| /kernel/linux/linux-5.10/include/crypto/ |
| D | curve25519.h | 29 const u8 secret[CURVE25519_KEY_SIZE]);
33 const u8 secret[CURVE25519_KEY_SIZE], in curve25519()
37 curve25519_arch(mypublic, secret, basepoint); in curve25519()
39 curve25519_generic(mypublic, secret, basepoint); in curve25519()
46 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_generate_public()
48 if (unlikely(!crypto_memneq(secret, curve25519_null_point, in curve25519_generate_public()
53 curve25519_base_arch(pub, secret); in curve25519_generate_public()
55 curve25519_generic(pub, secret, curve25519_base_point); in curve25519_generate_public()
59 static inline void curve25519_clamp_secret(u8 secret[CURVE25519_KEY_SIZE]) in curve25519_clamp_secret()
61 secret[0] &= 248; in curve25519_clamp_secret()
[all …]
|
| /kernel/linux/linux-6.6/include/crypto/ |
| D | curve25519.h | 29 const u8 secret[CURVE25519_KEY_SIZE]);
35 const u8 secret[CURVE25519_KEY_SIZE], in curve25519()
39 curve25519_arch(mypublic, secret, basepoint); in curve25519()
41 curve25519_generic(mypublic, secret, basepoint); in curve25519()
48 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_generate_public()
50 if (unlikely(!crypto_memneq(secret, curve25519_null_point, in curve25519_generate_public()
55 curve25519_base_arch(pub, secret); in curve25519_generate_public()
57 curve25519_generic(pub, secret, curve25519_base_point); in curve25519_generate_public()
61 static inline void curve25519_clamp_secret(u8 secret[CURVE25519_KEY_SIZE]) in curve25519_clamp_secret()
63 secret[0] &= 248; in curve25519_clamp_secret()
[all …]
|
| /kernel/linux/linux-6.6/drivers/virt/coco/efi_secret/ |
| D | efi_secret.c | 10 * DOC: efi_secret: Allow reading EFI confidential computing (coco) secret area
15 * In it, a file is created for each secret entry. The name of each such file
16 * is the GUID of the secret entry, and its content is the secret data.
41 * Structure of the EFI secret area
46 * 0 16 Secret table header GUID (must be 1e74f542-71dd-4d66-963e-ef4287ff173b)
47 * 16 4 Length of bytes of the entire secret area
49 * 20 16 First secret entry's GUID
50 * 36 4 First secret entry's length in bytes (= 16 + 4 + x)
51 * 40 x First secret entry's data
53 * 40+x 16 Second secret entry's GUID
[all …]
|
| D | Kconfig | 3 tristate "EFI secret area securityfs support"
8 This is a driver for accessing the EFI secret area via securityfs.
9 The EFI secret area is a memory area designated by the firmware for
10 confidential computing secret injection (for example for AMD SEV
13 a file wipes the secret from memory).
|
| /kernel/linux/linux-6.6/Documentation/security/secrets/ |
| D | coco.rst | 7 This document describes how Confidential Computing secret injection is handled
18 secret injection is performed early in the VM launch process, before the
25 Secret data flow
28 The guest firmware may reserve a designated memory area for secret injection,
35 During the VM's launch, the virtual machine manager may inject a secret to that
38 Guest Owner secret data should be a GUIDed table of secret values; the binary
40 "Structure of the EFI secret area".
