All of lore.kernel.org
 help / color / mirror / Atom feed
From: Milan Broz <gmazyland@gmail.com>
To: dm-devel@redhat.com
Cc: Milan Broz <gmazyland@gmail.com>
Subject: [PATCH 1/7] dm-crypt: Fix documentation of integrity table option.
Date: Thu, 16 Mar 2017 15:39:38 +0100	[thread overview]
Message-ID: <20170316143944.19843-2-gmazyland@gmail.com> (raw)
In-Reply-To: <20170316143944.19843-1-gmazyland@gmail.com>
In-Reply-To: <cover.1483551181.git.gmazyland@gmail.com>

This patch updates old documentation to really implemented version,
previous "hmac" option was merged to the same processing path.

Signed-off-by: Milan Broz <gmazyland@gmail.com>
---
 Documentation/device-mapper/dm-crypt.txt | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/Documentation/device-mapper/dm-crypt.txt b/Documentation/device-mapper/dm-crypt.txt
index a2a6627aa659..058f26ddf875 100644
--- a/Documentation/device-mapper/dm-crypt.txt
+++ b/Documentation/device-mapper/dm-crypt.txt
@@ -94,20 +94,16 @@ submit_from_crypt_cpus
     same context.
 
 integrity:<bytes>:<type>
-    Calculates and verifies integrity for the encrypted device (uses
-    authenticated encryption). This mode requires metadata stored in per-bio
-    integrity structure of <bytes> in size.
+    The device requires additional <bytes> metadata per-sector stored
+    in per-bio integrity structure. This metadata must by provided
+    by underlying dm-integrity target.
 
-    This option requires that the underlying device is created by dm-integrity
-    target and provides exactly <bytes> of per-sector metadata.
+    The <type> can be "none" if metadata is used only for persistent IV.
 
-    There can by two options for <type>. The first one is used when encryption
-    mode is Authenticated mode (AEAD mode), then type must be just "aead".
-    The second option is integrity calculated by keyed hash (HMAC), then
-    <type> is for example "hmac(sha256)".
-
-    If random IV is used (persistently stored IV in metadata per-sector),
-    then <bytes> includes both space for random IV and authentication tag.
+    For Authenticated Encryption with Additional Data (AEAD)
+    the <type> is "aead". An AEAD mode additionally calculates and verifies
+    integrity for the encrypted device. The additional space is then
+    used for storing authentication tag (and persistent IV if needed).
 
 Example scripts
 ===============
-- 
2.11.0

  parent reply	other threads:[~2017-03-16 14:39 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-04 19:23 [RFC PATCH 0/4] Data integrity protection with dm-integrity and dm-crypt Milan Broz
2017-01-04 19:23 ` [RFC PATCH 1/4] dm-table: Add flag to allow own target handling of integrity metadata Milan Broz
2017-01-04 19:23 ` [RFC PATCH 2/4] Add sector start offset to dm-bufio interface Milan Broz
2017-01-04 19:23 ` [RFC PATCH 3/4] Add the dm-integrity target Milan Broz
2017-01-04 19:23 ` [RFC PATCH 4/4] Add cryptographic data integrity protection (authenticated encryption) to dm-crypt Milan Broz
2017-03-16 14:39 ` [PATCH 0/7] Data integrity protection with dm-integrity and dm-crypt Milan Broz
2017-03-16 19:12   ` Mike Snitzer
2017-03-16 14:39 ` Milan Broz [this message]
2017-03-16 14:39 ` [PATCH 2/7] dm-crypt: Move IV constructor to separate function Milan Broz
2017-03-16 14:39 ` [PATCH 3/7] dm-crypt: Introduce new format of cipher with capi: prefix Milan Broz
2017-03-16 14:39 ` [PATCH 4/7] dm-crypt: Compute HMAC key size in a separate function Milan Broz
2017-03-16 14:39 ` [PATCH 5/7] dm-crypt: Parse cipher specification according to AEAD flag Milan Broz
2017-03-16 14:39 ` [PATCH 6/7] dm-crypt: Remove obsolete integrity_mode function Milan Broz
2017-03-16 14:39 ` [PATCH 7/7] dm-crypt: optionally support larger encryption sector size Milan Broz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170316143944.19843-2-gmazyland@gmail.com \
    --to=gmazyland@gmail.com \
    --cc=dm-devel@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.