Home | History | Annotate | Download | only in keymaster
      1 /*
      2  * Copyright 2017 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 #include "proto_utils.h"
     18 
     19 #include <android-base/logging.h>
     20 #include <android/hardware/keymaster/4.0/types.h>
     21 #include <keymasterV4_0/key_param_output.h>
     22 
     23 namespace android {
     24 namespace hardware {
     25 namespace keymaster {
     26 
     27 // HAL
     28 using ::android::hardware::keymaster::V4_0::Algorithm;
     29 using ::android::hardware::keymaster::V4_0::BlockMode;
     30 using ::android::hardware::keymaster::V4_0::Digest;
     31 using ::android::hardware::keymaster::V4_0::EcCurve;
     32 using ::android::hardware::keymaster::V4_0::HardwareAuthenticatorType;
     33 using ::android::hardware::keymaster::V4_0::KeyDerivationFunction;
     34 using ::android::hardware::keymaster::V4_0::KeyOrigin;
     35 using ::android::hardware::keymaster::V4_0::KeyPurpose;
     36 using ::android::hardware::keymaster::V4_0::KeyBlobUsageRequirements;
     37 using ::android::hardware::keymaster::V4_0::PaddingMode;
     38 using ::android::hardware::keymaster::V4_0::Tag;
     39 using ::android::hardware::keymaster::V4_0::TagType;
     40 
     41 static TagType type_from_tag(Tag tag)
     42 {
     43     return static_cast<TagType>(tag & (0xF << 28));
     44 }
     45 
     46 static nosapp::TagType type_from_tag(nosapp::Tag tag)
     47 {
     48     return static_cast<nosapp::TagType>(tag & (0xF << 16));
     49 }
     50 
     51 static nosapp::Tag translate_tag(Tag tag)
     52 {
     53     enum TagType tag_type = type_from_tag(tag);
     54 
     55     /* TODO:  This is gross.  The alternative is to have a complete table. */
     56     return static_cast<nosapp::Tag>(
     57         (((uint32_t)tag_type >> 28) << 16) | (tag & 0xffff));
     58 }
     59 
     60 static Tag translate_tag(nosapp::Tag tag)
     61 {
     62     enum nosapp::TagType tag_type = type_from_tag(tag);
     63 
     64     /* TODO:  This is gross.  The alternative is to have a complete table. */
     65     return static_cast<Tag>(
     66         (((uint32_t)tag_type >> 16) << 28) | (tag & 0xffff));
     67 }
     68 
     69 static nosapp::KeyPurpose translate_purpose(KeyPurpose purpose)
     70 {
     71     switch (purpose) {
     72     case KeyPurpose::ENCRYPT:
     73         return nosapp::KeyPurpose::ENCRYPT;
     74     case KeyPurpose::DECRYPT:
     75         return nosapp::KeyPurpose::DECRYPT;
     76     case KeyPurpose::SIGN:
     77         return nosapp::KeyPurpose::SIGN;
     78     case KeyPurpose::VERIFY:
     79         return nosapp::KeyPurpose::VERIFY;
     80     case KeyPurpose::WRAP_KEY:
     81         return nosapp::KeyPurpose::WRAP_KEY;
     82     default:
     83         return nosapp::KeyPurpose::PURPOSE_MAX;
     84     }
     85 }
     86 
     87 static ErrorCode translate_purpose(nosapp::KeyPurpose purpose, KeyPurpose *out)
     88 {
     89     switch (purpose) {
     90     case nosapp::KeyPurpose::ENCRYPT:
     91         *out = KeyPurpose::ENCRYPT;
     92         break;
     93     case nosapp::KeyPurpose::DECRYPT:
     94         *out = KeyPurpose::DECRYPT;
     95         break;
     96     case nosapp::KeyPurpose::SIGN:
     97         *out = KeyPurpose::SIGN;
     98         break;
     99     case nosapp::KeyPurpose::VERIFY:
    100         *out = KeyPurpose::VERIFY;
    101         break;
    102     case nosapp::KeyPurpose::WRAP_KEY:
    103         *out = KeyPurpose::WRAP_KEY;
    104         break;
    105     default:
    106         return ErrorCode::UNKNOWN_ERROR;
    107     }
    108 
    109     return ErrorCode::OK;
    110 }
    111 
    112 static nosapp::Algorithm translate_algorithm(Algorithm algorithm)
    113 {
    114     switch (algorithm) {
    115     case Algorithm::RSA:
    116         return nosapp::Algorithm::RSA;
    117     case Algorithm::EC:
    118         return nosapp::Algorithm::EC;
    119     case Algorithm::AES:
    120         return nosapp::Algorithm::AES;
    121     case Algorithm::TRIPLE_DES:
    122         return nosapp::Algorithm::DES;
    123     case Algorithm::HMAC:
    124         return nosapp::Algorithm::HMAC;
    125     default:
    126         return nosapp::Algorithm::ALGORITHM_MAX;
    127     }
    128 }
    129 
    130 ErrorCode translate_algorithm(nosapp::Algorithm algorithm,
    131                               Algorithm *out)
    132 {
    133     switch (algorithm) {
    134     case nosapp::Algorithm::RSA:
    135         *out = Algorithm::RSA;
    136         break;
    137     case nosapp::Algorithm::EC:
    138         *out = Algorithm::EC;
    139         break;
    140     case nosapp::Algorithm::AES:
    141         *out = Algorithm::AES;
    142         break;
    143     case nosapp::Algorithm::DES:
    144         *out = Algorithm::TRIPLE_DES;
    145         break;
    146     case nosapp::Algorithm::HMAC:
    147         *out = Algorithm::HMAC;
    148         break;
    149     default:
    150         return ErrorCode::UNKNOWN_ERROR;
    151     }
    152 
    153     return ErrorCode::OK;
    154 }
    155 
    156 static nosapp::BlockMode translate_block_mode(BlockMode block_mode)
    157 {
    158     switch (block_mode) {
    159     case BlockMode::ECB:
    160         return nosapp::BlockMode::ECB;
    161     case BlockMode::CBC:
    162         return nosapp::BlockMode::CBC;
    163     case BlockMode::CTR:
    164         return nosapp::BlockMode::CTR;
    165     case BlockMode::GCM:
    166         return nosapp::BlockMode::GCM;
    167     default:
    168         return nosapp::BlockMode::BLOCK_MODE_MAX;
    169     }
    170 }
    171 
    172 static ErrorCode translate_block_mode(nosapp::BlockMode block_mode,
