| /linux/arch/x86/mm/ |
| H A D | mem_encrypt_boot.S | 3 * AMD Memory Encryption Support
26 * RCX - virtual address of the encryption workarea, including:
28 * - encryption routine page (PAGE_SIZE)
30 * R8 - physical address of the pagetables to use for encryption
39 addq $PAGE_SIZE, %rax /* Workarea encryption routine */
46 /* Copy encryption routine into the workarea */
47 movq %rax, %rdi /* Workarea encryption routine */
48 leaq __enc_copy(%rip), %rsi /* Encryption routine */
49 movq $(.L__enc_copy_end - __enc_copy), %rcx /* Encryption routine length */
55 movq %r8, %rdx /* Pagetables used for encryption */
[all …]
|
| H A D | mem_encrypt_amd.c | 3 * AMD Memory Encryption Support
49 /* Buffer used for early in-place encryption by BSP, no locking needed */
83 * This routine does not change the underlying encryption setting of the
162 /* Use early_pmd_flags but remove the encryption mask */ in __sme_early_map_unmap_mem()
290 * to invalidate the memory before encryption attribute is cleared. in amd_enc_status_change_prepare()
353 /* Change the page encryption mask. */ in set_pte_enc_mask()
424 * the number of pages to set/clear encryption bit is smaller in early_set_memory_enc_dec()
486 /* Update the protection map with memory encryption mask */ in sme_early_init()
553 * If the unused memory range was mapped decrypted, change the encryption in mem_encrypt_free_decrypted_mem()
555 * re-encryption on the same condition used for the decryption in in mem_encrypt_free_decrypted_mem()
|
| /linux/fs/crypto/ |
| H A D | Kconfig | 3 bool "FS Encryption (Per-file encryption)"
10 Enable encryption of files and directories. This
16 # Filesystems supporting encryption must select this if FS_ENCRYPTION. This
20 # Note: this option only pulls in the algorithms that filesystem encryption
21 # needs "by default". If userspace will use "non-default" encryption modes such
22 # as Adiantum encryption, then those other modes need to be explicitly enabled
40 Enable fscrypt to use inline encryption hardware if available.
|
| H A D | policy.c | 3 * Encryption policy functions for per-file encryption support.
23 * fscrypt_policies_equal() - check whether two encryption policies are the same
66 * Return %true if the given combination of encryption modes is supported for v1
67 * (and later) encryption policies.
69 * Do *not* add anything new here, since v1 encryption policies are deprecated.
134 * IV_INO_LBLK_* with other encryption modes arises. in supported_iv_ino_lblk_policy()
189 "Unsupported encryption modes (contents %d, filenames %d)", in fscrypt_supported_v1_policy()
197 fscrypt_warn(inode, "Unsupported encryption flags (0x%02x)", in fscrypt_supported_v1_policy()
225 "Unsupported encryption modes (contents %d, filenames %d)", in fscrypt_supported_v2_policy()
235 fscrypt_warn(inode, "Unsupported encryption flags (0x%02x)", in fscrypt_supported_v2_policy()
[all …]
|
| H A D | inline_crypt.c | 3 * Inline encryption support for fscrypt
9 * With "inline encryption", the block layer handles the decryption/encryption
11 * crypto API. See Documentation/block/inline-encryption.rst. fscrypt still
65 * for an encryption mode for the first time. This is the blk-crypto
92 /* Enable inline encryption for this file if supported. */
103 /* The file must need contents encryption, not filenames encryption */ in fscrypt_select_encryption_impl()
121 * IV_INO_LBLK_32 with blocksize != PAGE_SIZE from inline encryption. in fscrypt_select_encryption_impl()
237 * Ask the inline encryption hardware to derive the software secret from a
295 * encryption, then assign the appropriate encryption context to the bio.
300 * The encryption context will be freed automatically when the bio is freed.
[all …]
|
| H A D | fscrypt_private.h | 27 * absolute minimum, which applies when only 128-bit encryption is used.
