Implement key_parameter conversion from/to rusqlite storage.
This implements conversion methods on top of basic
keyparameter implementation in aosp/1350725
Bug: 159722691, 159723797, 161798431
Test: atest --host keystore2_tests.
Change-Id: I1457ae4cf4336ebc5bff2645bca55ad285a4449c
diff --git a/keystore2/Android.bp b/keystore2/Android.bp
index 154b675..f1173e0 100644
--- a/keystore2/Android.bp
+++ b/keystore2/Android.bp
@@ -19,6 +19,7 @@
 
     rustlibs: [
         "libanyhow",
+        "libandroid_hardware_keymint",
         "libkeystore_aidl_generated",
         "libkeystore2_selinux",
         "liblazy_static",
@@ -39,6 +40,7 @@
     rustlibs: [
         "libandroid_logger",
         "libanyhow",
+        "libandroid_hardware_keymint",
         "libkeystore_aidl_generated",
         "libkeystore2_selinux",
         "liblazy_static",
diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs
index 394b7be..d64a26e 100644
--- a/keystore2/src/database.rs
+++ b/keystore2/src/database.rs
@@ -69,6 +69,16 @@
                 NO_PARAMS,
             )
             .context("Failed to initialize \"keyentry\" table.")?;
+        self.conn
+            .execute(
+                "CREATE TABLE IF NOT EXISTS persistent.keyparameter (
+                     keyentryid INTEGER,
+                     tag INTEGER,
+                     data ANY,
+                     security_level INTEGER);",
+                NO_PARAMS,
+            )
+            .context("Failed to initialize \"keyparameter\" table.")?;
         Ok(())
     }
 
@@ -185,8 +195,9 @@
             .prepare("SELECT name from persistent.sqlite_master WHERE type='table' ORDER BY name;")?
             .query_map(params![], |row| row.get(0))?
             .collect::<rusqlite::Result<Vec<String>>>()?;
-        assert_eq!(tables.len(), 1);
+        assert_eq!(tables.len(), 2);
         assert_eq!(tables[0], "keyentry");
+        assert_eq!(tables[1], "keyparameter");
         Ok(())
     }
 
diff --git a/keystore2/src/error.rs b/keystore2/src/error.rs
index e6443b7..a285bda 100644
--- a/keystore2/src/error.rs
+++ b/keystore2/src/error.rs
@@ -143,9 +143,9 @@
 }
 
 #[cfg(test)]
-mod tests {
+pub mod tests {
 
-    use anyhow::{anyhow, Context};
+    use anyhow::{anyhow, Context, Result};
 
     use super::aidl::ErrorCode;
     use super::*;
@@ -284,4 +284,18 @@
         );
         Ok(())
     }
+
+    //Helper function to test whether error cases are handled as expected.
+    pub fn check_result_contains_error_string<T>(result: Result<T>, expected_error_string: &str) {
+        let error_str = format!(
+            "{:#?}",
+            result.err().unwrap_or_else(|| panic!("Expected the error: {}", expected_error_string))
+        );
+        assert!(
+            error_str.contains(expected_error_string),
+            "The string \"{}\" should contain \"{}\"",
+            error_str,
+            expected_error_string
+        );
+    }
 } // mod tests
diff --git a/keystore2/src/key_parameter.rs b/keystore2/src/key_parameter.rs
index d9ec7f3..c54b5ee 100644
--- a/keystore2/src/key_parameter.rs
+++ b/keystore2/src/key_parameter.rs
@@ -16,15 +16,26 @@
 //! and enforced by the OEMs. This module implements the internal representation of KeyParameter
 //! and the methods to work with KeyParameter.
 
-use crate::keymint_definitions::{
-    Algorithm, BlockMode, Digest, EcCurve, HardwareAuthenticatorType, KeyBlobUsageRequirements,
-    KeyOrigin, KeyPurpose, PaddingMode, SecurityLevel, Tag,
+use crate::error::Error as KeystoreError;
+use crate::error::ResponseCode;
+pub use android_hardware_keymint::aidl::android::hardware::keymint::{
+    Algorithm, Algorithm::Algorithm as AlgorithmType, BlockMode,
+    BlockMode::BlockMode as BlockModeType, Digest, Digest::Digest as DigestType, EcCurve,
+    EcCurve::EcCurve as EcCurveType, HardwareAuthenticatorType,
+    HardwareAuthenticatorType::HardwareAuthenticatorType as HardwareAuthenticatorTypeType,
+    KeyOrigin, KeyOrigin::KeyOrigin as KeyOriginType, KeyPurpose,
+    KeyPurpose::KeyPurpose as KeyPurposeType, PaddingMode,
+    PaddingMode::PaddingMode as PaddingModeType, SecurityLevel,
+    SecurityLevel::SecurityLevel as SecurityLevelType, Tag, Tag::Tag as TagType,
 };
+use anyhow::{Context, Result};
+use rusqlite::types::{FromSql, Null, ToSql, ToSqlOutput};
+use rusqlite::{Result as SqlResult, Row};
 
 /// KeyParameter wraps the KeyParameterValue and the security level at which it is enforced.
 pub struct KeyParameter {
     key_parameter_value: KeyParameterValue,
-    security_level: SecurityLevel,
+    security_level: SecurityLevelType,
 }
 
 /// KeyParameterValue holds a value corresponding to one of the Tags defined in
@@ -34,55 +45,55 @@
     /// Associated with Tag:INVALID
     Invalid,
     /// Set of purposes for which the key may be used
-    KeyPurpose(KeyPurpose),
+    KeyPurpose(KeyPurposeType),
     /// Cryptographic algorithm with which the key is used
-    Algorithm(Algorithm),
+    Algorithm(AlgorithmType),
     /// Size of the key , in bits
-    KeySize(u32),
+    KeySize(i32),
     /// Block cipher mode(s) with which the key may be used
-    BlockMode(BlockMode),
+    BlockMode(BlockModeType),
     /// Digest algorithms that may be used with the key to perform signing and verification
-    Digest(Digest),
+    Digest(DigestType),
     /// Padding modes that may be used with the key.  Relevant to RSA, AES and 3DES keys.
