| /linux/fs/crypto/ |
| H A D | keyring.c | 43 static void wipe_master_key_secret(struct fscrypt_master_key_secret *secret) in wipe_master_key_secret() argument
45 memzero_explicit(secret, sizeof(*secret)); in wipe_master_key_secret()
430 struct fscrypt_master_key_secret *secret, in add_new_master_key() argument
457 move_master_key_secret(&mk->mk_secret, secret); in add_new_master_key()
475 struct fscrypt_master_key_secret *secret) in add_existing_master_key() argument
508 move_master_key_secret(&mk->mk_secret, secret); in add_existing_master_key()
516 struct fscrypt_master_key_secret *secret, in do_add_master_key() argument
530 err = add_new_master_key(sb, secret, mk_spec); in do_add_master_key()
537 err = add_existing_master_key(mk, secret); in do_add_master_key()
546 err = add_new_master_key(sb, secret, mk_spec); in do_add_master_key()
[all …]
|
| /linux/include/crypto/ |
| H A D | curve25519.h | 22 const u8 secret[at_least CURVE25519_KEY_SIZE],
27 const u8 secret[at_least CURVE25519_KEY_SIZE]);
30 curve25519_clamp_secret(u8 secret[at_least CURVE25519_KEY_SIZE]) in curve25519_clamp_secret()
32 secret[0] &= 248; in curve25519_clamp_secret()
33 secret[31] = (secret[31] & 127) | 64; in curve25519_clamp_secret()
37 curve25519_generate_secret(u8 secret[at_least CURVE25519_KEY_SIZE]) in curve25519_generate_secret()
39 get_random_bytes_wait(secret, CURVE25519_KEY_SIZE); in curve25519_generate_secret()
40 curve25519_clamp_secret(secret); in curve25519_generate_secret()
|
| /linux/lib/crypto/ |
| H A D | curve25519.c | 26 const u8 secret[CURVE25519_KEY_SIZE], in curve25519_arch()
29 curve25519_generic(mypublic, secret, basepoint); in curve25519_arch()
33 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_base_arch()
35 curve25519_generic(pub, secret, curve25519_base_point); in curve25519_base_arch()
41 const u8 secret[CURVE25519_KEY_SIZE], in curve25519()
44 curve25519_arch(mypublic, secret, basepoint); in curve25519()
52 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_generate_public()
54 if (unlikely(!crypto_memneq(secret, curve25519_null_point, in curve25519_generate_public()
57 curve25519_base_arch(pub, secret); in curve25519_generate_public()
|
| /linux/crypto/ |
| H A D | ecdh_helper.c | 37 struct kpp_secret secret = { in crypto_ecdh_encode_key() local
48 ptr = ecdh_pack_data(ptr, &secret, sizeof(secret)); in crypto_ecdh_encode_key()
60 struct kpp_secret secret; in crypto_ecdh_decode_key() local
65 ptr = ecdh_unpack_data(&secret, ptr, sizeof(secret)); in crypto_ecdh_decode_key()
66 if (secret.type != CRYPTO_KPP_SECRET_TYPE_ECDH) in crypto_ecdh_decode_key()
69 if (unlikely(len < secret.len)) in crypto_ecdh_decode_key()
73 if (secret.len != crypto_ecdh_key_len(params)) in crypto_ecdh_decode_key()
|
| H A D | dh_helper.c | 44 struct kpp_secret secret = { in crypto_dh_encode_key() local
52 ptr = dh_pack_data(ptr, end, &secret, sizeof(secret)); in crypto_dh_encode_key()
69 struct kpp_secret secret; in __crypto_dh_decode_key() local
74 ptr = dh_unpack_data(&secret, ptr, sizeof(secret)); in __crypto_dh_decode_key()
75 if (secret.type != CRYPTO_KPP_SECRET_TYPE_DH) in __crypto_dh_decode_key()
81 if (secret.len != crypto_dh_key_len(params)) in __crypto_dh_decode_key()
|
| /linux/Documentation/security/secrets/ |
| H A D | coco.rst | 7 This document describes how Confidential Computing secret injection is handled
18 secret injection is performed early in the VM launch process, before the
28 The guest firmware may reserve a designated memory area for secret injection,
35 During the VM's launch, the virtual machine manager may inject a secret to that
38 Guest Owner secret data should be a GUIDed table of secret values; the binary
40 "Structure of the EFI secret area".
42 On kernel start, the kernel's EFI driver saves the location of the secret area
44 Later it checks if the secret area is populated: it maps the area and checks
46 (``1e74f542-71dd-4d66-963e-ef4287ff173b``). If the secret area is populated,
56 provides the decryption key (= secret) using the secret injection mechanism.
[all …]
|
| /linux/Documentation/ABI/testing/ |
| H A D | securityfs-secrets-coco | 9 platforms (such as AMD SEV and SEV-ES) for secret injection by
15 secret appears as a file under <securityfs>/secrets/coco,
18 if the EFI secret area is populated.
