1 //! Local types that are equivalent to those generated for KeyMint HAL interfaces
2 //!
3 //! - Enums are encoded as exhaustive Rust enums backed by `i32`, using Rust naming
4 //! conventions (CamelCase values).
5 //! - Structs have all fields `pub`, using Rust naming conventions (snake_case fields).
6 //! - Both enums and structs get a `[derive(AsCborValue)]`
7 //!
8 //! Special cases:
9 //! - The `BeginResult` type of the HAL interface is omitted here, as it includes a
10 //! Binder reference.
11 //! - `Tag` is private to this module, because....
12 //! - `KeyParam` is a Rust `enum` that is used in place of the `KeyParameter` struct, meaning...
13 //! - `KeyParameterValue` is not included here.
14
15 use crate::{
16 cbor, cbor_type_error, try_from_n, vec_try, AsCborValue, CborError, KeySizeInBits, RsaExponent,
17 };
18 use alloc::format;
19 use alloc::string::{String, ToString};
20 use alloc::vec::Vec;
21 use enumn::N;
22 use kmr_derive::{AsCborValue, FromRawTag};
23
24 /// Default certificate serial number of 1.
25 pub const DEFAULT_CERT_SERIAL: &[u8] = &[0x01];
26
27 /// ASN.1 DER encoding of the default certificate subject of 'CN=Android Keystore Key'.
28 pub const DEFAULT_CERT_SUBJECT: &[u8] = &[
29 0x30, 0x1f, // SEQUENCE len 31
30 0x31, 0x1d, // SET len 29
31 0x30, 0x1b, // SEQUENCE len 27
32 0x06, 0x03, // OBJECT IDENTIFIER len 3
33 0x55, 0x04, 0x03, // 2.5.4.3 (commonName)
34 0x0c, 0x14, // UTF8String len 20
35 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65,
36 0x20, 0x4b, 0x65, 0x79, // "Android Keystore Key"
37 ];
38
39 /// Constants to indicate whether or not to include/expect more messages when splitting and then
40 /// assembling the large responses sent from the TA to the HAL.
41 pub const NEXT_MESSAGE_SIGNAL_TRUE: u8 = 0b00000001u8;
42 pub const NEXT_MESSAGE_SIGNAL_FALSE: u8 = 0b00000000u8;
43
44 /// Possible verified boot state values.
45 #[derive(Clone, Copy, Debug, PartialEq, Eq, N, AsCborValue)]
46 pub enum VerifiedBootState {
47 Verified = 0,
48 SelfSigned = 1,
49 Unverified = 2,
50 Failed = 3,
51 }
52
53 impl TryFrom<i32> for VerifiedBootState {
54 type Error = CborError;
try_from(v: i32) -> Result<Self, Self::Error>55 fn try_from(v: i32) -> Result<Self, Self::Error> {
56 Self::n(v).ok_or(CborError::OutOfRangeIntegerValue)
57 }
58 }
59
60 /// Information provided once at start-of-day, normally by the bootloader.
61 ///
62 /// Field order is fixed, to match the CBOR type definition of `RootOfTrust` in `IKeyMintDevice`.
63 #[derive(Clone, Debug, AsCborValue, PartialEq, Eq)]
64 pub struct BootInfo {
65 pub verified_boot_key: Vec<u8>,
66 pub device_boot_locked: bool,
67 pub verified_boot_state: VerifiedBootState,
68 pub verified_boot_hash: Vec<u8>,
69 pub boot_patchlevel: u32, // YYYYMMDD format
70 }
71
72 // Implement the `coset` CBOR serialization traits in terms of the local `AsCborValue` trait,
73 // in order to get access to tagged versions of serialize/deserialize.
74 impl coset::AsCborValue for BootInfo {
from_cbor_value(value: cbor::value::Value) -> coset::Result<Self>75 fn from_cbor_value(value: cbor::value::Value) -> coset::Result<Self> {
76 <Self as AsCborValue>::from_cbor_value(value).map_err(|e| e.into())
77 }
to_cbor_value(self) -> coset::Result<cbor::value::Value>78 fn to_cbor_value(self) -> coset::Result<cbor::value::Value> {
79 <Self as AsCborValue>::to_cbor_value(self).map_err(|e| e.into())
80 }
81 }
82
83 impl coset::TaggedCborSerializable for BootInfo {
84 const TAG: u64 = 40001;
85 }
86
87 /// Representation of a date/time.
88 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord)]
89 pub struct DateTime {
90 pub ms_since_epoch: i64,
91 }
92
93 impl AsCborValue for DateTime {
from_cbor_value(value: cbor::value::Value) -> Result<Self, CborError>94 fn from_cbor_value(value: cbor::value::Value) -> Result<Self, CborError> {
95 let val = <i64>::from_cbor_value(value)?;
96 Ok(Self { ms_since_epoch: val })
97 }
to_cbor_value(self) -> Result<cbor::value::Value, CborError>98 fn to_cbor_value(self) -> Result<cbor::value::Value, CborError> {
99 self.ms_since_epoch.to_cbor_value()
100 }
cddl_typename() -> Option<String>101 fn cddl_typename() -> Option<String> {
102 Some("DateTime".to_string())
103 }
cddl_schema() -> Option<String>104 fn cddl_schema() -> Option<String> {
105 Some("int".to_string())
106 }
107 }
108
109 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, AsCborValue, N)]
110 #[repr(i32)]
111 pub enum Algorithm {
112 Rsa = 1,
113 Ec = 3,
114 Aes = 32,
115 TripleDes = 33,
116 Hmac = 128,
117 }
118 try_from_n!(Algorithm);
119
120 #[derive(Clone, Debug, Eq, PartialEq, AsCborValue)]
121 pub struct AttestationKey {
122 pub key_blob: Vec<u8>,
123 pub attest_key_params: Vec<KeyParam>,
124 pub issuer_subject_name: Vec<u8>,
125 }
126
127 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, AsCborValue, N)]
128 #[repr(i32)]
129 pub enum BlockMode {
130 Ecb = 1,
131 Cbc = 2,
132 Ctr = 3,
133 Gcm = 32,
134 }
135 try_from_n!(BlockMode);
136
137 #[derive(Clone, Debug, Eq, PartialEq, AsCborValue)]
138 pub struct Certificate {
139 pub encoded_certificate: Vec<u8>,
140 }
141
