diff options
author | Milan Broz <mbroz@redhat.com> | 2011-01-13 14:59:54 -0500 |
---|---|---|
committer | Alasdair G Kergon <agk@redhat.com> | 2011-01-13 14:59:54 -0500 |
commit | d1f9642381847e2b94caa34c3533211cf36ffcf4 (patch) | |
tree | 32ae1cc4b0946247384fe1a31e257658f734b3f7 /Documentation | |
parent | 2dc5327d3acb3340ab6fa3981401b076b78a51f4 (diff) |
dm crypt: add multi key capability
This patch adds generic multikey handling to be used
in following patch for Loop-AES mode compatibility.
This patch extends mapping table to optional keycount and
implements generic multi-key capability.
With more keys defined the <key> string is divided into
several <keycount> sections and these are used for tfms.
The tfm is used according to sector offset
(sector 0->tfm[0], sector 1->tfm[1], sector N->tfm[N modulo keycount])
(only power of two values supported for keycount here).
Because of tfms per-cpu allocation, this mode can be take
a lot of memory on large smp systems.
Signed-off-by: Milan Broz <mbroz@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Cc: Max Vozeler <max@hinterhof.net>
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/device-mapper/dm-crypt.txt | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/Documentation/device-mapper/dm-crypt.txt b/Documentation/device-mapper/dm-crypt.txt index 524de926290..59293ac4a5d 100644 --- a/Documentation/device-mapper/dm-crypt.txt +++ b/Documentation/device-mapper/dm-crypt.txt | |||
@@ -8,7 +8,7 @@ Parameters: <cipher> <key> <iv_offset> <device path> <offset> | |||
8 | 8 | ||
9 | <cipher> | 9 | <cipher> |
10 | Encryption cipher and an optional IV generation mode. | 10 | Encryption cipher and an optional IV generation mode. |
11 | (In format cipher-chainmode-ivopts:ivmode). | 11 | (In format cipher[:keycount]-chainmode-ivopts:ivmode). |
12 | Examples: | 12 | Examples: |
13 | des | 13 | des |
14 | aes-cbc-essiv:sha256 | 14 | aes-cbc-essiv:sha256 |
@@ -20,6 +20,11 @@ Parameters: <cipher> <key> <iv_offset> <device path> <offset> | |||
20 | Key used for encryption. It is encoded as a hexadecimal number. | 20 | Key used for encryption. It is encoded as a hexadecimal number. |
21 | You can only use key sizes that are valid for the selected cipher. | 21 | You can only use key sizes that are valid for the selected cipher. |
22 | 22 | ||
23 | <keycount> | ||
24 | Multi-key compatibility mode. You can define <keycount> keys and | ||
25 | then sectors are encrypted according to their offsets (sector 0 uses key0; | ||
26 | sector 1 uses key1 etc.). <keycount> must be a power of two. | ||
27 | |||
23 | <iv_offset> | 28 | <iv_offset> |
24 | The IV offset is a sector count that is added to the sector number | 29 | The IV offset is a sector count that is added to the sector number |
25 | before creating the IV. | 30 | before creating the IV. |