    173                                       BlockMode *out)
    174 {
    175     switch (block_mode) {
    176     case nosapp::BlockMode::ECB:
    177         *out = BlockMode::ECB;
    178         break;
    179     case nosapp::BlockMode::CBC:
    180         *out = BlockMode::CBC;
    181         break;
    182     case nosapp::BlockMode::CTR:
    183         *out = BlockMode::CTR;
    184         break;
    185     case nosapp::BlockMode::GCM:
    186         *out = BlockMode::GCM;
    187         break;
    188     default:
    189         return ErrorCode::UNKNOWN_ERROR;
    190         break;
    191     }
    192 
    193     return ErrorCode::OK;
    194 }
    195 
    196 static nosapp::Digest translate_digest(Digest digest)
    197 {
    198     switch (digest) {
    199     case Digest::NONE:
    200         return nosapp::Digest::DIGEST_NONE;
    201     case Digest::MD5:
    202         return nosapp::Digest::DIGEST_MD5;
    203     case Digest::SHA1:
    204         return nosapp::Digest::DIGEST_SHA1;
    205     case Digest::SHA_2_224:
    206         return nosapp::Digest::DIGEST_SHA_2_224;
    207     case Digest::SHA_2_256:
    208         return nosapp::Digest::DIGEST_SHA_2_256;
    209     case Digest::SHA_2_384:
    210         return nosapp::Digest::DIGEST_SHA_2_384;
    211     case Digest::SHA_2_512:
    212         return nosapp::Digest::DIGEST_SHA_2_512;
    213     default:
    214         return nosapp::Digest::DIGEST_MAX;
    215     }
    216 }
    217 
    218 static ErrorCode translate_digest(nosapp::Digest digest,
    219                                   Digest *out)
    220 {
    221     switch (digest) {
    222     case nosapp::Digest::DIGEST_NONE:
    223         *out = Digest::NONE;
    224         break;
    225     case nosapp::Digest::DIGEST_MD5:
    226         *out = Digest::MD5;
    227         break;
    228     case nosapp::Digest::DIGEST_SHA1:
    229         *out = Digest::SHA1;
    230         break;
    231     case nosapp::Digest::DIGEST_SHA_2_224:
    232         *out = Digest::SHA_2_224;
    233         break;
    234     case nosapp::Digest::DIGEST_SHA_2_256:
    235         *out = Digest::SHA_2_256;
    236         break;
    237     case nosapp::Digest::DIGEST_SHA_2_384:
    238         *out = Digest::SHA_2_384;
    239         break;
    240     case nosapp::Digest::DIGEST_SHA_2_512:
    241         *out = Digest::SHA_2_512;
    242         break;
    243     default:
    244         return ErrorCode::UNKNOWN_ERROR;
    245     }
    246 
    247     return ErrorCode::OK;
    248 }
    249 
    250 static nosapp::PaddingMode translate_padding_mode(PaddingMode padding_mode)
    251 {
    252     switch (padding_mode) {
    253     case PaddingMode::NONE:
    254         return nosapp::PaddingMode::PADDING_NONE;
    255     case PaddingMode::RSA_OAEP:
    256         return nosapp::PaddingMode::PADDING_RSA_OAEP;
    257     case PaddingMode::RSA_PSS:
    258         return nosapp::PaddingMode::PADDING_RSA_PSS;
    259     case PaddingMode::RSA_PKCS1_1_5_ENCRYPT:
    260         return nosapp::PaddingMode::PADDING_RSA_PKCS1_1_5_ENCRYPT;
    261     case PaddingMode::RSA_PKCS1_1_5_SIGN:
    262         return nosapp::PaddingMode::PADDING_RSA_PKCS1_1_5_SIGN;
    263     case PaddingMode::PKCS7:
    264         return nosapp::PaddingMode::PADDING_PKCS7;
    265     default:
    266         return nosapp::PaddingMode::PADDING_MODE_MAX;
    267     }
    268 }
    269 
    270 static ErrorCode translate_padding_mode(nosapp::PaddingMode padding_mode,
    271     PaddingMode *out)
    272 {
    273     switch (padding_mode) {
    274     case nosapp::PaddingMode::PADDING_NONE:
    275         *out = PaddingMode::NONE;
    276         break;
    277     case nosapp::PaddingMode::PADDING_RSA_OAEP:
    278         *out = PaddingMode::RSA_OAEP;
    279         break;
    280     case nosapp::PaddingMode::PADDING_RSA_PSS:
    281         *out = PaddingMode::RSA_PSS;
    282         break;
    283     case nosapp::PaddingMode::PADDING_RSA_PKCS1_1_5_ENCRYPT:
    284         *out = PaddingMode::RSA_PKCS1_1_5_ENCRYPT;
    285         break;
    286     case nosapp::PaddingMode::PADDING_RSA_PKCS1_1_5_SIGN:
    287         *out = PaddingMode::RSA_PKCS1_1_5_SIGN;
    288         break;
    289     case nosapp::PaddingMode::PADDING_PKCS7:
    290         *out = PaddingMode::PKCS7;
    291         break;
    292     default:
    293         return ErrorCode::UNKNOWN_ERROR;
    294     }
    295 
    296     return ErrorCode::OK;
    297 }
    298 
    299 static nosapp::EcCurve translate_ec_curve(EcCurve ec_curve)
    300 {
    301     switch (ec_curve) {
    302     case EcCurve::P_224:
    303         return nosapp::EcCurve::P_224;
    304     case EcCurve::P_256:
    305         return nosapp::EcCurve::P_256;
    306     case EcCurve::P_384:
    307         return nosapp::EcCurve::P_384;
    308     case EcCurve::P_521:
    309         return nosapp::EcCurve::P_521;
    310     default:
    311         return nosapp::EcCurve::EC_CURVE_MAX;
    312     }
    313 }
    314 
    315 ErrorCode translate_ec_curve(nosapp::EcCurve ec_curve, EcCurve *out)
    316 {
    317     switch (ec_curve) {
    318     case nosapp::EcCurve::P_224:
    319         *out = EcCurve::P_224;
    320         break;
    321     case nosapp::EcCurve::P_256:
    322         *out = EcCurve::P_256;
    323         break;
    324     case nosapp::EcCurve::P_384:
    325         *out = EcCurve::P_384;
    326         break;
    327     case nosapp::EcCurve::P_521:
    328         *out = EcCurve::P_521;
    329         break;
    330     default:
    331         return ErrorCode::UNKNOWN_ERROR;
    332     }
    333 
    334     return ErrorCode::OK;
    335 }
    336 
    337 static nosapp::KeyBlobUsageRequirements translate_key_blob_usage_requirements(