21 Reading the file returns the content of secret entry.
22 Unlinking the file overwrites the secret data with zeroes and
23 removes the entry from the filesystem. A secret cannot be read
35 Reading the secret data by reading a file::
38 the-content-of-the-secret-data
40 Wiping a secret by unlinking a file::
51 the EFI secret area".
|
| /linux/include/net/ |
| H A D | hotdata.h | 53 #define inet_ehash_secret net_hotdata.tcp_protocol.secret
54 #define udp_ehash_secret net_hotdata.udp_protocol.secret
55 #define inet6_ehash_secret net_hotdata.tcpv6_protocol.secret
56 #define tcp_ipv6_hash_secret net_hotdata.tcpv6_offload.secret
57 #define udp6_ehash_secret net_hotdata.udpv6_protocol.secret
58 #define udp_ipv6_hash_secret net_hotdata.udpv6_offload.secret
|
| H A D | protocol.h | 49 u32 secret; member
63 u32 secret; member
73 u32 secret; member
|
| /linux/drivers/virt/coco/efi_secret/ |
| H A D | Kconfig | 3 tristate "EFI secret area securityfs support"
8 This is a driver for accessing the EFI secret area via securityfs.
9 The EFI secret area is a memory area designated by the firmware for
10 confidential computing secret injection (for example for AMD SEV
13 a file wipes the secret from memory).
|
| /linux/net/sctp/ |
| H A D | auth.c | 259 struct sctp_auth_bytes *secret; in sctp_auth_asoc_set_secret() local
267 secret = sctp_auth_create_key(auth_len, gfp); in sctp_auth_asoc_set_secret()
268 if (!secret) in sctp_auth_asoc_set_secret()
272 memcpy(secret->data, ep_key->key->data, ep_key->key->len); in sctp_auth_asoc_set_secret()
276 memcpy(secret->data + offset, first_vector->data, first_vector->len); in sctp_auth_asoc_set_secret()
279 memcpy(secret->data + offset, last_vector->data, last_vector->len); in sctp_auth_asoc_set_secret()
281 return secret; in sctp_auth_asoc_set_secret()
296 struct sctp_auth_bytes *secret = NULL; in sctp_auth_asoc_create_secret() local
341 secret = sctp_auth_asoc_set_secret(ep_key, first_vector, last_vector, in sctp_auth_asoc_create_secret()
347 return secret; in sctp_auth_asoc_create_secret()
[all …]
|
| /linux/lib/crypto/arm/ |
| H A D | curve25519.h | 18 const u8 secret[CURVE25519_KEY_SIZE],
36 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_base_arch()
38 curve25519_arch(pub, secret, curve25519_base_point); in curve25519_base_arch()
|
| /linux/net/ceph/ |
| H A D | auth_x.c | 192 struct ceph_crypto_key *secret, in process_one_ticket() argument
227 dp = *p + ceph_x_encrypt_offset(secret); in process_one_ticket()
228 ret = ceph_x_decrypt(secret, in process_one_ticket()
311 struct ceph_crypto_key *secret, in ceph_x_proc_ticket_reply() argument
326 ret = process_one_ticket(ac, secret, p, end); in ceph_x_proc_ticket_reply()
566 if (xi->secret.type == CEPH_CRYPTO_AES) { in ceph_x_build_request()
567 blob = enc_buf + ceph_x_encrypt_offset(&xi->secret); in ceph_x_build_request()
578 if (xi->secret.type == CEPH_CRYPTO_AES) { in ceph_x_build_request()
579 ret = ceph_x_encrypt(&xi->secret, 0 /* dummy */, in ceph_x_build_request()
585 ceph_hmac_sha256(&xi->secret, blob, sizeof(*blob), in ceph_x_build_request()
[all …]
|
| /linux/security/keys/ |
| H A D | dh.c | 136 uint8_t *secret; in __keyctl_dh_compute() local
201 secret = kmalloc(secretlen, GFP_KERNEL); in __keyctl_dh_compute()
202 if (!secret) { in __keyctl_dh_compute()
206 ret = crypto_dh_encode_key(secret, secretlen, &dh_inputs); in __keyctl_dh_compute()
216 ret = crypto_kpp_set_secret(tfm, secret, secretlen); in __keyctl_dh_compute()
292 kfree_sensitive(secret); in __keyctl_dh_compute()
|
| /linux/net/bluetooth/ |
| H A D | ecdh_helper.c | 45 u8 secret[32]) in compute_ecdh_secret()
67 sg_init_one(&dst, secret, 32); in compute_ecdh_secret()
80 swap_digits((u64 *)secret, (u64 *)tmp, 4); in compute_ecdh_secret()
81 memcpy(secret, tmp, 32); in compute_ecdh_secret()
|
| /linux/drivers/nvme/common/ |
