2 files changed, 13 insertions, 10 deletions

diff --git a/include/hardware/keymaster.h b/include/hardware/keymaster.h
index 9ecc5fb..db66a74 100644
--- a/include/hardware/keymaster.h
+++ b/include/hardware/keymaster.h
@@ -535,7 +535,7 @@ struct keymaster_device {
      * client ID information, with tags KM_TAG_APPLICATION_ID and KM_TAG_APPLICATION_DATA.  If the
      * client information associated with the key is not provided, begin() will fail and return
      * KM_ERROR_INVALID_KEY_BLOB.  For operations that require a nonce or IV, this must contain a
-     * tag KM_TAG_NONCE.
+     * tag KM_TAG_NONCE.  For AEAD operations KM_TAG_CHUNK_SIZE is specified here.
      *
      * \param[in] params_count The number of entries in \p params.
      *
diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h
index 4f9de17..a7b3cd8 100644
--- a/include/hardware/keymaster_defs.h
+++ b/include/hardware/keymaster_defs.h
@@ -102,15 +102,16 @@ typedef enum {
      */
 
     /* Crypto parameters */
-    KM_TAG_PURPOSE = KM_ENUM_REP | 1,  /* keymaster_purpose_t. */
-    KM_TAG_ALGORITHM = KM_ENUM | 2,    /* keymaster_algorithm_t. */
-    KM_TAG_KEY_SIZE = KM_INT | 3,      /* Key size in bits. */
-    KM_TAG_BLOCK_MODE = KM_ENUM | 4,   /* keymaster_block_mode_t. */
-    KM_TAG_DIGEST = KM_ENUM | 5,       /* keymaster_digest_t. */
-    KM_TAG_MAC_LENGTH = KM_INT | 6,    /* MAC length in bits. */
-    KM_TAG_PADDING = KM_ENUM | 7,      /* keymaster_padding_t. */
-    KM_TAG_CHUNK_LENGTH = KM_INT | 8,  /* AEAD mode minimum decryption chunk size, in bytes. */
-    KM_TAG_CALLER_NONCE = KM_BOOL | 9, /* Allow caller to specify nonce or IV. */
+    KM_TAG_PURPOSE = KM_ENUM_REP | 1,     /* keymaster_purpose_t. */
+    KM_TAG_ALGORITHM = KM_ENUM | 2,       /* keymaster_algorithm_t. */
+    KM_TAG_KEY_SIZE = KM_INT | 3,         /* Key size in bits. */
+    KM_TAG_BLOCK_MODE = KM_ENUM | 4,      /* keymaster_block_mode_t. */
+    KM_TAG_DIGEST = KM_ENUM | 5,          /* keymaster_digest_t. */
+    KM_TAG_MAC_LENGTH = KM_INT | 6,       /* MAC length in bits. */
+    KM_TAG_PADDING = KM_ENUM | 7,         /* keymaster_padding_t. */
+    KM_TAG_RETURN_UNAUTHED = KM_BOOL | 8, /* Allow AEAD decryption to return plaintext before it has
+                                             been authenticated.  WARNING: Not recommended. */
+    KM_TAG_CALLER_NONCE = KM_BOOL | 9,    /* Allow caller to specify nonce or IV. */
 
     /* Other hardware-enforced. */
     KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101, /* Tags authorized for addition via rescoping. */
@@ -176,6 +177,8 @@ typedef enum {
     /* Tags used only to provide data to or receive data from operations */
     KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000, /* Used to provide associated data for AEAD modes. */
     KM_TAG_NONCE = KM_BYTES | 1001,           /* Nonce or Initialization Vector */
+    KM_TAG_CHUNK_LENGTH = KM_INT | 1002,      /* AEAD mode chunk size, in bytes.  0 means no limit,
+                                                 which requires KM_TAG_RETURN_UNAUTHED. */
 } keymaster_tag_t;
 
 /**