    338     KeyBlobUsageRequirements usage)
    339 {
    340     switch (usage) {
    341     case KeyBlobUsageRequirements::STANDALONE:
    342         return nosapp::KeyBlobUsageRequirements::STANDALONE;
    343     case KeyBlobUsageRequirements::REQUIRES_FILE_SYSTEM:
    344         return nosapp::KeyBlobUsageRequirements::REQUIRES_FILE_SYSTEM;
    345     default:
    346         return nosapp::KeyBlobUsageRequirements::KEY_USAGE_MAX;
    347         break;
    348     }
    349 }
    350 
    351 static ErrorCode translate_key_blob_usage_requirements(
    352     nosapp::KeyBlobUsageRequirements usage, KeyBlobUsageRequirements *out)
    353 {
    354     switch (usage) {
    355     case nosapp::KeyBlobUsageRequirements::STANDALONE:
    356         *out = KeyBlobUsageRequirements::STANDALONE;
    357         break;
    358     case nosapp::KeyBlobUsageRequirements::REQUIRES_FILE_SYSTEM:
    359         *out = KeyBlobUsageRequirements::REQUIRES_FILE_SYSTEM;
    360         break;
    361     default:
    362         return ErrorCode::UNKNOWN_ERROR;
    363     }
    364 
    365     return ErrorCode::UNKNOWN_ERROR;
    366 }
    367 
    368 static nosapp::HardwareAuthenticatorType translate_hardware_authenticator_type(
    369     HardwareAuthenticatorType authenticator_type)
    370 {
    371     switch (authenticator_type) {
    372     case HardwareAuthenticatorType::NONE:
    373         return nosapp::HardwareAuthenticatorType::AUTH_NONE;
    374     case HardwareAuthenticatorType::PASSWORD:
    375         return nosapp::HardwareAuthenticatorType::AUTH_PASSWORD;
    376     case HardwareAuthenticatorType::FINGERPRINT:
    377         return nosapp::HardwareAuthenticatorType::AUTH_FINGERPRINT;
    378     case HardwareAuthenticatorType::ANY:
    379         return nosapp::HardwareAuthenticatorType::AUTH_ANY;
    380     default:
    381         return nosapp::HardwareAuthenticatorType::AUTH_MAX;
    382     }
    383 }
    384 
    385 static ErrorCode translate_hardware_authenticator_type(
    386     nosapp::HardwareAuthenticatorType authenticator_type,
    387     HardwareAuthenticatorType *out)
    388 {
    389     switch (authenticator_type) {
    390     case nosapp::HardwareAuthenticatorType::AUTH_NONE:
    391         *out = HardwareAuthenticatorType::NONE;
    392         break;
    393     case nosapp::HardwareAuthenticatorType::AUTH_PASSWORD:
    394         *out = HardwareAuthenticatorType::PASSWORD;
    395         break;
    396     case nosapp::HardwareAuthenticatorType::AUTH_FINGERPRINT:
    397         *out = HardwareAuthenticatorType::FINGERPRINT;
    398         break;
    399     case nosapp::HardwareAuthenticatorType::AUTH_ANY:
    400         *out = HardwareAuthenticatorType::ANY;
    401         break;
    402     default:
    403         return ErrorCode::UNKNOWN_ERROR;
    404     }
    405 
    406     return ErrorCode::OK;
    407 }
    408 
    409 static nosapp::KeyOrigin translate_key_origin(KeyOrigin key_origin)
    410 {
    411     switch (key_origin) {
    412     case KeyOrigin::GENERATED:
    413         return nosapp::KeyOrigin::GENERATED;
    414     case KeyOrigin::DERIVED:
    415         return nosapp::KeyOrigin::DERIVED;
    416     case KeyOrigin::IMPORTED:
    417         return nosapp::KeyOrigin::IMPORTED;
    418     case KeyOrigin::UNKNOWN:
    419         return nosapp::KeyOrigin::UNKNOWN;
    420     default:
    421         return nosapp::KeyOrigin::KEY_ORIGIN_MAX;
    422     }
    423 }
    424 
    425 static ErrorCode translate_key_origin(nosapp::KeyOrigin key_origin,
    426                                       KeyOrigin *out)
    427 {
    428     switch (key_origin) {
    429     case nosapp::KeyOrigin::GENERATED:
    430         *out = KeyOrigin::GENERATED;
    431         break;
    432     case nosapp::KeyOrigin::DERIVED:
    433         *out = KeyOrigin::DERIVED;
    434         break;
    435     case nosapp::KeyOrigin::IMPORTED:
    436         *out = KeyOrigin::IMPORTED;
    437         break;
    438     case nosapp::KeyOrigin::UNKNOWN:
    439         *out = KeyOrigin::UNKNOWN;
    440         break;
    441     default:
    442         return ErrorCode::UNKNOWN_ERROR;
    443     }
    444 
    445     return ErrorCode::OK;
    446 }
    447 
    448 ErrorCode translate_auth_token(const HardwareAuthToken& auth_token,
    449                                nosapp::HardwareAuthToken *out)
    450 {
    451     out->set_challenge(auth_token.challenge);
    452     out->set_user_id(auth_token.userId);
    453     out->set_authenticator_id(auth_token.authenticatorId);
    454 
    455     switch (auth_token.authenticatorType) {
    456     case HardwareAuthenticatorType::NONE:
    457         out->set_authenticator_type(
    458             nosapp::HardwareAuthenticatorType::AUTH_NONE);
    459         break;
    460     case HardwareAuthenticatorType::PASSWORD:
    461         out->set_authenticator_type(
    462             nosapp::HardwareAuthenticatorType::AUTH_PASSWORD);
    463         break;
    464     case HardwareAuthenticatorType::FINGERPRINT:
    465         out->set_authenticator_type(
    466             nosapp::HardwareAuthenticatorType::AUTH_FINGERPRINT);
    467         break;
    468     case HardwareAuthenticatorType::ANY:
    469         out->set_authenticator_type(
    470             nosapp::HardwareAuthenticatorType::AUTH_ANY);
    471         break;
    472     default:
    473         return ErrorCode::UNKNOWN_ERROR;
    474     }
    475 
    476     out->set_timestamp(auth_token.timestamp);
    477     out->set_mac(&auth_token.mac[0], auth_token.mac.size());
    478 
    479     return ErrorCode::OK;
    480 }
    481 
    482 void translate_verification_token(
    483     const VerificationToken& verification_token,
