Update the VTS module according to the refactoring in aosp/2826571

Test: atest VtsAidlAuthGraphRoleTest, atest VtsAidlAuthGraphSessionTest
Change-Id: I6cc3bd17952f602b58668d35e09c6a5385c7de61
diff --git a/security/authgraph/aidl/vts/functional/sink.rs b/security/authgraph/aidl/vts/functional/sink.rs
index 5c81593..bb357b8 100644
--- a/security/authgraph/aidl/vts/functional/sink.rs
+++ b/security/authgraph/aidl/vts/functional/sink.rs
@@ -16,23 +16,28 @@
 
 //! VTS tests for sinks
 use super::*;
-use authgraph_core::traits;
+use authgraph_core::{key, keyexchange as ke};
 
 /// Run AuthGraph tests against the provided sink, using a local test source implementation.
-pub fn test(impls: &mut traits::TraitImpl, sink: binder::Strong<dyn IAuthGraphKeyExchange>) {
-    test_mainline(impls, sink.clone());
-    test_corrupt_sig(impls, sink.clone());
-    test_corrupt_keys(impls, sink);
+pub fn test(
+    local_source: &mut ke::AuthGraphParticipant,
+    sink: binder::Strong<dyn IAuthGraphKeyExchange>,
+) {
+    test_mainline(local_source, sink.clone());
+    test_corrupt_sig(local_source, sink.clone());
+    test_corrupt_keys(local_source, sink);
 }
 
 /// Perform mainline AuthGraph key exchange with the provided sink and local implementation.
 /// Return the agreed AES keys in plaintext.
 pub fn test_mainline(
-    impls: &mut traits::TraitImpl,
+    local_source: &mut ke::AuthGraphParticipant,
     sink: binder::Strong<dyn IAuthGraphKeyExchange>,
 ) -> [key::AesKey; 2] {
     // Step 1: create an ephemeral ECDH key at the (local) source.
-    let source_init_info = ke::create(impls).expect("failed to create() with local impl");
+    let source_init_info = local_source
+        .create()
+        .expect("failed to create() with local impl");
 
     // Step 2: pass the source's ECDH public key and other session info to the (remote) sink.
     let init_result = sink
@@ -50,40 +55,43 @@
     assert!(!sink_info.sessionId.is_empty());
 
     // The AuthGraph core library will verify the session ID signature, but do it here too.
-    let sink_verification_key =
-        verification_key_from_identity(&impls, &sink_init_info.identity.identity);
-    ke::verify_signature_on_session_id(
-        &sink_verification_key,
-        &sink_info.sessionId,
-        &sink_info.signature.signature,
-        &*impls.ecdsa,
-    )
-    .expect("failed verification of signed session ID");
+    let sink_verification_key = local_source
+        .peer_verification_key_from_identity(&sink_init_info.identity.identity)
+        .expect("failed to get peer verification from identity");
+    local_source
+        .verify_signature_on_session_id(
+            &sink_verification_key,
+            &sink_info.sessionId,
+            &sink_info.signature.signature,
+        )
+        .expect("failed verification of signed session ID");
 
     // Step 3: pass the sink's ECDH public key and other session info to the (local) source, so it
     // can calculate the same pair of symmetric keys.
-    let source_info = ke::finish(
-        impls,
-        &sink_pub_key.plainPubKey,
-        &sink_init_info.identity.identity,
-        &sink_info.signature.signature,
-        &sink_init_info.nonce,
-        sink_init_info.version,
-        source_init_info.ke_key,
-    )
-    .expect("failed to finish() with local impl");
+    let source_info = local_source
+        .finish(
+            &sink_pub_key.plainPubKey,
+            &sink_init_info.identity.identity,
+            &sink_info.signature.signature,
+            &sink_init_info.nonce,
+            sink_init_info.version,
+            source_init_info.ke_key,
+        )
+        .expect("failed to finish() with local impl");
     assert!(!source_info.session_id.is_empty());
 
     // The AuthGraph core library will verify the session ID signature, but do it here too.
-    let source_verification_key =
-        verification_key_from_identity(&impls, &source_init_info.identity);
-    ke::verify_signature_on_session_id(
-        &source_verification_key,
-        &source_info.session_id,
-        &source_info.session_id_signature,
-        &*impls.ecdsa,
-    )
-    .expect("failed verification of signed session ID");
+    let source_verification_key = key::Identity::from_slice(&source_init_info.identity)
+        .expect("invalid identity CBOR")
+        .cert_chain
+        .root_key;
+    local_source
+        .verify_signature_on_session_id(
+            &source_verification_key,
+            &source_info.session_id,
+            &source_info.session_id_signature,
+        )
+        .expect("failed verification of signed session ID");
 
