Strong AES patch changes

2024-12-25 15:39:26 -05:00 · 2018-04-28 15:25:42 -04:00 · 2018-04-28 15:25:42 -04:00 · 60b85e10fe
commit 60b85e10fe
parent b0ce27b860
6 changed files with 65 additions and 37 deletions
--- a/Misc/Features/Strong_AES.txt
+++ b/Misc/Features/Strong_AES.txt
@ -15,7 +15,16 @@ Benchmarks (Androbench)
 			Seq. Write: 20 MBps
 			Rand. Read: 11 MBps
 			Rand. Write: 3 MBps
-		AES-128/RSA-2048 Encryption
+		AES-128/RSA-2048 Encryption + Overclock
 			Seq. Read: 73 MBps
 			Seq. Write: 18 MBps
 			Rand. Read: 13 MBps
 			Rand. Write: 4 MBps
 		AES-192/RSA-4096 Encryption + Overclock
 			Seq. Read: 70 MBps
 			Seq. Write: 18 MBps
 			Rand. Read: 13 MBps
 			Rand. Write: 4 MBps
 		AES-256/RSA-4096 Encryption
 			Seq. Read: 26 MBps
 			Seq. Write: 18 MBps
--- a/Patches/LineageOS-14.1/android_system_vold/0001-StrongAES.patch
+++ b/Patches/LineageOS-14.1/android_system_vold/0001-StrongAES.patch
@ -1,42 +1,51 @@
-From 2206aff4757e0f1094861f0e9505d1b5ddbf3236 Mon Sep 17 00:00:00 2001
+From 2a36c9678050564b7378a39262f8c58c8eef51ab Mon Sep 17 00:00:00 2001
 From: Tad <tad@spotco.us>
-Date: Wed, 3 Jan 2018 11:55:06 -0500
+Date: Sat, 28 Apr 2018 13:50:21 -0400
-Subject: [PATCH] Build time variable for AES-256 encryption
+Subject: [PATCH] Build time variable for AES 192/256 encryption
-Change-Id: Ib2d53a1d22e935ef0fa5f0f91e3bf5308d9c6459
+Change-Id: Icd16a3fac203ac2e070d548a7c2ce001035addd9
 ---
- Android.mk |  4 ++++
+ Android.mk |  8 ++++++++
- cryptfs.c  | 11 +++++++++--
+ cryptfs.c  | 16 ++++++++++++++--
- 2 files changed, 13 insertions(+), 2 deletions(-)
+ 2 files changed, 22 insertions(+), 2 deletions(-)
 diff --git a/Android.mk b/Android.mk
-index e645574..7112dce 100644
+index e645574..19645f0 100644
 --- a/Android.mk
 +++ b/Android.mk
-@@ -115,6 +115,10 @@ LOCAL_C_INCLUDES += $(TARGET_CRYPTFS_HW_PATH)
+@@ -115,6 +115,14 @@ LOCAL_C_INCLUDES += $(TARGET_CRYPTFS_HW_PATH)
 LOCAL_CFLAGS += -DCONFIG_HW_DISK_ENCRYPTION
 endif
-+ifeq ($(TARGET_WANTS_STRONG_ENCRYPTION),true)
+ifeq ($(TARGET_WANTS_AES192_ENCRYPTION),true)
-+LOCAL_CFLAGS += -DCONFIG_STRONG_ENCRYPTION
+LOCAL_CFLAGS += -DCONFIG_AES192_ENCRYPTION
 +endif
 +
 +ifeq ($(TARGET_WANTS_AES256_ENCRYPTION),true)
 +LOCAL_CFLAGS += -DCONFIG_AES256_ENCRYPTION
 +endif
 +
 include $(BUILD_STATIC_LIBRARY)
 include $(CLEAR_VARS)
 diff --git a/cryptfs.c b/cryptfs.c
-index b25510f..86ffac3 100644
+index b25510f..a6dd9fa 100644
 --- a/cryptfs.c
 +++ b/cryptfs.c
-@@ -76,9 +76,17 @@
+@@ -76,9 +76,22 @@
 #define DM_CRYPT_BUF_SIZE 4096
-+#ifdef CONFIG_STRONG_ENCRYPTION
