Enable HCTR2 for filenames encryption

Fix prefix-correlation weakness in filenames encryption by switching to
AES-256-HCTR2.  Enabling HCTR2 fixes a longstanding known weakness in
filenames encryption.

Also enable HCTR2 for adoptable storage.  Pixel phones don't have an SD
card slot.  So they can only have adoptable storage through the "Virtual
SD Card", which is for testing only.

Bug: 265046004
Test: Equivalent changes were tested on P21 since I don't have a P23.
Will be tested with storage-qa.

Change-Id: I0666eb07c4b93b1bab4da41e3b4f5019ac38c213

conf/Android.bp

@@ -37,7 +37,7 @@ genrule {
     name: "gen_fstab.zuma-hw-encrypt",
     srcs: ["fstab.zuma.in"],
     out: ["fstab.zuma"],
-    cmd: "sed -e s/@fileencryption@/fileencryption=::inlinecrypt_optimized+wrappedkey_v0/" +
+    cmd: "sed -e s/@fileencryption@/fileencryption=:aes-256-hctr2:inlinecrypt_optimized+wrappedkey_v0/" +
         " -e s/@inlinecrypt@/inlinecrypt/ " +
         " -e s/@metadata_encryption@/metadata_encryption=:wrappedkey_v0/ $(in) > $(out)",
 }
@@ -46,7 +46,7 @@ genrule {
     name: "gen_fstab.zuma-sw-encrypt",
     srcs: ["fstab.zuma.in"],
     out: ["fstab.zuma"],
-    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts/" +
+    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts:aes-256-hctr2/" +
         " -e s/@inlinecrypt@// " +
         " -e s/@metadata_encryption@/metadata_encryption=/ $(in) > $(out)",
 }

device.mk

@@ -1152,6 +1152,10 @@ PRODUCT_COPY_FILES += \
 # Call deleteAllKeys if vold detects a factory reset
 PRODUCT_VENDOR_PROPERTIES += ro.crypto.metadata_init_delete_all_keys.enabled?=true
 
+# Use HCTR2 for filenames encryption on adoptable storage.
+PRODUCT_PROPERTY_OVERRIDES += \
+    ro.crypto.volume.options=aes-256-xts:aes-256-hctr2
+
 # Hardware Info Collection
 include hardware/google/pixel/HardwareInfo/HardwareInfo.mk