Merge "Revert "AesInvalidKeySize skip 192 on SB devices"" into sc-dev am: f332d02bc6
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/15595275
Change-Id: I6cafaeaf04de684fb646eeb9dab15741bc4e677e
diff --git a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
index d326334..d0ad433 100644
--- a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
+++ b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
@@ -21,7 +21,6 @@
#include <android-base/logging.h>
#include <android/hidl/manager/1.0/IServiceManager.h>
-#include <cutils/properties.h>
#include <keymasterV4_0/key_param_output.h>
#include <keymasterV4_0/keymaster_utils.h>
@@ -686,9 +685,6 @@
case Algorithm::EC:
return {224, 384, 521};
case Algorithm::AES:
- // The HAL language was clarified to exclude AES key sizes of 192 for StrongBox
- // instances on devices launched on API Level 31 and above.
- if (property_get_int32("ro.board.first_api_level", 0) < 31) return {};
return {192};
default:
return {};
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index 4e81e71..2241735 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -96,8 +96,7 @@
*
* o AES
*
- * - TRUSTED_ENVIRONMENT IKeyMintDevices must support 128, 192 and 256-bit keys.
- * STRONGBOX IKeyMintDevices must only support 128 and 256-bit keys.
+ * - 128 and 256-bit keys
* - CBC, CTR, ECB and GCM modes. The GCM mode must not allow the use of tags smaller than 96
* bits or nonce lengths other than 96 bits.
* - CBC and ECB modes must support unpadded and PKCS7 padding modes. With no padding CBC and