Keystore 2.0: Add back dependency on KeyMint AIDL spec.

We are using SecurityLevel, KeyParameter, and HardwareAuthenticatorType
from the KeyMint spec now, instead of defining our own versions of these
types.

Test: keystore2_test
Change-Id: I0080382cb3619f7153ea3a6e49bb7b5f4b23f15b
diff --git a/keystore2/src/key_parameter.rs b/keystore2/src/key_parameter.rs
index 5355d93..5698c96 100644
--- a/keystore2/src/key_parameter.rs
+++ b/keystore2/src/key_parameter.rs
@@ -25,9 +25,7 @@
     KeyParameter::KeyParameter as KmKeyParameter, KeyPurpose::KeyPurpose, PaddingMode::PaddingMode,
     SecurityLevel::SecurityLevel, Tag::Tag,
 };
-use android_system_keystore2::aidl::android::system::keystore2::{
-    Authorization::Authorization, SecurityLevel::SecurityLevel as KsSecurityLevel,
-};
+use android_system_keystore2::aidl::android::system::keystore2::Authorization::Authorization;
 use anyhow::{Context, Result};
 use rusqlite::types::{FromSql, Null, ToSql, ToSqlOutput};
 use rusqlite::{Result as SqlResult, Row};
@@ -241,10 +239,8 @@
     /// an internal KeyParameter representation to produce the Authorization wire type.
     pub fn into_authorization(self) -> Authorization {
         Authorization {
-            securityLevel: KsSecurityLevel(self.security_level.0),
-            keyParameter: crate::utils::keyparam_km_to_ks(
-                &self.key_parameter_value.convert_to_wire(),
-            ),
+            securityLevel: self.security_level,
+            keyParameter: self.key_parameter_value.convert_to_wire(),
         }
     }
 }
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index 0b5889e..24b665e 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -18,22 +18,21 @@
 
 use android_hardware_keymint::aidl::android::hardware::keymint::{
     Algorithm::Algorithm, ByteArray::ByteArray, Certificate::Certificate as KmCertificate,
-    IKeyMintDevice::IKeyMintDevice, KeyCharacteristics::KeyCharacteristics, KeyFormat::KeyFormat,
-    KeyParameter::KeyParameter as KmParam, KeyPurpose::KeyPurpose, SecurityLevel::SecurityLevel,
-    Tag::Tag,
+    HardwareAuthenticatorType::HardwareAuthenticatorType, IKeyMintDevice::IKeyMintDevice,
+    KeyCharacteristics::KeyCharacteristics, KeyFormat::KeyFormat, KeyParameter::KeyParameter,
+    KeyPurpose::KeyPurpose, SecurityLevel::SecurityLevel, Tag::Tag,
 };
 use android_system_keystore2::aidl::android::system::keystore2::{
-    AuthenticatorSpec::AuthenticatorSpec, AuthenticatorType::AuthenticatorType,
-    CreateOperationResponse::CreateOperationResponse, Domain::Domain,
-    IKeystoreOperation::IKeystoreOperation, IKeystoreSecurityLevel::BnKeystoreSecurityLevel,
+    AuthenticatorSpec::AuthenticatorSpec, CreateOperationResponse::CreateOperationResponse,
+    Domain::Domain, IKeystoreOperation::IKeystoreOperation,
+    IKeystoreSecurityLevel::BnKeystoreSecurityLevel,
     IKeystoreSecurityLevel::IKeystoreSecurityLevel, KeyDescriptor::KeyDescriptor,
-    KeyMetadata::KeyMetadata, KeyParameter::KeyParameter, KeyParameters::KeyParameters,
-    SecurityLevel::SecurityLevel as KsSecurityLevel,
+    KeyMetadata::KeyMetadata, KeyParameters::KeyParameters,
 };
 
 use crate::globals::DB;
 use crate::permission::KeyPerm;
-use crate::utils::{check_key_permission, keyparam_km_to_ks, keyparam_ks_to_km, Asp};
+use crate::utils::{check_key_permission, Asp};
 use crate::{
     database::{KeyEntry, KeyEntryLoadBits, SubComponentType},
     operation::KeystoreOperation,
@@ -168,7 +167,7 @@
 
         Ok(KeyMetadata {
             key,
-            keySecurityLevel: KsSecurityLevel(self.security_level.0),
+            keySecurityLevel: self.security_level,
             certificate: cert,
             certificateChain: cert_chain,
             authorizations: crate::utils::key_parameters_to_authorizations(key_parameters),
@@ -232,22 +231,24 @@
         // Check if we need an authorization token.
         // Lookup authorization token and request VerificationToken if required.
 
