 return V4_0::makeKeyParameter(V4_0::TAG_APPLICATION_DATA, v->get());
607 }
608 break;
609 case KMV1::Tag::CREATION_DATETIME:
610 if (auto v = KMV1::authorizationValue(KMV1::TAG_CREATION_DATETIME, kp)) {
611 return V4_0::makeKeyParameter(V4_0::TAG_CREATION_DATETIME, v->get());
612 }
613 break;
614 case KMV1::Tag::ORIGIN:
615 if (auto v = KMV1::authorizationValue(KMV1::TAG_ORIGIN, kp)) {
616 return V4_0::makeKeyParameter(V4_0::TAG_ORIGIN, convert(v->get()));
617 }
618 break;
619 case KMV1::Tag::ROOT_OF_TRUST:
620 if (auto v = KMV1::authorizationValue(KMV1::TAG_ROOT_OF_TRUST, kp)) {
621 return V4_0::makeKeyParameter(V4_0::TAG_ROOT_OF_TRUST, v->get());
622 }
623 break;
624 case KMV1::Tag::OS_VERSION:
625 if (auto v = KMV1::authorizationValue(KMV1::TAG_OS_VERSION, kp)) {
626 return V4_0::makeKeyParameter(V4_0::TAG_OS_VERSION, v->get());
627 }
628 break;
629 case KMV1::Tag::OS_PATCHLEVEL:
630 if (auto v = KMV1::authorizationValue(KMV1::TAG_OS_PATCHLEVEL, kp)) {
631 return V4_0::makeKeyParameter(V4_0::TAG_OS_PATCHLEVEL, v->get());
632 }
633 break;
634 case KMV1::Tag::UNIQUE_ID:
635 if (auto v = KMV1::authorizationValue(KMV1::TAG_UNIQUE_ID, kp)) {
636 return V4_0::makeKeyParameter(V4_0::TAG_UNIQUE_ID, v->get());
637 }
638 break;
639 case KMV1::Tag::ATTESTATION_CHALLENGE:
640 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_CHALLENGE, kp)) {
641 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_CHALLENGE, v->get());
642 }
643 break;
644 case KMV1::Tag::ATTESTATION_APPLICATION_ID:
645 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_APPLICATION_ID, kp)) {
646 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_APPLICATION_ID, v->get());
647 }
648 break;
649 case KMV1::Tag::ATTESTATION_ID_BRAND:
650 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_ID_BRAND, kp)) {
651 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_ID_BRAND, v->get());
652 }
653 break;
654 case KMV1::Tag::ATTESTATION_ID_DEVICE:
655 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_ID_DEVICE, kp)) {
656 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_ID_DEVICE, v->get());
657 }
658 break;
659 case KMV1::Tag::ATTESTATION_ID_PRODUCT:
660 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_ID_PRODUCT, kp)) {
661 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_ID_PRODUCT, v->get());
662 }
663 break;
664 case KMV1::Tag::ATTESTATION_ID_SERIAL:
665 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_ID_SERIAL, kp)) {
666 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_ID_SERIAL, v->get());
667 }
668 break;
669 case KMV1::Tag::ATTESTATION_ID_IMEI:
670 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_ID_IMEI, kp)) {
671 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_ID_IMEI, v->get());
672 }
673 break;
674 case KMV1::Tag::ATTESTATION_ID_MEID:
675 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_ID_MEID, kp)) {
676 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_ID_MEID, v->get());