-    PaddingMode(PaddingMode),
+    PaddingMode(PaddingModeType),
     /// Can the caller provide a nonce for nonce-requiring operations
     CallerNonce,
     /// Minimum length of MAC for HMAC keys and AES keys that support GCM mode
-    MinMacLength(u32),
+    MinMacLength(i32),
     /// The elliptic curve
-    EcCurve(EcCurve),
+    EcCurve(EcCurveType),
     /// Value of the public exponent for an RSA key pair
-    RSAPublicExponent(u64),
+    RSAPublicExponent(i64),
     /// An attestation certificate for the generated key should contain an application-scoped
     /// and time-bounded device-unique ID
     IncludeUniqueID,
-    /// Necessary system environment conditions for the generated key to be used
-    KeyBlobUsageRequirements(KeyBlobUsageRequirements),
+    //TODO: find out about this
+    // /// Necessary system environment conditions for the generated key to be used
+    // KeyBlobUsageRequirements(KeyBlobUsageRequirements),
     /// Only the boot loader can use the key
     BootLoaderOnly,
     /// When deleted, the key is guaranteed to be permanently deleted and unusable
     RollbackResistance,
-    //TODO: HARDWARE_TYPE reserved for future use
     /// The date and time at which the key becomes active
-    ActiveDateTime(u64),
+    ActiveDateTime(i64),
     /// The date and time at which the key expires for signing and encryption
-    OriginationExpireDateTime(u64),
+    OriginationExpireDateTime(i64),
     /// The date and time at which the key expires for verification and decryption
-    UsageExpireDateTime(u64),
+    UsageExpireDateTime(i64),
     /// Minimum amount of time that elapses between allowed operations
-    MinSecondsBetweenOps(u32),
+    MinSecondsBetweenOps(i32),
     /// Maximum number of times that a key may be used between system reboots
-    MaxUsesPerBoot(u32),
+    MaxUsesPerBoot(i32),
     /// ID of the Android user that is permitted to use the key
-    UserID(u32),
+    UserID(i32),
     /// A key may only be used under a particular secure user authentication state
-    UserSecureID(u64),
+    UserSecureID(i64),
     /// No authentication is required to use this key
     NoAuthRequired,
     /// The types of user authenticators that may be used to authorize this key
-    HardwareAuthenticatorType(HardwareAuthenticatorType),
+    HardwareAuthenticatorType(HardwareAuthenticatorTypeType),
     /// The time in seconds for which the key is authorized for use, after user authentication
-    AuthTimeout(u32),
+    AuthTimeout(i32),
     /// The key may be used after authentication timeout if device is still on-body
     AllowWhileOnBody,
     /// The key must be unusable except when the user has provided proof of physical presence
@@ -99,15 +110,15 @@
     /// that is necessary during all uses of the key
     ApplicationData(Vec<u8>),
     /// Specifies the date and time the key was created
-    CreationDateTime(u64),
+    CreationDateTime(i64),
     /// Specifies where the key was created, if known
-    KeyOrigin(KeyOrigin),
+    KeyOrigin(KeyOriginType),
     /// The key used by verified boot to validate the operating system booted
     RootOfTrust(Vec<u8>),
     /// System OS version with which the key may be used
-    OSVersion(u32),
+    OSVersion(i32),
     /// Specifies the system security patch level with which the key may be used
-    OSPatchLevel(u32),
+    OSPatchLevel(i32),
     /// Specifies a unique, time-based identifier
     UniqueID(Vec<u8>),
     /// Used to deliver a "challenge" value to the attestKey() method
@@ -131,16 +142,16 @@
     /// Provides the device's model name, to attestKey()
     AttestationIdModel(Vec<u8>),
     /// Specifies the vendor image security patch level with which the key may be used
-    VendorPatchLevel(u32),
+    VendorPatchLevel(i32),
     /// Specifies the boot image (kernel) security patch level with which the key may be used
-    BootPatchLevel(u32),
+    BootPatchLevel(i32),
     /// Provides "associated data" for AES-GCM encryption or decryption
     AssociatedData(Vec<u8>),
     /// Provides or returns a nonce or Initialization Vector (IV) for AES-GCM,
     /// AES-CBC, AES-CTR, or 3DES-CBC encryption or decryption
     Nonce(Vec<u8>),
     /// Provides the requested length of a MAC or GCM authentication tag, in bits
-    MacLength(u32),
+    MacLength(i32),
     /// Specifies whether the device has been factory reset since the
     /// last unique ID rotation.  Used for key attestation
     ResetSinceIdRotation,
@@ -151,12 +162,12 @@
 
 impl KeyParameter {
     /// Create an instance of KeyParameter, given the value and the security level.
-    pub fn new(key_parameter_value: KeyParameterValue, security_level: SecurityLevel) -> Self {
+    pub fn new(key_parameter_value: KeyParameterValue, security_level: SecurityLevelType) -> Self {
         KeyParameter { key_parameter_value, security_level }
     }
 
     /// Returns the tag given the KeyParameter instance.
-    pub fn get_tag(&self) -> Tag {
+    pub fn get_tag(&self) -> TagType {
         match self.key_parameter_value {
             KeyParameterValue::Invalid => Tag::INVALID,
             KeyParameterValue::KeyPurpose(_) => Tag::PURPOSE,
@@ -170,7 +181,6 @@
             KeyParameterValue::EcCurve(_) => Tag::EC_CURVE,
             KeyParameterValue::RSAPublicExponent(_) => Tag::RSA_PUBLIC_EXPONENT,
             KeyParameterValue::IncludeUniqueID => Tag::INCLUDE_UNIQUE_ID,
-            KeyParameterValue::KeyBlobUsageRequirements(_) => Tag::BLOB_USAGE_REQUIREMENTS,
             KeyParameterValue::BootLoaderOnly => Tag::BOOTLOADER_ONLY,
             KeyParameterValue::RollbackResistance => Tag::ROLLBACK_RESISTANCE,
             KeyParameterValue::ActiveDateTime(_) => Tag::ACTIVE_DATETIME,
@@ -221,7 +231,7 @@
     }
 
     /// Returns the security level of a KeyParameter.
-    pub fn security_level(&self) -> &SecurityLevel {
+    pub fn security_level(&self) -> &SecurityLevelType {
         &self.security_level
     }
 }
@@ -229,7 +239,6 @@
 #[cfg(test)]
 mod basic_tests {
     use crate::key_parameter::*;
-    use crate::keymint_definitions::{SecurityLevel, Tag};
 
     // Test basic functionality of KeyParameter.
     #[test]
@@ -249,3 +258,625 @@
         assert_eq!(*key_parameter.security_level(), SecurityLevel::STRONGBOX);
     }
 }
+
+/// This struct is defined to postpone converting rusqlite column value to the
+/// appropriate key parameter value until we know the corresponding tag value.
+/// Wraps the column index and a rusqlite row.
+pub struct SqlField<'a>(usize, &'a Row<'a>);
+
+impl<'a> SqlField<'a> {
+    /// Returns the column value from the row, when we know the expected type.
+    pub fn get<T: FromSql>(&self) -> SqlResult<T> {
+        self.1.get(self.0)
+    }
+}
+
+impl ToSql for KeyParameterValue {
+    /// Converts KeyParameterValue to be stored in rusqlite database.
+    /// Note that following variants of KeyParameterValue should not be stored:
+    /// IncludeUniqueID, ApplicationID, ApplicationData, RootOfTrust, UniqueID,
+    /// Attestation*, AssociatedData, Nonce, MacLength, ResetSinceIdRotation, ConfirmationToken.