    484     nosapp::VerificationToken *out)
    485 {
    486     out->set_challenge(verification_token.challenge);
    487     out->set_timestamp(verification_token.timestamp);
    488     hidl_params_to_pb(verification_token.parametersVerified,
    489                       out->mutable_params_verified());
    490     out->set_security_level(nosapp::SecurityLevel::STRONGBOX);
    491     out->set_mac(verification_token.mac.data(),
    492                  verification_token.mac.size());
    493 }
    494 
    495 ErrorCode key_parameter_to_pb(const KeyParameter& param,
    496                               nosapp::KeyParameter *pb)
    497 {
    498     switch (param.tag) {
    499     case Tag::INVALID:
    500         LOG(ERROR) << "key_parameter_to_pb: invalid Tag received: "
    501                    << (uint32_t)param.tag;
    502         return ErrorCode::INVALID_ARGUMENT;
    503         break;
    504     case Tag::PURPOSE: // (TagType:ENUM_REP | 1)
    505         pb->set_integer((uint32_t)translate_purpose(param.f.purpose));
    506         break;
    507     case Tag::ALGORITHM: // (TagType:ENUM | 2)
    508         pb->set_integer((uint32_t)translate_algorithm(param.f.algorithm));
    509         break;
    510     case Tag::KEY_SIZE: // (TagType:UINT | 3)
    511         pb->set_integer(param.f.integer);
    512         break;
    513     case Tag::BLOCK_MODE: // (TagType:ENUM_REP | 4)
    514         pb->set_integer((uint32_t)translate_block_mode(param.f.blockMode));
    515         break;
    516     case Tag::DIGEST: // (TagType:ENUM_REP | 5)
    517         pb->set_integer((uint32_t)translate_digest(param.f.digest));
    518         break;
    519     case Tag::PADDING:; // (TagType:ENUM_REP | 6)
    520         pb->set_integer((uint32_t)translate_padding_mode(param.f.paddingMode));
    521         break;
    522     case Tag::CALLER_NONCE: // (TagType:BOOL | 7)
    523         pb->set_integer(param.f.boolValue);
    524         break;
    525     case Tag::MIN_MAC_LENGTH: // (TagType:UINT | 8)
    526         pb->set_integer(param.f.integer);
    527         break;
    528     case Tag::EC_CURVE: // (TagType:ENUM | 10)
    529         pb->set_integer((uint32_t)translate_ec_curve(param.f.ecCurve));
    530         break;
    531     case Tag::RSA_PUBLIC_EXPONENT: // (TagType:ULONG | 200)
    532         pb->set_long_integer(param.f.longInteger);
    533         break;
    534     case Tag::INCLUDE_UNIQUE_ID: // (TagType:BOOL | 202)
    535         pb->set_integer(param.f.boolValue);
    536         break;
    537     case Tag::BLOB_USAGE_REQUIREMENTS: // (TagType:ENUM | 301)
    538         pb->set_integer((uint32_t)translate_key_blob_usage_requirements(
    539                             param.f.keyBlobUsageRequirements));
    540         break;
    541     case Tag::BOOTLOADER_ONLY: // (TagType:BOOL | 302)
    542         pb->set_integer(param.f.boolValue);
    543         break;
    544     case Tag::ROLLBACK_RESISTANCE: // (TagType:BOOL | 303)
    545         pb->set_integer(param.f.boolValue);
    546         break;
    547     case Tag::HARDWARE_TYPE: // (TagType:ENUM | 304)
    548         break;
    549     case Tag::ACTIVE_DATETIME: // (TagType:DATE | 400)
    550         pb->set_long_integer(param.f.dateTime);
    551         break;
    552     case Tag::ORIGINATION_EXPIRE_DATETIME: // (TagType:DATE | 401)
    553     case Tag::USAGE_EXPIRE_DATETIME: // (TagType:DATE | 402)
    554         pb->set_long_integer(param.f.dateTime);
    555         break;
    556     case Tag::MIN_SECONDS_BETWEEN_OPS: // (TagType:UINT | 403)
    557     case Tag::MAX_USES_PER_BOOT: // (TagType:UINT | 404)
    558         pb->set_integer(param.f.integer);
    559         break;
    560     case Tag::USER_SECURE_ID: // (TagType:ULONG_REP | 502)
    561         pb->set_long_integer(param.f.longInteger);
    562         break;
    563     case Tag::NO_AUTH_REQUIRED: // (TagType:BOOL | 503)
    564         pb->set_integer(param.f.boolValue);
    565         break;
    566     case Tag::USER_AUTH_TYPE: // (TagType:ENUM | 504)
    567         pb->set_integer((uint32_t)translate_hardware_authenticator_type(
    568                             param.f.hardwareAuthenticatorType));
    569         break;
    570     case Tag::AUTH_TIMEOUT: // (TagType:UINT | 505)
    571         pb->set_integer(param.f.integer);
    572         break;
    573     case Tag::ALLOW_WHILE_ON_BODY: // (TagType:BOOL | 506)
    574         pb->set_integer(param.f.boolValue);
    575         break;
    576     case Tag::APPLICATION_ID: // (TagType:BYTES | 601)
    577         pb->set_blob(&param.blob[0], param.blob.size());
    578         break;
    579     case Tag::APPLICATION_DATA: // (TagType:BYTES | 700)
    580         pb->set_blob(&param.blob[0], param.blob.size());
    581         break;
    582     case Tag::CREATION_DATETIME: // (TagType:DATE | 701)
    583         pb->set_long_integer(param.f.dateTime);
    584         break;
    585     case Tag::ORIGIN: // (TagType:ENUM | 702)
    586         pb->set_integer((uint32_t)translate_key_origin(param.f.origin));
    587         break;
    588     case Tag::ROOT_OF_TRUST: // (TagType:BYTES | 704)
    589         pb->set_blob(&param.blob[0], param.blob.size());
    590         break;
    591     case Tag::OS_VERSION: // (TagType:UINT | 705)
    592     case Tag::OS_PATCHLEVEL: // (TagType:UINT | 706)
    593         pb->set_integer(param.f.integer);
    594         break;
    595     case Tag::UNIQUE_ID: // (TagType:BYTES | 707)
    596     case Tag::ATTESTATION_CHALLENGE: // (TagType:BYTES | 708)
    597     case Tag::ATTESTATION_APPLICATION_ID: // (TagType:BYTES | 709)
    598     case Tag::ATTESTATION_ID_BRAND: // (TagType:BYTES | 710)
    599     case Tag::ATTESTATION_ID_DEVICE: // (TagType:BYTES | 711)
