Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753146AbcLNGSL (ORCPT ); Wed, 14 Dec 2016 01:18:11 -0500 Received: from mail-vk0-f48.google.com ([209.85.213.48]:34720 "EHLO mail-vk0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753208AbcLNGSJ (ORCPT ); Wed, 14 Dec 2016 01:18:09 -0500 MIME-Version: 1.0 In-Reply-To: References: <1481618949-20086-1-git-send-email-binoy.jayan@linaro.org> <1481618949-20086-2-git-send-email-binoy.jayan@linaro.org> From: Binoy Jayan Date: Wed, 14 Dec 2016 11:39:52 +0530 Message-ID: Subject: Re: [RFC PATCH v2] crypto: Add IV generation algorithms To: Milan Broz Cc: Oded , Ofir , Herbert Xu , "David S. Miller" , linux-crypto@vger.kernel.org, Mark Brown , Arnd Bergmann , Linux kernel mailing list , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com, Shaohua Li , linux-raid@vger.kernel.org, Rajendra Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 926 Lines: 28 Hi Milan, Thank you for the reply. On 13 December 2016 at 15:31, Milan Broz wrote: > I really do not think the disk encryption key management should be moved > outside of dm-crypt. We cannot then change key structure later easily. Yes, I agree. but the key selection based on sector number restricts the option of having a larger block size used for encryption. >> + unsigned int key_size; >> + unsigned int key_extra_size; >> + unsigned int key_parts; /* independent parts in key buffer */ > > ^^^ these key sizes you probably mean by key management. Yes, I mean splitting the keys into subkeys based on the keycount parameter (as mentioned below) to the dm-crypt. cipher[:keycount]-mode-iv:ivopts aes:2-cbc-essiv:sha256 > It is based on way how the key is currently sent into kernel > (one hexa string in ioctl that needs to be split) and have to be changed in future. -Binoy