| H A D | auth.c | 164 struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret, in nvme_auth_extract_key() argument
171 size_t allocated_len = strlen(secret); in nvme_auth_extract_key()
174 p = strrchr(secret, ':'); in nvme_auth_extract_key()
176 allocated_len = p - secret; in nvme_auth_extract_key()
181 key_len = base64_decode(secret, allocated_len, key->key, true, BASE64_STD); in nvme_auth_extract_key()
441 int nvme_auth_generate_key(u8 *secret, struct nvme_dhchap_key **ret_key) in nvme_auth_generate_key() argument
446 if (!secret) { in nvme_auth_generate_key()
451 if (sscanf(secret, "DHHC-1:%hhd:%*s:", &key_hash) != 1) in nvme_auth_generate_key()
455 key = nvme_auth_extract_key(secret + 10, key_hash); in nvme_auth_generate_key()
|
| /linux/lib/crypto/powerpc/ |
| H A D | curve25519.h | 176 const u8 secret[CURVE25519_KEY_SIZE], in curve25519_arch()
179 curve25519_fe51(mypublic, secret, basepoint); in curve25519_arch()
183 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_base_arch()
185 curve25519_fe51(pub, secret, curve25519_base_point); in curve25519_base_arch()
|
| /linux/Documentation/translations/zh_CN/process/ |
| H A D | maintainer-pgp-guide.rst | 145 运行命令来验证,例如: ``gpg --list-secret-keys``
195 $ gpg --export-secret-key [fpr] | paperkey -o /tmp/key-backup.txt
292 现在,如果你发出命令 ``--list-secret-keys`` ,它将显示证书密钥丢
295 $ gpg --list-secret-keys
471 如果你现在执行 ``--list-secret-keys`` ,你将看到输出中存在细微的差异::
473 $ gpg --list-secret-keys
514 $ gpg --list-secret-keys
|
| /linux/net/ipv6/ |
| H A D | seg6.c | 156 char *secret; in seg6_genl_sethmac() local
203 secret = (char *)nla_data(info->attrs[SEG6_ATTR_SECRET]); in seg6_genl_sethmac()
211 memcpy(hinfo->secret, secret, slen); in seg6_genl_sethmac()
304 nla_put(msg, SEG6_ATTR_SECRET, hinfo->slen, hinfo->secret) || in __seg6_hmac_fill_info()
|
| /linux/include/linux/ |
| H A D | nvme-auth.h | 28 struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret,
34 int nvme_auth_generate_key(u8 *secret, struct nvme_dhchap_key **ret_key);
|
| /linux/Documentation/security/keys/ |
| H A D | ecryptfs.rst | 70 into the '/secret' directory::
73 ecryptfs_cipher=aes,ecryptfs_key_bytes=32 /secret /secret
|
| /linux/drivers/gpu/drm/nouveau/nvkm/engine/ |
| H A D | falcon.c | 141 falcon->secret = (falcon->addr == 0x087000) ? 1 : 0; in nvkm_falcon_oneinit()
145 falcon->secret = (caps & 0x00000030) >> 4; in nvkm_falcon_oneinit()
153 nvkm_debug(subdev, "secret level: %d\n", falcon->secret); in nvkm_falcon_oneinit()
171 if (falcon->secret && falcon->version < 4) { in nvkm_falcon_init()
|
| /linux/lib/crypto/x86/ |
| H A D | curve25519.h | 1590 const u8 secret[CURVE25519_KEY_SIZE], in curve25519_arch()
1594 curve25519_ever64(mypublic, secret, basepoint); in curve25519_arch()
1596 curve25519_generic(mypublic, secret, basepoint); in curve25519_arch()
1600 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_base_arch()
1603 curve25519_ever64_base(pub, secret); in curve25519_base_arch()
1605 curve25519_generic(pub, secret, curve25519_base_point); in curve25519_base_arch()
|
| /linux/drivers/net/wireguard/ |
| H A D | cookie.c | 24 get_random_bytes(checker->secret, NOISE_HASH_LEN); in wg_cookie_checker_init()
100 get_random_bytes(checker->secret, NOISE_HASH_LEN); in make_cookie()
106 blake2s_init_key(&blake, COOKIE_LEN, checker->secret, NOISE_HASH_LEN); in make_cookie()
|
| /linux/security/keys/trusted-keys/ |
| H A D | trusted_tpm1.c | 39 unsigned char secret[SHA1_DIGEST_SIZE]; member
68 16, 1, &s->secret, SHA1_DIGEST_SIZE, 0); in dump_sess()
386 return TSS_rawhmac(s->secret, key, SHA1_DIGEST_SIZE, TPM_NONCE_SIZE, in osap()
454 memcpy(td->xorwork, sess.secret, SHA1_DIGEST_SIZE); in tpm_seal()
479 ret = TSS_authhmac(td->pubauth, sess.secret, SHA1_DIGEST_SIZE, in tpm_seal()
487 ret = TSS_authhmac(td->pubauth, sess.secret, SHA1_DIGEST_SIZE, in tpm_seal()
522 ret = TSS_checkhmac1(tb->data, ordinal, td->nonceodd, sess.secret, in tpm_seal()
|