+    /// This filtering is enforced at a higher level (i.e. enforcement module) and here we support
+    /// conversion for all the variants, to keep error handling simple.
+    fn to_sql(&self) -> SqlResult<ToSqlOutput> {
+        match self {
+            KeyParameterValue::Invalid => Ok(ToSqlOutput::from(Null)),
+            KeyParameterValue::KeyPurpose(k) => Ok(ToSqlOutput::from(*k as u32)),
+            KeyParameterValue::Algorithm(a) => Ok(ToSqlOutput::from(*a as u32)),
+            KeyParameterValue::KeySize(k) => Ok(ToSqlOutput::from(*k)),
+            KeyParameterValue::BlockMode(b) => Ok(ToSqlOutput::from(*b as u32)),
+            KeyParameterValue::Digest(d) => Ok(ToSqlOutput::from(*d as u32)),
+            KeyParameterValue::PaddingMode(p) => Ok(ToSqlOutput::from(*p as u32)),
+            KeyParameterValue::CallerNonce => Ok(ToSqlOutput::from(Null)),
+            KeyParameterValue::MinMacLength(m) => Ok(ToSqlOutput::from(*m)),
+            KeyParameterValue::EcCurve(e) => Ok(ToSqlOutput::from(*e as u32)),
+            KeyParameterValue::RSAPublicExponent(r) => Ok(ToSqlOutput::from(*r as i64)),
+            KeyParameterValue::IncludeUniqueID => Ok(ToSqlOutput::from(Null)),
+            KeyParameterValue::BootLoaderOnly => Ok(ToSqlOutput::from(Null)),
+            KeyParameterValue::RollbackResistance => Ok(ToSqlOutput::from(Null)),
+            KeyParameterValue::ActiveDateTime(a) => Ok(ToSqlOutput::from(*a as i64)),
+            KeyParameterValue::OriginationExpireDateTime(o) => Ok(ToSqlOutput::from(*o as i64)),
+            KeyParameterValue::UsageExpireDateTime(u) => Ok(ToSqlOutput::from(*u as i64)),
+            KeyParameterValue::MinSecondsBetweenOps(m) => Ok(ToSqlOutput::from(*m)),
+            KeyParameterValue::MaxUsesPerBoot(m) => Ok(ToSqlOutput::from(*m)),
+            KeyParameterValue::UserID(u) => Ok(ToSqlOutput::from(*u)),
+            KeyParameterValue::UserSecureID(u) => Ok(ToSqlOutput::from(*u as i64)),
+            KeyParameterValue::NoAuthRequired => Ok(ToSqlOutput::from(Null)),
+            KeyParameterValue::HardwareAuthenticatorType(h) => Ok(ToSqlOutput::from(*h as u32)),
+            KeyParameterValue::AuthTimeout(m) => Ok(ToSqlOutput::from(*m)),
+            KeyParameterValue::AllowWhileOnBody => Ok(ToSqlOutput::from(Null)),
+            KeyParameterValue::TrustedUserPresenceRequired => Ok(ToSqlOutput::from(Null)),
+            KeyParameterValue::TrustedConfirmationRequired => Ok(ToSqlOutput::from(Null)),
+            KeyParameterValue::UnlockedDeviceRequired => Ok(ToSqlOutput::from(Null)),
+            KeyParameterValue::ApplicationID(a) => Ok(ToSqlOutput::from(a.to_vec())),
+            KeyParameterValue::ApplicationData(a) => Ok(ToSqlOutput::from(a.to_vec())),
+            KeyParameterValue::CreationDateTime(c) => Ok(ToSqlOutput::from(*c as i64)),
+            KeyParameterValue::KeyOrigin(k) => Ok(ToSqlOutput::from(*k as u32)),
+            KeyParameterValue::RootOfTrust(r) => Ok(ToSqlOutput::from(r.to_vec())),
+            KeyParameterValue::OSVersion(o) => Ok(ToSqlOutput::from(*o)),
+            KeyParameterValue::OSPatchLevel(o) => Ok(ToSqlOutput::from(*o)),
+            KeyParameterValue::UniqueID(u) => Ok(ToSqlOutput::from(u.to_vec())),
+            KeyParameterValue::AttestationChallenge(a) => Ok(ToSqlOutput::from(a.to_vec())),
+            KeyParameterValue::AttestationApplicationID(a) => Ok(ToSqlOutput::from(a.to_vec())),
+            KeyParameterValue::AttestationIdBrand(a) => Ok(ToSqlOutput::from(a.to_vec())),
+            KeyParameterValue::AttestationIdDevice(a) => Ok(ToSqlOutput::from(a.to_vec())),
+            KeyParameterValue::AttestationIdProduct(a) => Ok(ToSqlOutput::from(a.to_vec())),
+            KeyParameterValue::AttestationIdSerial(a) => Ok(ToSqlOutput::from(a.to_vec())),
+            KeyParameterValue::AttestationIdIMEI(a) => Ok(ToSqlOutput::from(a.to_vec())),
+            KeyParameterValue::AttestationIdMEID(a) => Ok(ToSqlOutput::from(a.to_vec())),
+            KeyParameterValue::AttestationIdManufacturer(a) => Ok(ToSqlOutput::from(a.to_vec())),
+            KeyParameterValue::AttestationIdModel(a) => Ok(ToSqlOutput::from(a.to_vec())),
+            KeyParameterValue::VendorPatchLevel(v) => Ok(ToSqlOutput::from(*v)),
+            KeyParameterValue::BootPatchLevel(b) => Ok(ToSqlOutput::from(*b)),
+            KeyParameterValue::AssociatedData(a) => Ok(ToSqlOutput::from(a.to_vec())),
+            KeyParameterValue::Nonce(n) => Ok(ToSqlOutput::from(n.to_vec())),
+            KeyParameterValue::MacLength(m) => Ok(ToSqlOutput::from(*m)),
+            KeyParameterValue::ResetSinceIdRotation => Ok(ToSqlOutput::from(Null)),
+            KeyParameterValue::ConfirmationToken(c) => Ok(ToSqlOutput::from(c.to_vec())),
+        }
+    }
+}
+
+fn format_context_for_enums(enum_name: &'static str) -> impl FnOnce() -> String {
+    move || format!("Failed to decode {} enum from value.", enum_name)
+}
+
+fn format_context_for_sql_data(tag_name: &'static str) -> impl FnOnce() -> String {
+    move || format!("Failed to read sql data for tag: {}.", tag_name)
+}
+
+impl KeyParameter {
+    /// Construct a KeyParameter from the data from a rusqlite row.
+    /// Note that following variants of KeyParameterValue should not be stored:
+    /// IncludeUniqueID, ApplicationID, ApplicationData, RootOfTrust, UniqueID,
+    /// Attestation*, AssociatedData, Nonce, MacLength, ResetSinceIdRotation, ConfirmationToken.