677 }
678 break;
679 case KMV1::Tag::ATTESTATION_ID_MANUFACTURER:
680 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_ID_MANUFACTURER, kp)) {
681 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_ID_MANUFACTURER, v->get());
682 }
683 break;
684 case KMV1::Tag::ATTESTATION_ID_MODEL:
685 if (auto v = KMV1::authorizationValue(KMV1::TAG_ATTESTATION_ID_MODEL, kp)) {
686 return V4_0::makeKeyParameter(V4_0::TAG_ATTESTATION_ID_MODEL, v->get());
687 }
688 break;
689 case KMV1::Tag::VENDOR_PATCHLEVEL:
690 if (auto v = KMV1::authorizationValue(KMV1::TAG_VENDOR_PATCHLEVEL, kp)) {
691 return V4_0::makeKeyParameter(V4_0::TAG_VENDOR_PATCHLEVEL, v->get());
692 }
693 break;
694 case KMV1::Tag::BOOT_PATCHLEVEL:
695 if (auto v = KMV1::authorizationValue(KMV1::TAG_BOOT_PATCHLEVEL, kp)) {
696 return V4_0::makeKeyParameter(V4_0::TAG_BOOT_PATCHLEVEL, v->get());
697 }
698 break;
699 case KMV1::Tag::DEVICE_UNIQUE_ATTESTATION:
700 if (auto v = KMV1::authorizationValue(KMV1::TAG_DEVICE_UNIQUE_ATTESTATION, kp)) {
701 return V4_0::makeKeyParameter(V4_1::TAG_DEVICE_UNIQUE_ATTESTATION, v->get());
702 }
703 break;
704 case KMV1::Tag::IDENTITY_CREDENTIAL_KEY:
705 if (auto v = KMV1::authorizationValue(KMV1::TAG_IDENTITY_CREDENTIAL_KEY, kp)) {
706 return V4_0::makeKeyParameter(V4_1::TAG_IDENTITY_CREDENTIAL_KEY, v->get());
707 }
708 break;
709 case KMV1::Tag::STORAGE_KEY:
710 if (auto v = KMV1::authorizationValue(KMV1::TAG_STORAGE_KEY, kp)) {
711 return V4_0::makeKeyParameter(V4_1::TAG_STORAGE_KEY, v->get());
712 }
713 break;
714 case KMV1::Tag::ASSOCIATED_DATA:
715 if (auto v = KMV1::authorizationValue(KMV1::TAG_ASSOCIATED_DATA, kp)) {
716 return V4_0::makeKeyParameter(V4_0::TAG_ASSOCIATED_DATA, v->get());
717 }
718 break;
719 case KMV1::Tag::NONCE:
720 if (auto v = KMV1::authorizationValue(KMV1::TAG_NONCE, kp)) {
721 return V4_0::makeKeyParameter(V4_0::TAG_NONCE, v->get());
722 }
723 break;
724 case KMV1::Tag::MAC_LENGTH:
725 if (auto v = KMV1::authorizationValue(KMV1::TAG_MAC_LENGTH, kp)) {
726 return V4_0::makeKeyParameter(V4_0::TAG_MAC_LENGTH, v->get());
727 }
728 break;
729 case KMV1::Tag::RESET_SINCE_ID_ROTATION:
730 if (auto v = KMV1::authorizationValue(KMV1::TAG_RESET_SINCE_ID_ROTATION, kp)) {
731 return V4_0::makeKeyParameter(V4_0::TAG_RESET_SINCE_ID_ROTATION, v->get());
732 }
733 break;
734 case KMV1::Tag::CONFIRMATION_TOKEN:
735 if (auto v = KMV1::authorizationValue(KMV1::TAG_CONFIRMATION_TOKEN, kp)) {
736 return V4_0::makeKeyParameter(V4_0::TAG_CONFIRMATION_TOKEN, v->get());
737 }
738 break;
739 case KMV1::Tag::RSA_OAEP_MGF_DIGEST:
740 case KMV1::Tag::CERTIFICATE_SERIAL:
741 case KMV1::Tag::CERTIFICATE_SUBJECT:
742 case KMV1::Tag::CERTIFICATE_NOT_BEFORE:
743 case KMV1::Tag::CERTIFICATE_NOT_AFTER:
744 // These tags do not exist in KM < KeyMint 1.0.
745 break;
746 case KMV1::Tag::MAX_BOOT_LEVEL:
747 // Does not exist in API level 30 or below.