142 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, AsCborValue, N)]
143 #[repr(i32)]
144 pub enum Digest {
145 None = 0,
146 Md5 = 1,
147 Sha1 = 2,
148 Sha224 = 3,
149 Sha256 = 4,
150 Sha384 = 5,
151 Sha512 = 6,
152 }
153 try_from_n!(Digest);
154
155 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, AsCborValue, N)]
156 #[repr(i32)]
157 pub enum EcCurve {
158 P224 = 0,
159 P256 = 1,
160 P384 = 2,
161 P521 = 3,
162 Curve25519 = 4,
163 }
164 try_from_n!(EcCurve);
165
166 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, AsCborValue, N)]
167 #[repr(i32)]
168 pub enum ErrorCode {
169 Ok = 0,
170 RootOfTrustAlreadySet = -1,
171 UnsupportedPurpose = -2,
172 IncompatiblePurpose = -3,
173 UnsupportedAlgorithm = -4,
174 IncompatibleAlgorithm = -5,
175 UnsupportedKeySize = -6,
176 UnsupportedBlockMode = -7,
177 IncompatibleBlockMode = -8,
178 UnsupportedMacLength = -9,
179 UnsupportedPaddingMode = -10,
180 IncompatiblePaddingMode = -11,
181 UnsupportedDigest = -12,
182 IncompatibleDigest = -13,
183 InvalidExpirationTime = -14,
184 InvalidUserId = -15,
185 InvalidAuthorizationTimeout = -16,
186 UnsupportedKeyFormat = -17,
187 IncompatibleKeyFormat = -18,
188 UnsupportedKeyEncryptionAlgorithm = -19,
189 UnsupportedKeyVerificationAlgorithm = -20,
190 InvalidInputLength = -21,
191 KeyExportOptionsInvalid = -22,
192 DelegationNotAllowed = -23,
193 KeyNotYetValid = -24,
194 KeyExpired = -25,
195 KeyUserNotAuthenticated = -26,
196 OutputParameterNull = -27,
197 InvalidOperationHandle = -28,
198 InsufficientBufferSpace = -29,
199 VerificationFailed = -30,
200 TooManyOperations = -31,
201 UnexpectedNullPointer = -32,
202 InvalidKeyBlob = -33,
203 ImportedKeyNotEncrypted = -34,
204 ImportedKeyDecryptionFailed = -35,
205 ImportedKeyNotSigned = -36,
206 ImportedKeyVerificationFailed = -37,
207 InvalidArgument = -38,
208 UnsupportedTag = -39,
209 InvalidTag = -40,
210 MemoryAllocationFailed = -41,
211 ImportParameterMismatch = -44,
212 SecureHwAccessDenied = -45,
213 OperationCancelled = -46,
214 ConcurrentAccessConflict = -47,
215 SecureHwBusy = -48,
216 SecureHwCommunicationFailed = -49,
217 UnsupportedEcField = -50,
218 MissingNonce = -51,
219 InvalidNonce = -52,
220 MissingMacLength = -53,
221 KeyRateLimitExceeded = -54,
222 CallerNonceProhibited = -55,
223 KeyMaxOpsExceeded = -56,
224 InvalidMacLength = -57,
225 MissingMinMacLength = -58,
226 UnsupportedMinMacLength = -59,
227 UnsupportedKdf = -60,
228 UnsupportedEcCurve = -61,
229 KeyRequiresUpgrade = -62,
230 AttestationChallengeMissing = -63,
231 KeymintNotConfigured = -64,
232 AttestationApplicationIdMissing = -65,
233 CannotAttestIds = -66,
234 RollbackResistanceUnavailable = -67,
235 HardwareTypeUnavailable = -68,
236 ProofOfPresenceRequired = -69,
237 ConcurrentProofOfPresenceRequested = -70,
238 NoUserConfirmation = -71,
239 DeviceLocked = -72,
240 EarlyBootEnded = -73,
241 AttestationKeysNotProvisioned = -74,
242 AttestationIdsNotProvisioned = -75,
243 InvalidOperation = -76,
244 StorageKeyUnsupported = -77,
245 IncompatibleMgfDigest = -78,
246 UnsupportedMgfDigest = -79,
247 MissingNotBefore = -80,
248 MissingNotAfter = -81,
249 MissingIssuerSubject = -82,
250 InvalidIssuerSubject = -83,
251 BootLevelExceeded = -84,
252 HardwareNotYetAvailable = -85,
253 Unimplemented = -100,
254 VersionMismatch = -101,
255 UnknownError = -1000,
256 }
257 try_from_n!(ErrorCode);
258
259 #[derive(Clone, Debug, Eq, PartialEq, AsCborValue)]
260 pub struct HardwareAuthToken {
261 pub challenge: i64,
262 pub user_id: i64,
263 pub authenticator_id: i64,
264 pub authenticator_type: HardwareAuthenticatorType,
265 pub timestamp: super::secureclock::Timestamp,
266 pub mac: Vec<u8>,
267 }
268
269 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, AsCborValue, N)]
270 #[repr(i32)]
271 pub enum HardwareAuthenticatorType {
272 None = 0,
273 Password = 1,
274 Fingerprint = 2,
275 Any = -1,
276 }
277 try_from_n!(HardwareAuthenticatorType);
278
279 #[derive(Clone, Debug, Eq, PartialEq, AsCborValue)]
280 pub struct KeyCharacteristics {
281 pub security_level: SecurityLevel,
282 pub authorizations: Vec<KeyParam>,
283 }
284
285 #[derive(Clone, Debug, Eq, PartialEq, AsCborValue)]
286 pub struct KeyCreationResult {
287 pub key_blob: Vec<u8>,
288 pub key_characteristics: Vec<KeyCharacteristics>,
289 pub certificate_chain: Vec<Certificate>,
290 }
291
292 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, AsCborValue, N)]
293 #[repr(i32)]
294 pub enum KeyFormat {
295 X509 = 0,
296 Pkcs8 = 1,
297 Raw = 3,
298 }
299 try_from_n!(KeyFormat);
300
301 #[derive(Clone, Debug, Eq, PartialEq, AsCborValue)]
302 pub struct KeyMintHardwareInfo {
303 pub version_number: i32,
304 pub security_level: SecurityLevel,
305 pub key_mint_name: String,
306 pub key_mint_author_name: String,
307 pub timestamp_token_required: bool,
308 }
309
310 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, AsCborValue, N)]
311 #[repr(i32)]
312 pub enum KeyOrigin {
313 Generated = 0,
314 Derived = 1,
315 Imported = 2,
316 Reserved = 3,
317 SecurelyImported = 4,
318 }
319 try_from_n!(KeyOrigin);
320
321 /// Rust exhaustive enum for all key parameters.