+    /// This filtering is enforced at a higher level and here we support conversion for all the
+    /// variants.
+    pub fn new_from_sql(
+        tag_val: TagType,
+        data: &SqlField,
+        security_level_val: SecurityLevelType,
+    ) -> Result<Self> {
+        let key_param_value = match tag_val {
+            Tag::INVALID => KeyParameterValue::Invalid,
+            Tag::PURPOSE => {
+                let key_purpose: KeyPurposeType = data
+                    .get()
+                    .map_err(|_| KeystoreError::Rc(ResponseCode::ValueCorrupted))
+                    .with_context(format_context_for_sql_data("PURPOSE"))?;
+                KeyParameterValue::KeyPurpose(key_purpose)
+            }
+            Tag::ALGORITHM => {
+                let algorithm: AlgorithmType = data
+                    .get()
+                    .map_err(|_| KeystoreError::Rc(ResponseCode::ValueCorrupted))
+                    .with_context(format_context_for_sql_data("ALGORITHM"))?;
+                KeyParameterValue::Algorithm(algorithm)
+            }
+            Tag::KEY_SIZE => {
+                let key_size: i32 =
+                    data.get().with_context(format_context_for_sql_data("KEY_SIZE"))?;
+                KeyParameterValue::KeySize(key_size)
+            }
+            Tag::BLOCK_MODE => {
+                let block_mode: BlockModeType = data
+                    .get()
+                    .map_err(|_| KeystoreError::Rc(ResponseCode::ValueCorrupted))
+                    .with_context(format_context_for_sql_data("BLOCK_MODE"))?;
+                KeyParameterValue::BlockMode(block_mode)
+            }
+            Tag::DIGEST => {
+                let digest: DigestType = data
+                    .get()
+                    .map_err(|_| KeystoreError::Rc(ResponseCode::ValueCorrupted))
+                    .with_context(format_context_for_sql_data("DIGEST"))?;
+                KeyParameterValue::Digest(digest)
+            }
+            Tag::PADDING => {
+                let padding: PaddingModeType = data
+                    .get()
+                    .map_err(|_| KeystoreError::Rc(ResponseCode::ValueCorrupted))
+                    .with_context(format_context_for_sql_data("PADDING"))?;
+                KeyParameterValue::PaddingMode(padding)
+            }
+            Tag::CALLER_NONCE => KeyParameterValue::CallerNonce,
+            Tag::MIN_MAC_LENGTH => {
+                let min_mac_length: i32 =
+                    data.get().with_context(format_context_for_sql_data("MIN_MAC_LENGTH"))?;
+                KeyParameterValue::MinMacLength(min_mac_length)
+            }
+            Tag::EC_CURVE => {
+                let ec_curve: EcCurveType = data
+                    .get()
+                    .map_err(|_| KeystoreError::Rc(ResponseCode::ValueCorrupted))
+                    .with_context(format_context_for_sql_data("EC_CURVE"))?;
+                KeyParameterValue::EcCurve(ec_curve)
+            }
+            Tag::RSA_PUBLIC_EXPONENT => {
+                let rsa_pub_exponent: i64 =
+                    data.get().with_context(format_context_for_sql_data("RSA_PUBLIC_EXPONENT"))?;
+
+                KeyParameterValue::RSAPublicExponent(rsa_pub_exponent)
+            }
+            Tag::INCLUDE_UNIQUE_ID => KeyParameterValue::IncludeUniqueID,
+            Tag::BOOTLOADER_ONLY => KeyParameterValue::BootLoaderOnly,
+            Tag::ROLLBACK_RESISTANCE => KeyParameterValue::RollbackResistance,
+            Tag::ACTIVE_DATETIME => {
+                let active_datetime: i64 =
+                    data.get().with_context(format_context_for_sql_data("ACTIVE_DATETIME"))?;
+                KeyParameterValue::ActiveDateTime(active_datetime)
+            }
+            Tag::ORIGINATION_EXPIRE_DATETIME => {
+                let origination_expire_datetime: i64 = data
+                    .get()
+                    .with_context(format_context_for_sql_data("ORIGINATION_EXPIRE_DATETIME"))?;
+                KeyParameterValue::OriginationExpireDateTime(origination_expire_datetime)
+            }
+            Tag::USAGE_EXPIRE_DATETIME => {
+                let usage_expire_datetime: i64 = data
+                    .get()
+                    .with_context(format_context_for_sql_data("USAGE_EXPIRE_DATETIME"))?;
+                KeyParameterValue::UsageExpireDateTime(usage_expire_datetime)
+            }
+            Tag::MIN_SECONDS_BETWEEN_OPS => {
+                let min_secs_between_ops: i32 = data
+                    .get()
+                    .with_context(format_context_for_sql_data("MIN_SECONDS_BETWEEN_OPS"))?;
+                KeyParameterValue::MinSecondsBetweenOps(min_secs_between_ops)
+            }
+            Tag::MAX_USES_PER_BOOT => {
+                let max_uses_per_boot: i32 =
+                    data.get().with_context(format_context_for_sql_data("MAX_USES_PER_BOOT"))?;
+                KeyParameterValue::MaxUsesPerBoot(max_uses_per_boot)
+            }
+            Tag::USER_ID => {
+                let user_id: i32 =
+                    data.get().with_context(format_context_for_sql_data("USER_ID"))?;
+                KeyParameterValue::UserID(user_id)
+            }
+            Tag::USER_SECURE_ID => {
+                let user_secure_id: i64 =
+                    data.get().with_context(format_context_for_sql_data("USER_SECURE_ID"))?;
+                KeyParameterValue::UserSecureID(user_secure_id)
+            }
+            Tag::NO_AUTH_REQUIRED => KeyParameterValue::NoAuthRequired,
+            Tag::USER_AUTH_TYPE => {
+                let user_auth_type: HardwareAuthenticatorTypeType = data
+                    .get()
+                    .map_err(|_| KeystoreError::Rc(ResponseCode::ValueCorrupted))
+                    .with_context(format_context_for_sql_data("USER_AUTH_TYPE"))?;
+                KeyParameterValue::HardwareAuthenticatorType(user_auth_type)
+            }
+            Tag::AUTH_TIMEOUT => {
+                let auth_timeout: i32 =
+                    data.get().with_context(format_context_for_sql_data("AUTH_TIMEOUT"))?;
+                KeyParameterValue::AuthTimeout(auth_timeout)
+            }
+            Tag::ALLOW_WHILE_ON_BODY => KeyParameterValue::AllowWhileOnBody,
+            Tag::TRUSTED_USER_PRESENCE_REQUIRED => KeyParameterValue::TrustedUserPresenceRequired,
+            Tag::TRUSTED_CONFIRMATION_REQUIRED => KeyParameterValue::TrustedConfirmationRequired,
+            Tag::UNLOCKED_DEVICE_REQUIRED => KeyParameterValue::UnlockedDeviceRequired,
+            Tag::APPLICATION_ID => {
+                let app_id: Vec<u8> =
+                    data.get().with_context(format_context_for_sql_data("APPLICATION_ID"))?;
+                KeyParameterValue::ApplicationID(app_id)