+#ifdef CONFIG_AES256_ENCRYPTION
 +#define HASH_COUNT 6000
 +#define KEY_LEN_BYTES 32
 +#define IV_LEN_BYTES 32
 +#define RSA_KEY_SIZE 4096
 +#else ifdef CONFIG_AES192_ENCRYPTION
 +#define HASH_COUNT 6000
 +#define KEY_LEN_BYTES 24
 +#define IV_LEN_BYTES 24
 +#define RSA_KEY_SIZE 4096
 +#else
 #define HASH_COUNT 2000
 #define KEY_LEN_BYTES 16
@ -46,7 +55,7 @@ index b25510f..86ffac3 100644
 #define KEY_IN_FOOTER  "footer"
-@@ -94,13 +102,12 @@
+@@ -94,13 +107,12 @@
 #define TABLE_LOAD_RETRIES 10
@ -62,5 +71,5 @@ index b25510f..86ffac3 100644
 char *me = "cryptfs";
 -- 
-2.15.1
+2.17.0
--- a/Patches/LineageOS-15.1/android_system_vold/0001-StrongAES.patch
+++ b/Patches/LineageOS-15.1/android_system_vold/0001-StrongAES.patch
@ -1,42 +1,51 @@
-From 1a5bbf0ee895bbd66fb3ce66be44b1074bb20324 Mon Sep 17 00:00:00 2001
+From 2865dba2a7b981a275b183c1c47079cc88044e15 Mon Sep 17 00:00:00 2001
 From: Tad <tad@spotco.us>
-Date: Wed, 28 Feb 2018 08:21:28 -0500
+Date: Sat, 28 Apr 2018 13:45:42 -0400
-Subject: [PATCH] Build time variable for AES-256 encryption
+Subject: [PATCH] Build time variable for AES 192/256 encryption
-Change-Id: I25eba5939c965323e4ffa6d95c6736b671c51e09
+Change-Id: I194deffbabbfb3dadd3d1af90924b99e7fd54552
 ---
- Android.mk  | 4 ++++
+ Android.mk  |  8 ++++++++
- cryptfs.cpp | 9 ++++++++-
+ cryptfs.cpp | 14 +++++++++++++-
- 2 files changed, 12 insertions(+), 1 deletion(-)
+ 2 files changed, 21 insertions(+), 1 deletion(-)
 diff --git a/Android.mk b/Android.mk
-index 14bf99a..0e9f3e1 100644
+index 2beae28..4f310c1 100644
 --- a/Android.mk
 +++ b/Android.mk
-@@ -115,6 +115,10 @@ ifeq ($(TARGET_HW_DISK_ENCRYPTION),true)
+@@ -115,6 +115,14 @@ ifeq ($(TARGET_HW_DISK_ENCRYPTION),true)
   vold_cflags += -DCONFIG_HW_DISK_ENCRYPTION
 endif
-+ifeq ($(TARGET_WANTS_STRONG_ENCRYPTION),true)
+ifeq ($(TARGET_WANTS_AES192_ENCRYPTION),true)
-+LOCAL_CFLAGS += -DCONFIG_STRONG_ENCRYPTION
+LOCAL_CFLAGS += -DCONFIG_AES192_ENCRYPTION
 +endif
 +
 +ifeq ($(TARGET_WANTS_AES256_ENCRYPTION),true)
 +LOCAL_CFLAGS += -DCONFIG_AES256_ENCRYPTION
 +endif
 +
 ifneq ($(TARGET_EXFAT_DRIVER),)
   vold_cflags += -DCONFIG_EXFAT_DRIVER=\"$(TARGET_EXFAT_DRIVER)\"
   mini_src_files += fs/Exfat.cpp
 diff --git a/cryptfs.cpp b/cryptfs.cpp
-index f01929a..7fb3ffa 100644
+index f01929a..af65601 100644
 --- a/cryptfs.cpp
 +++ b/cryptfs.cpp
-@@ -75,9 +75,17 @@ extern "C" {
+@@ -75,9 +75,22 @@ extern "C" {
 #define DM_CRYPT_BUF_SIZE 4096
-+#ifdef CONFIG_STRONG_ENCRYPTION
+#ifdef CONFIG_AES256_ENCRYPTION
 +#define HASH_COUNT 6000