322 #[derive(Clone, Debug, PartialEq, Eq)]
323 pub enum KeyParam {
324 Purpose(KeyPurpose),
325 Algorithm(Algorithm),
326 KeySize(KeySizeInBits),
327 BlockMode(BlockMode),
328 Digest(Digest),
329 Padding(PaddingMode),
330 CallerNonce,
331 MinMacLength(u32),
332 EcCurve(EcCurve),
333 RsaPublicExponent(RsaExponent),
334 IncludeUniqueId,
335 RsaOaepMgfDigest(Digest),
336 BootloaderOnly,
337 RollbackResistance,
338 EarlyBootOnly,
339 ActiveDatetime(DateTime),
340 OriginationExpireDatetime(DateTime),
341 UsageExpireDatetime(DateTime),
342 MaxUsesPerBoot(u32),
343 UsageCountLimit(u32),
344 UserId(u32),
345 UserSecureId(u64),
346 NoAuthRequired,
347 UserAuthType(u32),
348 AuthTimeout(u32),
349 AllowWhileOnBody,
350 TrustedUserPresenceRequired,
351 TrustedConfirmationRequired,
352 UnlockedDeviceRequired,
353 ApplicationId(Vec<u8>),
354 ApplicationData(Vec<u8>),
355 CreationDatetime(DateTime),
356 Origin(KeyOrigin),
357 RootOfTrust(Vec<u8>),
358 OsVersion(u32),
359 OsPatchlevel(u32),
360 AttestationChallenge(Vec<u8>),
361 AttestationApplicationId(Vec<u8>),
362 AttestationIdBrand(Vec<u8>),
363 AttestationIdDevice(Vec<u8>),
364 AttestationIdProduct(Vec<u8>),
365 AttestationIdSerial(Vec<u8>),
366 AttestationIdImei(Vec<u8>),
367 AttestationIdSecondImei(Vec<u8>),
368 AttestationIdMeid(Vec<u8>),
369 AttestationIdManufacturer(Vec<u8>),
370 AttestationIdModel(Vec<u8>),
371 VendorPatchlevel(u32),
372 BootPatchlevel(u32),
373 DeviceUniqueAttestation,
374 StorageKey,
375 Nonce(Vec<u8>),
376 MacLength(u32),
377 ResetSinceIdRotation,
378 CertificateSerial(Vec<u8>),
379 CertificateSubject(Vec<u8>),
380 CertificateNotBefore(DateTime),
381 CertificateNotAfter(DateTime),
382 MaxBootLevel(u32),
383 }
384
385 impl KeyParam {
tag(&self) -> Tag386 pub fn tag(&self) -> Tag {
387 match self {
388 KeyParam::Algorithm(_) => Tag::Algorithm,
389 KeyParam::BlockMode(_) => Tag::BlockMode,
390 KeyParam::Padding(_) => Tag::Padding,
391 KeyParam::Digest(_) => Tag::Digest,
392 KeyParam::EcCurve(_) => Tag::EcCurve,
393 KeyParam::Origin(_) => Tag::Origin,
394 KeyParam::Purpose(_) => Tag::Purpose,
395 KeyParam::KeySize(_) => Tag::KeySize,
396 KeyParam::CallerNonce => Tag::CallerNonce,
397 KeyParam::MinMacLength(_) => Tag::MinMacLength,
398 KeyParam::RsaPublicExponent(_) => Tag::RsaPublicExponent,
399 KeyParam::IncludeUniqueId => Tag::IncludeUniqueId,
400 KeyParam::RsaOaepMgfDigest(_) => Tag::RsaOaepMgfDigest,
401 KeyParam::BootloaderOnly => Tag::BootloaderOnly,
402 KeyParam::RollbackResistance => Tag::RollbackResistance,
403 KeyParam::EarlyBootOnly => Tag::EarlyBootOnly,
404 KeyParam::ActiveDatetime(_) => Tag::ActiveDatetime,
405 KeyParam::OriginationExpireDatetime(_) => Tag::OriginationExpireDatetime,
406 KeyParam::UsageExpireDatetime(_) => Tag::UsageExpireDatetime,
407 KeyParam::MaxUsesPerBoot(_) => Tag::MaxUsesPerBoot,
408 KeyParam::UsageCountLimit(_) => Tag::UsageCountLimit,
409 KeyParam::UserId(_) => Tag::UserId,
410 KeyParam::UserSecureId(_) => Tag::UserSecureId,
411 KeyParam::NoAuthRequired => Tag::NoAuthRequired,
412 KeyParam::UserAuthType(_) => Tag::UserAuthType,
413 KeyParam::AuthTimeout(_) => Tag::AuthTimeout,
414 KeyParam::AllowWhileOnBody => Tag::AllowWhileOnBody,
415 KeyParam::TrustedUserPresenceRequired => Tag::TrustedUserPresenceRequired,
416 KeyParam::TrustedConfirmationRequired => Tag::TrustedConfirmationRequired,
417 KeyParam::UnlockedDeviceRequired => Tag::UnlockedDeviceRequired,
418 KeyParam::ApplicationId(_) => Tag::ApplicationId,
419 KeyParam::ApplicationData(_) => Tag::ApplicationData,
420 KeyParam::CreationDatetime(_) => Tag::CreationDatetime,
421 KeyParam::RootOfTrust(_) => Tag::RootOfTrust,
422 KeyParam::OsVersion(_) => Tag::OsVersion,
423 KeyParam::OsPatchlevel(_) => Tag::OsPatchlevel,
424 KeyParam::AttestationChallenge(_) => Tag::AttestationChallenge,
425 KeyParam::AttestationApplicationId(_) => Tag::AttestationApplicationId,
426 KeyParam::AttestationIdBrand(_) => Tag::AttestationIdBrand,
427 KeyParam::AttestationIdDevice(_) => Tag::AttestationIdDevice,
428 KeyParam::AttestationIdProduct(_) => Tag::AttestationIdProduct,
429 KeyParam::AttestationIdSerial(_) => Tag::AttestationIdSerial,
430 KeyParam::AttestationIdImei(_) => Tag::AttestationIdImei,
431 KeyParam::AttestationIdSecondImei(_) => Tag::AttestationIdSecondImei,
432 KeyParam::AttestationIdMeid(_) => Tag::AttestationIdMeid,
433 KeyParam::AttestationIdManufacturer(_) => Tag::AttestationIdManufacturer,
434 KeyParam::AttestationIdModel(_) => Tag::AttestationIdModel,
435 KeyParam::VendorPatchlevel(_) => Tag::VendorPatchlevel,
436 KeyParam::BootPatchlevel(_) => Tag::BootPatchlevel,
437 KeyParam::DeviceUniqueAttestation => Tag::DeviceUniqueAttestation,
438 KeyParam::StorageKey => Tag::StorageKey,
439 KeyParam::Nonce(_) => Tag::Nonce,
440 KeyParam::MacLength(_) => Tag::MacLength,
441 KeyParam::ResetSinceIdRotation => Tag::ResetSinceIdRotation,
442 KeyParam::CertificateSerial(_) => Tag::CertificateSerial,
443 KeyParam::CertificateSubject(_) => Tag::CertificateSubject,
444 KeyParam::CertificateNotBefore(_) => Tag::CertificateNotBefore,
445 KeyParam::CertificateNotAfter(_) => Tag::CertificateNotAfter,
446 KeyParam::MaxBootLevel(_) => Tag::MaxBootLevel,
447 }
448 }
449 }
450
451 /// Check that a `bool` value is true (false values are represented by the absence of a tag).