+            }
+            Tag::APPLICATION_DATA => {
+                let app_data: Vec<u8> =
+                    data.get().with_context(format_context_for_sql_data("APPLICATION_DATA"))?;
+                KeyParameterValue::ApplicationData(app_data)
+            }
+            Tag::CREATION_DATETIME => {
+                let creation_datetime: i64 =
+                    data.get().with_context(format_context_for_sql_data("CREATION_DATETIME"))?;
+                KeyParameterValue::CreationDateTime(creation_datetime)
+            }
+            Tag::ORIGIN => {
+                let origin: KeyOriginType = data
+                    .get()
+                    .map_err(|_| KeystoreError::Rc(ResponseCode::ValueCorrupted))
+                    .with_context(format_context_for_sql_data("ORIGIN"))?;
+                KeyParameterValue::KeyOrigin(origin)
+            }
+            Tag::ROOT_OF_TRUST => {
+                let root_of_trust: Vec<u8> =
+                    data.get().with_context(format_context_for_sql_data("ROOT_OF_TRUST"))?;
+                KeyParameterValue::RootOfTrust(root_of_trust)
+            }
+            Tag::OS_VERSION => {
+                let os_version: i32 =
+                    data.get().with_context(format_context_for_sql_data("OS_VERSION"))?;
+                KeyParameterValue::OSVersion(os_version)
+            }
+            Tag::OS_PATCHLEVEL => {
+                let os_patch_level: i32 =
+                    data.get().with_context(format_context_for_sql_data("OS_PATCHLEVEL"))?;
+                KeyParameterValue::OSPatchLevel(os_patch_level)
+            }
+            Tag::UNIQUE_ID => {
+                let unique_id: Vec<u8> =
+                    data.get().with_context(format_context_for_sql_data("UNIQUE_ID"))?;
+                KeyParameterValue::UniqueID(unique_id)
+            }
+            Tag::ATTESTATION_CHALLENGE => {
+                let attestation_challenge: Vec<u8> = data
+                    .get()
+                    .with_context(format_context_for_sql_data("ATTESTATION_CHALLENGE"))?;
+                KeyParameterValue::AttestationChallenge(attestation_challenge)
+            }
+            Tag::ATTESTATION_APPLICATION_ID => {
+                let attestation_app_id: Vec<u8> = data
+                    .get()
+                    .with_context(format_context_for_sql_data("ATTESTATION_APPLICATION_ID"))?;
+                KeyParameterValue::AttestationApplicationID(attestation_app_id)
+            }
+            Tag::ATTESTATION_ID_BRAND => {
+                let attestation_id_brand: Vec<u8> =
+                    data.get().with_context(format_context_for_sql_data("ATTESTATION_ID_BRAND"))?;
+                KeyParameterValue::AttestationIdBrand(attestation_id_brand)
+            }
+            Tag::ATTESTATION_ID_DEVICE => {
+                let attestation_id_device: Vec<u8> = data
+                    .get()
+                    .with_context(format_context_for_sql_data("ATTESTATION_ID_DEVICE"))?;
+                KeyParameterValue::AttestationIdDevice(attestation_id_device)
+            }
+            Tag::ATTESTATION_ID_PRODUCT => {
+                let attestation_id_product: Vec<u8> = data
+                    .get()
+                    .with_context(format_context_for_sql_data("ATTESTATION_ID_PRODUCT"))?;
+                KeyParameterValue::AttestationIdProduct(attestation_id_product)
+            }
+            Tag::ATTESTATION_ID_SERIAL => {
+                let attestation_id_serial: Vec<u8> = data
+                    .get()
+                    .with_context(format_context_for_sql_data("ATTESTATION_ID_SERIAL"))?;
+                KeyParameterValue::AttestationIdSerial(attestation_id_serial)
+            }
+            Tag::ATTESTATION_ID_IMEI => {
+                let attestation_id_imei: Vec<u8> =
+                    data.get().with_context(format_context_for_sql_data("ATTESTATION_ID_IMEI"))?;
+                KeyParameterValue::AttestationIdIMEI(attestation_id_imei)
+            }
+            Tag::ATTESTATION_ID_MEID => {
+                let attestation_id_meid: Vec<u8> =
+                    data.get().with_context(format_context_for_sql_data("ATTESTATION_ID_MEID"))?;
+                KeyParameterValue::AttestationIdMEID(attestation_id_meid)
+            }
+            Tag::ATTESTATION_ID_MANUFACTURER => {
+                let attestation_id_manufacturer: Vec<u8> = data
+                    .get()
+                    .with_context(format_context_for_sql_data("ATTESTATION_ID_MANUFACTURER"))?;
+                KeyParameterValue::AttestationIdManufacturer(attestation_id_manufacturer)
+            }
+            Tag::ATTESTATION_ID_MODEL => {
+                let attestation_id_model: Vec<u8> =
+                    data.get().with_context(format_context_for_sql_data("ATTESTATION_ID_MODEL"))?;
+                KeyParameterValue::AttestationIdModel(attestation_id_model)
+            }
+            Tag::VENDOR_PATCHLEVEL => {
+                let vendor_patch_level: i32 =
+                    data.get().with_context(format_context_for_sql_data("VENDOR_PATCHLEVEL"))?;
+                KeyParameterValue::VendorPatchLevel(vendor_patch_level)
+            }
+            Tag::BOOT_PATCHLEVEL => {
+                let boot_patch_level: i32 =
+                    data.get().with_context(format_context_for_sql_data("BOOT_PATCHLEVEL"))?;
+                KeyParameterValue::BootPatchLevel(boot_patch_level)
+            }
+            Tag::ASSOCIATED_DATA => {
+                let associated_data: Vec<u8> =
+                    data.get().with_context(format_context_for_sql_data("ASSOCIATED_DATA"))?;
+                KeyParameterValue::AssociatedData(associated_data)
+            }
+            Tag::NONCE => {
+                let nonce: Vec<u8> =
+                    data.get().with_context(format_context_for_sql_data("NONCE"))?;
+                KeyParameterValue::Nonce(nonce)
+            }
+            Tag::MAC_LENGTH => {
+                let mac_length: i32 =
+                    data.get().with_context(format_context_for_sql_data("MAC_LENGTH"))?;
+                KeyParameterValue::MacLength(mac_length)
+            }
+            Tag::RESET_SINCE_ID_ROTATION => KeyParameterValue::ResetSinceIdRotation,
+            Tag::CONFIRMATION_TOKEN => {
+                let confirmation_token: Vec<u8> =
+                    data.get().with_context(format_context_for_sql_data("CONFIRMATION_TOKEN"))?;
+                KeyParameterValue::ConfirmationToken(confirmation_token)
+            }
+            _ => {
+                return Err(KeystoreError::Rc(ResponseCode::ValueCorrupted))
+                    .with_context(format_context_for_enums("Tag"))?
