summaryrefslogtreecommitdiff
path: root/Documentation/admin-guide/device-mapper
diff options
context:
space:
mode:
authorIngo Franzki <ifranzki@linux.ibm.com>2024-08-16 13:21:33 +0200
committerMikulas Patocka <mpatocka@redhat.com>2024-08-21 15:36:27 +0200
commit4441686b24a1d7acf9834ca95864d67e3f97666a (patch)
treebe49dd02030192c614050bcff9fee3681485ddfa /Documentation/admin-guide/device-mapper
parentf3631ae11d4694e2befff9dd10dab8cd56033f6c (diff)
downloadlwn-4441686b24a1d7acf9834ca95864d67e3f97666a.tar.gz
lwn-4441686b24a1d7acf9834ca95864d67e3f97666a.zip
dm-crypt: Allow to specify the integrity key size as option
For the MAC based integrity operation, the integrity key size (i.e. key_mac_size) is currently set to the digest size of the used digest. For wrapped key HMAC algorithms, the key size is independent of the cryptographic key size. So there is no known size of the mac key in such cases. The desired key size can optionally be specified as argument when the dm-crypt device is configured via 'integrity_key_size:%u'. If no integrity_key_size argument is specified, the mac key size is still set to the digest size, as before. Increase version number to 1.28.0 so that support for the new argument can be detected by user space (i.e. cryptsetup). Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Milan Broz <gmazyland@gmail.com> Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Diffstat (limited to 'Documentation/admin-guide/device-mapper')
-rw-r--r--Documentation/admin-guide/device-mapper/dm-crypt.rst4
1 files changed, 4 insertions, 0 deletions
diff --git a/Documentation/admin-guide/device-mapper/dm-crypt.rst b/Documentation/admin-guide/device-mapper/dm-crypt.rst
index 552c9155165d..cde1d5594b0d 100644
--- a/Documentation/admin-guide/device-mapper/dm-crypt.rst
+++ b/Documentation/admin-guide/device-mapper/dm-crypt.rst
@@ -160,6 +160,10 @@ iv_large_sectors
The <iv_offset> must be multiple of <sector_size> (in 512 bytes units)
if this flag is specified.
+integrity_key_size:<bytes>
+ Use an integrity key of <bytes> size instead of using an integrity key size
+ of the digest size of the used HMAC algorithm.
+
Module parameters::