check_bool(value: cbor::value::Value) -> Result<(), crate::CborError>452 fn check_bool(value: cbor::value::Value) -> Result<(), crate::CborError> {
453 match value {
454 cbor::value::Value::Bool(true) => Ok(()),
455 cbor::value::Value::Bool(false) => Err(crate::CborError::UnexpectedItem("false", "true")),
456 _ => crate::cbor_type_error(&value, "true"),
457 }
458 }
459
460 /// Manual implementation of [`crate::AsCborValue`] for the [`KeyParam`] enum that
461 /// matches the serialization of the HAL `Tag` / `KeyParameterValue` types.
462 impl crate::AsCborValue for KeyParam {
from_cbor_value(value: cbor::value::Value) -> Result<Self, crate::CborError>463 fn from_cbor_value(value: cbor::value::Value) -> Result<Self, crate::CborError> {
464 let mut a = match value {
465 cbor::value::Value::Array(a) => a,
466 _ => return crate::cbor_type_error(&value, "arr"),
467 };
468 if a.len() != 2 {
469 return Err(crate::CborError::UnexpectedItem("arr", "arr len 2"));
470 }
471
472 // Need to know the tag value to completely parse the value.
473 let raw = a.remove(1);
474 let tag = <Tag>::from_cbor_value(a.remove(0))?;
475
476 Ok(match tag {
477 Tag::Algorithm => KeyParam::Algorithm(<Algorithm>::from_cbor_value(raw)?),
478 Tag::BlockMode => KeyParam::BlockMode(<BlockMode>::from_cbor_value(raw)?),
479 Tag::Padding => KeyParam::Padding(<PaddingMode>::from_cbor_value(raw)?),
480 Tag::Digest => KeyParam::Digest(<Digest>::from_cbor_value(raw)?),
481 Tag::EcCurve => KeyParam::EcCurve(<EcCurve>::from_cbor_value(raw)?),
482 Tag::Origin => KeyParam::Origin(<KeyOrigin>::from_cbor_value(raw)?),
483 Tag::Purpose => KeyParam::Purpose(<KeyPurpose>::from_cbor_value(raw)?),
484 Tag::KeySize => KeyParam::KeySize(<KeySizeInBits>::from_cbor_value(raw)?),
485 Tag::CallerNonce => KeyParam::CallerNonce,
486 Tag::MinMacLength => KeyParam::MinMacLength(<u32>::from_cbor_value(raw)?),
487 Tag::RsaPublicExponent => {
488 KeyParam::RsaPublicExponent(<RsaExponent>::from_cbor_value(raw)?)
489 }
490 Tag::IncludeUniqueId => {
491 check_bool(raw)?;
492 KeyParam::IncludeUniqueId
493 }
494 Tag::RsaOaepMgfDigest => KeyParam::RsaOaepMgfDigest(<Digest>::from_cbor_value(raw)?),
495 Tag::BootloaderOnly => {
496 check_bool(raw)?;
497 KeyParam::BootloaderOnly
498 }
499 Tag::RollbackResistance => {
500 check_bool(raw)?;
501 KeyParam::RollbackResistance
502 }
503 Tag::EarlyBootOnly => {
504 check_bool(raw)?;
505 KeyParam::EarlyBootOnly
506 }
507 Tag::ActiveDatetime => KeyParam::ActiveDatetime(<DateTime>::from_cbor_value(raw)?),
508 Tag::OriginationExpireDatetime => {
509 KeyParam::OriginationExpireDatetime(<DateTime>::from_cbor_value(raw)?)
510 }
511 Tag::UsageExpireDatetime => {
512 KeyParam::UsageExpireDatetime(<DateTime>::from_cbor_value(raw)?)
513 }
514 Tag::MaxUsesPerBoot => KeyParam::MaxUsesPerBoot(<u32>::from_cbor_value(raw)?),
515 Tag::UsageCountLimit => KeyParam::UsageCountLimit(<u32>::from_cbor_value(raw)?),
516 Tag::UserId => KeyParam::UserId(<u32>::from_cbor_value(raw)?),
517 Tag::UserSecureId => KeyParam::UserSecureId(<u64>::from_cbor_value(raw)?),
518 Tag::NoAuthRequired => {
519 check_bool(raw)?;
520 KeyParam::NoAuthRequired
521 }
522 Tag::UserAuthType => KeyParam::UserAuthType(<u32>::from_cbor_value(raw)?),
523 Tag::AuthTimeout => KeyParam::AuthTimeout(<u32>::from_cbor_value(raw)?),
524 Tag::AllowWhileOnBody => KeyParam::AllowWhileOnBody,
525 Tag::TrustedUserPresenceRequired => {
526 check_bool(raw)?;
527 KeyParam::TrustedUserPresenceRequired
528 }
529 Tag::TrustedConfirmationRequired => {
530 check_bool(raw)?;
531 KeyParam::TrustedConfirmationRequired
532 }
533 Tag::UnlockedDeviceRequired => {
534 check_bool(raw)?;
