| /linux/drivers/virt/coco/efi_secret/ |
| H A D | efi_secret.c | 10 * DOC: efi_secret: Allow reading EFI confidential computing (coco) secret area
15 * In it, a file is created for each secret entry. The name of each such file
16 * is the GUID of the secret entry, and its content is the secret data.
39 * Structure of the EFI secret area
44 * 0 16 Secret table header GUID (must be 1e74f542-71dd-4d66-963e-ef4287ff173b)
45 * 16 4 Length of bytes of the entire secret area
47 * 20 16 First secret entry's GUID
48 * 36 4 First secret entry's length in bytes (= 16 + 4 + x)
49 * 40 x First secret entry's data
51 * 40+x 16 Second secret entry's GUID
[all …]
|
| H A D | Kconfig | 3 tristate "EFI secret area securityfs support"
8 This is a driver for accessing the EFI secret area via securityfs.
9 The EFI secret area is a memory area designated by the firmware for
10 confidential computing secret injection (for example for AMD SEV
13 a file wipes the secret from memory).
|
| /linux/Documentation/security/secrets/ |
| H A D | coco.rst | 7 This document describes how Confidential Computing secret injection is handled
18 secret injection is performed early in the VM launch process, before the
25 Secret data flow
28 The guest firmware may reserve a designated memory area for secret injection,
35 During the VM's launch, the virtual machine manager may inject a secret to that
38 Guest Owner secret data should be a GUIDed table of secret values; the binary
40 "Structure of the EFI secret area".
42 On kernel start, the kernel's EFI driver saves the location of the secret area
44 Later it checks if the secret area is populated: it maps the area and checks
46 (``1e74f542-71dd-4d66-963e-ef4287ff173b``). If the secret area is populated,
[all …]
|
| /linux/include/crypto/ |
| H A D | curve25519.h | 22 const u8 secret[at_least CURVE25519_KEY_SIZE],
27 const u8 secret[at_least CURVE25519_KEY_SIZE]);
30 curve25519_clamp_secret(u8 secret[at_least CURVE25519_KEY_SIZE]) in curve25519_clamp_secret()
32 secret[0] &= 248; in curve25519_clamp_secret()
33 secret[31] = (secret[31] & 127) | 64; in curve25519_clamp_secret()
37 curve25519_generate_secret(u8 secret[at_least CURVE25519_KEY_SIZE]) in curve25519_generate_secret()
39 get_random_bytes_wait(secret, CURVE25519_KEY_SIZE); in curve25519_generate_secret()
40 curve25519_clamp_secret(secret); in curve25519_generate_secret()
|
| H A D | kpp.h | 58 * store the secret private key along with parameters.
64 * @compute_shared_secret: Function compute the shared secret as defined by
264 * struct kpp_secret - small header for packing secret buffer
266 * @type: define type of secret. Each kpp type will define its own
267 * @len: specify the len of the secret, include the header, that
319 * Function invokes the specific kpp operation for computing the shared secret
|
| /linux/Documentation/ABI/testing/ |
| H A D | securityfs-secrets-coco | 9 platforms (such as AMD SEV and SEV-ES) for secret injection by
15 secret appears as a file under <securityfs>/secrets/coco,
18 if the EFI secret area is populated.
21 Reading the file returns the content of secret entry.
22 Unlinking the file overwrites the secret data with zeroes and
23 removes the entry from the filesystem. A secret cannot be read
35 Reading the secret data by reading a file::
38 the-content-of-the-secret-data
40 Wiping a secret by unlinking a file::
51 the EFI secret area".