93 * fscrypt_context - the encryption context of an inode
97 * fields from the fscrypt_policy, in order to identify the encryption algorithm
166 /* Return the contents encryption mode of a valid encryption policy */
179 /* Return the filenames encryption mode of a valid encryption policy */
192 /* Return the flags (FSCRYPT_POLICY_FLAG*) of a valid encryption policy */
235 * struct fscrypt_prepared_key - a key prepared for actual encryption/decryption
249 * fscrypt_inode_info - the "encryption key" for an inode
257 /* The key in a form prepared for actual encryption/decryption */
265 * True if this inode will use inline encryption (blk-crypto) instead of
[all …]
|
| H A D | hooks.c | 5 * Encryption hooks for higher-level filesystem operations.
17 * Currently, an encrypted regular file can only be opened if its encryption key
19 * Therefore, we first set up the inode's encryption key (if not already done)
24 * encryption policy. This is needed as part of the enforcement that all files
25 * in an encrypted directory tree use the same encryption policy, as a
46 * encryption policy comparison, but it's expensive on multi-core in fscrypt_file_open()
65 "Inconsistent encryption context (parent directory: %lu)", in fscrypt_file_open()
139 * filesystems that handle filename encryption and no-key name encoding
141 * fscrypt_prepare_lookup(), this will try to set up the directory's encryption
145 * Return: 0 on success; -errno on error. Note that the encryption key being
[all …]
|
| H A D | keysetup.c | 3 * Key setup facility for FS encryption support.
94 …WARN_ONCE(1, "fscrypt: filesystem tried to load encryption info for inode %lu, which is not encryp… in select_encryption_mode()
99 /* Create a symmetric cipher object for the given encryption mode and key */
149 * raw key, encryption mode (@ci->ci_mode), flag indicating which encryption
185 /* Given a per-file encryption key, set up the file's crypto transform object */
213 /* Using a hardware-wrapped key for file contents encryption */ in setup_per_mode_enc_key()
217 … "Hardware-wrapped key required, but no suitable inline encryption capabilities are available"); in setup_per_mode_enc_key()
220 "Hardware-wrapped keys require inline encryption (-o inlinecrypt)"); in setup_per_mode_enc_key()
360 * DIRECT_KEY: instead of deriving per-file encryption keys, the in fscrypt_setup_v2_file_key()
364 * encryption key. This ensures that the master key is in fscrypt_setup_v2_file_key()
[all …]
|
| H A D | crypto.c | 3 * This contains encryption functions for per-file encryption.
10 * Filename encryption additions
12 * Encryption policy handling additions
83 * For filenames encryption, index == 0.
316 * fscrypt_initialize() - allocate major buffers for fs encryption.
378 * fscrypt_init() - Set up for fs encryption.
|
| /linux/Documentation/admin-guide/device-mapper/ |
| H A D | dm-crypt.rst | 5 Device-Mapper's "crypt" target provides transparent encryption of block devices
