am 0e5fca1c: Merge changes Id4bdfdcb,Ib94f3606

* commit '0e5fca1ca4777f5f5d5fa8bd0de139e42077881b':
  Added insecure (chunkless) AEAD option.
  Add additional param lists to update and finish.

include/hardware/keymaster.h

@@ -534,8 +534,8 @@ struct keymaster_device {
      * \param[in] params Additional parameters for the operation.  This is typically used to provide
      * client ID information, with tags KM_TAG_APPLICATION_ID and KM_TAG_APPLICATION_DATA.  If the
      * client information associated with the key is not provided, begin() will fail and return
-     * KM_ERROR_INVALID_KEY_BLOB.  Less commonly, \params can be used to provide AEAD additional
-     * data and chunk size with KM_TAG_ADDITIONAL_DATA or KM_TAG_CHUNK_SIZE respectively.
+     * KM_ERROR_INVALID_KEY_BLOB.  For operations that require a nonce or IV, this must contain a
+     * tag KM_TAG_NONCE.  For AEAD operations KM_TAG_CHUNK_SIZE is specified here.
      *
      * \param[in] params_count The number of entries in \p params.
      *
@@ -569,6 +569,11 @@ struct keymaster_device {
      *
      * \param[in] operation_handle The operation handle returned by begin().
      *
+     * \param[in] params Additional parameters for the operation.  For AEAD modes, this is used to
+     * specify KM_TAG_ADDITIONAL_DATA.
+     *
+     * \param[in] params_count Length of \p params.
+     *
      * \param[in] input Data to be processed, per the parameters established in the call to begin().
      * Note that update() may or may not consume all of the data provided.  See \p data_consumed.
      *
@@ -589,9 +594,10 @@ struct keymaster_device {
      * *output may be either NULL or zero-length (so the caller should always free() it).
      */
     keymaster_error_t (*update)(const struct keymaster_device* dev,
-                                keymaster_operation_handle_t operation_handle, const uint8_t* input,
-                                size_t input_length, size_t* input_consumed, uint8_t** output,
-                                size_t* output_length);
+                                keymaster_operation_handle_t operation_handle,
+                                const keymaster_key_param_t* params, size_t params_count,
+                                const uint8_t* input, size_t input_length, size_t* input_consumed,
+                                uint8_t** output, size_t* output_length);
 
     /**
      * Finalizes a cryptographic operation begun with begin() and invalidates operation_handle
@@ -602,6 +608,11 @@ struct keymaster_device {
      * \param[in] operation_handle The operation handle returned by begin().  This handle will be
      * invalidated.
      *
+     * \param[in] params Additional parameters for the operation.  For AEAD modes, this is used to
+     * specify KM_TAG_ADDITIONAL_DATA.
+     *
+     * \param[in] params_count Length of \p params.
+     *
      * \param[in] signature The signature to be verified if the purpose specified in the begin()
      * call was KM_PURPOSE_VERIFY.
      *
@@ -617,6 +628,7 @@ struct keymaster_device {
      */
     keymaster_error_t (*finish)(const struct keymaster_device* dev,
                                 keymaster_operation_handle_t operation_handle,
+                                const keymaster_key_param_t* params, size_t params_count,
                                 const uint8_t* signature, size_t signature_length, uint8_t** output,
                                 size_t* output_length);
 

include/hardware/keymaster_defs.h

@@ -102,15 +102,16 @@ typedef enum {
      */
 
     /* Crypto parameters */
-    KM_TAG_PURPOSE = KM_ENUM_REP | 1,  /* keymaster_purpose_t. */
-    KM_TAG_ALGORITHM = KM_ENUM | 2,    /* keymaster_algorithm_t. */
-    KM_TAG_KEY_SIZE = KM_INT | 3,      /* Key size in bits. */
-    KM_TAG_BLOCK_MODE = KM_ENUM | 4,   /* keymaster_block_mode_t. */
-    KM_TAG_DIGEST = KM_ENUM | 5,       /* keymaster_digest_t. */
-    KM_TAG_MAC_LENGTH = KM_INT | 6,    /* MAC length in bits. */
-    KM_TAG_PADDING = KM_ENUM | 7,      /* keymaster_padding_t. */
-    KM_TAG_CHUNK_LENGTH = KM_INT | 8,  /* AEAD mode minimum decryption chunk size, in bytes. */
-    KM_TAG_CALLER_NONCE = KM_BOOL | 9, /* Allow caller to specify nonce or IV. */
+    KM_TAG_PURPOSE = KM_ENUM_REP | 1,     /* keymaster_purpose_t. */
+    KM_TAG_ALGORITHM = KM_ENUM | 2,       /* keymaster_algorithm_t. */
+    KM_TAG_KEY_SIZE = KM_INT | 3,         /* Key size in bits. */
+    KM_TAG_BLOCK_MODE = KM_ENUM | 4,      /* keymaster_block_mode_t. */
+    KM_TAG_DIGEST = KM_ENUM | 5,          /* keymaster_digest_t. */
+    KM_TAG_MAC_LENGTH = KM_INT | 6,       /* MAC length in bits. */
+    KM_TAG_PADDING = KM_ENUM | 7,         /* keymaster_padding_t. */
+    KM_TAG_RETURN_UNAUTHED = KM_BOOL | 8, /* Allow AEAD decryption to return plaintext before it has
+                                             been authenticated.  WARNING: Not recommended. */
+    KM_TAG_CALLER_NONCE = KM_BOOL | 9,    /* Allow caller to specify nonce or IV. */
 
     /* Other hardware-enforced. */
     KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101, /* Tags authorized for addition via rescoping. */
@@ -176,6 +177,8 @@ typedef enum {
     /* Tags used only to provide data to or receive data from operations */
     KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000, /* Used to provide associated data for AEAD modes. */
     KM_TAG_NONCE = KM_BYTES | 1001,           /* Nonce or Initialization Vector */
+    KM_TAG_CHUNK_LENGTH = KM_INT | 1002,      /* AEAD mode chunk size, in bytes.  0 means no limit,
+                                                 which requires KM_TAG_RETURN_UNAUTHED. */
 } keymaster_tag_t;
 
 /**