748 break;
749 }
750 return V4_0::KeyParameter{.tag = V4_0::Tag::INVALID};
751 }
752
convertKeyParameterFromLegacy(const V4_0::KeyParameter & kp)753 static KMV1::KeyParameter convertKeyParameterFromLegacy(const V4_0::KeyParameter& kp) {
754 auto unwrapper = [](auto v) -> auto {
755 if (v.isOk()) {
756 return std::optional(std::reference_wrapper(v.value()));
757 } else {
758 return std::optional<decltype(std::reference_wrapper(v.value()))>{};
759 }
760 };
761 switch (kp.tag) {
762 case V4_0::Tag::INVALID:
763 break;
764 case V4_0::Tag::PURPOSE:
765 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_PURPOSE, kp))) {
766 return KMV1::makeKeyParameter(KMV1::TAG_PURPOSE, convert(v->get()));
767 }
768 break;
769 case V4_0::Tag::ALGORITHM:
770 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ALGORITHM, kp))) {
771 return KMV1::makeKeyParameter(KMV1::TAG_ALGORITHM, convert(v->get()));
772 }
773 break;
774 case V4_0::Tag::KEY_SIZE:
775 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_KEY_SIZE, kp))) {
776 return KMV1::makeKeyParameter(KMV1::TAG_KEY_SIZE, v->get());
777 }
778 break;
779 case V4_0::Tag::BLOCK_MODE:
780 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_BLOCK_MODE, kp))) {
781 return KMV1::makeKeyParameter(KMV1::TAG_BLOCK_MODE, convert(v->get()));
782 }
783 break;
784 case V4_0::Tag::DIGEST:
785 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_DIGEST, kp))) {
786 return KMV1::makeKeyParameter(KMV1::TAG_DIGEST, convert(v->get()));
787 }
788 break;
789 case V4_0::Tag::PADDING:
790 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_PADDING, kp))) {
791 return KMV1::makeKeyParameter(KMV1::TAG_PADDING, convert(v->get()));
792 }
793 break;
794 case V4_0::Tag::CALLER_NONCE:
795 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_CALLER_NONCE, kp))) {
796 return KMV1::makeKeyParameter(KMV1::TAG_CALLER_NONCE, v->get());
797 }
798 break;
799 case V4_0::Tag::MIN_MAC_LENGTH:
800 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_MIN_MAC_LENGTH, kp))) {
801 return KMV1::makeKeyParameter(KMV1::TAG_MIN_MAC_LENGTH, v->get());
802 }
803 break;
804 case V4_0::Tag::EC_CURVE:
805 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_EC_CURVE, kp))) {
806 return KMV1::makeKeyParameter(KMV1::TAG_EC_CURVE, convert(v->get()));
807 }
808 break;
809 case V4_0::Tag::RSA_PUBLIC_EXPONENT:
810 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_RSA_PUBLIC_EXPONENT, kp))) {
811 return KMV1::makeKeyParameter(KMV1::TAG_RSA_PUBLIC_EXPONENT, v->get());
812 }
813 break;
814 case V4_0::Tag::INCLUDE_UNIQUE_ID:
815 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_INCLUDE_UNIQUE_ID, kp))) {
816 return KMV1::makeKeyParameter(KMV1::TAG_INCLUDE_UNIQUE_ID, v->get());
817 }
818 break;
819 case V4_0::Tag::BLOB_USAGE_REQUIREMENTS:
820 // This tag has been removed. Mapped on invalid.
