diff options
author | Greg Kaiser <gkaiser@google.com> | 2018-12-03 12:36:56 -0800 |
---|---|---|
committer | Greg Kaiser <gkaiser@google.com> | 2018-12-11 15:14:49 -0800 |
commit | b46c11ce9a3c4d1851bcce2a84678415250679de (patch) | |
tree | 4852a6add7492bf8f5be586692d9598b02810af6 /libfscrypt/fscrypt.cpp | |
parent | b90b93725da8b7b8c6e887de909dc7c952797752 (diff) | |
download | extras-b46c11ce9a3c4d1851bcce2a84678415250679de.tar.gz |
libfscrypt: Add Adiantum support
Adiantum is a crypto method Android is supporting for devices
which don't have AES CPU instructions. See the paper
"Adiantum: length-preserving encryption for entry-level processors"
(https://eprint.iacr.org/2018/720.pdf) for more details.
We add Adiantum to our list of supported encryption modes.
Bug: 112010205
Test: Tested on a device
Change-Id: I405ed454be1a447b7405417a05ddfd92a912bcb7
Diffstat (limited to 'libfscrypt/fscrypt.cpp')
-rw-r--r-- | libfscrypt/fscrypt.cpp | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/libfscrypt/fscrypt.cpp b/libfscrypt/fscrypt.cpp index bf611887..adeb66aa 100644 --- a/libfscrypt/fscrypt.cpp +++ b/libfscrypt/fscrypt.cpp @@ -41,6 +41,16 @@ #define FS_ENCRYPTION_MODE_AES_256_HEH 126 #define FS_ENCRYPTION_MODE_PRIVATE 127 +/* new definition, not yet in Bionic's <linux/fs.h> */ +#ifndef FS_ENCRYPTION_MODE_ADIANTUM +#define FS_ENCRYPTION_MODE_ADIANTUM 9 +#endif + +/* new definition, not yet in Bionic's <linux/fs.h> */ +#ifndef FS_POLICY_FLAG_DIRECT_KEY +#define FS_POLICY_FLAG_DIRECT_KEY 0x4 +#endif + #define HEX_LOOKUP "0123456789abcdef" bool fscrypt_is_native() { @@ -112,6 +122,11 @@ static uint8_t fscrypt_get_policy_flags(int filenames_encryption_mode) { if (filenames_encryption_mode == FS_ENCRYPTION_MODE_AES_256_CTS) { // Use legacy padding with our original filenames encryption mode. return FS_POLICY_FLAGS_PAD_4; + } else if (filenames_encryption_mode == FS_ENCRYPTION_MODE_ADIANTUM) { + // Use DIRECT_KEY for Adiantum, since it's much more efficient but just + // as secure since Android doesn't reuse the same master key for + // multiple encryption modes + return (FS_POLICY_FLAGS_PAD_16 | FS_POLICY_FLAG_DIRECT_KEY); } // With a new mode we can use the better padding flag without breaking existing devices: pad // filenames with zeroes to the next 16-byte boundary. This is more secure (helps hide the @@ -233,6 +248,8 @@ int fscrypt_policy_ensure(const char *directory, const char *policy, if (!strcmp(contents_encryption_mode, "software") || !strcmp(contents_encryption_mode, "aes-256-xts")) { contents_mode = FS_ENCRYPTION_MODE_AES_256_XTS; + } else if (!strcmp(contents_encryption_mode, "adiantum")) { + contents_mode = FS_ENCRYPTION_MODE_ADIANTUM; } else if (!strcmp(contents_encryption_mode, "ice")) { contents_mode = FS_ENCRYPTION_MODE_PRIVATE; } else { @@ -245,6 +262,8 @@ int fscrypt_policy_ensure(const char *directory, const char *policy, filenames_mode = FS_ENCRYPTION_MODE_AES_256_CTS; } else if (!strcmp(filenames_encryption_mode, "aes-256-heh")) { filenames_mode = FS_ENCRYPTION_MODE_AES_256_HEH; + } else if (!strcmp(filenames_encryption_mode, "adiantum")) { + filenames_mode = FS_ENCRYPTION_MODE_ADIANTUM; } else { LOG(ERROR) << "Invalid file names encryption mode: " << filenames_encryption_mode; |