    600     case Tag::ATTESTATION_ID_PRODUCT: // (TagType:BYTES | 712)
    601     case Tag::ATTESTATION_ID_SERIAL: // (TagType:BYTES | 713)
    602     case Tag::ATTESTATION_ID_IMEI: // (TagType:BYTES | 714)
    603     case Tag::ATTESTATION_ID_MEID: // (TagType:BYTES | 715)
    604     case Tag::ATTESTATION_ID_MANUFACTURER: // (TagType:BYTES | 716)
    605     case Tag::ATTESTATION_ID_MODEL: // (TagType:BYTES | 717)
    606         pb->set_blob(&param.blob[0], param.blob.size());
    607         break;
    608     case Tag::VENDOR_PATCHLEVEL: // (TagType:UINT | 718)
    609     case Tag::BOOT_PATCHLEVEL: // (TagType:UINT | 719)
    610         pb->set_integer(param.f.integer);
    611         break;
    612     case Tag::ASSOCIATED_DATA: // (TagType:BYTES | 1000)
    613     case Tag::NONCE: // (TagType:BYTES | 1001)
    614         pb->set_blob(&param.blob[0], param.blob.size());
    615         break;
    616     case Tag::MAC_LENGTH: // (TagType:UINT | 1003)
    617         pb->set_integer(param.f.integer);
    618         break;
    619     case Tag::RESET_SINCE_ID_ROTATION: // (TagType:BOOL | 1004)
    620         pb->set_integer(param.f.boolValue);
    621         break;
    622     default:
    623         LOG(ERROR) << "Unhandled tag value in key_parameter_to_pb: "
    624                    << (uint32_t) param.tag;
    625     }
    626 
    627     pb->set_tag(translate_tag(param.tag));
    628     return ErrorCode::OK;
    629 }
    630 
    631 ErrorCode pb_to_key_parameter(const nosapp::KeyParameter& param,
    632                               KeyParameter *kp)
    633 {
    634     switch (param.tag()) {
    635     case nosapp::Tag::TAG_INVALID:
    636         LOG(ERROR) << "pb_to_key_parameter: invalid Tag received: "
    637                    << (uint32_t)param.tag();
    638         return ErrorCode::UNKNOWN_ERROR;
    639         break;
    640     case nosapp::Tag::PURPOSE: // (TagType:ENUM_REP | 1)
    641         if (translate_purpose(static_cast<nosapp::KeyPurpose>(param.integer()),
    642                               &kp->f.purpose) != ErrorCode::OK) {
    643             return ErrorCode::UNKNOWN_ERROR;
    644         }
    645         break;
    646     case nosapp::Tag::ALGORITHM: // (TagType:ENUM | 2)
    647         if (translate_algorithm(static_cast<nosapp::Algorithm>(param.integer()),
    648                                 &kp->f.algorithm) != ErrorCode::OK) {
    649             return ErrorCode::UNKNOWN_ERROR;
    650         }
    651         break;
    652     case nosapp::Tag::KEY_SIZE: // (TagType:UINT | 3)
    653         kp->f.integer = param.integer();
    654         break;
    655     case nosapp::Tag::BLOCK_MODE: // (TagType:ENUM_REP | 4)
    656         if (translate_block_mode(
    657                 static_cast<nosapp::BlockMode>(param.integer()),
    658                 &kp->f.blockMode) != ErrorCode::OK) {
    659             return ErrorCode::UNKNOWN_ERROR;
    660         }
    661         break;
    662     case nosapp::Tag::DIGEST: // (TagType:ENUM_REP | 5)
    663         if (translate_digest(
    664                 static_cast<nosapp::Digest>(param.integer()),
    665                 &kp->f.digest) != ErrorCode::OK) {
    666             return ErrorCode::UNKNOWN_ERROR;
    667         }
    668         break;
    669     case nosapp::Tag::PADDING:; // (TagType:ENUM_REP | 6)
    670         if (translate_padding_mode(
    671                 static_cast<nosapp::PaddingMode>(param.integer()),
    672                 &kp->f.paddingMode) != ErrorCode::OK) {
    673             return ErrorCode::UNKNOWN_ERROR;
    674         }
    675         break;
    676     case nosapp::Tag::CALLER_NONCE: // (TagType:BOOL | 7)
    677         kp->f.boolValue = (bool)param.integer();
    678         break;
    679     case nosapp::Tag::MIN_MAC_LENGTH: // (TagType:UINT | 8)
    680         kp->f.integer = param.integer();
    681         break;
    682     case nosapp::Tag::EC_CURVE: // (TagType:ENUM | 10)
    683         if (translate_ec_curve(
    684                 static_cast<nosapp::EcCurve>(param.integer()),
    685                 &kp->f.ecCurve) != ErrorCode::OK) {
    686             return ErrorCode::UNKNOWN_ERROR;
    687         }
    688         break;
    689     case nosapp::Tag::RSA_PUBLIC_EXPONENT: // (TagType:ULONG | 200)
    690         kp->f.longInteger = param.long_integer();
    691         break;
    692     case nosapp::Tag::INCLUDE_UNIQUE_ID: // (TagType:BOOL | 202)
    693         kp->f.boolValue = (bool)param.integer();
    694         break;
    695     case nosapp::Tag::BLOB_USAGE_REQUIREMENTS: // (TagType:ENUM | 301)
    696         if (translate_key_blob_usage_requirements(
    697                 static_cast<nosapp::KeyBlobUsageRequirements>(param.integer()),
    698                 &kp->f.keyBlobUsageRequirements) != ErrorCode::OK) {
    699             return ErrorCode::UNKNOWN_ERROR;
    700         }
    701         break;
    702     case nosapp::Tag::BOOTLOADER_ONLY: // (TagType:BOOL | 302)
    703     case nosapp::Tag::ROLLBACK_RESISTANCE: // (TagType:BOOL | 303)
    704         kp->f.boolValue = (bool)param.integer();
    705         break;
    706     case nosapp::Tag::ACTIVE_DATETIME: // (TagType:DATE | 400)
    707     case nosapp::Tag::ORIGINATION_EXPIRE_DATETIME: // (TagType:DATE | 401)
    708     case nosapp::Tag::USAGE_EXPIRE_DATETIME: // (TagType:DATE | 402)
    709         kp->f.dateTime = param.long_integer();
    710         break;
    711     case nosapp::Tag::MIN_SECONDS_BETWEEN_OPS: // (TagType:UINT | 403)
    712     case nosapp::Tag::MAX_USES_PER_BOOT: // (TagType:UINT | 404)
    713         kp->f.integer = param.integer();
    714         break;
    715     case nosapp::Tag::USER_SECURE_ID: // (TagType:ULONG_REP | 502)
