Keymint: Add CERTIFICATE_* tags required for certificate generation.

  STORAGE_KEY_UNSUPPORTED = -77,

  INCOMPATIBLE_MGF_DIGEST = -78,

  UNSUPPORTED_MGF_DIGEST = -79,

  MISSING_NOT_BEFORE = -80,

  MISSING_NOT_AFTER = -81,

  UNIMPLEMENTED = -100,

  VERSION_MISMATCH = -101,

  UNKNOWN_ERROR = -1000,

  MAC_LENGTH = 805307371,

  RESET_SINCE_ID_ROTATION = 1879049196,

  CONFIRMATION_TOKEN = -1879047187,

  CERTIFICATE_SERIAL = -2147482642,

  CERTIFICATE_SUBJECT = -1879047185,

  CERTIFICATE_NOT_BEFORE = 1610613744,

  CERTIFICATE_NOT_AFTER = 1610613745,

}

    STORAGE_KEY_UNSUPPORTED = -77,

    INCOMPATIBLE_MGF_DIGEST = -78,

    UNSUPPORTED_MGF_DIGEST = -79,

    MISSING_NOT_BEFORE = -80,

    MISSING_NOT_AFTER = -81,

    UNIMPLEMENTED = -100,

    VERSION_MISMATCH = -101,

     */

    BLOCK_MODE = (2 << 28) /* TagType:ENUM_REP */ | 4,

    /**

     * Tag::DIGEST specifies the digest algorithms that may be used with the key to perform signing

     * and verification operations.  This tag is relevant to RSA, ECDSA and HMAC keys.  Possible

     */

    TRUSTED_USER_PRESENCE_REQUIRED = (7 << 28) /* TagType:BOOL */ | 507,

    /** Tag::TRUSTED_CONFIRMATION_REQUIRED is only applicable to keys with KeyPurpose SIGN, and

    /**

     * Tag::TRUSTED_CONFIRMATION_REQUIRED is only applicable to keys with KeyPurpose SIGN, and

     *  specifies that this key must not be usable unless the user provides confirmation of the data

     *  to be signed.  Confirmation is proven to keyMint via an approval token.  See

     *  CONFIRMATION_TOKEN, as well as the ConfirmatinUI HAL.

     * Must never appear in KeyCharacteristics.

     */

    CONFIRMATION_TOKEN = (9 << 28) /* TagType:BYTES */ | 1005,

    /**

     * Tag::CERTIFICATE_SERIAL specifies the serial number to be assigned to the

     * attestation certificate to be generated for the given key.  This parameter should only

     * be passed to keyMint in the attestation parameters during generateKey() and importKey().

     */

    CERTIFICATE_SERIAL = (8 << 28) /* TagType:BIGNUM */ | 1006,

    /**

     * Tag::CERTIFICATE_SUBJECT the certificate subject. The value is a DER encoded X509 NAME.

     * This value is used when generating a self signed certificates. This tag may be specified

     * during generateKey and importKey. If not provided the subject name shall default to

     * <TODO default subject here>.

     */

    CERTIFICATE_SUBJECT = (9 << 28) /* TagType:BYTES */ | 1007,

    /**

     * Tag::CERTIFICATE_NOT_BEFORE the beginning of the validity of the certificate in UNIX epoch

     * time in seconds. This value is used when generating attestation or self signed certificates.

     * ErrorCode::MISSING_NOT_BEFORE must be returned if this tag is not provided if this tag is

     * not provided to generateKey or importKey.

     */

    CERTIFICATE_NOT_BEFORE = (6 << 28) /* TagType:DATE */ | 1008,

    /**

     * Tag::CERTIFICATE_NOT_AFTER the end of the validity of the certificate in UNIX epoch

     * time in seconds. This value is used when generating attestation or self signed certificates.

     * ErrorCode::MISSING_NOT_AFTER must be returned if this tag is not provided to generateKey

     * or importKey.

     */

    CERTIFICATE_NOT_AFTER = (6 << 28) /* TagType:DATE */ | 1009,

}

DECLARE_TYPED_TAG(USER_SECURE_ID);

DECLARE_TYPED_TAG(VENDOR_PATCHLEVEL);

DECLARE_TYPED_TAG(RSA_OAEP_MGF_DIGEST);

DECLARE_TYPED_TAG(CERTIFICATE_SERIAL);

DECLARE_TYPED_TAG(CERTIFICATE_SUBJECT);

DECLARE_TYPED_TAG(CERTIFICATE_NOT_BEFORE);

DECLARE_TYPED_TAG(CERTIFICATE_NOT_AFTER);

#undef DECLARE_TYPED_TAG