diff options
author | Nathan Huckleberry <nhuck@google.com> | 2022-06-07 21:34:54 +0000 |
---|---|---|
committer | Nathan Huckleberry <nhuck@google.com> | 2022-08-31 21:23:03 +0000 |
commit | 97576d501a7a4e96fa76a88ae722da714fc2cc77 (patch) | |
tree | 219efa05c8de96ad62d05238e31e76ae77d6fac3 /libfscrypt | |
parent | 82df359537f045441257192fbb6e475d0ed28baa (diff) | |
download | extras-97576d501a7a4e96fa76a88ae722da714fc2cc77.tar.gz |
Add HCTR2 as an allowed mode for filename encryption
HCTR2 is a wide-block encryption mode intended to solve a pre-existing
cryptographic weakness due to IV reuse in filename encryption.
Bug: 233652475
Change-Id: Ibae5611db5b5dc99942de45110d29fd4d42fd17e
Test: Boot using an Android kernel with HCTR2 support and verify that
"fscrypt : AES-256-HCTR2" appears in the kernel log.
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Diffstat (limited to 'libfscrypt')
-rw-r--r-- | libfscrypt/fscrypt.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/libfscrypt/fscrypt.cpp b/libfscrypt/fscrypt.cpp index f8a912fe..677017a6 100644 --- a/libfscrypt/fscrypt.cpp +++ b/libfscrypt/fscrypt.cpp @@ -39,6 +39,9 @@ using namespace std::string_literals; +/* This can be removed once this macro is available in <linux/fscrypt.h> */ +#define FSCRYPT_MODE_AES_256_HCTR2 10 + /* modes not supported by upstream kernel, so not in <linux/fscrypt.h> */ #define FSCRYPT_MODE_AES_256_HEH 126 #define FSCRYPT_MODE_PRIVATE 127 @@ -61,6 +64,7 @@ static const auto filenames_modes = std::vector<ModeLookupEntry>{ {"aes-256-cts"s, FSCRYPT_MODE_AES_256_CTS}, {"aes-256-heh"s, FSCRYPT_MODE_AES_256_HEH}, {"adiantum"s, FSCRYPT_MODE_ADIANTUM}, + {"aes-256-hctr2"s, FSCRYPT_MODE_AES_256_HCTR2}, }; static bool LookupModeByName(const std::vector<struct ModeLookupEntry>& modes, |