Re: [RFC PATCH v2] crypto: Add IV generation algorithms

From: Binoy Jayan
Date: Wed Dec 14 2016 - 01:18:13 EST

Next message: Shaohua Li: "[GIT PULL] MD update for 4.10"
Previous message: Moritz Fischer: "Re: [PATCH v3 1/2] ARM: ep93xx: Register ts73xx-fpga manager driver for TS-7300"
In reply to: Milan Broz: "Re: [RFC PATCH v2] crypto: Add IV generation algorithms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Milan,

Thank you for the reply.

On 13 December 2016 at 15:31, Milan Broz <gmazyland@xxxxxxxxx> wrote:

> I really do not think the disk encryption key management should be moved
> outside of dm-crypt. We cannot then change key structure later easily.

Yes, I agree. but the key selection based on sector number restricts the
option of having a larger block size used for encryption.

>> + unsigned int key_size;
>> + unsigned int key_extra_size;
>> + unsigned int key_parts; /* independent parts in key buffer */
>
> ^^^ these key sizes you probably mean by key management.

Yes, I mean splitting the keys into subkeys based on the keycount
parameter (as mentioned below) to the dm-crypt.

cipher[:keycount]-mode-iv:ivopts
aes:2-cbc-essiv:sha256

> It is based on way how the key is currently sent into kernel
> (one hexa string in ioctl that needs to be split) and have to be changed in future.

-Binoy

Next message: Shaohua Li: "[GIT PULL] MD update for 4.10"
Previous message: Moritz Fischer: "Re: [PATCH v3 1/2] ARM: ep93xx: Register ts73xx-fpga manager driver for TS-7300"
In reply to: Milan Broz: "Re: [RFC PATCH v2] crypto: Add IV generation algorithms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]