Add HCTR2 as an allowed mode for filename encryption

HCTR2 is a wide-block encryption mode intended to solve a pre-existing
cryptographic weakness due to IV reuse in filename encryption.

Bug: 233652475
Change-Id: Ibae5611db5b5dc99942de45110d29fd4d42fd17e
Test: Boot using an Android kernel with HCTR2 support and verify that
  "fscrypt : AES-256-HCTR2" appears in the kernel log.
Signed-off-by: Nathan Huckleberry <nhuck@google.com>

1 files changed, 4 insertions, 0 deletions

diff --git a/libfscrypt/fscrypt.cpp b/libfscrypt/fscrypt.cpp
index f8a912fe..677017a6 100644
--- a/libfscrypt/fscrypt.cpp
+++ b/libfscrypt/fscrypt.cpp
@@ -39,6 +39,9 @@
 
 using namespace std::string_literals;
 
+/* This can be removed once this macro is available in <linux/fscrypt.h> */
+#define FSCRYPT_MODE_AES_256_HCTR2 10
+
 /* modes not supported by upstream kernel, so not in <linux/fscrypt.h> */
 #define FSCRYPT_MODE_AES_256_HEH 126
 #define FSCRYPT_MODE_PRIVATE 127
@@ -61,6 +64,7 @@ static const auto filenames_modes = std::vector<ModeLookupEntry>{
         {"aes-256-cts"s, FSCRYPT_MODE_AES_256_CTS},
         {"aes-256-heh"s, FSCRYPT_MODE_AES_256_HEH},
         {"adiantum"s, FSCRYPT_MODE_ADIANTUM},
+        {"aes-256-hctr2"s, FSCRYPT_MODE_AES_256_HCTR2},
 };
 
 static bool LookupModeByName(const std::vector<struct ModeLookupEntry>& modes,