535 KeyParam::UnlockedDeviceRequired
536 }
537 Tag::ApplicationId => KeyParam::ApplicationId(<Vec<u8>>::from_cbor_value(raw)?),
538 Tag::ApplicationData => KeyParam::ApplicationData(<Vec<u8>>::from_cbor_value(raw)?),
539 Tag::CreationDatetime => KeyParam::CreationDatetime(<DateTime>::from_cbor_value(raw)?),
540 Tag::RootOfTrust => KeyParam::RootOfTrust(<Vec<u8>>::from_cbor_value(raw)?),
541 Tag::OsVersion => KeyParam::OsVersion(<u32>::from_cbor_value(raw)?),
542 Tag::OsPatchlevel => KeyParam::OsPatchlevel(<u32>::from_cbor_value(raw)?),
543 Tag::AttestationChallenge => {
544 KeyParam::AttestationChallenge(<Vec<u8>>::from_cbor_value(raw)?)
545 }
546 Tag::AttestationApplicationId => {
547 KeyParam::AttestationApplicationId(<Vec<u8>>::from_cbor_value(raw)?)
548 }
549 Tag::AttestationIdBrand => {
550 KeyParam::AttestationIdBrand(<Vec<u8>>::from_cbor_value(raw)?)
551 }
552 Tag::AttestationIdDevice => {
553 KeyParam::AttestationIdDevice(<Vec<u8>>::from_cbor_value(raw)?)
554 }
555 Tag::AttestationIdProduct => {
556 KeyParam::AttestationIdProduct(<Vec<u8>>::from_cbor_value(raw)?)
557 }
558 Tag::AttestationIdSerial => {
559 KeyParam::AttestationIdSerial(<Vec<u8>>::from_cbor_value(raw)?)
560 }
561 Tag::AttestationIdImei => KeyParam::AttestationIdImei(<Vec<u8>>::from_cbor_value(raw)?),
562 Tag::AttestationIdSecondImei => {
563 KeyParam::AttestationIdSecondImei(<Vec<u8>>::from_cbor_value(raw)?)
564 }
565 Tag::AttestationIdMeid => KeyParam::AttestationIdMeid(<Vec<u8>>::from_cbor_value(raw)?),
566 Tag::AttestationIdManufacturer => {
567 KeyParam::AttestationIdManufacturer(<Vec<u8>>::from_cbor_value(raw)?)
568 }
569 Tag::AttestationIdModel => {
570 KeyParam::AttestationIdModel(<Vec<u8>>::from_cbor_value(raw)?)
571 }
572 Tag::VendorPatchlevel => KeyParam::VendorPatchlevel(<u32>::from_cbor_value(raw)?),
573 Tag::BootPatchlevel => KeyParam::BootPatchlevel(<u32>::from_cbor_value(raw)?),
574 Tag::DeviceUniqueAttestation => {
575 check_bool(raw)?;
576 KeyParam::DeviceUniqueAttestation
577 }
578 Tag::StorageKey => KeyParam::StorageKey,
579 Tag::Nonce => KeyParam::Nonce(<Vec<u8>>::from_cbor_value(raw)?),
580 Tag::MacLength => KeyParam::MacLength(<u32>::from_cbor_value(raw)?),
581 Tag::ResetSinceIdRotation => {
582 check_bool(raw)?;
583 KeyParam::ResetSinceIdRotation
584 }
585 Tag::CertificateSerial => KeyParam::CertificateSerial(<Vec<u8>>::from_cbor_value(raw)?),
586 Tag::CertificateSubject => {
587 KeyParam::CertificateSubject(<Vec<u8>>::from_cbor_value(raw)?)
588 }
589 Tag::CertificateNotBefore => {
590 KeyParam::CertificateNotBefore(<DateTime>::from_cbor_value(raw)?)
591 }
592 Tag::CertificateNotAfter => {
593 KeyParam::CertificateNotAfter(<DateTime>::from_cbor_value(raw)?)
594 }
595 Tag::MaxBootLevel => KeyParam::MaxBootLevel(<u32>::from_cbor_value(raw)?),
596
597 _ => return Err(crate::CborError::UnexpectedItem("tag", "known tag")),
598 })
599 }
to_cbor_value(self) -> Result<cbor::value::Value, crate::CborError>600 fn to_cbor_value(self) -> Result<cbor::value::Value, crate::CborError> {
601 let (tag, val) = match self {
602 KeyParam::Algorithm(v) => (Tag::Algorithm, v.to_cbor_value()?),
603 KeyParam::BlockMode(v) => (Tag::BlockMode, v.to_cbor_value()?),
604 KeyParam::Padding(v) => (Tag::Padding, v.to_cbor_value()?),
605 KeyParam::Digest(v) => (Tag::Digest, v.to_cbor_value()?),
606 KeyParam::EcCurve(v) => (Tag::EcCurve, v.to_cbor_value()?),
607 KeyParam::Origin(v) => (Tag::Origin, v.to_cbor_value()?),
608 KeyParam::Purpose(v) => (Tag::Purpose, v.to_cbor_value()?),
609 KeyParam::KeySize(v) => (Tag::KeySize, v.to_cbor_value()?),
610 KeyParam::CallerNonce => (Tag::CallerNonce, true.to_cbor_value()?),
611 KeyParam::MinMacLength(v) => (Tag::MinMacLength, v.to_cbor_value()?),
612 KeyParam::RsaPublicExponent(v) => (Tag::RsaPublicExponent, v.to_cbor_value()?),
613 KeyParam::IncludeUniqueId => (Tag::IncludeUniqueId, true.to_cbor_value()?),
614 KeyParam::RsaOaepMgfDigest(v) => (Tag::RsaOaepMgfDigest, v.to_cbor_value()?),
615 KeyParam::BootloaderOnly => (Tag::BootloaderOnly, true.to_cbor_value()?),
616 KeyParam::RollbackResistance => (Tag::RollbackResistance, true.to_cbor_value()?),
617 KeyParam::EarlyBootOnly => (Tag::EarlyBootOnly, true.to_cbor_value()?),
618 KeyParam::ActiveDatetime(v) => (Tag::ActiveDatetime, v.to_cbor_value()?),
619 KeyParam::OriginationExpireDatetime(v) => {
620 (Tag::OriginationExpireDatetime, v.to_cbor_value()?)
621 }
622 KeyParam::UsageExpireDatetime(v) => (Tag::UsageExpireDatetime, v.to_cbor_value()?),
623 KeyParam::MaxUsesPerBoot(v) => (Tag::MaxUsesPerBoot, v.to_cbor_value()?),
624 KeyParam::UsageCountLimit(v) => (Tag::UsageCountLimit, v.to_cbor_value()?),
625 KeyParam::UserId(v) => (Tag::UserId, v.to_cbor_value()?),
626 KeyParam::UserSecureId(v) => (Tag::UserSecureId, v.to_cbor_value()?),
627 KeyParam::NoAuthRequired => (Tag::NoAuthRequired, true.to_cbor_value()?),
628 KeyParam::UserAuthType(v) => (Tag::UserAuthType, v.to_cbor_value()?),
629 KeyParam::AuthTimeout(v) => (Tag::AuthTimeout, v.to_cbor_value()?),
630 KeyParam::AllowWhileOnBody => (Tag::AllowWhileOnBody, true.to_cbor_value()?),
631 KeyParam::TrustedUserPresenceRequired => {
632 (Tag::TrustedUserPresenceRequired, true.to_cbor_value()?)