821 break;
822 case V4_0::Tag::BOOTLOADER_ONLY:
823 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_BOOTLOADER_ONLY, kp))) {
824 return KMV1::makeKeyParameter(KMV1::TAG_BOOTLOADER_ONLY, v->get());
825 }
826 break;
827 case V4_0::Tag::ROLLBACK_RESISTANCE:
828 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ROLLBACK_RESISTANCE, kp))) {
829 return KMV1::makeKeyParameter(KMV1::TAG_ROLLBACK_RESISTANCE, v->get());
830 }
831 break;
832 case V4_0::Tag::HARDWARE_TYPE:
833 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_HARDWARE_TYPE, kp))) {
834 return KMV1::makeKeyParameter(KMV1::TAG_HARDWARE_TYPE, convert(v->get()));
835 }
836 break;
837 case V4_0::Tag::ACTIVE_DATETIME:
838 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ACTIVE_DATETIME, kp))) {
839 return KMV1::makeKeyParameter(KMV1::TAG_ACTIVE_DATETIME, v->get());
840 }
841 break;
842 case V4_0::Tag::ORIGINATION_EXPIRE_DATETIME:
843 if (auto v =
844 unwrapper(V4_0::authorizationValue(V4_0::TAG_ORIGINATION_EXPIRE_DATETIME, kp))) {
845 return KMV1::makeKeyParameter(KMV1::TAG_ORIGINATION_EXPIRE_DATETIME, v->get());
846 }
847 break;
848 case V4_0::Tag::USAGE_EXPIRE_DATETIME:
849 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_USAGE_EXPIRE_DATETIME, kp))) {
850 return KMV1::makeKeyParameter(KMV1::TAG_USAGE_EXPIRE_DATETIME, v->get());
851 }
852 break;
853 case V4_0::Tag::MIN_SECONDS_BETWEEN_OPS:
854 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_MIN_SECONDS_BETWEEN_OPS, kp))) {
855 return KMV1::makeKeyParameter(KMV1::TAG_MIN_SECONDS_BETWEEN_OPS, v->get());
856 }
857 break;
858 case V4_0::Tag::MAX_USES_PER_BOOT:
859 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_MAX_USES_PER_BOOT, kp))) {
860 return KMV1::makeKeyParameter(KMV1::TAG_MAX_USES_PER_BOOT, v->get());
861 }
862 break;
863 case V4_0::Tag::USER_ID:
864 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_USER_ID, kp))) {
865 return KMV1::makeKeyParameter(KMV1::TAG_USER_ID, v->get());
866 }
867 break;
868 case V4_0::Tag::USER_SECURE_ID:
869 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_USER_SECURE_ID, kp))) {
870 return KMV1::makeKeyParameter(KMV1::TAG_USER_SECURE_ID, v->get());
871 }
872 break;
873 case V4_0::Tag::NO_AUTH_REQUIRED:
874 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_NO_AUTH_REQUIRED, kp))) {
875 return KMV1::makeKeyParameter(KMV1::TAG_NO_AUTH_REQUIRED, v->get());
876 }
877 break;
878 case V4_0::Tag::USER_AUTH_TYPE:
879 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_USER_AUTH_TYPE, kp))) {
880 return KMV1::makeKeyParameter(KMV1::TAG_USER_AUTH_TYPE, convert(v->get()));
881 }
882 break;
883 case V4_0::Tag::AUTH_TIMEOUT:
884 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_AUTH_TIMEOUT, kp))) {
885 return KMV1::makeKeyParameter(KMV1::TAG_AUTH_TIMEOUT, v->get());
886 }
887 break;
888 case V4_0::Tag::ALLOW_WHILE_ON_BODY:
889 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ALLOW_WHILE_ON_BODY, kp))) {
890 return KMV1::makeKeyParameter(KMV1::TAG_ALLOW_WHILE_ON_BODY, v->get());
891 }
892 break;
893 case V4_0::Tag::TRUSTED_USER_PRESENCE_REQUIRED:
894 if (auto v =
895 unwrapper(V4_0::authorizationValue(V4_0::TAG_TRUSTED_USER_PRESENCE_REQUIRED, kp))) {
896 return KMV1::makeKeyParameter(KMV1::TAG_TRUSTED_USER_PRESENCE_REQUIRED, v->get());
897 }
898 break;
899 case V4_0::Tag::TRUSTED_CONFIRMATION_REQUIRED:
900 if (auto v =
901 unwrapper(V4_0::authorizationValue(V4_0::TAG_TRUSTED_CONFIRMATION_REQUIRED, kp))) {