    716         kp->f.longInteger = param.long_integer();
    717         break;
    718     case nosapp::Tag::NO_AUTH_REQUIRED: // (TagType:BOOL | 503)
    719         kp->f.boolValue = (bool)param.integer();
    720         break;
    721     case nosapp::Tag::USER_AUTH_TYPE: // (TagType:ENUM | 504)
    722         if (translate_hardware_authenticator_type(
    723                 static_cast<nosapp::HardwareAuthenticatorType>(param.integer()),
    724                 &kp->f.hardwareAuthenticatorType) != ErrorCode::OK) {
    725             return ErrorCode::UNKNOWN_ERROR;
    726         }
    727         break;
    728     case nosapp::Tag::AUTH_TIMEOUT: // (TagType:UINT | 505)
    729         kp->f.integer = param.integer();
    730         break;
    731     case nosapp::Tag::ALLOW_WHILE_ON_BODY: // (TagType:BOOL | 506)
    732         kp->f.boolValue = (bool)param.integer();
    733         break;
    734     case nosapp::Tag::APPLICATION_ID: // (TagType:BYTES | 601)
    735         kp->blob.setToExternal(
    736             reinterpret_cast<uint8_t *>(
    737                 const_cast<char *>(param.blob().data())), param.blob().size());;
    738         break;
    739     case nosapp::Tag::APPLICATION_DATA: // (TagType:BYTES | 700)
    740         kp->blob.setToExternal(
    741             reinterpret_cast<uint8_t *>(
    742                 const_cast<char *>(param.blob().data())), param.blob().size());;
    743         break;
    744     case nosapp::Tag::CREATION_DATETIME: // (TagType:DATE | 701)
    745         kp->f.dateTime = param.long_integer();
    746         break;
    747     case nosapp::Tag::ORIGIN: // (TagType:ENUM | 702)
    748         if (translate_key_origin(
    749                 static_cast<nosapp::KeyOrigin>(param.integer()),
    750                 &kp->f.origin) != ErrorCode::OK) {
    751             return ErrorCode::UNKNOWN_ERROR;
    752         }
    753         break;
    754     case nosapp::Tag::ROOT_OF_TRUST: // (TagType:BYTES | 704)
    755         kp->blob.setToExternal(
    756             reinterpret_cast<uint8_t *>(
    757                 const_cast<char *>(param.blob().data())), param.blob().size());
    758         break;
    759     case nosapp::Tag::OS_VERSION: // (TagType:UINT | 705)
    760     case nosapp::Tag::OS_PATCHLEVEL: // (TagType:UINT | 706)
    761         kp->f.integer = param.integer();
    762         break;
    763     case nosapp::Tag::UNIQUE_ID: // (TagType:BYTES | 707)
    764     case nosapp::Tag::ATTESTATION_CHALLENGE: // (TagType:BYTES | 708)
    765     case nosapp::Tag::ATTESTATION_APPLICATION_ID: // (TagType:BYTES | 709)
    766     case nosapp::Tag::ATTESTATION_ID_BRAND: // (TagType:BYTES | 710)
    767     case nosapp::Tag::ATTESTATION_ID_DEVICE: // (TagType:BYTES | 711)
    768     case nosapp::Tag::ATTESTATION_ID_PRODUCT: // (TagType:BYTES | 712)
    769     case nosapp::Tag::ATTESTATION_ID_SERIAL: // (TagType:BYTES | 713)
    770     case nosapp::Tag::ATTESTATION_ID_IMEI: // (TagType:BYTES | 714)
    771     case nosapp::Tag::ATTESTATION_ID_MEID: // (TagType:BYTES | 715)
    772     case nosapp::Tag::ATTESTATION_ID_MANUFACTURER: // (TagType:BYTES | 716)
    773     case nosapp::Tag::ATTESTATION_ID_MODEL: // (TagType:BYTES | 717)
    774         kp->blob.setToExternal(
    775             reinterpret_cast<uint8_t *>(
    776                 const_cast<char *>(param.blob().data())), param.blob().size());
    777         break;
    778     case nosapp::Tag::VENDOR_PATCHLEVEL: // (TagType:UINT | 718)
    779     case nosapp::Tag::BOOT_PATCHLEVEL: // (TagType:UINT | 719)
    780         kp->f.integer = param.integer();
    781         break;
    782     case nosapp::Tag::ASSOCIATED_DATA: // (TagType:BYTES | 1000)
    783     case nosapp::Tag::NONCE: // (TagType:BYTES | 1001)
    784         kp->blob.setToExternal(
    785             reinterpret_cast<uint8_t *>(
    786                 const_cast<char *>(param.blob().data())), param.blob().size());
    787         break;
    788     case nosapp::Tag::MAC_LENGTH: // (TagType:UINT | 1003)
    789         kp->f.integer = param.integer();
    790         break;
    791     case nosapp::Tag::RESET_SINCE_ID_ROTATION: // (TagType:BOOL | 1004)
    792         kp->f.boolValue = (bool)param.integer();
    793         break;
    794     default:
    795         return ErrorCode::UNKNOWN_ERROR;
    796     }
    797 
    798     kp->tag = translate_tag(param.tag());
    799     return ErrorCode::OK;
    800 }
    801 
    802 ErrorCode hidl_params_to_pb(const hidl_vec<KeyParameter>& params,
    803                        nosapp::KeyParameters *pb)
    804 {
    805     for (size_t i = 0; i < params.size(); i++) {
    806         nosapp::KeyParameter *param = pb->add_params();
    807         ErrorCode error = key_parameter_to_pb(params[i], param);
    808         if (error != ErrorCode::OK) {
    809             return ErrorCode::INVALID_ARGUMENT;
    810         }
    811     }
    812 
    813     return ErrorCode::OK;
    814 }
    815 
    816 ErrorCode hidl_params_to_map(const hidl_vec<KeyParameter>& params,
    817                              tag_map_t *tag_map)
    818 {
    819     for (size_t i = 0; i < params.size(); i++) {
    820         switch (type_from_tag(params[i].tag)) {
    821         case TagType::INVALID:
    822             return ErrorCode::INVALID_ARGUMENT;
    823             break;
    824         case TagType::ENUM:
    825         case TagType::UINT:
    826         case TagType::ULONG:
    827         case TagType::DATE:
    828         case TagType::BOOL:
    829         case TagType::BIGNUM:
    830         case TagType::BYTES:
    831             if (tag_map->find(params[i].tag) != tag_map->end()) {
    832                 // Duplicates not allowed for these tags types.