+            }
+        };
+        Ok(KeyParameter::new(key_param_value, security_level_val))
+    }
+}
+
+/// The storage_tests module first tests the 'new_from_sql' method for KeyParameters of different
+/// data types and then tests 'to_sql' method for KeyParameters of those
+/// different data types. The five different data types for KeyParameter values are:
+/// i) enums of u32
+/// ii) u32
+/// iii) u64
+/// iv) Vec<u8>
+/// v) bool
+#[cfg(test)]
+mod storage_tests {
+    use crate::error::*;
+    use crate::key_parameter::*;
+    use anyhow::Result;
+    use rusqlite::types::ToSql;
+    use rusqlite::{params, Connection, NO_PARAMS};
+
+    /// Test initializing a KeyParameter (with key parameter value corresponding to an enum of i32)
+    /// from a database table row.
+    #[test]
+    fn test_new_from_sql_enum_i32() -> Result<()> {
+        let db = init_db()?;
+        insert_into_keyparameter(
+            &db,
+            1,
+            Tag::ALGORITHM,
+            &Algorithm::RSA,
+            SecurityLevel::STRONGBOX,
+        )?;
+        let key_param = query_from_keyparameter(&db)?;
+        assert_eq!(Tag::ALGORITHM, key_param.get_tag());
+        assert_eq!(*key_param.key_parameter_value(), KeyParameterValue::Algorithm(Algorithm::RSA));
+        assert_eq!(*key_param.security_level(), SecurityLevel::STRONGBOX);
+        Ok(())
+    }
+
+    /// Test initializing a KeyParameter (with key parameter value which is of i32)
+    /// from a database table row.
+    #[test]
+    fn test_new_from_sql_i32() -> Result<()> {
+        let db = init_db()?;
+        insert_into_keyparameter(&db, 1, Tag::KEY_SIZE, &1024, SecurityLevel::STRONGBOX)?;
+        let key_param = query_from_keyparameter(&db)?;
+        assert_eq!(Tag::KEY_SIZE, key_param.get_tag());
+        assert_eq!(*key_param.key_parameter_value(), KeyParameterValue::KeySize(1024));
+        Ok(())
+    }
+
+    /// Test initializing a KeyParameter (with key parameter value which is of i64)
+    /// from a database table row.
+    #[test]
+    fn test_new_from_sql_i64() -> Result<()> {
+        let db = init_db()?;
+        // max value for i64, just to test corner cases
+        insert_into_keyparameter(
+            &db,
+            1,
+            Tag::RSA_PUBLIC_EXPONENT,
+            &(i64::MAX),
+            SecurityLevel::STRONGBOX,
+        )?;
+        let key_param = query_from_keyparameter(&db)?;
+        assert_eq!(Tag::RSA_PUBLIC_EXPONENT, key_param.get_tag());
+        assert_eq!(
+            *key_param.key_parameter_value(),
+            KeyParameterValue::RSAPublicExponent(i64::MAX)
+        );
+        Ok(())
+    }
+
+    /// Test initializing a KeyParameter (with key parameter value which is of bool)
+    /// from a database table row.
+    #[test]
+    fn test_new_from_sql_bool() -> Result<()> {
+        let db = init_db()?;
+        insert_into_keyparameter(&db, 1, Tag::CALLER_NONCE, &Null, SecurityLevel::STRONGBOX)?;
+        let key_param = query_from_keyparameter(&db)?;
+        assert_eq!(Tag::CALLER_NONCE, key_param.get_tag());
+        assert_eq!(*key_param.key_parameter_value(), KeyParameterValue::CallerNonce);
+        Ok(())
+    }
+
+    /// Test initializing a KeyParameter (with key parameter value which is of Vec<u8>)
+    /// from a database table row.
+    #[test]
+    fn test_new_from_sql_vec_u8() -> Result<()> {
+        let db = init_db()?;
+        let app_id = String::from("MyAppID");
+        let app_id_bytes = app_id.into_bytes();
+        insert_into_keyparameter(
+            &db,
+            1,
+            Tag::APPLICATION_ID,
+            &app_id_bytes,
+            SecurityLevel::STRONGBOX,
+        )?;
+        let key_param = query_from_keyparameter(&db)?;
+        assert_eq!(Tag::APPLICATION_ID, key_param.get_tag());
+        assert_eq!(
+            *key_param.key_parameter_value(),
+            KeyParameterValue::ApplicationID(app_id_bytes)
+        );
+        Ok(())
+    }
+
+    /// Test storing a KeyParameter (with key parameter value which corresponds to an enum of i32)
+    /// in the database
+    #[test]
+    fn test_to_sql_enum_i32() -> Result<()> {
+        let db = init_db()?;
+        let kp = KeyParameter::new(
+            KeyParameterValue::Algorithm(Algorithm::RSA),
+            SecurityLevel::STRONGBOX,
+        );
+        store_keyparameter(&db, 1, &kp)?;
+        let key_param = query_from_keyparameter(&db)?;
+        assert_eq!(kp.get_tag(), key_param.get_tag());
+        assert_eq!(kp.key_parameter_value(), key_param.key_parameter_value());
+        assert_eq!(kp.security_level(), key_param.security_level());
+        Ok(())
+    }
+
+    /// Test storing a KeyParameter (with key parameter value which is of i32) in the database
+    #[test]
+    fn test_to_sql_i32() -> Result<()> {
+        let db = init_db()?;
+        let kp = KeyParameter::new(KeyParameterValue::KeySize(1024), SecurityLevel::STRONGBOX);
+        store_keyparameter(&db, 1, &kp)?;
+        let key_param = query_from_keyparameter(&db)?;
+        assert_eq!(kp.get_tag(), key_param.get_tag());
+        assert_eq!(kp.key_parameter_value(), key_param.key_parameter_value());
+        assert_eq!(kp.security_level(), key_param.security_level());
+        Ok(())
+    }
+
+    /// Test storing a KeyParameter (with key parameter value which is of i64) in the database
+    #[test]
+    fn test_to_sql_i64() -> Result<()> {