633 }
634 KeyParam::TrustedConfirmationRequired => {
635 (Tag::TrustedConfirmationRequired, true.to_cbor_value()?)
636 }
637 KeyParam::UnlockedDeviceRequired => {
638 (Tag::UnlockedDeviceRequired, true.to_cbor_value()?)
639 }
640 KeyParam::ApplicationId(v) => (Tag::ApplicationId, v.to_cbor_value()?),
641 KeyParam::ApplicationData(v) => (Tag::ApplicationData, v.to_cbor_value()?),
642 KeyParam::CreationDatetime(v) => (Tag::CreationDatetime, v.to_cbor_value()?),
643 KeyParam::RootOfTrust(v) => (Tag::RootOfTrust, v.to_cbor_value()?),
644 KeyParam::OsVersion(v) => (Tag::OsVersion, v.to_cbor_value()?),
645 KeyParam::OsPatchlevel(v) => (Tag::OsPatchlevel, v.to_cbor_value()?),
646 KeyParam::AttestationChallenge(v) => (Tag::AttestationChallenge, v.to_cbor_value()?),
647 KeyParam::AttestationApplicationId(v) => {
648 (Tag::AttestationApplicationId, v.to_cbor_value()?)
649 }
650 KeyParam::AttestationIdBrand(v) => (Tag::AttestationIdBrand, v.to_cbor_value()?),
651 KeyParam::AttestationIdDevice(v) => (Tag::AttestationIdDevice, v.to_cbor_value()?),
652 KeyParam::AttestationIdProduct(v) => (Tag::AttestationIdProduct, v.to_cbor_value()?),
653 KeyParam::AttestationIdSerial(v) => (Tag::AttestationIdSerial, v.to_cbor_value()?),
654 KeyParam::AttestationIdImei(v) => (Tag::AttestationIdImei, v.to_cbor_value()?),
655 KeyParam::AttestationIdSecondImei(v) => {
656 (Tag::AttestationIdSecondImei, v.to_cbor_value()?)
657 }
658 KeyParam::AttestationIdMeid(v) => (Tag::AttestationIdMeid, v.to_cbor_value()?),
659 KeyParam::AttestationIdManufacturer(v) => {
660 (Tag::AttestationIdManufacturer, v.to_cbor_value()?)
661 }
662 KeyParam::AttestationIdModel(v) => (Tag::AttestationIdModel, v.to_cbor_value()?),
663 KeyParam::VendorPatchlevel(v) => (Tag::VendorPatchlevel, v.to_cbor_value()?),
664 KeyParam::BootPatchlevel(v) => (Tag::BootPatchlevel, v.to_cbor_value()?),
665 KeyParam::DeviceUniqueAttestation => {
666 (Tag::DeviceUniqueAttestation, true.to_cbor_value()?)
667 }
668 KeyParam::StorageKey => (Tag::StorageKey, true.to_cbor_value()?),
669 KeyParam::Nonce(v) => (Tag::Nonce, v.to_cbor_value()?),
670 KeyParam::MacLength(v) => (Tag::MacLength, v.to_cbor_value()?),
671 KeyParam::ResetSinceIdRotation => (Tag::ResetSinceIdRotation, true.to_cbor_value()?),
672 KeyParam::CertificateSerial(v) => (Tag::CertificateSerial, v.to_cbor_value()?),
673 KeyParam::CertificateSubject(v) => (Tag::CertificateSubject, v.to_cbor_value()?),
674 KeyParam::CertificateNotBefore(v) => (Tag::CertificateNotBefore, v.to_cbor_value()?),
675 KeyParam::CertificateNotAfter(v) => (Tag::CertificateNotAfter, v.to_cbor_value()?),
676 KeyParam::MaxBootLevel(v) => (Tag::MaxBootLevel, v.to_cbor_value()?),
677 };
678 Ok(cbor::value::Value::Array(vec_try![tag.to_cbor_value()?, val]?))
679 }
cddl_typename() -> Option<String>680 fn cddl_typename() -> Option<String> {
681 Some("KeyParam".to_string())
682 }
cddl_schema() -> Option<String>683 fn cddl_schema() -> Option<String> {
684 Some(format!(
685 "&(
686 [{}, {}], ; {}
687 [{}, {}], ; {}
688 [{}, {}], ; {}
689 [{}, {}], ; {}
690 [{}, {}], ; {}
691 [{}, {}], ; {}
692 [{}, {}], ; {}
693 [{}, {}], ; {}
694 [{}, {}], ; {}
695 [{}, {}], ; {}
696 [{}, {}], ; {}
697 [{}, {}], ; {}
698 [{}, {}], ; {}
699 [{}, {}], ; {}
700 [{}, {}], ; {}
701 [{}, {}], ; {}
702 [{}, {}], ; {}
703 [{}, {}], ; {}
704 [{}, {}], ; {}
705 [{}, {}], ; {}
706 [{}, {}], ; {}
707 [{}, {}], ; {}
708 [{}, {}], ; {}
709 [{}, {}], ; {}
710 [{}, {}], ; {}
711 [{}, {}], ; {}
712 [{}, {}], ; {}
713 [{}, {}], ; {}
714 [{}, {}], ; {}
715 [{}, {}], ; {}
716 [{}, {}], ; {}
717 [{}, {}], ; {}
718 [{}, {}], ; {}
719 [{}, {}], ; {}
720 [{}, {}], ; {}
721 [{}, {}], ; {}
722 [{}, {}], ; {}
723 [{}, {}], ; {}
724 [{}, {}], ; {}
725 [{}, {}], ; {}
726 [{}, {}], ; {}
727 [{}, {}], ; {}
728 [{}, {}], ; {}
729 [{}, {}], ; {}
730 [{}, {}], ; {}
731 [{}, {}], ; {}
732 [{}, {}], ; {}
733 [{}, {}], ; {}
734 [{}, {}], ; {}
735 [{}, {}], ; {}
736 [{}, {}], ; {}
737 [{}, {}], ; {}
738 [{}, {}], ; {}
739 [{}, {}], ; {}
740 [{}, {}], ; {}
741 [{}, {}], ; {}
742 [{}, {}], ; {}
743 [{}, {}], ; {}
744 [{}, {}], ; {}
745 )",
746 Tag::Algorithm as i32,
747 Algorithm::cddl_ref(),
748 "Tag_Algorithm",
749 Tag::BlockMode as i32,
750 BlockMode::cddl_ref(),
751 "Tag_BlockMode",
752 Tag::Padding as i32,
753 PaddingMode::cddl_ref(),
754 "Tag_Padding",
755 Tag::Digest as i32,
756 Digest::cddl_ref(),
757 "Tag_Digest",
758 Tag::EcCurve as i32,
759 EcCurve::cddl_ref(),
760 "Tag_EcCurve",
761 Tag::Origin as i32,
762 KeyOrigin::cddl_ref(),
763 "Tag_Origin",