    833                 return ErrorCode::INVALID_ARGUMENT;
    834             }
    835             /* Fall-through! */
    836         case TagType::ENUM_REP:
    837         case TagType::UINT_REP:
    838         case TagType::ULONG_REP:
    839             if (tag_map->find(params[i].tag) == tag_map->end()) {
    840                 vector<KeyParameter> v{params[i]};
    841                 tag_map->insert(
    842                     std::pair<Tag, vector<KeyParameter> >(
    843                         params[i].tag, v));
    844             } else {
    845                 (*tag_map)[params[i].tag].push_back(params[i]);
    846             }
    847             break;
    848         default:
    849             /* Unrecognized TagType. */
    850             return ErrorCode::INVALID_ARGUMENT;
    851             break;
    852         }
    853     }
    854 
    855     return ErrorCode::OK;
    856 }
    857 
    858 ErrorCode map_params_to_pb(const tag_map_t& params,
    859                            nosapp::KeyParameters *pbParams)
    860 {
    861     for (const auto& it : params) {
    862         for (const auto& pt : it.second) {
    863             nosapp::KeyParameter *param = pbParams->add_params();
    864             ErrorCode error = key_parameter_to_pb(pt, param);
    865             if (error != ErrorCode::OK) {
    866                 return error;
    867             }
    868         }
    869     }
    870 
    871     return ErrorCode::OK;
    872 }
    873 
    874 ErrorCode pb_to_hidl_params(const nosapp::KeyParameters& pbParams,
    875                             hidl_vec<KeyParameter> *params)
    876 {
    877     std::vector<KeyParameter> kpv;
    878     for (size_t i = 0; i < (size_t)pbParams.params_size(); i++) {
    879         KeyParameter kp;
    880         const nosapp::KeyParameter& param = pbParams.params(i);
    881 
    882         ErrorCode error = pb_to_key_parameter(param, &kp);
    883         if (error != ErrorCode::OK) {
    884             return ErrorCode::UNKNOWN_ERROR;
    885         }
    886 
    887         kpv.push_back(kp);
    888     }
    889 
    890     *params = kpv;
    891     return ErrorCode::OK;
    892 }
    893 
    894 ErrorCode translate_error_code(nosapp::ErrorCode error_code)
    895 {
    896     switch (error_code) {
    897     case nosapp::ErrorCode::OK:
    898         return ErrorCode::OK;
    899     case nosapp::ErrorCode::ROOT_OF_TRUST_ALREADY_SET:
    900         return ErrorCode::ROOT_OF_TRUST_ALREADY_SET;
    901     case nosapp::ErrorCode::UNSUPPORTED_PURPOSE:
    902       return ErrorCode::UNSUPPORTED_PURPOSE;
    903     case nosapp::ErrorCode::INCOMPATIBLE_PURPOSE:
    904         return ErrorCode::INCOMPATIBLE_PURPOSE;
    905     case nosapp::ErrorCode::UNSUPPORTED_ALGORITHM:
    906         return ErrorCode::UNSUPPORTED_ALGORITHM;
    907     case nosapp::ErrorCode::INCOMPATIBLE_ALGORITHM:
    908         return ErrorCode::INCOMPATIBLE_ALGORITHM;
    909     case nosapp::ErrorCode::UNSUPPORTED_KEY_SIZE:
    910         return ErrorCode::UNSUPPORTED_KEY_SIZE;
    911     case nosapp::ErrorCode::UNSUPPORTED_BLOCK_MODE:
    912         return ErrorCode::UNSUPPORTED_BLOCK_MODE;
    913     case nosapp::ErrorCode::INCOMPATIBLE_BLOCK_MODE:
    914         return ErrorCode::INCOMPATIBLE_BLOCK_MODE;
    915     case nosapp::ErrorCode::UNSUPPORTED_MAC_LENGTH:
    916         return ErrorCode::UNSUPPORTED_MAC_LENGTH;
    917     case nosapp::ErrorCode::UNSUPPORTED_PADDING_MODE:
    918         return ErrorCode::UNSUPPORTED_PADDING_MODE;
    919     case nosapp::ErrorCode::INCOMPATIBLE_PADDING_MODE:
    920         return ErrorCode::INCOMPATIBLE_PADDING_MODE;
    921     case nosapp::ErrorCode::UNSUPPORTED_DIGEST:
    922         return ErrorCode::UNSUPPORTED_DIGEST;
    923     case nosapp::ErrorCode::INCOMPATIBLE_DIGEST:
    924         return ErrorCode::INCOMPATIBLE_DIGEST;
    925     case nosapp::ErrorCode::INVALID_EXPIRATION_TIME:
    926         return ErrorCode::INVALID_EXPIRATION_TIME;
    927     case nosapp::ErrorCode::INVALID_USER_ID:
    928         return ErrorCode::INVALID_USER_ID;
    929     case nosapp::ErrorCode::INVALID_AUTHORIZATION_TIMEOUT:
    930         return ErrorCode::INVALID_AUTHORIZATION_TIMEOUT;
    931     case nosapp::ErrorCode::UNSUPPORTED_KEY_FORMAT:
    932         return ErrorCode::UNSUPPORTED_KEY_FORMAT;
    933     case nosapp::ErrorCode::INCOMPATIBLE_KEY_FORMAT:
    934         return ErrorCode::INCOMPATIBLE_KEY_FORMAT;
    935     case nosapp::ErrorCode::UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:
    936         return ErrorCode::UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM;
    937     case nosapp::ErrorCode::UNSUPPORTED_KEY_VERIFICATION_ALGORITHM:
    938         return ErrorCode::UNSUPPORTED_KEY_VERIFICATION_ALGORITHM;
    939     case nosapp::ErrorCode::INVALID_INPUT_LENGTH:
    940         return ErrorCode::INVALID_INPUT_LENGTH;
    941     case nosapp::ErrorCode::KEY_EXPORT_OPTIONS_INVALID:
    942         return ErrorCode::KEY_EXPORT_OPTIONS_INVALID;
    943     case nosapp::ErrorCode::DELEGATION_NOT_ALLOWED:
    944         return ErrorCode::DELEGATION_NOT_ALLOWED;
    945     case nosapp::ErrorCode::KEY_NOT_YET_VALID:
    946         return ErrorCode::KEY_NOT_YET_VALID;
    947     case nosapp::ErrorCode::KEY_EXPIRED:
    948         return ErrorCode::KEY_EXPIRED;
    949     case nosapp::ErrorCode::KEY_USER_NOT_AUTHENTICATED:
    950         return ErrorCode::KEY_USER_NOT_AUTHENTICATED;
    951     case nosapp::ErrorCode::OUTPUT_PARAMETER_NULL:
    952         return ErrorCode::OUTPUT_PARAMETER_NULL;
    953     case nosapp::ErrorCode::INVALID_OPERATION_HANDLE:
