From d4aea9089ba90bf7452172fefdd7d0906f7e2a82 Mon Sep 17 00:00:00 2001
From: Nathan Huckleberry <nhuck@google.com>
Date: Tue, 7 Feb 2023 01:09:57 +0000
Subject: [PATCH] Enable HCTR2 for filenames encryption

Fix prefix-correlation weakness in filenames encryption by switching to
AES-256-HCTR2.  Enabling HCTR2 fixes a longstanding known weakness in
filenames encryption.

Also enable HCTR2 for adoptable storage.  Pixel phones don't have an SD
card slot.  So they can only have adoptable storage through the "Virtual
SD Card", which is for testing only.

Bug: 265046004
Test: Equivalent changes were tested on P21 since I don't have a P23.
Will be tested with storage-qa.

Change-Id: I0666eb07c4b93b1bab4da41e3b4f5019ac38c213
---
 conf/Android.bp | 4 ++--
 device.mk       | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/conf/Android.bp b/conf/Android.bp
index e9e50ecf..58f11f32 100644
--- a/conf/Android.bp
+++ b/conf/Android.bp
@@ -37,7 +37,7 @@ genrule {
     name: "gen_fstab.zuma-hw-encrypt",
     srcs: ["fstab.zuma.in"],
     out: ["fstab.zuma"],
-    cmd: "sed -e s/@fileencryption@/fileencryption=::inlinecrypt_optimized+wrappedkey_v0/" +
+    cmd: "sed -e s/@fileencryption@/fileencryption=:aes-256-hctr2:inlinecrypt_optimized+wrappedkey_v0/" +
         " -e s/@inlinecrypt@/inlinecrypt/ " +
         " -e s/@metadata_encryption@/metadata_encryption=:wrappedkey_v0/ $(in) > $(out)",
 }
@@ -46,7 +46,7 @@ genrule {
     name: "gen_fstab.zuma-sw-encrypt",
     srcs: ["fstab.zuma.in"],
     out: ["fstab.zuma"],
-    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts/" +
+    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts:aes-256-hctr2/" +
         " -e s/@inlinecrypt@// " +
         " -e s/@metadata_encryption@/metadata_encryption=/ $(in) > $(out)",
 }
diff --git a/device.mk b/device.mk
index 0e894aec..99b45b40 100644
--- a/device.mk
+++ b/device.mk
@@ -1152,6 +1152,10 @@ PRODUCT_COPY_FILES += \
 # Call deleteAllKeys if vold detects a factory reset
 PRODUCT_VENDOR_PROPERTIES += ro.crypto.metadata_init_delete_all_keys.enabled?=true
 
+# Use HCTR2 for filenames encryption on adoptable storage.
+PRODUCT_PROPERTY_OVERRIDES += \
+    ro.crypto.volume.options=aes-256-xts:aes-256-hctr2
+
 # Hardware Info Collection
 include hardware/google/pixel/HardwareInfo/HardwareInfo.mk