|
| /linux/lib/crypto/ |
| H A D | curve25519.c | 26 const u8 secret[CURVE25519_KEY_SIZE], in curve25519_arch()
29 curve25519_generic(mypublic, secret, basepoint); in curve25519_arch()
33 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_base_arch()
35 curve25519_generic(pub, secret, curve25519_base_point); in curve25519_base_arch()
41 const u8 secret[CURVE25519_KEY_SIZE], in curve25519()
44 curve25519_arch(mypublic, secret, basepoint); in curve25519()
52 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_generate_public()
54 if (unlikely(!crypto_memneq(secret, curve25519_null_point, in curve25519_generate_public()
57 curve25519_base_arch(pub, secret); in curve25519_generate_public()
|
| /linux/crypto/ |
| H A D | ecdh_helper.c | 37 struct kpp_secret secret = { in crypto_ecdh_encode_key() local
48 ptr = ecdh_pack_data(ptr, &secret, sizeof(secret)); in crypto_ecdh_encode_key()
60 struct kpp_secret secret; in crypto_ecdh_decode_key() local
65 ptr = ecdh_unpack_data(&secret, ptr, sizeof(secret)); in crypto_ecdh_decode_key()
66 if (secret.type != CRYPTO_KPP_SECRET_TYPE_ECDH) in crypto_ecdh_decode_key()
69 if (unlikely(len < secret.len)) in crypto_ecdh_decode_key()
73 if (secret.len != crypto_ecdh_key_len(params)) in crypto_ecdh_decode_key()
|
| H A D | dh_helper.c | 44 struct kpp_secret secret = { in crypto_dh_encode_key() local
52 ptr = dh_pack_data(ptr, end, &secret, sizeof(secret)); in crypto_dh_encode_key()
69 struct kpp_secret secret; in __crypto_dh_decode_key() local
74 ptr = dh_unpack_data(&secret, ptr, sizeof(secret)); in __crypto_dh_decode_key()
75 if (secret.type != CRYPTO_KPP_SECRET_TYPE_DH) in __crypto_dh_decode_key()
81 if (secret.len != crypto_dh_key_len(params)) in __crypto_dh_decode_key()
|
| /linux/net/ceph/ |
| H A D | auth_x.c | 197 struct ceph_crypto_key *secret, in process_one_ticket() argument
232 dp = *p + ceph_x_encrypt_offset(secret); in process_one_ticket()
233 ret = ceph_x_decrypt(secret, in process_one_ticket()
316 struct ceph_crypto_key *secret, in ceph_x_proc_ticket_reply() argument
331 ret = process_one_ticket(ac, secret, p, end); in ceph_x_proc_ticket_reply()
571 if (xi->secret.type == CEPH_CRYPTO_AES) { in ceph_x_build_request()
572 blob = enc_buf + ceph_x_encrypt_offset(&xi->secret); in ceph_x_build_request()
583 if (xi->secret.type == CEPH_CRYPTO_AES) { in ceph_x_build_request()
584 ret = ceph_x_encrypt(&xi->secret, 0 /* dummy */, in ceph_x_build_request()
590 ceph_hmac_sha256(&xi->secret, blob, sizeof(*blob), in ceph_x_build_request()
[all …]
|
| /linux/security/keys/ |
| H A D | dh.c | 136 uint8_t *secret; in __keyctl_dh_compute() local
201 secret = kmalloc(secretlen, GFP_KERNEL); in __keyctl_dh_compute()
202 if (!secret) { in __keyctl_dh_compute()
206 ret = crypto_dh_encode_key(secret, secretlen, &dh_inputs); in __keyctl_dh_compute()
216 ret = crypto_kpp_set_secret(tfm, secret, secretlen); in __keyctl_dh_compute()
268 * Concatenate SP800-56A otherinfo past DH shared secret -- the in __keyctl_dh_compute()
269 * input to the KDF is (DH shared secret || otherinfo) in __keyctl_dh_compute()
292 kfree_sensitive(secret); in __keyctl_dh_compute()
|
| /linux/drivers/s390/char/ |
| H A D | uvdevice.c | 244 * uvio_add_secret() - Perform an Add Secret UVC
248 * uvio_add_secret() performs the Add Secret Ultravisor Call.