    954         return ErrorCode::INVALID_OPERATION_HANDLE;
    955     case nosapp::ErrorCode::INSUFFICIENT_BUFFER_SPACE:
    956         return ErrorCode::INSUFFICIENT_BUFFER_SPACE;
    957     case nosapp::ErrorCode::VERIFICATION_FAILED:
    958         return ErrorCode::VERIFICATION_FAILED;
    959     case nosapp::ErrorCode::TOO_MANY_OPERATIONS:
    960         return ErrorCode::TOO_MANY_OPERATIONS;
    961     case nosapp::ErrorCode::UNEXPECTED_NULL_POINTER:
    962         return ErrorCode::UNEXPECTED_NULL_POINTER;
    963     case nosapp::ErrorCode::INVALID_KEY_BLOB:
    964         return ErrorCode::INVALID_KEY_BLOB;
    965     case nosapp::ErrorCode::IMPORTED_KEY_NOT_ENCRYPTED:
    966         return ErrorCode::IMPORTED_KEY_NOT_ENCRYPTED;
    967     case nosapp::ErrorCode::IMPORTED_KEY_DECRYPTION_FAILED:
    968         return ErrorCode::IMPORTED_KEY_DECRYPTION_FAILED;
    969     case nosapp::ErrorCode::IMPORTED_KEY_NOT_SIGNED:
    970         return ErrorCode::IMPORTED_KEY_NOT_SIGNED;
    971     case nosapp::ErrorCode::IMPORTED_KEY_VERIFICATION_FAILED:
    972         return ErrorCode::IMPORTED_KEY_VERIFICATION_FAILED;
    973     case nosapp::ErrorCode::INVALID_ARGUMENT:
    974         return ErrorCode::INVALID_ARGUMENT;
    975     case nosapp::ErrorCode::UNSUPPORTED_TAG:
    976         return ErrorCode::UNSUPPORTED_TAG;
    977     case nosapp::ErrorCode::INVALID_TAG:
    978         return ErrorCode::INVALID_TAG;
    979     case nosapp::ErrorCode::MEMORY_ALLOCATION_FAILED:
    980         return ErrorCode::MEMORY_ALLOCATION_FAILED;
    981     case nosapp::ErrorCode::IMPORT_PARAMETER_MISMATCH:
    982         return ErrorCode::IMPORT_PARAMETER_MISMATCH;
    983     case nosapp::ErrorCode::SECURE_HW_ACCESS_DENIED:
    984         return ErrorCode::SECURE_HW_ACCESS_DENIED;
    985     case nosapp::ErrorCode::OPERATION_CANCELLED:
    986         return ErrorCode::OPERATION_CANCELLED;
    987     case nosapp::ErrorCode::CONCURRENT_ACCESS_CONFLICT:
    988         return ErrorCode::CONCURRENT_ACCESS_CONFLICT;
    989     case nosapp::ErrorCode::SECURE_HW_BUSY:
    990         return ErrorCode::SECURE_HW_BUSY;
    991     case nosapp::ErrorCode::SECURE_HW_COMMUNICATION_FAILED:
    992         return ErrorCode::SECURE_HW_COMMUNICATION_FAILED;
    993     case nosapp::ErrorCode::UNSUPPORTED_EC_FIELD:
    994         return ErrorCode::UNSUPPORTED_EC_FIELD;
    995     case nosapp::ErrorCode::MISSING_NONCE:
    996         return ErrorCode::MISSING_NONCE;
    997     case nosapp::ErrorCode::INVALID_NONCE:
    998         return ErrorCode::INVALID_NONCE;
    999     case nosapp::ErrorCode::MISSING_MAC_LENGTH:
   1000         return ErrorCode::MISSING_MAC_LENGTH;
   1001     case nosapp::ErrorCode::KEY_RATE_LIMIT_EXCEEDED:
   1002         return ErrorCode::KEY_RATE_LIMIT_EXCEEDED;
   1003     case nosapp::ErrorCode::CALLER_NONCE_PROHIBITED:
   1004         return ErrorCode::CALLER_NONCE_PROHIBITED;
   1005     case nosapp::ErrorCode::KEY_MAX_OPS_EXCEEDED:
   1006         return ErrorCode::KEY_MAX_OPS_EXCEEDED;
   1007     case nosapp::ErrorCode::INVALID_MAC_LENGTH:
   1008         return ErrorCode::INVALID_MAC_LENGTH;
   1009     case nosapp::ErrorCode::MISSING_MIN_MAC_LENGTH:
   1010         return ErrorCode::MISSING_MIN_MAC_LENGTH;
   1011     case nosapp::ErrorCode::UNSUPPORTED_MIN_MAC_LENGTH:
   1012         return ErrorCode::UNSUPPORTED_MIN_MAC_LENGTH;
   1013     case nosapp::ErrorCode::UNSUPPORTED_KDF:
   1014         return ErrorCode::UNSUPPORTED_KDF;
   1015     case nosapp::ErrorCode::UNSUPPORTED_EC_CURVE:
   1016         return ErrorCode::UNSUPPORTED_EC_CURVE;
   1017     case nosapp::ErrorCode::KEY_REQUIRES_UPGRADE:
   1018         return ErrorCode::KEY_REQUIRES_UPGRADE;
   1019     case nosapp::ErrorCode::ATTESTATION_CHALLENGE_MISSING:
   1020         return ErrorCode::ATTESTATION_CHALLENGE_MISSING;
   1021     case nosapp::ErrorCode::KEYMASTER_NOT_CONFIGURED:
   1022         return ErrorCode::KEYMASTER_NOT_CONFIGURED;
   1023     case nosapp::ErrorCode::ATTESTATION_APPLICATION_ID_MISSING:
   1024         return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
   1025     case nosapp::ErrorCode::CANNOT_ATTEST_IDS:
   1026         return ErrorCode::CANNOT_ATTEST_IDS;
   1027     case nosapp::ErrorCode::UNIMPLEMENTED:
   1028         return ErrorCode::UNIMPLEMENTED;
   1029     case nosapp::ErrorCode::VERSION_MISMATCH:
   1030         return ErrorCode::VERSION_MISMATCH;
   1031     case nosapp::ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE:
   1032         return ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE;
   1033     case nosapp::ErrorCode::HARDWARE_TYPE_UNAVAILABLE:
   1034         return ErrorCode::HARDWARE_TYPE_UNAVAILABLE;
   1035     case nosapp::ErrorCode::PROOF_OF_PRESENCE_REQUIRED:
   1036         return ErrorCode::PROOF_OF_PRESENCE_REQUIRED;
   1037     case nosapp::ErrorCode::CONCURRENT_PROOF_OF_PRESENCE_REQUESTED:
   1038         return ErrorCode::CONCURRENT_PROOF_OF_PRESENCE_REQUESTED;
   1039     case nosapp::ErrorCode::UNKNOWN_ERROR:
   1040         return ErrorCode::UNKNOWN_ERROR;
   1041 
   1042     /* Private error codes, unused by HAL. */
   1043     case nosapp::ErrorCode::INVALID_DEVICE_IDS:
   1044     case nosapp::ErrorCode::PRODUCTION_MODE_PROVISIONING:
   1045     case nosapp::ErrorCode::ErrorCode_INT_MIN_SENTINEL_DO_NOT_USE_:
   1046     case nosapp::ErrorCode::ErrorCode_INT_MAX_SENTINEL_DO_NOT_USE_:
   1047         LOG(ERROR) << "Unrecognized error_code: " << error_code;
   1048         return ErrorCode::UNKNOWN_ERROR;
   1049     }
   1050 }
   1051 
   1052 }  // namespace keymaster
   1053 }  // hardware
   1054 }  // android
   1055