+        let db = init_db()?;
+        // max value for i64, just to test corner cases
+        let kp = KeyParameter::new(
+            KeyParameterValue::RSAPublicExponent(i64::MAX),
+            SecurityLevel::STRONGBOX,
+        );
+        store_keyparameter(&db, 1, &kp)?;
+        let key_param = query_from_keyparameter(&db)?;
+        assert_eq!(kp.get_tag(), key_param.get_tag());
+        assert_eq!(kp.key_parameter_value(), key_param.key_parameter_value());
+        assert_eq!(kp.security_level(), key_param.security_level());
+        Ok(())
+    }
+
+    /// Test storing a KeyParameter (with key parameter value which is of Vec<u8>) in the database
+    #[test]
+    fn test_to_sql_vec_u8() -> Result<()> {
+        let db = init_db()?;
+        let kp = KeyParameter::new(
+            KeyParameterValue::ApplicationID(String::from("MyAppID").into_bytes()),
+            SecurityLevel::STRONGBOX,
+        );
+        store_keyparameter(&db, 1, &kp)?;
+        let key_param = query_from_keyparameter(&db)?;
+        assert_eq!(kp.get_tag(), key_param.get_tag());
+        assert_eq!(kp.key_parameter_value(), key_param.key_parameter_value());
+        assert_eq!(kp.security_level(), key_param.security_level());
+        Ok(())
+    }
+
+    /// Test storing a KeyParameter (with key parameter value which is of i32) in the database
+    #[test]
+    fn test_to_sql_bool() -> Result<()> {
+        let db = init_db()?;
+        let kp = KeyParameter::new(KeyParameterValue::CallerNonce, SecurityLevel::STRONGBOX);
+        store_keyparameter(&db, 1, &kp)?;
+        let key_param = query_from_keyparameter(&db)?;
+        assert_eq!(kp.get_tag(), key_param.get_tag());
+        assert_eq!(kp.key_parameter_value(), key_param.key_parameter_value());
+        assert_eq!(kp.security_level(), key_param.security_level());
+        Ok(())
+    }
+
+    #[test]
+    /// Test Tag::Invalid
+    fn test_invalid_tag() -> Result<()> {
+        let db = init_db()?;
+        insert_into_keyparameter(&db, 1, 0, &123, 1)?;
+        let key_param = query_from_keyparameter(&db)?;
+        assert_eq!(Tag::INVALID, key_param.get_tag());
+        Ok(())
+    }
+
+    #[test]
+    fn test_non_existing_enum_variant() -> Result<()> {
+        let db = init_db()?;
+        insert_into_keyparameter(&db, 1, 100, &123, 1)?;
+        tests::check_result_contains_error_string(
+            query_from_keyparameter(&db),
+            "Failed to decode Tag enum from value.",
+        );
+        Ok(())
+    }
+
+    #[test]
+    fn test_invalid_conversion_from_sql() -> Result<()> {
+        let db = init_db()?;
+        insert_into_keyparameter(&db, 1, Tag::ALGORITHM, &Null, 1)?;
+        tests::check_result_contains_error_string(
+            query_from_keyparameter(&db),
+            "Failed to read sql data for tag: ALGORITHM.",
+        );
+        Ok(())
+    }
+
+    /// Helper method to init database table for key parameter
+    fn init_db() -> Result<Connection> {
+        let db = Connection::open_in_memory().context("Failed to initialize sqlite connection.")?;
+        db.execute("ATTACH DATABASE ? as 'persistent';", params![""])
+            .context("Failed to attach databases.")?;
+        db.execute(
+            "CREATE TABLE IF NOT EXISTS persistent.keyparameter (
+                                keyentryid INTEGER,
+                                tag INTEGER,
+                                data ANY,
+                                security_level INTEGER);",
+            NO_PARAMS,
+        )
+        .context("Failed to initialize \"keyparameter\" table.")?;
+        Ok(db)
+    }
+
+    /// Helper method to insert an entry into key parameter table, with individual parameters
+    fn insert_into_keyparameter<T: ToSql>(
+        db: &Connection,
+        key_id: i64,
+        tag: i32,
+        value: &T,
+        security_level: i32,
+    ) -> Result<()> {
+        db.execute(
+            "INSERT into persistent.keyparameter (keyentryid, tag, data, security_level)
+VALUES(?, ?, ?, ?);",
+            params![key_id, tag, *value, security_level],
+        )?;
+        Ok(())
+    }
+
+    /// Helper method to store a key parameter instance.
+    fn store_keyparameter(db: &Connection, key_id: i64, kp: &KeyParameter) -> Result<()> {
+        db.execute(
+            "INSERT into persistent.keyparameter (keyentryid, tag, data, security_level)
+VALUES(?, ?, ?, ?);",
+            params![key_id, kp.get_tag(), kp.key_parameter_value(), kp.security_level()],
+        )?;
+        Ok(())
+    }
+
+    /// Helper method to query a row from keyparameter table
+    fn query_from_keyparameter(db: &Connection) -> Result<KeyParameter> {
+        let mut stmt = db.prepare(
+            "SELECT tag, data, security_level FROM
+persistent.keyparameter",
+        )?;
+        let mut rows = stmt.query(NO_PARAMS)?;
+        let row = rows.next()?.unwrap();
+        Ok(KeyParameter::new_from_sql(row.get(0)?, &SqlField(1, row), row.get(2)?)?)
+    }
+}
diff --git a/keystore2/src/keymint_definitions.rs b/keystore2/src/keymint_definitions.rs
deleted file mode 100644
index 2658a01..0000000
--- a/keystore2/src/keymint_definitions.rs
+++ /dev/null
@@ -1,177 +0,0 @@
-// Copyright 2020, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#![allow(non_camel_case_types)]
-#![allow(missing_docs)]
-
-/// This is the current interface for the code to-be-generated from the keymint AIDL.