42 On kernel start, the kernel's EFI driver saves the location of the secret area
44 Later it checks if the secret area is populated: it maps the area and checks
46 (``1e74f542-71dd-4d66-963e-ef4287ff173b``). If the secret area is populated,
[all …]
|
| /kernel/linux/linux-6.6/fs/crypto/ |
| D | keyring.c | 41 static void wipe_master_key_secret(struct fscrypt_master_key_secret *secret) in wipe_master_key_secret() argument
43 fscrypt_destroy_hkdf(&secret->hkdf); in wipe_master_key_secret()
44 memzero_explicit(secret, sizeof(*secret)); in wipe_master_key_secret()
59 * The master key secret and any embedded subkeys should have already in fscrypt_free_master_key()
410 * Allocate a new fscrypt_master_key, transfer the given secret over to it, and
414 struct fscrypt_master_key_secret *secret, in add_new_master_key() argument
441 move_master_key_secret(&mk->mk_secret, secret); in add_new_master_key()
458 struct fscrypt_master_key_secret *secret) in add_existing_master_key() argument
481 /* Re-add the secret if needed. */ in add_existing_master_key()
485 move_master_key_secret(&mk->mk_secret, secret); in add_existing_master_key()
[all …]
|
| /kernel/linux/linux-6.6/Documentation/ABI/testing/ |
| D | securityfs-secrets-coco | 9 platforms (such as AMD SEV and SEV-ES) for secret injection by
15 secret appears as a file under <securityfs>/secrets/coco,
18 if the EFI secret area is populated.
21 Reading the file returns the content of secret entry.
22 Unlinking the file overwrites the secret data with zeroes and
23 removes the entry from the filesystem. A secret cannot be read
35 Reading the secret data by reading a file::
38 the-content-of-the-secret-data
40 Wiping a secret by unlinking a file::
51 the EFI secret area".
|
| /kernel/linux/linux-6.6/crypto/ |
| D | ecdh_helper.c | 37 struct kpp_secret secret = { in crypto_ecdh_encode_key() local
48 ptr = ecdh_pack_data(ptr, &secret, sizeof(secret)); in crypto_ecdh_encode_key()
60 struct kpp_secret secret; in crypto_ecdh_decode_key() local
65 ptr = ecdh_unpack_data(&secret, ptr, sizeof(secret)); in crypto_ecdh_decode_key()
66 if (secret.type != CRYPTO_KPP_SECRET_TYPE_ECDH) in crypto_ecdh_decode_key()
69 if (unlikely(len < secret.len)) in crypto_ecdh_decode_key()
73 if (secret.len != crypto_ecdh_key_len(params)) in crypto_ecdh_decode_key()
|
| D | dh_helper.c | 44 struct kpp_secret secret = { in crypto_dh_encode_key() local
52 ptr = dh_pack_data(ptr, end, &secret, sizeof(secret)); in crypto_dh_encode_key()
69 struct kpp_secret secret; in __crypto_dh_decode_key() local
74 ptr = dh_unpack_data(&secret, ptr, sizeof(secret)); in __crypto_dh_decode_key()
75 if (secret.type != CRYPTO_KPP_SECRET_TYPE_DH) in __crypto_dh_decode_key()
81 if (secret.len != crypto_dh_key_len(params)) in __crypto_dh_decode_key()
|
| D | curve25519-generic.c | 12 u8 *secret = kpp_tfm_ctx(tfm); in curve25519_set_secret() local
15 curve25519_generate_secret(secret); in curve25519_set_secret()
18 memcpy(secret, buf, CURVE25519_KEY_SIZE); in curve25519_set_secret()
27 const u8 *secret = kpp_tfm_ctx(tfm); in curve25519_compute_value() local
45 curve25519_generic(buf, secret, bp); in curve25519_compute_value()
|
| /kernel/linux/linux-5.10/fs/crypto/ |