764 Tag::Purpose as i32,
765 KeyPurpose::cddl_ref(),
766 "Tag_Purpose",
767 Tag::KeySize as i32,
768 KeySizeInBits::cddl_ref(),
769 "Tag_KeySize",
770 Tag::CallerNonce as i32,
771 Vec::<u8>::cddl_ref(),
772 "Tag_CallerNonce",
773 Tag::MinMacLength as i32,
774 u32::cddl_ref(),
775 "Tag_MinMacLength",
776 Tag::RsaPublicExponent as i32,
777 RsaExponent::cddl_ref(),
778 "Tag_RsaPublicExponent",
779 Tag::IncludeUniqueId as i32,
780 "true",
781 "Tag_IncludeUniqueId",
782 Tag::RsaOaepMgfDigest as i32,
783 Digest::cddl_ref(),
784 "Tag_RsaOaepMgfDigest",
785 Tag::BootloaderOnly as i32,
786 "true",
787 "Tag_BootloaderOnly",
788 Tag::RollbackResistance as i32,
789 "true",
790 "Tag_RollbackResistance",
791 Tag::EarlyBootOnly as i32,
792 "true",
793 "Tag_EarlyBootOnly",
794 Tag::ActiveDatetime as i32,
795 DateTime::cddl_ref(),
796 "Tag_ActiveDatetime",
797 Tag::OriginationExpireDatetime as i32,
798 DateTime::cddl_ref(),
799 "Tag_OriginationExpireDatetime",
800 Tag::UsageExpireDatetime as i32,
801 DateTime::cddl_ref(),
802 "Tag_UsageExpireDatetime",
803 Tag::MaxUsesPerBoot as i32,
804 u32::cddl_ref(),
805 "Tag_MaxUsesPerBoot",
806 Tag::UsageCountLimit as i32,
807 u32::cddl_ref(),
808 "Tag_UsageCountLimit",
809 Tag::UserId as i32,
810 u32::cddl_ref(),
811 "Tag_UserId",
812 Tag::UserSecureId as i32,
813 u64::cddl_ref(),
814 "Tag_UserSecureId",
815 Tag::NoAuthRequired as i32,
816 "true",
817 "Tag_NoAuthRequired",
818 Tag::UserAuthType as i32,
819 u32::cddl_ref(),
820 "Tag_UserAuthType",
821 Tag::AuthTimeout as i32,
822 u32::cddl_ref(),
823 "Tag_AuthTimeout",
824 Tag::AllowWhileOnBody as i32,
825 "true",
826 "Tag_AllowWhileOnBody",
827 Tag::TrustedUserPresenceRequired as i32,
828 "true",
829 "Tag_TrustedUserPresenceRequired",
830 Tag::TrustedConfirmationRequired as i32,
831 "true",
832 "Tag_TrustedConfirmationRequired",
833 Tag::UnlockedDeviceRequired as i32,
834 "true",
835 "Tag_UnlockedDeviceRequired",
836 Tag::ApplicationId as i32,
837 Vec::<u8>::cddl_ref(),
838 "Tag_ApplicationId",
839 Tag::ApplicationData as i32,
840 Vec::<u8>::cddl_ref(),
841 "Tag_ApplicationData",
842 Tag::CreationDatetime as i32,
843 DateTime::cddl_ref(),
844 "Tag_CreationDatetime",
845 Tag::RootOfTrust as i32,
846 Vec::<u8>::cddl_ref(),
847 "Tag_RootOfTrust",
848 Tag::OsVersion as i32,
849 u32::cddl_ref(),
850 "Tag_OsVersion",
851 Tag::OsPatchlevel as i32,
852 u32::cddl_ref(),
853 "Tag_OsPatchlevel",
854 Tag::AttestationChallenge as i32,
855 Vec::<u8>::cddl_ref(),
856 "Tag_AttestationChallenge",
857 Tag::AttestationApplicationId as i32,
858 Vec::<u8>::cddl_ref(),
859 "Tag_AttestationApplicationId",
860 Tag::AttestationIdBrand as i32,
861 Vec::<u8>::cddl_ref(),
862 "Tag_AttestationIdBrand",
863 Tag::AttestationIdDevice as i32,
864 Vec::<u8>::cddl_ref(),
865 "Tag_AttestationIdDevice",
866 Tag::AttestationIdProduct as i32,
867 Vec::<u8>::cddl_ref(),
868 "Tag_AttestationIdProduct",
869 Tag::AttestationIdSerial as i32,
870 Vec::<u8>::cddl_ref(),
871 "Tag_AttestationIdSerial",
872 Tag::AttestationIdImei as i32,
873 Vec::<u8>::cddl_ref(),
874 "Tag_AttestationIdImei",
875 Tag::AttestationIdSecondImei as i32,
876 Vec::<u8>::cddl_ref(),
877 "Tag_AttestationIdSecondImei",
878 Tag::AttestationIdMeid as i32,
879 Vec::<u8>::cddl_ref(),
880 "Tag_AttestationIdMeid",
881 Tag::AttestationIdManufacturer as i32,
882 Vec::<u8>::cddl_ref(),
883 "Tag_AttestationIdManufacturer",
884 Tag::AttestationIdModel as i32,
885 Vec::<u8>::cddl_ref(),
886 "Tag_AttestationIdModel",
887 Tag::VendorPatchlevel as i32,
888 u32::cddl_ref(),
889 "Tag_VendorPatchlevel",
890 Tag::BootPatchlevel as i32,
891 u32::cddl_ref(),
892 "Tag_BootPatchlevel",
893 Tag::DeviceUniqueAttestation as i32,
894 "true",
895 "Tag_DeviceUniqueAttestation",
896 Tag::StorageKey as i32,
897 "true",
898 "Tag_StorageKey",
899 Tag::Nonce as i32,
900 Vec::<u8>::cddl_ref(),
901 "Tag_Nonce",
902 Tag::MacLength as i32,
903 u32::cddl_ref(),
904 "Tag_MacLength",
905 Tag::ResetSinceIdRotation as i32,
906 "true",
907 "Tag_ResetSinceIdRotation",
908 Tag::CertificateSerial as i32,
909 Vec::<u8>::cddl_ref(),
910 "Tag_CertificateSerial",
911 Tag::CertificateSubject as i32,
912 Vec::<u8>::cddl_ref(),
913 "Tag_CertificateSubject",
914 Tag::CertificateNotBefore as i32,
915 DateTime::cddl_ref(),
916 "Tag_CertificateNotBefore",
917 Tag::CertificateNotAfter as i32,
918 DateTime::cddl_ref(),
919 "Tag_CertificateNotAfter",
920 Tag::MaxBootLevel as i32,
921 u32::cddl_ref(),
922 "Tag_MaxBootLevel",
923 ))
924 }
925 }
926
927 /// Determine the tag type for a tag, based on the top 4 bits of the tag number.
