Merge changes I5e19880b,Ibaed7364

    ASN1_INTEGER_SET* padding;

    ASN1_INTEGER_SET* padding;

    ASN1_INTEGER* ec_curve;

    ASN1_INTEGER* ec_curve;

    ASN1_INTEGER* rsa_public_exponent;

    ASN1_INTEGER* rsa_public_exponent;

    ASN1_NULL* rollback_resistance;

    ASN1_INTEGER* active_date_time;

    ASN1_INTEGER* active_date_time;

    ASN1_INTEGER* origination_expire_date_time;

    ASN1_INTEGER* origination_expire_date_time;

    ASN1_INTEGER* usage_expire_date_time;

    ASN1_INTEGER* usage_expire_date_time;

    ASN1_INTEGER* user_auth_type;

    ASN1_INTEGER* user_auth_type;

    ASN1_INTEGER* auth_timeout;

    ASN1_INTEGER* auth_timeout;

    ASN1_NULL* allow_while_on_body;

    ASN1_NULL* allow_while_on_body;

    ASN1_NULL* trusted_user_presence_required;

    ASN1_NULL* trusted_confirmation_required;

    ASN1_NULL* unlocked_device_required;

    ASN1_NULL* all_applications;

    ASN1_NULL* all_applications;

    ASN1_OCTET_STRING* application_id;

    ASN1_OCTET_STRING* application_id;

    ASN1_INTEGER* creation_date_time;

    ASN1_INTEGER* creation_date_time;

    ASN1_INTEGER* origin;

    ASN1_INTEGER* origin;

    ASN1_NULL* rollback_resistance;

    KM_ROOT_OF_TRUST* root_of_trust;

    KM_ROOT_OF_TRUST* root_of_trust;

    ASN1_INTEGER* os_version;

    ASN1_INTEGER* os_version;

    ASN1_INTEGER* os_patchlevel;

    ASN1_INTEGER* os_patchlevel;

    ASN1_OCTET_STRING* attestation_application_id;

    ASN1_OCTET_STRING* attestation_application_id;

    ASN1_NULL* trusted_user_presence_required;

    ASN1_OCTET_STRING* attestation_id_brand;

    ASN1_NULL* trusted_confirmation_required;

    ASN1_OCTET_STRING* attestation_id_device;

    ASN1_NULL* unlocked_device_required;

    ASN1_OCTET_STRING* attestation_id_product;

    ASN1_OCTET_STRING* attestation_id_serial;

    ASN1_OCTET_STRING* attestation_id_imei;

    ASN1_OCTET_STRING* attestation_id_meid;

    ASN1_OCTET_STRING* attestation_id_manufacturer;

    ASN1_OCTET_STRING* attestation_id_model;

    ASN1_INTEGER* vendor_patchlevel;

    ASN1_INTEGER* vendor_patchlevel;

    ASN1_INTEGER* boot_patchlevel;

    ASN1_INTEGER* boot_patchlevel;

} KM_AUTH_LIST;

} KM_AUTH_LIST;

        ASN1_EXP_OPT(KM_AUTH_LIST, ec_curve, ASN1_INTEGER, TAG_EC_CURVE.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, ec_curve, ASN1_INTEGER, TAG_EC_CURVE.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, rsa_public_exponent, ASN1_INTEGER,

        ASN1_EXP_OPT(KM_AUTH_LIST, rsa_public_exponent, ASN1_INTEGER,

                     TAG_RSA_PUBLIC_EXPONENT.maskedTag()),

                     TAG_RSA_PUBLIC_EXPONENT.maskedTag()),

    ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistance, ASN1_NULL, TAG_ROLLBACK_RESISTANCE.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistance, ASN1_NULL,