| D | keyring.c | 41 static void wipe_master_key_secret(struct fscrypt_master_key_secret *secret) in wipe_master_key_secret() argument
43 fscrypt_destroy_hkdf(&secret->hkdf); in wipe_master_key_secret()
44 memzero_explicit(secret, sizeof(*secret)); in wipe_master_key_secret()
59 * The master key secret and any embedded subkeys should have already in fscrypt_free_master_key()
409 * Allocate a new fscrypt_master_key, transfer the given secret over to it, and
413 struct fscrypt_master_key_secret *secret, in add_new_master_key() argument
441 move_master_key_secret(&mk->mk_secret, secret); in add_new_master_key()
458 struct fscrypt_master_key_secret *secret) in add_existing_master_key() argument
481 /* Re-add the secret if needed. */ in add_existing_master_key()
485 move_master_key_secret(&mk->mk_secret, secret); in add_existing_master_key()
[all …]
|
| /kernel/linux/linux-5.10/crypto/ |
| D | ecdh_helper.c | 37 struct kpp_secret secret = { in crypto_ecdh_encode_key() local
48 ptr = ecdh_pack_data(ptr, &secret, sizeof(secret)); in crypto_ecdh_encode_key()
61 struct kpp_secret secret; in crypto_ecdh_decode_key() local
66 ptr = ecdh_unpack_data(&secret, ptr, sizeof(secret)); in crypto_ecdh_decode_key()
67 if (secret.type != CRYPTO_KPP_SECRET_TYPE_ECDH) in crypto_ecdh_decode_key()
70 if (unlikely(len < secret.len)) in crypto_ecdh_decode_key()
75 if (secret.len != crypto_ecdh_key_len(params)) in crypto_ecdh_decode_key()
|
| D | dh_helper.c | 44 struct kpp_secret secret = { in crypto_dh_encode_key() local
52 ptr = dh_pack_data(ptr, end, &secret, sizeof(secret)); in crypto_dh_encode_key()
71 struct kpp_secret secret; in crypto_dh_decode_key() local
76 ptr = dh_unpack_data(&secret, ptr, sizeof(secret)); in crypto_dh_decode_key()
77 if (secret.type != CRYPTO_KPP_SECRET_TYPE_DH) in crypto_dh_decode_key()
84 if (secret.len != crypto_dh_key_len(params)) in crypto_dh_decode_key()
|
| D | curve25519-generic.c | 12 u8 *secret = kpp_tfm_ctx(tfm); in curve25519_set_secret() local
15 curve25519_generate_secret(secret); in curve25519_set_secret()
18 memcpy(secret, buf, CURVE25519_KEY_SIZE); in curve25519_set_secret()
27 const u8 *secret = kpp_tfm_ctx(tfm); in curve25519_compute_value() local
45 curve25519_generic(buf, secret, bp); in curve25519_compute_value()
|
| /kernel/linux/linux-6.6/arch/arm/crypto/ |
| D | curve25519-glue.c | 23 const u8 secret[CURVE25519_KEY_SIZE],
43 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_base_arch()
45 return curve25519_arch(pub, secret, curve25519_base_point); in curve25519_base_arch()
52 u8 *secret = kpp_tfm_ctx(tfm); in curve25519_set_secret() local
55 curve25519_generate_secret(secret); in curve25519_set_secret()
58 memcpy(secret, buf, CURVE25519_KEY_SIZE); in curve25519_set_secret()
67 const u8 *secret = kpp_tfm_ctx(tfm); in curve25519_compute_value() local
85 curve25519_arch(buf, secret, bp); in curve25519_compute_value()
|
| /kernel/linux/linux-5.10/arch/arm/crypto/ |
| D | curve25519-glue.c | 23 const u8 secret[CURVE25519_KEY_SIZE],
43 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_base_arch()
45 return curve25519_arch(pub, secret, curve25519_base_point); in curve25519_base_arch()
52 u8 *secret = kpp_tfm_ctx(tfm); in curve25519_set_secret() local
55 curve25519_generate_secret(secret); in curve25519_set_secret()