tag_type(tag: Tag) -> TagType928 pub fn tag_type(tag: Tag) -> TagType {
929 match ((tag as u32) & 0xf0000000u32) as i32 {
930 x if x == TagType::Enum as i32 => TagType::Enum,
931 x if x == TagType::EnumRep as i32 => TagType::EnumRep,
932 x if x == TagType::Uint as i32 => TagType::Uint,
933 x if x == TagType::UintRep as i32 => TagType::UintRep,
934 x if x == TagType::Ulong as i32 => TagType::Ulong,
935 x if x == TagType::Date as i32 => TagType::Date,
936 x if x == TagType::Bool as i32 => TagType::Bool,
937 x if x == TagType::Bignum as i32 => TagType::Bignum,
938 x if x == TagType::Bytes as i32 => TagType::Bytes,
939 x if x == TagType::UlongRep as i32 => TagType::UlongRep,
940 _ => TagType::Invalid,
941 }
942 }
943
944 /// Determine the raw tag value with tag type information stripped out.
raw_tag_value(tag: Tag) -> u32945 pub fn raw_tag_value(tag: Tag) -> u32 {
946 (tag as u32) & 0x0fffffffu32
947 }
948
949 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, AsCborValue, N)]
950 #[repr(i32)]
951 pub enum KeyPurpose {
952 Encrypt = 0,
953 Decrypt = 1,
954 Sign = 2,
955 Verify = 3,
956 WrapKey = 5,
957 AgreeKey = 6,
958 AttestKey = 7,
959 }
960 try_from_n!(KeyPurpose);
961
962 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, AsCborValue, N)]
963 #[repr(i32)]
964 pub enum PaddingMode {
965 None = 1,
966 RsaOaep = 2,
967 RsaPss = 3,
968 RsaPkcs115Encrypt = 4,
969 RsaPkcs115Sign = 5,
970 Pkcs7 = 64,
971 }
972 try_from_n!(PaddingMode);
973
974 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, AsCborValue, N)]
975 #[repr(i32)]
976 pub enum SecurityLevel {
977 Software = 0,
978 TrustedEnvironment = 1,
979 Strongbox = 2,
980 Keystore = 100,
981 }
982 try_from_n!(SecurityLevel);
983
984 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, AsCborValue, FromRawTag, N)]
985 #[repr(i32)]
986 pub enum Tag {
987 Invalid = 0,
988 Purpose = 536870913,
989 Algorithm = 268435458,
990 KeySize = 805306371,
991 BlockMode = 536870916,
992 Digest = 536870917,
993 Padding = 536870918,
994 CallerNonce = 1879048199,
995 MinMacLength = 805306376,
996 EcCurve = 268435466,
997 RsaPublicExponent = 1342177480,
998 IncludeUniqueId = 1879048394,
999 RsaOaepMgfDigest = 536871115,
1000 BootloaderOnly = 1879048494,
1001 RollbackResistance = 1879048495,
1002 HardwareType = 268435760,
1003 EarlyBootOnly = 1879048497,
1004 ActiveDatetime = 1610613136,
1005 OriginationExpireDatetime = 1610613137,
1006 UsageExpireDatetime = 1610613138,
1007 MinSecondsBetweenOps = 805306771,
1008 MaxUsesPerBoot = 805306772,
1009 UsageCountLimit = 805306773,
1010 UserId = 805306869,
1011 UserSecureId = -1610612234,
1012 NoAuthRequired = 1879048695,
1013 UserAuthType = 268435960,
1014 AuthTimeout = 805306873,
1015 AllowWhileOnBody = 1879048698,
1016 TrustedUserPresenceRequired = 1879048699,
1017 TrustedConfirmationRequired = 1879048700,
1018 UnlockedDeviceRequired = 1879048701,
1019 ApplicationId = -1879047591,
1020 ApplicationData = -1879047492,
1021 CreationDatetime = 1610613437,
1022 Origin = 268436158,
1023 RootOfTrust = -1879047488,
1024 OsVersion = 805307073,
1025 OsPatchlevel = 805307074,
1026 UniqueId = -1879047485,
1027 AttestationChallenge = -1879047484,
1028 AttestationApplicationId = -1879047483,
1029 AttestationIdBrand = -1879047482,
1030 AttestationIdDevice = -1879047481,
1031 AttestationIdProduct = -1879047480,
1032 AttestationIdSerial = -1879047479,
1033 AttestationIdImei = -1879047478,
1034 AttestationIdMeid = -1879047477,
1035 AttestationIdManufacturer = -1879047476,
1036 AttestationIdModel = -1879047475,
1037 VendorPatchlevel = 805307086,
1038 BootPatchlevel = 805307087,
1039 DeviceUniqueAttestation = 1879048912,
1040 IdentityCredentialKey = 1879048913,
1041 StorageKey = 1879048914,
1042 AttestationIdSecondImei = -1879047469,
1043 AssociatedData = -1879047192,
1044 Nonce = -1879047191,
1045 MacLength = 805307371,
1046 ResetSinceIdRotation = 1879049196,
1047 ConfirmationToken = -1879047187,
1048 CertificateSerial = -2147482642,
1049 CertificateSubject = -1879047185,
1050 CertificateNotBefore = 1610613744,
1051 CertificateNotAfter = 1610613745,
1052 MaxBootLevel = 805307378,
1053 }
1054 try_from_n!(Tag);
1055
1056 #[derive(Clone, Copy, Debug, PartialEq, Eq, AsCborValue, N)]
1057 #[repr(i32)]
1058 pub enum TagType {
1059 Invalid = 0,
1060 Enum = 268435456,
1061 EnumRep = 536870912,
1062 Uint = 805306368,
1063 UintRep = 1073741824,
1064 Ulong = 1342177280,
1065 Date = 1610612736,
1066 Bool = 1879048192,
1067 Bignum = -2147483648,
1068 Bytes = -1879048192,
1069 UlongRep = -1610612736,
1070 }
1071 try_from_n!(TagType);
1072