                     TAG_ROLLBACK_RESISTANCE.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER,

        ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER,

                     TAG_ORIGINATION_EXPIRE_DATETIME.maskedTag()),

                     TAG_ORIGINATION_EXPIRE_DATETIME.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, no_auth_required, ASN1_NULL, TAG_NO_AUTH_REQUIRED.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, no_auth_required, ASN1_NULL, TAG_NO_AUTH_REQUIRED.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, user_auth_type, ASN1_INTEGER, TAG_USER_AUTH_TYPE.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, user_auth_type, ASN1_INTEGER, TAG_USER_AUTH_TYPE.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, auth_timeout, ASN1_INTEGER, TAG_AUTH_TIMEOUT.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, auth_timeout, ASN1_INTEGER, TAG_AUTH_TIMEOUT.maskedTag()),

    ASN1_EXP_OPT(KM_AUTH_LIST, allow_while_on_body, ASN1_NULL, TAG_ALLOW_WHILE_ON_BODY.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, allow_while_on_body, ASN1_NULL,

                     TAG_ALLOW_WHILE_ON_BODY.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, trusted_user_presence_required, ASN1_NULL,

        ASN1_EXP_OPT(KM_AUTH_LIST, trusted_user_presence_required, ASN1_NULL,

                     TAG_TRUSTED_USER_PRESENCE_REQUIRED.maskedTag()),

                     TAG_TRUSTED_USER_PRESENCE_REQUIRED.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, trusted_confirmation_required, ASN1_NULL,

        ASN1_EXP_OPT(KM_AUTH_LIST, trusted_confirmation_required, ASN1_NULL,

                     TAG_TRUSTED_CONFIRMATION_REQUIRED.maskedTag()),

                     TAG_TRUSTED_CONFIRMATION_REQUIRED.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, unlocked_device_required, ASN1_NULL,

        ASN1_EXP_OPT(KM_AUTH_LIST, unlocked_device_required, ASN1_NULL,

                     TAG_UNLOCKED_DEVICE_REQUIRED.maskedTag()),

                     TAG_UNLOCKED_DEVICE_REQUIRED.maskedTag()),

    ASN1_EXP_OPT(KM_AUTH_LIST, creation_date_time, ASN1_INTEGER, TAG_CREATION_DATETIME.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, creation_date_time, ASN1_INTEGER,

                     TAG_CREATION_DATETIME.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, origin, ASN1_INTEGER, TAG_ORIGIN.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, origin, ASN1_INTEGER, TAG_ORIGIN.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.maskedTag()),

    ASN1_EXP_OPT(KM_AUTH_LIST, vendor_patchlevel, ASN1_INTEGER, TAG_VENDOR_PATCHLEVEL.maskedTag()),

    ASN1_EXP_OPT(KM_AUTH_LIST, boot_patchlevel, ASN1_INTEGER, TAG_BOOT_PATCHLEVEL.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING,

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_APPLICATION_ID.maskedTag()),

                     TAG_ATTESTATION_APPLICATION_ID.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_brand, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_ID_BRAND.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_device, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_ID_DEVICE.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_product, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_ID_PRODUCT.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_serial, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_ID_SERIAL.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_imei, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_ID_IMEI.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_meid, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_ID_MEID.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_manufacturer, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_ID_MANUFACTURER.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_model, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_ID_MODEL.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, vendor_patchlevel, ASN1_INTEGER,

                     TAG_VENDOR_PATCHLEVEL.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, boot_patchlevel, ASN1_INTEGER, TAG_BOOT_PATCHLEVEL.maskedTag()),

} ASN1_SEQUENCE_END(KM_AUTH_LIST);

} ASN1_SEQUENCE_END(KM_AUTH_LIST);

IMPLEMENT_ASN1_FUNCTIONS(KM_AUTH_LIST);