17 Encryption cipher, encryption mode and Initial Vector (IV) generator.
52 Key used for encryption. It is encoded either as a hexadecimal number
66 The encryption key size in bytes. The kernel key payload size must match
112 Perform encryption using the same cpu that IO was submitted on.
113 The default is to use an unbound workqueue so that encryption work
122 Disable offloading writes to a separate thread after encryption.
124 encryption threads to a single thread degrades performance
144 For Authenticated Encryption with Additional Data (AEAD)
155 Use <bytes> as the encryption unit instead of 512 bytes sectors.
[all …]
|
| /linux/drivers/crypto/ |
| H A D | sa2ul.h | 72 #define SA_ENG_ID_EM2 3 /* Encryption/Decryption enginefor pass 2 */
113 #define SA_CTX_ENC_TYPE1_SZ 64 /* Encryption SC with Key only */
114 #define SA_CTX_ENC_TYPE2_SZ 96 /* Encryption SC with Key and Aux1 */
126 * Bit 2-3: Fetch Encryption/Air Ciphering Bytes
231 * @submode: Encryption submodes
232 * @enc_size: Size of first pass encryption size
233 * @enc_size2: Size of second pass encryption size
234 * @enc_offset: Encryption payload offset in the packet
235 * @enc_iv: Encryption initialization vector for pass2
236 * @enc_iv2: Encryption initialization vector for pass2
[all …]
|
| /linux/include/linux/ |
| H A D | fscrypt.h | 3 * fscrypt.h: declarations for per-file encryption
5 * Filesystems that implement per-file encryption must include this header
23 * This is needed to ensure that all contents encryption modes will work, as
29 * compression), then it will need to pad to this alignment before encryption.
73 * first time an encryption key is set up for a file. The bounce page
84 * If set, then fs/crypto/ will allow the use of encryption settings
88 * if the filesystem wants to support inline encryption hardware that is
171 * encryption without the possibility of files becoming unreadable.
194 * external journal devices), and wants to support inline encryption,
246 * contents encryption
[all …]
|
| H A D | blk-crypto-profile.h | 15 * struct blk_crypto_ll_ops - functions to control inline encryption hardware
17 * Low-level operations for controlling inline encryption hardware. This
19 * encryption. All functions may sleep, are serialized by profile->lock, and
25 * @keyslot_program: Program a key into the inline encryption hardware.
27 * Program @key into the specified @slot in the inline encryption
42 * @keyslot_evict: Evict a key from the inline encryption hardware.
119 * struct blk_crypto_profile - inline encryption profile for a device
121 * This struct contains a storage device's inline encryption capabilities (e.g.
123 * inline encryption hardware (e.g. programming and evicting keys), and optional
131 * @ll_ops: Driver-provided functions to control the inline encryption
|
| /linux/crypto/ |
| H A D | Kconfig | 254 profile. This is required for Kerberos 5-style encryption, used by
361 tristate "AES (Advanced Encryption Standard)"
398 ARIA is a standard encryption algorithm of the Republic of Korea.
457 CAST6 (CAST-256) encryption algorithm (RFC2612)
464 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
500 national standard encryption algorithm of the Republic of Korea.
552 TEA (Tiny Encryption Algorithm) cipher algorithms
554 Tiny Encryption Algorithm is a simple cipher that uses
558 Xtendend Tiny Encryption Algorithm is a modification to
562 Xtendend Encryption Tiny Algorithm is a mis-implementation
[all …]
|
| /linux/Documentation/crypto/ |
| H A D | descore-readme.rst | 5 Fast & Portable DES encryption & decryption
15 des - fast & portable DES encryption & decryption.
41 1. Highest possible encryption/decryption PERFORMANCE.
62 - 30us per encryption (options: 64k tables, no IP/FP)
63 - 33us per encryption (options: 64k tables, FIPS standard bit ordering)
64 - 45us per encryption (options: 2k tables, no IP/FP)
65 - 48us per encryption (options: 2k tables, FIPS standard bit ordering)
68 this has the quickest encryption/decryption routines i've seen.
80 - 53us per encryption (uses 2k of tables)
85 encryption/decryption is still slower on the sparc and 68000.
[all …]
|
| H A D | userspace-if.rst | 95 to provide different memory pointers for the encryption and decryption
159 should be processed for encryption or decryption. In addition, the IV is
170 - ALG_OP_ENCRYPT - encryption of data
218 should be processed for encryption or decryption. In addition, the IV is
229 - ALG_OP_ENCRYPT - encryption of data
277 - AEAD encryption input: AAD \|\| plaintext
284 - AEAD encryption output: ciphertext \|\| authentication tag
387 key for symmetric encryption.
394 AEAD ciphers. For a encryption operation, the authentication tag of
|
| H A D | api-samples.rst | 8 all inputs are random bytes, the encryption is done in-place, and it's
29 * encryption/decryption operations. But in this example, we'll just do a
30 * single encryption operation with it (which is not very efficient).
