[dm-devel] [PATCH v2] dm-crypt: add ability to use keys from the kernel key retention service
Andrey Ryabinin
aryabinin at virtuozzo.com
Thu Nov 17 16:35:54 UTC 2016
On 11/16/2016 11:47 PM, Ondrej Kozina wrote:
> (Please still consider it to be RFC only, I need to modify the uspace teststuite
> again due to changes in key_string format. Also the changes to dm-crypt documentation
> will follow before final submit. Feature wide I'd consider the patch being complete
> unless any bugs would emerge)
>
> The kernel key service is a generic way to store keys for the use of
> other subsystems. Currently there is no way to use kernel keys in dm-crypt.
> This patch aims to fix that. Instead of key userspace may pass a key
> description with preceding ':'. So message that constructs encryption
> mapping now looks like this:
>
> <cipher> [<key>|:<key_string>] <iv_offset> <dev_path> <start> [<#opt_params> <opt_params>]
>
> where <key_string> is in format: <key_size>:<key_type>:<key_description>
>
> Currently we only support two elementary key types: 'user' and 'logon'.
> Keys may be loaded in dm-crypt either via <key_string> or using
> classical method and pass the key in hex representation directly.
>
I think we need to hexify key description too, because it can contain spaces.
<key_size> seems like unnecessary complication. Kernel knows key_size, it doesn't need
that information from userspace.
Handling different types is probably an overkill too. If it works with logon keys,
why would we need to use 'user' keys?
More information about the dm-devel
mailing list