From 7f0c5e47547bb6fbdc10ed77edcb401f88ca9dec Mon Sep 17 00:00:00 2001
From: Greg Kaiser <gkaiser@google.com>
Date: Mon, 3 Dec 2018 11:23:19 -0800
Subject: [PATCH 1/2] cryptfs: Add Adiantum support

Adiantum is a crypto method Android is supporting for devices
which don't have AES CPU instructions.  See the paper
"Adiantum: length-preserving encryption for entry-level processors"
(https://eprint.iacr.org/2018/720.pdf) for more details.

We add Adiantum to our list of supported crypto types.

Bug: 112010205
Test: Tested on a device
Change-Id: Ic190a9b90fc8bc077fdc7d60c9d5ae8d8f555025
Merged-In: Ic190a9b90fc8bc077fdc7d60c9d5ae8d8f555025
(cherry picked from commit 18824ec6cc9cd0f16530de2e034a7fe5b8fd17be)
---
 cryptfs.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cryptfs.cpp b/cryptfs.cpp
index 5a061bb..6ded404 100644
--- a/cryptfs.cpp
+++ b/cryptfs.cpp
@@ -317,6 +317,10 @@ constexpr CryptoType default_crypto_type = CryptoType()
 
 constexpr CryptoType supported_crypto_types[] = {
     default_crypto_type,
+    CryptoType()
+        .set_property_name("adiantum")
+        .set_crypto_name("xchacha12,aes-adiantum-plain64")
+        .set_keysize(32),
     // Add new CryptoTypes here.  Order is not important.
 };
 

From 13c6f32d77b3eb15e3ac2317ab3809f522081a48 Mon Sep 17 00:00:00 2001
From: Greg Kaiser <gkaiser@google.com>
Date: Tue, 11 Dec 2018 12:40:51 -0800
Subject: [PATCH 2/2] cryptfs: Allow setting dm-crypt sector size

We add the property ro.crypto.fde_sector_size to allow devices
to pass the "sector_size:<size>" argument to dm-crypt in the kernel.
We also pass "iv_large_sectors" when setting the sector size.

Using 4096-byte sectors rather than the default of 512 improves
dm-crypt performance, especially when the Adiantum encryption mode
is used.

Bug: 112010205
Test: Run on a device
Change-Id: I144ec7088a0aad3430369dc7158370d7ff3ef5d2
Merged-In: I144ec7088a0aad3430369dc7158370d7ff3ef5d2
(cherry picked from commit 88738e8b6f59e307a2120d352843759025588539)
---
 cryptfs.cpp | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/cryptfs.cpp b/cryptfs.cpp
index 6ded404..e206d9b 100644
--- a/cryptfs.cpp
+++ b/cryptfs.cpp
@@ -62,11 +62,14 @@
 #include "Process.h"
 #include "Keymaster.h"
 #include "android-base/properties.h"
+#include "android-base/stringprintf.h"
 #include <bootloader_message/bootloader_message.h>
 extern "C" {
 #include <crypto_scrypt.h>
 }
 
+using android::base::StringPrintf;
+
 #define UNUSED __attribute__((unused))
 
 #define DM_CRYPT_BUF_SIZE 4096
@@ -1076,6 +1079,21 @@ static std::string extra_params_as_string(const std::vector<std::string>& extra_
     return extra_params;
 }
 
+// Only adds parameters if the property is set.
+static void add_sector_size_param(std::vector<std::string>* extra_params_vec) {
+    constexpr char DM_CRYPT_SECTOR_SIZE[] = "ro.crypto.fde_sector_size";
+    char sector_size[PROPERTY_VALUE_MAX];
+
+    if (property_get(DM_CRYPT_SECTOR_SIZE, sector_size, "") > 0) {
+        std::string param = StringPrintf("sector_size:%s", sector_size);
+        extra_params_vec->push_back(std::move(param));
+
+        // With this option, IVs will match the sector numbering, instead
+        // of being hard-coded to being based on 512-byte sectors.
+        extra_params_vec->emplace_back("iv_large_sectors");
+    }
+}
+
 static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned char* master_key,
                                  const char* real_blk_name, char* crypto_blk_name, const char* name,
                                  uint32_t flags) {
@@ -1121,6 +1139,7 @@ static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned
     if (flags & CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE) {
         extra_params_vec.emplace_back("allow_encrypt_override");
     }
+    add_sector_size_param(&extra_params_vec);
     load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name, fd,
                                            extra_params_as_string(extra_params_vec).c_str());
     if (load_count < 0) {