256 * The argument has to point to an Add Secret Request Control Block
261 * If the Add Secret UV facility is not present, UV will return
304 * Do the actual secret list creation. Calls the list secrets UVC until there
339 * uvio_list_secrets() - Perform a List Secret UVC
343 * uvio_list_secrets() performs the List Secret Ultravisor Call. It verifies
385 * uvio_lock_secrets() - Perform a Lock Secret Store UVC
389 * uvio_lock_secrets() performs the Lock Secret Store Ultravisor Call. It
391 * After this call was dispatched successfully every following Add Secret UVC
[all …]
|
| /linux/net/bluetooth/ |
| H A D | ecdh_helper.c | 40 * secret: memory where the ecdh computed shared secret will be saved.
45 u8 secret[32]) in compute_ecdh_secret()
67 sg_init_one(&dst, secret, 32); in compute_ecdh_secret()
75 pr_err("alg: ecdh: compute shared secret failed. err %d\n", in compute_ecdh_secret()
80 swap_digits((u64 *)secret, (u64 *)tmp, 4); in compute_ecdh_secret()
81 memcpy(secret, tmp, 32); in compute_ecdh_secret()
|
| /linux/drivers/s390/crypto/ |
| H A D | pkey_uv.c | 29 * UV secret token struct and defines.
40 u16 secret_len; /* length in bytes of the secret */
41 u8 secret_id[UV_SECRET_ID_LEN]; /* the secret id for this secret */
94 struct uv_secret_list_item_hdr *secret) in get_secret_metadata() argument
100 rc = uv_find_secret(secret_id, uv_list, secret); in get_secret_metadata()
219 PKEY_DBF_ERR("%s retrieved secret type %u != expected type %u\n", in uv_key2protkey()
|
| /linux/net/sctp/ |
| H A D | auth.c | 259 struct sctp_auth_bytes *secret; in sctp_auth_asoc_set_secret() local
267 secret = sctp_auth_create_key(auth_len, gfp); in sctp_auth_asoc_set_secret()
268 if (!secret) in sctp_auth_asoc_set_secret()
272 memcpy(secret->data, ep_key->key->data, ep_key->key->len); in sctp_auth_asoc_set_secret()
276 memcpy(secret->data + offset, first_vector->data, first_vector->len); in sctp_auth_asoc_set_secret()
279 memcpy(secret->data + offset, last_vector->data, last_vector->len); in sctp_auth_asoc_set_secret()
281 return secret; in sctp_auth_asoc_set_secret()
296 struct sctp_auth_bytes *secret = NULL; in sctp_auth_asoc_create_secret() local
341 secret = sctp_auth_asoc_set_secret(ep_key, first_vector, last_vector, in sctp_auth_asoc_create_secret()
347 return secret; in sctp_auth_asoc_create_secret()
[all …]
|
| /linux/lib/crypto/arm/ |
| H A D | curve25519.h | 18 const u8 secret[CURVE25519_KEY_SIZE],
36 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_base_arch()
38 curve25519_arch(pub, secret, curve25519_base_point); in curve25519_base_arch()
|
| /linux/drivers/nvme/common/ |
| H A D | auth.c | 149 struct nvme_dhchap_key *nvme_auth_extract_key(const char *secret, u8 key_hash) in nvme_auth_extract_key() argument
155 size_t allocated_len = strlen(secret); in nvme_auth_extract_key()
157 /* Secret might be affixed with a ':' */ in nvme_auth_extract_key()
158 p = strrchr(secret, ':'); in nvme_auth_extract_key()
160 allocated_len = p - secret; in nvme_auth_extract_key()
165 key_len = base64_decode(secret, allocated_len, key->key, true, BASE64_STD); in nvme_auth_extract_key()
488 int nvme_auth_parse_key(const char *secret, struct nvme_dhchap_key **ret_key) in nvme_auth_parse_key() argument
493 if (!secret) { in nvme_auth_parse_key()
498 if (sscanf(secret, "DHHC-1:%hhd:%*s:", &key_hash) != 1) in nvme_auth_parse_key()
501 /* Pass in the secret without the 'DHHC-1:XX:' prefix */ in nvme_auth_parse_key()
[all …]
|
| /linux/Documentation/security/keys/ |
| H A D | ecryptfs.rst | 70 into the '/secret' directory::
73 ecryptfs_cipher=aes,ecryptfs_key_bytes=32 /secret /secret
|
| /linux/Documentation/security/tpm/ |
| H A D | tpm-security.rst | 74 encryption to prevent the loss of secret information.