-/// The AIDL spec is at" hardware/interfaces/keymint
-#[repr(u32)]
-#[derive(PartialEq, Debug)]
-pub enum TagType {
-    INVALID = 0 << 28,
-    ENUM = 1 << 28,
-    ENUM_REP = 2 << 28,
-    UINT = 3 << 28,
-    UINT_REP = 4 << 28,
-    ULONG = 5 << 28,
-    DATE = 6 << 28,
-    BOOL = 7 << 28,
-    BIGNUM = 8 << 28,
-    BYTES = 9 << 28,
-    ULONG_REP = 10 << 28,
-}
-#[repr(u32)]
-#[derive(PartialEq, Debug, Copy, Clone)]
-pub enum Tag {
-    INVALID = TagType::INVALID as u32,
-    PURPOSE = TagType::ENUM_REP as u32 | 1,
-    ALGORITHM = TagType::ENUM as u32 | 2,
-    KEY_SIZE = TagType::UINT as u32 | 3,
-    BLOCK_MODE = TagType::ENUM_REP as u32 | 4,
-    DIGEST = TagType::ENUM_REP as u32 | 5,
-    PADDING = TagType::ENUM_REP as u32 | 6,
-    CALLER_NONCE = TagType::BOOL as u32 | 7,
-    MIN_MAC_LENGTH = TagType::UINT as u32 | 8,
-    EC_CURVE = TagType::ENUM as u32 | 10,
-    RSA_PUBLIC_EXPONENT = TagType::ULONG as u32 | 200,
-    INCLUDE_UNIQUE_ID = TagType::BOOL as u32 | 202,
-    BLOB_USAGE_REQUIREMENTS = TagType::ENUM as u32 | 301,
-    BOOTLOADER_ONLY = TagType::BOOL as u32 | 302,
-    ROLLBACK_RESISTANCE = TagType::BOOL as u32 | 303,
-    ACTIVE_DATETIME = TagType::DATE as u32 | 400,
-    ORIGINATION_EXPIRE_DATETIME = TagType::DATE as u32 | 401,
-    USAGE_EXPIRE_DATETIME = TagType::DATE as u32 | 402,
-    MIN_SECONDS_BETWEEN_OPS = TagType::UINT as u32 | 403,
-    MAX_USES_PER_BOOT = TagType::UINT as u32 | 404,
-    USER_ID = TagType::UINT as u32 | 501,
-    USER_SECURE_ID = TagType::ULONG_REP as u32 | 502,
-    NO_AUTH_REQUIRED = TagType::BOOL as u32 | 503,
-    USER_AUTH_TYPE = TagType::ENUM as u32 | 504,
-    AUTH_TIMEOUT = TagType::UINT as u32 | 505,
-    ALLOW_WHILE_ON_BODY = TagType::BOOL as u32 | 506,
-    TRUSTED_USER_PRESENCE_REQUIRED = TagType::BOOL as u32 | 507,
-    TRUSTED_CONFIRMATION_REQUIRED = TagType::BOOL as u32 | 508,
-    UNLOCKED_DEVICE_REQUIRED = TagType::BOOL as u32 | 509,
-    APPLICATION_ID = TagType::BYTES as u32 | 601,
-    APPLICATION_DATA = TagType::BYTES as u32 | 700,
-    CREATION_DATETIME = TagType::DATE as u32 | 701,
-    ORIGIN = TagType::ENUM as u32 | 702,
-    ROOT_OF_TRUST = TagType::BYTES as u32 | 704,
-    OS_VERSION = TagType::UINT as u32 | 705,
-    OS_PATCHLEVEL = TagType::UINT as u32 | 706,
-    UNIQUE_ID = TagType::BYTES as u32 | 707,
-    ATTESTATION_CHALLENGE = TagType::BYTES as u32 | 708,
-    ATTESTATION_APPLICATION_ID = TagType::BYTES as u32 | 709,
-    ATTESTATION_ID_BRAND = TagType::BYTES as u32 | 710,
-    ATTESTATION_ID_DEVICE = TagType::BYTES as u32 | 711,
-    ATTESTATION_ID_PRODUCT = TagType::BYTES as u32 | 712,
-    ATTESTATION_ID_SERIAL = TagType::BYTES as u32 | 713,
-    ATTESTATION_ID_IMEI = TagType::BYTES as u32 | 714,
-    ATTESTATION_ID_MEID = TagType::BYTES as u32 | 715,
-    ATTESTATION_ID_MANUFACTURER = TagType::BYTES as u32 | 716,
-    ATTESTATION_ID_MODEL = TagType::BYTES as u32 | 717,
-    VENDOR_PATCHLEVEL = TagType::UINT as u32 | 718,
-    BOOT_PATCHLEVEL = TagType::UINT as u32 | 719,
-    ASSOCIATED_DATA = TagType::BYTES as u32 | 1000,
-    NONCE = TagType::BYTES as u32 | 1001,
-    MAC_LENGTH = TagType::UINT as u32 | 1003,
-    RESET_SINCE_ID_ROTATION = TagType::BOOL as u32 | 1004,
-    CONFIRMATION_TOKEN = TagType::BYTES as u32 | 1005,
-}
-#[repr(u32)]
-#[derive(PartialEq, Debug, Copy, Clone)]
-pub enum Algorithm {
-    RSA = 1,
-    EC = 3,
-    AES = 32,
-    TRIPLE_DES = 33,
-    HMAC = 128,
-}
-#[repr(u32)]
-#[derive(PartialEq, Debug, Copy, Clone)]
-pub enum BlockMode {
-    ECB = 1,
-    CBC = 2,
-    CTR = 3,
-    GCM = 32,
-}
-#[repr(u32)]
-#[derive(PartialEq, Debug, Copy, Clone)]
-pub enum PaddingMode {
-    NONE = 1,
-    RSA_OAEP = 2,
-    RSA_PSS = 3,
-    RSA_PKCS1_1_5_ENCRYPT = 4,
-    RSA_PKCS1_1_5_SIGN = 5,
-    PKCS7 = 64,
-}
-#[repr(u32)]
-#[derive(PartialEq, Debug, Copy, Clone)]
-pub enum Digest {
-    NONE = 0,
-    MD5 = 1,
-    SHA1 = 2,
-    SHA_2_224 = 3,
-    SHA_2_256 = 4,
-    SHA_2_384 = 5,
-    SHA_2_512 = 6,
-}
-#[repr(u32)]
-#[derive(PartialEq, Debug, Copy, Clone)]
-pub enum EcCurve {
-    P_224 = 0,
-    P_256 = 1,
-    P_384 = 2,
-    P_521 = 3,
-}
-#[repr(u32)]
-#[derive(PartialEq, Debug, Copy, Clone)]
-pub enum KeyOrigin {
-    GENERATED = 0,
-    DERIVED = 1,
-    IMPORTED = 2,
-    UNKNOWN = 3,
-    SECURELY_IMPORTED = 4,
-}
-#[repr(u32)]
-#[derive(PartialEq, Debug, Copy, Clone)]
-pub enum KeyBlobUsageRequirements {
-    STANDALONE = 0,
-    REQUIRES_FILE_SYSTEM = 1,
-}
-#[repr(u32)]
-#[derive(PartialEq, Debug, Copy, Clone)]
-pub enum KeyPurpose {
-    ENCRYPT = 0,
-    DECRYPT = 1,
-    SIGN = 2,
-    VERIFY = 3,
-    WRAP_KEY = 5,
-}
-#[repr(u32)]
-#[derive(PartialEq, Debug, Copy, Clone)]
-pub enum HardwareAuthenticatorType {
-    NONE = 0,
-    PASSWORD = 1,
-    FINGERPRINT = 1 << 1,
-    ANY = (0xFFFFFFFF as u32) as u32,
-}
-#[repr(u32)]
-#[derive(PartialEq, Debug, Copy, Clone)]
-pub enum SecurityLevel {
-    SOFTWARE = 0,
-    TRUSTED_ENVIRONMENT = 1,
-    STRONGBOX = 2,
-}
diff --git a/keystore2/src/lib.rs b/keystore2/src/lib.rs
index 13ef87d..b5fef3e 100644
--- a/keystore2/src/lib.rs
+++ b/keystore2/src/lib.rs
@@ -18,6 +18,4 @@
 pub mod error;
 /// Internal Representation of Key Parameter and convenience functions.
 pub mod key_parameter;
-/// Internal interface for the code to-be-generated from the keymint AIDL
-pub mod keymint_definitions;
 pub mod permission;