 +#define KEY_LEN_BYTES 32
 +#define IV_LEN_BYTES 32
 +#define RSA_KEY_SIZE 4096
 +#else ifdef CONFIG_AES192_ENCRYPTION
 +#define HASH_COUNT 6000
 +#define KEY_LEN_BYTES 24
 +#define IV_LEN_BYTES 24
 +#define RSA_KEY_SIZE 4096
 +#else
 #define HASH_COUNT 2000
 #define KEY_LEN_BYTES 16
@ -46,7 +55,7 @@ index f01929a..7fb3ffa 100644
 #define KEY_IN_FOOTER  "footer"
-@@ -93,7 +101,6 @@ extern "C" {
+@@ -93,7 +106,6 @@ extern "C" {
 #define TABLE_LOAD_RETRIES 10
@ -55,5 +64,5 @@ index f01929a..7fb3ffa 100644
 #define RSA_EXPONENT 0x10001
 #define KEYMASTER_CRYPTFS_RATE_LIMIT 1  // Maximum one try per second
 -- 
-2.16.2
+2.17.0
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@ -112,8 +112,9 @@ export -f enableForcedEncryption;
 enableStrongEncryption() {
 	cd $base$1;
 	if [ -f BoardConfig.mk ]; then
-		echo "TARGET_WANTS_STRONG_ENCRYPTION := true" >> BoardConfig.mk;
+		echo "TARGET_WANTS_AES256_ENCRYPTION := true" >> BoardConfig.mk; #Has a huge performance impact
-		echo "Enabled AES-256 encryption for $1";
+		#echo "TARGET_WANTS_AES192_ENCRYPTION := true" >> BoardConfig.mk; #Has a slight performance impact, but only seems to work on select devices
 		echo "Enabled strong encryption for $1";
 	fi;
 	cd $base;
 }
--- a/Scripts/LineageOS-14.1/Patch.sh
+++ b/Scripts/LineageOS-14.1/Patch.sh
@ -170,7 +170,7 @@ patch -p1 < $patches"android_system_keymaster/0001-Backport_Fixes.patch"; #Fixes
 patch -p1 < $patches"android_system_keymaster/0002-Backport_Fixes.patch";
 enterAndClear "system/vold";
-patch -p1 < $patches"android_system_vold/0001-AES256.patch"; #Add a variable for enabling AES-256 bit encryption
+patch -p1 < $patches"android_system_vold/0001-StrongAES.patch"; #Add a variable for enabling AES 192 or 256 encryption
 enterAndClear "vendor/cm";
 rm -rf overlay/common/vendor/cmsdk/packages; #Remove analytics
--- a/Scripts/LineageOS-15.1/Patch.sh
+++ b/Scripts/LineageOS-15.1/Patch.sh
@ -173,7 +173,7 @@ patch -p1 < $patches"android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user b
 if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_system_sepolicy/Copperhead/0002-Deny_USB.patch"; fi; #Deny USB support (Copperhead CC BY-NC-SA)
 enterAndClear "system/vold";
-patch -p1 < $patches"android_system_vold/0001-AES256.patch"; #Add a variable for enabling AES-256 bit encryption
+patch -p1 < $patches"android_system_vold/0001-StrongAES.patch"; #Add a variable for enabling AES 192 or 256 encryption
 enterAndClear "vendor/lineage";
 rm -rf overlay/common/vendor/lineage-sdk/packages; #Remove analytics