-        let purpose = operation_parameters.iter().find(|p| p.tag == Tag::PURPOSE.0).map_or(
+        let purpose = operation_parameters.iter().find(|p| p.tag == Tag::PURPOSE).map_or(
             Err(Error::Km(ErrorCode::INVALID_ARGUMENT))
                 .context("In create_operation: No operation purpose specified."),
             |kp| Ok(KeyPurpose(kp.integer)),
         )?;
 
-        let km_params =
-            operation_parameters.iter().map(|p| keyparam_ks_to_km(p)).collect::<Vec<KmParam>>();
-
         let km_dev: Box<dyn IKeyMintDevice> = self
             .keymint
             .get_interface()
             .context("In create_operation: Failed to get KeyMint device")?;
 
         let (begin_result, upgraded_blob) = loop {
-            match map_km_error(km_dev.begin(purpose, &km_blob, &km_params, &Default::default())) {
+            match map_km_error(km_dev.begin(
+                purpose,
+                &km_blob,
+                &operation_parameters,
+                &Default::default(),
+            )) {
                 Ok(result) => break (result, None),
                 Err(Error::Km(ErrorCode::TOO_MANY_OPERATIONS)) => {
                     self.operation_db
@@ -256,13 +257,14 @@
                     continue;
                 }
                 Err(Error::Km(ErrorCode::KEY_REQUIRES_UPGRADE)) => {
-                    let upgraded_blob = map_km_error(km_dev.upgradeKey(&km_blob, &km_params))
-                        .context("In create_operation: Upgrade failed.")?;
+                    let upgraded_blob =
+                        map_km_error(km_dev.upgradeKey(&km_blob, &operation_parameters))
+                            .context("In create_operation: Upgrade failed.")?;
                     break loop {
                         match map_km_error(km_dev.begin(
                             purpose,
                             &upgraded_blob,
-                            &km_params,
+                            &operation_parameters,
                             &Default::default(),
                         )) {
                             Ok(result) => break (result, Some(upgraded_blob)),
@@ -321,13 +323,7 @@
             operationChallenge: None,
             parameters: match begin_result.params.len() {
                 0 => None,
-                _ => Some(KeyParameters {
-                    keyParameter: begin_result
-                        .params
-                        .iter()
-                        .map(|p| keyparam_km_to_ks(p))
-                        .collect(),
-                }),
+                _ => Some(KeyParameters { keyParameter: begin_result.params }),
             },
         })
     }
@@ -364,7 +360,7 @@
         let mut key_characteristics: KeyCharacteristics = Default::default();
         let mut certificate_chain: Vec<KmCertificate> = Default::default();
         map_km_error(km_dev.generateKey(
-            &params.iter().map(|p| keyparam_ks_to_km(p)).collect::<Vec<KmParam>>(),
+            &params,
             &mut blob,
             &mut key_characteristics,
             &mut certificate_chain,
@@ -406,7 +402,7 @@
 
         let format = params
             .iter()
-            .find(|p| p.tag == Tag::ALGORITHM.0)
+            .find(|p| p.tag == Tag::ALGORITHM)
             .ok_or(error::Error::Km(ErrorCode::INVALID_ARGUMENT))
             .context("No KeyParameter 'Algorithm'.")
             .and_then(|p| match Algorithm(p.integer) {
@@ -419,7 +415,7 @@
 