80 asymmetric secret must be established which must also be unknown to
108 know there's an interposer on your system (and that any secret used
135 authorization secret, but for a lot of kernel operations that is well
173 it's name and the EK public key can be used to encrypt a secret using
175 will only recover the secret if the binding between the TPM, the EK
|
| /linux/include/net/ |
| H A D | protocol.h | 49 u32 secret; member
63 u32 secret; member
73 u32 secret; member
|
| /linux/drivers/net/wireguard/ |
| H A D | noise.c | 349 u8 secret[BLAKE2S_HASH_SIZE]; in kdf() local
359 /* Extract entropy from data into secret */ in kdf()
360 hmac(secret, data, chaining_key, data_len, NOISE_HASH_LEN); in kdf()
365 /* Expand first key: key = secret, data = 0x1 */ in kdf()
367 hmac(output, output, secret, 1, BLAKE2S_HASH_SIZE); in kdf()
373 /* Expand second key: key = secret, data = first-key || 0x2 */ in kdf()
375 hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); in kdf()
381 /* Expand third key: key = secret, data = second-key || 0x3 */ in kdf()
383 hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); in kdf()
388 memzero_explicit(secret, BLAKE2S_HASH_SIZE); in kdf()
|
| /linux/lib/crypto/powerpc/ |
| H A D | curve25519.h | 176 const u8 secret[CURVE25519_KEY_SIZE], in curve25519_arch()
179 curve25519_fe51(mypublic, secret, basepoint); in curve25519_arch()
183 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_base_arch()
185 curve25519_fe51(pub, secret, curve25519_base_point); in curve25519_base_arch()
|
| /linux/Documentation/translations/zh_CN/process/ |
| H A D | maintainer-pgp-guide.rst | 145 运行命令来验证,例如: ``gpg --list-secret-keys``
195 $ gpg --export-secret-key [fpr] | paperkey -o /tmp/key-backup.txt
292 现在,如果你发出命令 ``--list-secret-keys`` ,它将显示证书密钥丢
295 $ gpg --list-secret-keys
412 Secret subkeys are available.
471 如果你现在执行 ``--list-secret-keys`` ,你将看到输出中存在细微的差异::
473 $ gpg --list-secret-keys
514 $ gpg --list-secret-keys
|
| /linux/drivers/gpu/drm/nouveau/nvkm/engine/ |
| H A D | falcon.c | 141 falcon->secret = (falcon->addr == 0x087000) ? 1 : 0; in nvkm_falcon_oneinit()
145 falcon->secret = (caps & 0x00000030) >> 4; in nvkm_falcon_oneinit()
153 nvkm_debug(subdev, "secret level: %d\n", falcon->secret); in nvkm_falcon_oneinit()
171 if (falcon->secret && falcon->version < 4) { in nvkm_falcon_init()
|
| /linux/net/ipv6/ |
| H A D | seg6.c | 156 char *secret; in seg6_genl_sethmac() local
203 secret = (char *)nla_data(info->attrs[SEG6_ATTR_SECRET]); in seg6_genl_sethmac()
211 memcpy(hinfo->secret, secret, slen); in seg6_genl_sethmac()
304 nla_put(msg, SEG6_ATTR_SECRET, hinfo->slen, hinfo->secret) || in __seg6_hmac_fill_info()
|