902 return KMV1::makeKeyParameter(KMV1::TAG_TRUSTED_CONFIRMATION_REQUIRED, v->get());
903 }
904 break;
905 case V4_0::Tag::UNLOCKED_DEVICE_REQUIRED:
906 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_UNLOCKED_DEVICE_REQUIRED, kp))) {
907 return KMV1::makeKeyParameter(KMV1::TAG_UNLOCKED_DEVICE_REQUIRED, v->get());
908 }
909 break;
910 case V4_0::Tag::APPLICATION_ID:
911 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_APPLICATION_ID, kp))) {
912 return KMV1::makeKeyParameter(KMV1::TAG_APPLICATION_ID, v->get());
913 }
914 break;
915 case V4_0::Tag::APPLICATION_DATA:
916 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_APPLICATION_DATA, kp))) {
917 return KMV1::makeKeyParameter(KMV1::TAG_APPLICATION_DATA, v->get());
918 }
919 break;
920 case V4_0::Tag::CREATION_DATETIME:
921 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_CREATION_DATETIME, kp))) {
922 return KMV1::makeKeyParameter(KMV1::TAG_CREATION_DATETIME, v->get());
923 }
924 break;
925 case V4_0::Tag::ORIGIN:
926 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ORIGIN, kp))) {
927 return KMV1::makeKeyParameter(KMV1::TAG_ORIGIN, convert(v->get()));
928 }
929 break;
930 case V4_0::Tag::ROOT_OF_TRUST:
931 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ROOT_OF_TRUST, kp))) {
932 return KMV1::makeKeyParameter(KMV1::TAG_ROOT_OF_TRUST, v->get());
933 }
934 break;
935 case V4_0::Tag::OS_VERSION:
936 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_OS_VERSION, kp))) {
937 return KMV1::makeKeyParameter(KMV1::TAG_OS_VERSION, v->get());
938 }
939 break;
940 case V4_0::Tag::OS_PATCHLEVEL:
941 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_OS_PATCHLEVEL, kp))) {
942 return KMV1::makeKeyParameter(KMV1::TAG_OS_PATCHLEVEL, v->get());
943 }
944 break;
945 case V4_0::Tag::UNIQUE_ID:
946 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_UNIQUE_ID, kp))) {
947 return KMV1::makeKeyParameter(KMV1::TAG_UNIQUE_ID, v->get());
948 }
949 break;
950 case V4_0::Tag::ATTESTATION_CHALLENGE:
951 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_CHALLENGE, kp))) {
952 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_CHALLENGE, v->get());
953 }
954 break;
955 case V4_0::Tag::ATTESTATION_APPLICATION_ID:
956 if (auto v =
957 unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_APPLICATION_ID, kp))) {
958 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_APPLICATION_ID, v->get());
959 }
960 break;
961 case V4_0::Tag::ATTESTATION_ID_BRAND:
962 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_ID_BRAND, kp))) {
963 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_ID_BRAND, v->get());
964 }
965 break;
966 case V4_0::Tag::ATTESTATION_ID_DEVICE:
967 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_ID_DEVICE, kp))) {
968 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_ID_DEVICE, v->get());
969 }
970 break;
971 case V4_0::Tag::ATTESTATION_ID_PRODUCT:
972 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_ID_PRODUCT, kp))) {
973 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_ID_PRODUCT, v->get());
974 }
975 break;
976 case V4_0::Tag::ATTESTATION_ID_SERIAL:
977 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_ID_SERIAL, kp))) {
978 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_ID_SERIAL, v->get());
979 }
980 break;
981 case V4_0::Tag::ATTESTATION_ID_IMEI:
982 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_ID_IMEI, kp))) {