IMPLEMENT_ASN1_FUNCTIONS(KM_AUTH_LIST);

    copyAuthTag(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list);

    copyAuthTag(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list);

    copyAuthTag(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list);

    copyAuthTag(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list);

    copyAuthTag(record->attestation_application_id, TAG_ATTESTATION_APPLICATION_ID, auth_list);

    copyAuthTag(record->attestation_application_id, TAG_ATTESTATION_APPLICATION_ID, auth_list);

    copyAuthTag(record->attestation_id_brand, TAG_ATTESTATION_ID_BRAND, auth_list);

    copyAuthTag(record->attestation_id_device, TAG_ATTESTATION_ID_DEVICE, auth_list);

    copyAuthTag(record->attestation_id_product, TAG_ATTESTATION_ID_PRODUCT, auth_list);

    copyAuthTag(record->attestation_id_serial, TAG_ATTESTATION_ID_SERIAL, auth_list);

    copyAuthTag(record->attestation_id_imei, TAG_ATTESTATION_ID_IMEI, auth_list);

    copyAuthTag(record->attestation_id_meid, TAG_ATTESTATION_ID_MEID, auth_list);

    copyAuthTag(record->attestation_id_manufacturer, TAG_ATTESTATION_ID_MANUFACTURER, auth_list);

    copyAuthTag(record->attestation_id_model, TAG_ATTESTATION_ID_MODEL, auth_list);

    copyAuthTag(record->vendor_patchlevel, TAG_VENDOR_PATCHLEVEL, auth_list);

    copyAuthTag(record->vendor_patchlevel, TAG_VENDOR_PATCHLEVEL, auth_list);

    copyAuthTag(record->boot_patchlevel, TAG_BOOT_PATCHLEVEL, auth_list);

    copyAuthTag(record->boot_patchlevel, TAG_BOOT_PATCHLEVEL, auth_list);

    copyAuthTag(record->trusted_user_presence_required, TAG_TRUSTED_USER_PRESENCE_REQUIRED,

    copyAuthTag(record->trusted_user_presence_required, TAG_TRUSTED_USER_PRESENCE_REQUIRED,

    return count > 0;

    return count > 0;

}

}

// If the given property is available, add it to the tag set under the given tag ID.

template <Tag tag>

void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, tag> ttag,

                       const char* prop) {

    char value[PROPERTY_VALUE_MAX];

    int len = property_get(prop, value, /* default = */ "");

    if (len > 0) {

        tags->Authorization(ttag, reinterpret_cast<const uint8_t*>(value),

                            static_cast<size_t>(len));

    }

}

constexpr char hex_value[256] = {0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //

constexpr char hex_value[256] = {0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //

                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //

                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //

                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //

                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //

                                          SecLevel(), cert_chain[0]));

                                          SecLevel(), cert_chain[0]));

}

}

/*

 * AttestationTest.EcAttestationID

 *

 * Verifies that attesting to EC keys with correct attestation ID fields works and generates the

 * expected output.

 */

TEST_P(AttestationTest, EcAttestationID) {

    ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()

                                                 .Authorization(TAG_NO_AUTH_REQUIRED)

                                                 .EcdsaSigningKey(EcCurve::P_256)

                                                 .Digest(Digest::SHA_2_256)

                                                 .Authorization(TAG_INCLUDE_UNIQUE_ID)));

    // Collection of valid attestation ID tags.

    auto attestation_id_tags = AuthorizationSetBuilder();

    add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");

    add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_DEVICE, "ro.product.device");

    add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");

    add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serial");

    add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MANUFACTURER,

                      "ro.product.manufacturer");

    add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");

    for (const KeyParameter& tag : attestation_id_tags) {

        AuthorizationSetBuilder builder =

                AuthorizationSetBuilder()

                        .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge"))

                        .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo"));

        // Include one of the (valid) attestation ID tags.

        builder.push_back(tag);

        hidl_vec<hidl_vec<uint8_t>> cert_chain;

        auto result = AttestKey(builder, &cert_chain);

        if (result == ErrorCode::CANNOT_ATTEST_IDS) {

            continue;

        }

        ASSERT_EQ(ErrorCode::OK, result);

        EXPECT_GE(cert_chain.size(), 2U);

        std::vector<KeyParameter> expected_hw_enforced = key_characteristics_.hardwareEnforced;

        expected_hw_enforced.push_back(tag);

        EXPECT_TRUE(verify_attestation_record(

                "challenge", "foo", key_characteristics_.softwareEnforced,

                hidl_vec<KeyParameter>(expected_hw_enforced), SecLevel(), cert_chain[0]));

    }

}

/*

 * AttestationTest.EcAttestationMismatchID

 *

 * Verifies that attesting to EC keys with incorrect attestation ID fields fails.