84 pr_debug("Encryption was successful\n");
|
| /linux/net/sunrpc/ |
| H A D | Kconfig | 45 Choose Y to enable the use of Kerberos 5 encryption types
46 that utilize Advanced Encryption Standard (AES) ciphers and
51 bool "Enable Kerberos encryption types based on Camellia and CMAC"
57 Choose Y to enable the use of Kerberos 5 encryption types
70 Choose Y to enable the use of Kerberos 5 encryption types
71 that utilize Advanced Encryption Standard (AES) ciphers and
|
| /linux/include/crypto/ |
| H A D | aead.h | 3 * AEAD: Authenticated Encryption with Associated Data
18 * DOC: Authenticated Encryption With Associated Data (AEAD) Cipher API
23 * The most prominent examples for this type of encryption is GCM and CCM.
35 * associated data memory location before performing the encryption or
50 * during encryption (resp. decryption). The authentication tag is generated
51 * during the encryption operation and appended to the ciphertext. During
55 * In-place encryption/decryption is enabled by using the same scatterlist
115 * during encryption or the size of the authentication tag to be
316 * data returned by the encryption or decryption operation
429 * IMPORTANT NOTE The encryption operation creates the authentication data /
[all …]
|
| /linux/drivers/crypto/aspeed/ |
| H A D | Kconfig | 7 throughput of hash data digest, encryption and decryption.
45 Supports AES/DES symmetric-key encryption and decryption
56 Supports 256 bits to 4096 bits RSA encryption/decryption
|
| /linux/net/tipc/ |
| H A D | crypto.h | 73 * TIPC encryption message format:
97 * Ver : = 7 i.e. TIPC encryption message version
100 * "known" or not at the message encryption
101 * TX : TX key used for the message encryption
111 * part of the nonce used for the message encryption/decryption
115 * generated by the message encryption
|
| /linux/block/ |
| H A D | blk-crypto-profile.c | 9 * 'struct blk_crypto_profile' contains all generic inline encryption-related
10 * state for a particular inline encryption device. blk_crypto_profile serves
11 * as the way that drivers for inline encryption hardware expose their crypto
13 * keys) to upper layers. Device drivers that want to support inline encryption
22 * For more information, see Documentation/block/inline-encryption.rst.
359 * This is an internal function that evicts a key from an inline encryption
457 …pr_warn("Integrity and hardware inline encryption are not supported together. Disabling hardware i… in blk_crypto_register()
474 * use for cryptographic tasks other than inline encryption. This secret is
475 * guaranteed to be cryptographically isolated from the inline encryption key,
|
| /linux/Documentation/virt/kvm/s390/ |
| H A D | s390-pv-dump.rst | 21 can be requested. The encryption is based on the Customer
50 metadata comprised of the encryption tweaks and status flags. The
52 time of the export does not matter as no re-encryption is
|
| /linux/net/sunrpc/auth_gss/ |
| H A D | gss_krb5_crypto.c | 64 * assumed purpose is to prevent repeated encryption of a plaintext with
69 * encryption IV is always all zeroes, the confounder also effectively
73 * making the encryption easier to break.
75 * Given that the primary consumer of this encryption mechanism is a
87 * krb5_encrypt - simple encryption of an RPCSEC GSS payload
412 * For encryption, we want to read from the cleartext in gss_krb5_cts_crypt()
472 * %0: encryption successful
473 * negative errno: encryption could not be completed
796 * encryption function: as follows, where E() is AES encryption in
806 * This encryption formula provides AEAD EtM with key separation.
[all …]
|
| /linux/Documentation/security/keys/ |
| H A D | ecryptfs.rst | 6 file using a randomly generated File Encryption Key (FEK).
8 Each FEK is in turn encrypted with a File Encryption Key Encryption Key (FEKEK)
|