58 memcpy(secret, buf, CURVE25519_KEY_SIZE); in curve25519_set_secret()
67 const u8 *secret = kpp_tfm_ctx(tfm); in curve25519_compute_value() local
85 curve25519_arch(buf, secret, bp); in curve25519_compute_value()
|
| /kernel/linux/linux-6.6/net/ceph/ |
| D | auth_x.c | 57 static int ceph_x_encrypt(struct ceph_crypto_key *secret, void *buf, in ceph_x_encrypt() argument
67 ret = ceph_crypt(secret, true, buf + sizeof(u32), buf_len - sizeof(u32), in ceph_x_encrypt()
77 static int __ceph_x_decrypt(struct ceph_crypto_key *secret, void *p, in __ceph_x_decrypt() argument
84 ret = ceph_crypt(secret, false, p, ciphertext_len, ciphertext_len, in __ceph_x_decrypt()
97 static int ceph_x_decrypt(struct ceph_crypto_key *secret, void **p, void *end) in ceph_x_decrypt() argument
105 ret = __ceph_x_decrypt(secret, *p, ciphertext_len); in ceph_x_decrypt()
161 struct ceph_crypto_key *secret, in process_one_ticket() argument
197 ret = ceph_x_decrypt(secret, p, end); in process_one_ticket()
271 struct ceph_crypto_key *secret, in ceph_x_proc_ticket_reply() argument
286 ret = process_one_ticket(ac, secret, p, end); in ceph_x_proc_ticket_reply()
[all …]
|
| /kernel/linux/linux-6.6/security/keys/ |
| D | dh.c | 136 uint8_t *secret; in __keyctl_dh_compute() local
201 secret = kmalloc(secretlen, GFP_KERNEL); in __keyctl_dh_compute()
202 if (!secret) { in __keyctl_dh_compute()
206 ret = crypto_dh_encode_key(secret, secretlen, &dh_inputs); in __keyctl_dh_compute()
216 ret = crypto_kpp_set_secret(tfm, secret, secretlen); in __keyctl_dh_compute()
268 * Concatenate SP800-56A otherinfo past DH shared secret -- the in __keyctl_dh_compute()
269 * input to the KDF is (DH shared secret || otherinfo) in __keyctl_dh_compute()
292 kfree_sensitive(secret); in __keyctl_dh_compute()
|
| /kernel/linux/linux-6.6/drivers/nvme/common/ |
| D | auth.c | 153 struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret, in nvme_auth_extract_key() argument
160 size_t allocated_len = strlen(secret); in nvme_auth_extract_key()
162 /* Secret might be affixed with a ':' */ in nvme_auth_extract_key()
163 p = strrchr(secret, ':'); in nvme_auth_extract_key()
165 allocated_len = p - secret; in nvme_auth_extract_key()
175 key_len = base64_decode(secret, allocated_len, key->key); in nvme_auth_extract_key()
458 int nvme_auth_generate_key(u8 *secret, struct nvme_dhchap_key **ret_key) in nvme_auth_generate_key() argument
463 if (!secret) { in nvme_auth_generate_key()
468 if (sscanf(secret, "DHHC-1:%hhd:%*s:", &key_hash) != 1) in nvme_auth_generate_key()
471 /* Pass in the secret without the 'DHHC-1:XX:' prefix */ in nvme_auth_generate_key()
[all …]
|
| /kernel/linux/linux-6.6/net/bluetooth/ |
| D | ecdh_helper.c | 40 * secret: memory where the ecdh computed shared secret will be saved.
45 u8 secret[32]) in compute_ecdh_secret()
67 sg_init_one(&dst, secret, 32); in compute_ecdh_secret()
75 pr_err("alg: ecdh: compute shared secret failed. err %d\n", in compute_ecdh_secret()
80 swap_digits((u64 *)secret, (u64 *)tmp, 4); in compute_ecdh_secret()
81 memcpy(secret, tmp, 32); in compute_ecdh_secret()
|
| /kernel/linux/linux-5.10/net/bluetooth/ |
| D | ecdh_helper.c | 56 * secret: memory where the ecdh computed shared secret will be saved.