 */

TEST_P(AttestationTest, EcAttestationMismatchID) {

    ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()

                                                 .Authorization(TAG_NO_AUTH_REQUIRED)

                                                 .EcdsaSigningKey(EcCurve::P_256)

                                                 .Digest(Digest::SHA_2_256)

                                                 .Authorization(TAG_INCLUDE_UNIQUE_ID)));

    // Collection of invalid attestation ID tags.

    std::string invalid = "completely-invalid";

    auto invalid_tags =

            AuthorizationSetBuilder()

                    .Authorization(V4_0::TAG_ATTESTATION_ID_BRAND, invalid.data(), invalid.size())

                    .Authorization(V4_0::TAG_ATTESTATION_ID_DEVICE, invalid.data(), invalid.size())

                    .Authorization(V4_0::TAG_ATTESTATION_ID_PRODUCT, invalid.data(), invalid.size())

                    .Authorization(V4_0::TAG_ATTESTATION_ID_SERIAL, invalid.data(), invalid.size())

                    .Authorization(V4_0::TAG_ATTESTATION_ID_IMEI, invalid.data(), invalid.size())

                    .Authorization(V4_0::TAG_ATTESTATION_ID_MEID, invalid.data(), invalid.size())

                    .Authorization(V4_0::TAG_ATTESTATION_ID_MANUFACTURER, invalid.data(),

                                   invalid.size())

                    .Authorization(V4_0::TAG_ATTESTATION_ID_MODEL, invalid.data(), invalid.size());

    for (const KeyParameter& invalid_tag : invalid_tags) {

        AuthorizationSetBuilder builder =

                AuthorizationSetBuilder()

                        .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge"))

                        .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo"));

        // Include one of the invalid attestation ID tags.

        builder.push_back(invalid_tag);

        hidl_vec<hidl_vec<uint8_t>> cert_chain;

        auto result = AttestKey(builder, &cert_chain);

        EXPECT_TRUE(result == ErrorCode::CANNOT_ATTEST_IDS || result == ErrorCode::INVALID_TAG)

                << "result: " << static_cast<int32_t>(result);

    }

}

/*

/*

 * AttestationTest.EcAttestationRequiresAttestationAppId

 * AttestationTest.EcAttestationRequiresAttestationAppId

 *

 *

    ASN1_INTEGER_SET* padding;

    ASN1_INTEGER_SET* padding;

    ASN1_INTEGER* ec_curve;

    ASN1_INTEGER* ec_curve;

    ASN1_INTEGER* rsa_public_exponent;

    ASN1_INTEGER* rsa_public_exponent;

    ASN1_NULL* rollback_resistance;

    ASN1_NULL* early_boot_only;

    ASN1_INTEGER* active_date_time;

    ASN1_INTEGER* active_date_time;

    ASN1_INTEGER* origination_expire_date_time;

    ASN1_INTEGER* origination_expire_date_time;

    ASN1_INTEGER* usage_expire_date_time;

    ASN1_INTEGER* usage_expire_date_time;

    ASN1_INTEGER* user_auth_type;

    ASN1_INTEGER* user_auth_type;

    ASN1_INTEGER* auth_timeout;

    ASN1_INTEGER* auth_timeout;

    ASN1_NULL* allow_while_on_body;

    ASN1_NULL* allow_while_on_body;

