From b04c67a9386fd141002f0836220ef69592f26a52 Mon Sep 17 00:00:00 2001
From: Max Bires <jbires@google.com>
Date: Wed, 1 Sep 2021 23:24:01 -0700
Subject: [PATCH] Change the language for SB AES key sizes

This alters the HAL documentation to specify that StrongBox must ONLY
support AES 128 and 256 keys.

Bug: 191736606
Test: Read the documentation and confirm that it is clear.
Change-Id: I484d51700df28eb073b7928b6dc7a3b52c59caee
---
 .../aidl/android/hardware/security/keymint/IKeyMintDevice.aidl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index 18497236eb..cd8cfc5f6e 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -96,7 +96,8 @@ import android.hardware.security.secureclock.TimeStampToken;
  *
  * o   AES
  *
- *      - 128 and 256-bit keys
+ *      - TRUSTED_ENVIRONMENT IKeyMintDevices must support 128, 192 and 256-bit keys.
+ *        STRONGBOX IKeyMintDevices must only support 128 and 256-bit keys.
  *      - CBC, CTR, ECB and GCM modes.  The GCM mode must not allow the use of tags smaller than 96
  *        bits or nonce lengths other than 96 bits.
  *      - CBC and ECB modes must support unpadded and PKCS7 padding modes.  With no padding CBC and