     // Both ends should agree on the session ID.
     assert_eq!(source_info.session_id, sink_info.sessionId);
@@ -96,19 +104,28 @@
             &sink_info.sharedKeys,
         )
         .expect("failed to authenticationComplete() with remote sink");
-
     // Decrypt and return the session keys.
-    decipher_aes_keys(&impls, &source_info.shared_keys)
+    let decrypted_shared_keys = local_source
+        .decipher_shared_keys_from_arcs(&source_info.shared_keys)
+        .expect("failed to decrypt shared key arcs")
+        .try_into();
+    let decrypted_shared_keys_array = match decrypted_shared_keys {
+        Ok(array) => array,
+        Err(_) => panic!("wrong number of decrypted shared key arcs"),
+    };
+    decrypted_shared_keys_array
 }
 
 /// Perform mainline AuthGraph key exchange with the provided sink, but provide an invalid
 /// session ID signature.
 pub fn test_corrupt_sig(
-    impls: &mut traits::TraitImpl,
+    local_source: &mut ke::AuthGraphParticipant,
     sink: binder::Strong<dyn IAuthGraphKeyExchange>,
 ) {
     // Step 1: create an ephemeral ECDH key at the (local) source.
-    let source_init_info = ke::create(impls).expect("failed to create() with local impl");
+    let source_init_info = local_source
+        .create()
+        .expect("failed to create() with local impl");
 
     // Step 2: pass the source's ECDH public key and other session info to the (remote) sink.
     let init_result = sink
@@ -127,16 +144,16 @@
 
     // Step 3: pass the sink's ECDH public key and other session info to the (local) source, so it
     // can calculate the same pair of symmetric keys.
-    let source_info = ke::finish(
-        impls,
-        &sink_pub_key.plainPubKey,
-        &sink_init_info.identity.identity,
-        &sink_info.signature.signature,
-        &sink_init_info.nonce,
-        sink_init_info.version,
-        source_init_info.ke_key,
-    )
-    .expect("failed to finish() with local impl");
+    let source_info = local_source
+        .finish(
+            &sink_pub_key.plainPubKey,
+            &sink_init_info.identity.identity,
+            &sink_info.signature.signature,
+            &sink_init_info.nonce,
+            sink_init_info.version,
+            source_init_info.ke_key,
+        )
+        .expect("failed to finish() with local impl");
     assert!(!source_info.session_id.is_empty());
 
     // Build a corrupted version of the (local) source's session ID signature.
@@ -158,11 +175,13 @@
 /// Perform mainline AuthGraph key exchange with the provided sink, but provide an invalid
 /// Arc for the sink's key.
 pub fn test_corrupt_keys(
-    impls: &mut traits::TraitImpl,
+    local_source: &mut ke::AuthGraphParticipant,
     sink: binder::Strong<dyn IAuthGraphKeyExchange>,
 ) {
     // Step 1: create an ephemeral ECDH key at the (local) source.
-    let source_init_info = ke::create(impls).expect("failed to create() with local impl");
+    let source_init_info = local_source
+        .create()
+        .expect("failed to create() with local impl");
 
     // Step 2: pass the source's ECDH public key and other session info to the (remote) sink.
     let init_result = sink
@@ -181,16 +200,16 @@
 
     // Step 3: pass the sink's ECDH public key and other session info to the (local) source, so it
     // can calculate the same pair of symmetric keys.
-    let source_info = ke::finish(
-        impls,
-        &sink_pub_key.plainPubKey,
-        &sink_init_info.identity.identity,
-        &sink_info.signature.signature,
-        &sink_init_info.nonce,
-        sink_init_info.version,
-        source_init_info.ke_key,
-    )
-    .expect("failed to finish() with local impl");
+    let source_info = local_source
+        .finish(
+            &sink_pub_key.plainPubKey,
+            &sink_init_info.identity.identity,
+            &sink_info.signature.signature,
+            &sink_init_info.nonce,
+            sink_init_info.version,
+            source_init_info.ke_key,
+        )
+        .expect("failed to finish() with local impl");
     assert!(!source_info.session_id.is_empty());
 
     // Deliberately corrupt the sink's shared key Arcs before returning them