aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorMilan Broz <mbroz@redhat.com>2011-01-13 14:59:54 -0500
committerAlasdair G Kergon <agk@redhat.com>2011-01-13 14:59:54 -0500
commitd1f9642381847e2b94caa34c3533211cf36ffcf4 (patch)
tree32ae1cc4b0946247384fe1a31e257658f734b3f7 /Documentation
parent2dc5327d3acb3340ab6fa3981401b076b78a51f4 (diff)
dm crypt: add multi key capability
This patch adds generic multikey handling to be used in following patch for Loop-AES mode compatibility. This patch extends mapping table to optional keycount and implements generic multi-key capability. With more keys defined the <key> string is divided into several <keycount> sections and these are used for tfms. The tfm is used according to sector offset (sector 0->tfm[0], sector 1->tfm[1], sector N->tfm[N modulo keycount]) (only power of two values supported for keycount here). Because of tfms per-cpu allocation, this mode can be take a lot of memory on large smp systems. Signed-off-by: Milan Broz <mbroz@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> Cc: Max Vozeler <max@hinterhof.net>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/device-mapper/dm-crypt.txt7
1 files changed, 6 insertions, 1 deletions
diff --git a/Documentation/device-mapper/dm-crypt.txt b/Documentation/device-mapper/dm-crypt.txt
index 524de926290..59293ac4a5d 100644
--- a/Documentation/device-mapper/dm-crypt.txt
+++ b/Documentation/device-mapper/dm-crypt.txt
@@ -8,7 +8,7 @@ Parameters: <cipher> <key> <iv_offset> <device path> <offset>
8 8
9<cipher> 9<cipher>
10 Encryption cipher and an optional IV generation mode. 10 Encryption cipher and an optional IV generation mode.
11 (In format cipher-chainmode-ivopts:ivmode). 11 (In format cipher[:keycount]-chainmode-ivopts:ivmode).
12 Examples: 12 Examples:
13 des 13 des
14 aes-cbc-essiv:sha256 14 aes-cbc-essiv:sha256
@@ -20,6 +20,11 @@ Parameters: <cipher> <key> <iv_offset> <device path> <offset>
20 Key used for encryption. It is encoded as a hexadecimal number. 20 Key used for encryption. It is encoded as a hexadecimal number.
21 You can only use key sizes that are valid for the selected cipher. 21 You can only use key sizes that are valid for the selected cipher.
22 22
23<keycount>
24 Multi-key compatibility mode. You can define <keycount> keys and
25 then sectors are encrypted according to their offsets (sector 0 uses key0;
26 sector 1 uses key1 etc.). <keycount> must be a power of two.
27
23<iv_offset> 28<iv_offset>
24 The IV offset is a sector count that is added to the sector number 29 The IV offset is a sector count that is added to the sector number
25 before creating the IV. 30 before creating the IV.