         let km_dev: Box<dyn IKeyMintDevice> = self.keymint.get_interface()?;
         map_km_error(km_dev.importKey(
-            &params.iter().map(|p| keyparam_ks_to_km(p)).collect::<Vec<KmParam>>(),
+            &params,
             format,
             key_data,
             &mut blob,
@@ -495,7 +491,7 @@
         let pw_sid = authenticators
             .iter()
             .find_map(|a| match a.authenticatorType {
-                AuthenticatorType::PASSWORD => Some(a.authenticatorId),
+                HardwareAuthenticatorType::PASSWORD => Some(a.authenticatorId),
                 _ => None,
             })
             .ok_or(error::Error::Km(ErrorCode::INVALID_ARGUMENT))
@@ -504,7 +500,7 @@
         let fp_sid = authenticators
             .iter()
             .find_map(|a| match a.authenticatorType {
-                AuthenticatorType::FINGERPRINT => Some(a.authenticatorId),
+                HardwareAuthenticatorType::FINGERPRINT => Some(a.authenticatorId),
                 _ => None,
             })
             .ok_or(error::Error::Km(ErrorCode::INVALID_ARGUMENT))
@@ -517,7 +513,7 @@
             wrapped_data,
             wrapping_key_blob,
             masking_key,
-            &params.iter().map(|p| keyparam_ks_to_km(p)).collect::<Vec<KmParam>>(),
+            &params,
             pw_sid,
             fp_sid,
             &mut blob,
diff --git a/keystore2/src/service.rs b/keystore2/src/service.rs
index d0c44e0..e17a2ef 100644
--- a/keystore2/src/service.rs
+++ b/keystore2/src/service.rs
@@ -32,7 +32,6 @@
     Domain::Domain, IKeystoreSecurityLevel::IKeystoreSecurityLevel,
     IKeystoreService::BnKeystoreService, IKeystoreService::IKeystoreService,
     KeyDescriptor::KeyDescriptor, KeyEntryResponse::KeyEntryResponse, KeyMetadata::KeyMetadata,
-    SecurityLevel::SecurityLevel as KsSecurityLevel,
 };
 use anyhow::{anyhow, Context, Result};
 use binder::{IBinder, Interface, ThreadState};
@@ -98,7 +97,7 @@
                     nspace: key_entry.id(),
                     ..Default::default()
                 },
-                keySecurityLevel: KsSecurityLevel(key_entry.sec_level().0),
+                keySecurityLevel: key_entry.sec_level(),
                 certificate: key_entry.take_cert(),
                 certificateChain: key_entry.take_cert_chain(),
                 authorizations: key_parameters_to_authorizations(key_entry.into_key_parameters()),
@@ -194,7 +193,7 @@
 impl IKeystoreService for KeystoreService {
     fn getSecurityLevel(
         &self,
-        security_level: KsSecurityLevel,
+        security_level: SecurityLevel,
     ) -> binder::public_api::Result<Box<dyn IKeystoreSecurityLevel>> {
         map_or_log_err(self.get_security_level(SecurityLevel(security_level.0)), Ok)
     }
diff --git a/keystore2/src/utils.rs b/keystore2/src/utils.rs
index 66a7e50..1c678c3 100644
--- a/keystore2/src/utils.rs
+++ b/keystore2/src/utils.rs
@@ -19,11 +19,10 @@
 use crate::permission::{KeyPerm, KeyPermSet, KeystorePerm};
 use crate::{error::Error, key_parameter::KeyParameterValue};
 use android_hardware_keymint::aidl::android::hardware::keymint::{
-    KeyCharacteristics::KeyCharacteristics, KeyParameter::KeyParameter as KmParam,
-    SecurityLevel::SecurityLevel, Tag::Tag,
+    KeyCharacteristics::KeyCharacteristics, SecurityLevel::SecurityLevel,
 };
 use android_system_keystore2::aidl::android::system::keystore2::{
-    Authorization::Authorization, KeyDescriptor::KeyDescriptor, KeyParameter::KeyParameter,
+    Authorization::Authorization, KeyDescriptor::KeyDescriptor,
 };
 use anyhow::{anyhow, Context};
 use binder::{FromIBinder, SpIBinder, ThreadState};
@@ -78,40 +77,6 @@
     })
 }
 
-/// This function converts a `KeyParameter` from the keystore2 AIDL
-/// bindings into a `KeyParameter` from the keymint AIDL bindings.
-/// TODO This is a temporary workaround until the keymint AIDL spec
-/// lands.
-pub fn keyparam_ks_to_km(p: &KeyParameter) -> KmParam {
-    KmParam {
-        tag: Tag(p.tag),
-        boolValue: p.boolValue,
-        integer: p.integer,
-        longInteger: p.longInteger,
-        blob: match &p.blob {
-            Some(b) => b.clone(),
-            None => vec![],
-        },
-    }
-}
-
-/// This function converts a `KeyParameter` from the keymint AIDL
-/// bindings into a `KeyParameter` from the keystore2 AIDL bindings.
-/// TODO This is a temporary workaround until the keymint AIDL spec
-/// lands.
-pub fn keyparam_km_to_ks(p: &KmParam) -> KeyParameter {
-    KeyParameter {
-        tag: p.tag.0,
-        boolValue: p.boolValue,
-        integer: p.integer,
-        longInteger: p.longInteger,
-        blob: match p.blob.len() {
-            0 => None,
-            _ => Some(p.blob.clone()),
-        },
-    }
-}
-
 /// Thread safe wrapper around SpIBinder. It is safe to have SpIBinder smart pointers to the
 /// same object in multiple threads, but cloning a SpIBinder is not thread safe.
 /// Keystore frequently hands out binder tokens to the security level interface. If this