61 u8 secret[32]) in compute_ecdh_secret()
85 sg_init_one(&dst, secret, 32); in compute_ecdh_secret()
96 pr_err("alg: ecdh: compute shared secret failed. err %d\n", in compute_ecdh_secret()
101 swap_digits((u64 *)secret, (u64 *)tmp, 4); in compute_ecdh_secret()
102 memcpy(secret, tmp, 32); in compute_ecdh_secret()
|
| /kernel/linux/linux-5.10/security/keys/ |
| D | dh.c | 137 * The src pointer is defined as Z || other info where Z is the shared secret
241 uint8_t *secret; in __keyctl_dh_compute() local
306 secret = kmalloc(secretlen, GFP_KERNEL); in __keyctl_dh_compute()
307 if (!secret) { in __keyctl_dh_compute()
311 ret = crypto_dh_encode_key(secret, secretlen, &dh_inputs); in __keyctl_dh_compute()
321 ret = crypto_kpp_set_secret(tfm, secret, secretlen); in __keyctl_dh_compute()
377 * Concatenate SP800-56A otherinfo past DH shared secret -- the in __keyctl_dh_compute()
378 * input to the KDF is (DH shared secret || otherinfo) in __keyctl_dh_compute()
402 kfree_sensitive(secret); in __keyctl_dh_compute()
|
| /kernel/linux/linux-5.10/net/ceph/ |
| D | auth_x.c | 54 static int ceph_x_encrypt(struct ceph_crypto_key *secret, void *buf, in ceph_x_encrypt() argument
64 ret = ceph_crypt(secret, true, buf + sizeof(u32), buf_len - sizeof(u32), in ceph_x_encrypt()
74 static int __ceph_x_decrypt(struct ceph_crypto_key *secret, void *p, in __ceph_x_decrypt() argument
81 ret = ceph_crypt(secret, false, p, ciphertext_len, ciphertext_len, in __ceph_x_decrypt()
94 static int ceph_x_decrypt(struct ceph_crypto_key *secret, void **p, void *end) in ceph_x_decrypt() argument
102 ret = __ceph_x_decrypt(secret, *p, ciphertext_len); in ceph_x_decrypt()
158 struct ceph_crypto_key *secret, in process_one_ticket() argument
194 ret = ceph_x_decrypt(secret, p, end); in process_one_ticket()
267 struct ceph_crypto_key *secret, in ceph_x_proc_ticket_reply() argument
283 ret = process_one_ticket(ac, secret, &p, end); in ceph_x_proc_ticket_reply()
[all …]
|
| /kernel/linux/linux-6.6/drivers/s390/char/ |
| D | uvdevice.c | 237 /** uvio_add_secret() - perform an Add Secret UVC
241 * uvio_add_secret() performs the Add Secret Ultravisor Call.
249 * The argument has to point to an Add Secret Request Control Block
254 * If the Add Secret UV facility is not present, UV will return
296 /** uvio_list_secrets() - perform a List Secret UVC
299 * uvio_list_secrets() performs the List Secret Ultravisor Call. It verifies
344 /** uvio_lock_secrets() - perform a Lock Secret Store UVC
347 * uvio_lock_secrets() performs the Lock Secret Store Ultravisor Call. It
349 * After this call was dispatched successfully every following Add Secret UVC
|
| /kernel/linux/linux-6.6/net/sctp/ |
| D | auth.c | 258 struct sctp_auth_bytes *secret; in sctp_auth_asoc_set_secret() local
266 secret = sctp_auth_create_key(auth_len, gfp); in sctp_auth_asoc_set_secret()
267 if (!secret) in sctp_auth_asoc_set_secret()
271 memcpy(secret->data, ep_key->key->data, ep_key->key->len); in sctp_auth_asoc_set_secret()
275 memcpy(secret->data + offset, first_vector->data, first_vector->len); in sctp_auth_asoc_set_secret()
278 memcpy(secret->data + offset, last_vector->data, last_vector->len); in sctp_auth_asoc_set_secret()
280 return secret; in sctp_auth_asoc_set_secret()
295 struct sctp_auth_bytes *secret = NULL; in sctp_auth_asoc_create_secret() local
340 secret = sctp_auth_asoc_set_secret(ep_key, first_vector, last_vector, in sctp_auth_asoc_create_secret()
346 return secret; in sctp_auth_asoc_create_secret()
[all …]
|