983 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_ID_IMEI, v->get());
984 }
985 break;
986 case V4_0::Tag::ATTESTATION_ID_MEID:
987 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_ID_MEID, kp))) {
988 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_ID_MEID, v->get());
989 }
990 break;
991 case V4_0::Tag::ATTESTATION_ID_MANUFACTURER:
992 if (auto v =
993 unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_ID_MANUFACTURER, kp))) {
994 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_ID_MANUFACTURER, v->get());
995 }
996 break;
997 case V4_0::Tag::ATTESTATION_ID_MODEL:
998 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ATTESTATION_ID_MODEL, kp))) {
999 return KMV1::makeKeyParameter(KMV1::TAG_ATTESTATION_ID_MODEL, v->get());
1000 }
1001 break;
1002 case V4_0::Tag::VENDOR_PATCHLEVEL:
1003 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_VENDOR_PATCHLEVEL, kp))) {
1004 return KMV1::makeKeyParameter(KMV1::TAG_VENDOR_PATCHLEVEL, v->get());
1005 }
1006 break;
1007 case V4_0::Tag::BOOT_PATCHLEVEL:
1008 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_BOOT_PATCHLEVEL, kp))) {
1009 return KMV1::makeKeyParameter(KMV1::TAG_BOOT_PATCHLEVEL, v->get());
1010 }
1011 break;
1012 case V4_0::Tag::ASSOCIATED_DATA:
1013 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_ASSOCIATED_DATA, kp))) {
1014 return KMV1::makeKeyParameter(KMV1::TAG_ASSOCIATED_DATA, v->get());
1015 }
1016 break;
1017 case V4_0::Tag::NONCE:
1018 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_NONCE, kp))) {
1019 return KMV1::makeKeyParameter(KMV1::TAG_NONCE, v->get());
1020 }
1021 break;
1022 case V4_0::Tag::MAC_LENGTH:
1023 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_MAC_LENGTH, kp))) {
1024 return KMV1::makeKeyParameter(KMV1::TAG_MAC_LENGTH, v->get());
1025 }
1026 break;
1027 case V4_0::Tag::RESET_SINCE_ID_ROTATION:
1028 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_RESET_SINCE_ID_ROTATION, kp))) {
1029 return KMV1::makeKeyParameter(KMV1::TAG_RESET_SINCE_ID_ROTATION, v->get());
1030 }
1031 break;
1032 case V4_0::Tag::CONFIRMATION_TOKEN:
1033 if (auto v = unwrapper(V4_0::authorizationValue(V4_0::TAG_CONFIRMATION_TOKEN, kp))) {
1034 return KMV1::makeKeyParameter(KMV1::TAG_CONFIRMATION_TOKEN, v->get());
1035 }
1036 break;
1037 default:
1038 break;
1039 }
1040
1041 switch (static_cast<V4_1::Tag>(kp.tag)) {
1042 case V4_1::Tag::EARLY_BOOT_ONLY:
1043 if (auto v = unwrapper(V4_0::authorizationValue(V4_1::TAG_EARLY_BOOT_ONLY, kp))) {
1044 return KMV1::makeKeyParameter(KMV1::TAG_EARLY_BOOT_ONLY, v->get());
1045 }
1046 break;
1047 case V4_1::Tag::DEVICE_UNIQUE_ATTESTATION:
1048 if (auto v = unwrapper(V4_0::authorizationValue(V4_1::TAG_DEVICE_UNIQUE_ATTESTATION, kp))) {
1049 return KMV1::makeKeyParameter(KMV1::TAG_DEVICE_UNIQUE_ATTESTATION, v->get());
1050 }
1051 break;
1052 case V4_1::Tag::IDENTITY_CREDENTIAL_KEY:
1053 if (auto v = unwrapper(V4_0::authorizationValue(V4_1::TAG_IDENTITY_CREDENTIAL_KEY, kp))) {
1054 return KMV1::makeKeyParameter(KMV1::TAG_IDENTITY_CREDENTIAL_KEY, v->get());
1055 }
1056 break;
1057 case V4_1::Tag::STORAGE_KEY:
1058 if (auto v = unwrapper(V4_0::authorizationValue(V4_1::TAG_STORAGE_KEY, kp))) {
1059 return KMV1::makeKeyParameter(KMV1::TAG_STORAGE_KEY, v->get());
1060 }
1061 break;
1062 default:
1063 break;
1064 }
1065
1066 return KMV1::makeKeyParameter(KMV1::TAG_INVALID);
1067 }
1068