    ASN1_NULL* trusted_user_presence_required;

    ASN1_NULL* trusted_confirmation_required;

    ASN1_NULL* unlocked_device_required;

    ASN1_NULL* all_applications;

    ASN1_NULL* all_applications;

    ASN1_OCTET_STRING* application_id;

    ASN1_OCTET_STRING* application_id;

    ASN1_INTEGER* creation_date_time;

    ASN1_INTEGER* creation_date_time;

    ASN1_INTEGER* origin;

    ASN1_INTEGER* origin;

    ASN1_NULL* rollback_resistance;

    KM_ROOT_OF_TRUST* root_of_trust;

    KM_ROOT_OF_TRUST* root_of_trust;

    ASN1_INTEGER* os_version;

    ASN1_INTEGER* os_version;

    ASN1_INTEGER* os_patchlevel;

    ASN1_INTEGER* os_patchlevel;

    ASN1_OCTET_STRING* attestation_application_id;

    ASN1_OCTET_STRING* attestation_application_id;

    ASN1_NULL* trusted_user_presence_required;

    ASN1_OCTET_STRING* attestation_id_brand;

    ASN1_NULL* trusted_confirmation_required;

    ASN1_OCTET_STRING* attestation_id_device;

    ASN1_NULL* unlocked_device_required;

    ASN1_OCTET_STRING* attestation_id_product;

    ASN1_OCTET_STRING* attestation_id_serial;

    ASN1_OCTET_STRING* attestation_id_imei;

    ASN1_OCTET_STRING* attestation_id_meid;

    ASN1_OCTET_STRING* attestation_id_manufacturer;

    ASN1_OCTET_STRING* attestation_id_model;

    ASN1_INTEGER* vendor_patchlevel;

    ASN1_INTEGER* vendor_patchlevel;

    ASN1_INTEGER* boot_patchlevel;

    ASN1_INTEGER* boot_patchlevel;

    ASN1_NULL* early_boot_only;

    ASN1_NULL* device_unique_attestation;

    ASN1_NULL* device_unique_attestation;

    ASN1_NULL* identity_credential_key;

    ASN1_NULL* identity_credential_key;

} KM_AUTH_LIST;

} KM_AUTH_LIST;

                     TAG_RSA_PUBLIC_EXPONENT.maskedTag()),

                     TAG_RSA_PUBLIC_EXPONENT.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistance, ASN1_NULL,

        ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistance, ASN1_NULL,

                     TAG_ROLLBACK_RESISTANCE.maskedTag()),

                     TAG_ROLLBACK_RESISTANCE.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, early_boot_only, ASN1_NULL, TAG_EARLY_BOOT_ONLY.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER,

        ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER,

                     TAG_ORIGINATION_EXPIRE_DATETIME.maskedTag()),

                     TAG_ORIGINATION_EXPIRE_DATETIME.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_APPLICATION_ID.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_brand, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_ID_BRAND.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_device, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_ID_DEVICE.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_product, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_ID_PRODUCT.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_serial, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_ID_SERIAL.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_imei, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_ID_IMEI.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_meid, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_ID_MEID.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_manufacturer, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_ID_MANUFACTURER.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_model, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_ID_MODEL.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, vendor_patchlevel, ASN1_INTEGER,

        ASN1_EXP_OPT(KM_AUTH_LIST, vendor_patchlevel, ASN1_INTEGER,

                     TAG_VENDOR_PATCHLEVEL.maskedTag()),

                     TAG_VENDOR_PATCHLEVEL.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, boot_patchlevel, ASN1_INTEGER, TAG_BOOT_PATCHLEVEL.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, boot_patchlevel, ASN1_INTEGER, TAG_BOOT_PATCHLEVEL.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING,

                     TAG_ATTESTATION_APPLICATION_ID.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, early_boot_only, ASN1_NULL, TAG_EARLY_BOOT_ONLY.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, device_unique_attestation, ASN1_NULL,

