From 3d2698105ed3744405e11f0a0c55d96d23281369 Mon Sep 17 00:00:00 2001
From: Nathan Huckleberry <nhuck@google.com>
Date: Tue, 7 Feb 2023 01:09:57 +0000
Subject: [PATCH] Enable HCTR2 for filenames encryption

Fix prefix-correlation weakness in filenames encryption by switching to
AES-256-HCTR2.  Enabling HCTR2 fixes a longstanding known weakness in
filenames encryption.

Also enable HCTR2 for adoptable storage.  Pixel phones don't have an SD
card slot.  So they can only have adoptable storage through the "Virtual
SD Card", which is for testing only.

Bug: 265046004
Test: Equivalent changes were tested on P21 since I don't have a P23.
Will be tested with storage-qa.

Change-Id: I0666eb07c4b93b1bab4da41e3b4f5019ac38c213
---
 conf/Android.bp | 4 ++--
 device.mk       | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/conf/Android.bp b/conf/Android.bp
index e9e50ecf..58f11f32 100644
--- a/conf/Android.bp
+++ b/conf/Android.bp
@@ -37,7 +37,7 @@ genrule {
     name: "gen_fstab.zuma-hw-encrypt",
     srcs: ["fstab.zuma.in"],
     out: ["fstab.zuma"],
-    cmd: "sed -e s/@fileencryption@/fileencryption=::inlinecrypt_optimized+wrappedkey_v0/" +
+    cmd: "sed -e s/@fileencryption@/fileencryption=:aes-256-hctr2:inlinecrypt_optimized+wrappedkey_v0/" +
         " -e s/@inlinecrypt@/inlinecrypt/ " +
         " -e s/@metadata_encryption@/metadata_encryption=:wrappedkey_v0/ $(in) > $(out)",
 }
@@ -46,7 +46,7 @@ genrule {
     name: "gen_fstab.zuma-sw-encrypt",
     srcs: ["fstab.zuma.in"],
     out: ["fstab.zuma"],
-    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts/" +
+    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts:aes-256-hctr2/" +
         " -e s/@inlinecrypt@// " +
         " -e s/@metadata_encryption@/metadata_encryption=/ $(in) > $(out)",
 }
diff --git a/device.mk b/device.mk
index e4405249..2ebb8197 100644
--- a/device.mk
+++ b/device.mk
@@ -1134,6 +1134,10 @@ PRODUCT_COPY_FILES += \
 # Call deleteAllKeys if vold detects a factory reset
 PRODUCT_VENDOR_PROPERTIES += ro.crypto.metadata_init_delete_all_keys.enabled?=true
 
+# Use HCTR2 for filenames encryption on adoptable storage.
+PRODUCT_PROPERTY_OVERRIDES += \
+    ro.crypto.volume.options=aes-256-xts:aes-256-hctr2
+
 # Hardware Info Collection
 include hardware/google/pixel/HardwareInfo/HardwareInfo.mk