        ASN1_EXP_OPT(KM_AUTH_LIST, device_unique_attestation, ASN1_NULL,

                     TAG_DEVICE_UNIQUE_ATTESTATION.maskedTag()),

                     TAG_DEVICE_UNIQUE_ATTESTATION.maskedTag()),

        ASN1_EXP_OPT(KM_AUTH_LIST, identity_credential_key, ASN1_NULL,

        ASN1_EXP_OPT(KM_AUTH_LIST, identity_credential_key, ASN1_NULL,

    copyAuthTag(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list);

    copyAuthTag(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list);

    copyAuthTag(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list);

    copyAuthTag(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list);

    copyAuthTag(record->attestation_application_id, TAG_ATTESTATION_APPLICATION_ID, auth_list);

    copyAuthTag(record->attestation_application_id, TAG_ATTESTATION_APPLICATION_ID, auth_list);

    copyAuthTag(record->attestation_id_brand, TAG_ATTESTATION_ID_BRAND, auth_list);

    copyAuthTag(record->attestation_id_device, TAG_ATTESTATION_ID_DEVICE, auth_list);

    copyAuthTag(record->attestation_id_product, TAG_ATTESTATION_ID_PRODUCT, auth_list);

    copyAuthTag(record->attestation_id_serial, TAG_ATTESTATION_ID_SERIAL, auth_list);

    copyAuthTag(record->attestation_id_imei, TAG_ATTESTATION_ID_IMEI, auth_list);

    copyAuthTag(record->attestation_id_meid, TAG_ATTESTATION_ID_MEID, auth_list);

    copyAuthTag(record->attestation_id_manufacturer, TAG_ATTESTATION_ID_MANUFACTURER, auth_list);

    copyAuthTag(record->attestation_id_model, TAG_ATTESTATION_ID_MODEL, auth_list);

    copyAuthTag(record->vendor_patchlevel, TAG_VENDOR_PATCHLEVEL, auth_list);

    copyAuthTag(record->vendor_patchlevel, TAG_VENDOR_PATCHLEVEL, auth_list);

    copyAuthTag(record->boot_patchlevel, TAG_BOOT_PATCHLEVEL, auth_list);

    copyAuthTag(record->boot_patchlevel, TAG_BOOT_PATCHLEVEL, auth_list);

    copyAuthTag(record->trusted_user_presence_required, TAG_TRUSTED_USER_PRESENCE_REQUIRED,

    copyAuthTag(record->trusted_user_presence_required, TAG_TRUSTED_USER_PRESENCE_REQUIRED,

using V4_0::TAG_ASSOCIATED_DATA;

using V4_0::TAG_ASSOCIATED_DATA;

using V4_0::TAG_ATTESTATION_APPLICATION_ID;

using V4_0::TAG_ATTESTATION_APPLICATION_ID;

using V4_0::TAG_ATTESTATION_CHALLENGE;

using V4_0::TAG_ATTESTATION_CHALLENGE;

using V4_0::TAG_ATTESTATION_ID_BRAND;

using V4_0::TAG_ATTESTATION_ID_DEVICE;

using V4_0::TAG_ATTESTATION_ID_IMEI;

using V4_0::TAG_ATTESTATION_ID_MANUFACTURER;

using V4_0::TAG_ATTESTATION_ID_MEID;

using V4_0::TAG_ATTESTATION_ID_MODEL;

using V4_0::TAG_ATTESTATION_ID_PRODUCT;

using V4_0::TAG_ATTESTATION_ID_SERIAL;

using V4_0::TAG_AUTH_TIMEOUT;

using V4_0::TAG_AUTH_TIMEOUT;

using V4_0::TAG_BLOB_USAGE_REQUIREMENTS;

using V4_0::TAG_BLOB_USAGE_REQUIREMENTS;

using V4_0::TAG_BLOCK_MODE;

using V4_0::TAG_BLOCK_MODE;