/linux-6.12.1/drivers/virt/coco/efi_secret/ |
D | efi_secret.c | 10 * DOC: efi_secret: Allow reading EFI confidential computing (coco) secret area 15 * In it, a file is created for each secret entry. The name of each such file 16 * is the GUID of the secret entry, and its content is the secret data. 41 * Structure of the EFI secret area 46 * 0 16 Secret table header GUID (must be 1e74f542-71dd-4d66-963e-ef4287ff173b) 47 * 16 4 Length of bytes of the entire secret area 49 * 20 16 First secret entry's GUID 50 * 36 4 First secret entry's length in bytes (= 16 + 4 + x) 51 * 40 x First secret entry's data 53 * 40+x 16 Second secret entry's GUID [all …]
|
D | Kconfig | 3 tristate "EFI secret area securityfs support" 8 This is a driver for accessing the EFI secret area via securityfs. 9 The EFI secret area is a memory area designated by the firmware for 10 confidential computing secret injection (for example for AMD SEV 13 a file wipes the secret from memory).
|
/linux-6.12.1/include/crypto/ |
D | curve25519.h | 29 const u8 secret[CURVE25519_KEY_SIZE]); 35 const u8 secret[CURVE25519_KEY_SIZE], in curve25519() 39 curve25519_arch(mypublic, secret, basepoint); in curve25519() 41 curve25519_generic(mypublic, secret, basepoint); in curve25519() 48 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_generate_public() 50 if (unlikely(!crypto_memneq(secret, curve25519_null_point, in curve25519_generate_public() 55 curve25519_base_arch(pub, secret); in curve25519_generate_public() 57 curve25519_generic(pub, secret, curve25519_base_point); in curve25519_generate_public() 61 static inline void curve25519_clamp_secret(u8 secret[CURVE25519_KEY_SIZE]) in curve25519_clamp_secret() 63 secret[0] &= 248; in curve25519_clamp_secret() [all …]
|
D | kpp.h | 58 * store the secret private key along with parameters. 64 * @compute_shared_secret: Function compute the shared secret as defined by 264 * struct kpp_secret - small header for packing secret buffer 266 * @type: define type of secret. Each kpp type will define its own 267 * @len: specify the len of the secret, include the header, that 319 * Function invokes the specific kpp operation for computing the shared secret
|
/linux-6.12.1/Documentation/security/secrets/ |
D | coco.rst | 7 This document describes how Confidential Computing secret injection is handled 18 secret injection is performed early in the VM launch process, before the 25 Secret data flow 28 The guest firmware may reserve a designated memory area for secret injection, 35 During the VM's launch, the virtual machine manager may inject a secret to that 38 Guest Owner secret data should be a GUIDed table of secret values; the binary 40 "Structure of the EFI secret area". 42 On kernel start, the kernel's EFI driver saves the location of the secret area 44 Later it checks if the secret area is populated: it maps the area and checks 46 (``1e74f542-71dd-4d66-963e-ef4287ff173b``). If the secret area is populated, [all …]
|
/linux-6.12.1/Documentation/ABI/testing/ |
D | securityfs-secrets-coco | 9 platforms (such as AMD SEV and SEV-ES) for secret injection by 15 secret appears as a file under <securityfs>/secrets/coco, 18 if the EFI secret area is populated. 21 Reading the file returns the content of secret entry. 22 Unlinking the file overwrites the secret data with zeroes and 23 removes the entry from the filesystem. A secret cannot be read 35 Reading the secret data by reading a file:: 38 the-content-of-the-secret-data 40 Wiping a secret by unlinking a file:: 51 the EFI secret area".
|
/linux-6.12.1/crypto/ |
D | ecdh_helper.c | 37 struct kpp_secret secret = { in crypto_ecdh_encode_key() local 48 ptr = ecdh_pack_data(ptr, &secret, sizeof(secret)); in crypto_ecdh_encode_key() 60 struct kpp_secret secret; in crypto_ecdh_decode_key() local 65 ptr = ecdh_unpack_data(&secret, ptr, sizeof(secret)); in crypto_ecdh_decode_key() 66 if (secret.type != CRYPTO_KPP_SECRET_TYPE_ECDH) in crypto_ecdh_decode_key() 69 if (unlikely(len < secret.len)) in crypto_ecdh_decode_key() 73 if (secret.len != crypto_ecdh_key_len(params)) in crypto_ecdh_decode_key()
|
D | dh_helper.c | 44 struct kpp_secret secret = { in crypto_dh_encode_key() local 52 ptr = dh_pack_data(ptr, end, &secret, sizeof(secret)); in crypto_dh_encode_key() 69 struct kpp_secret secret; in __crypto_dh_decode_key() local 74 ptr = dh_unpack_data(&secret, ptr, sizeof(secret)); in __crypto_dh_decode_key() 75 if (secret.type != CRYPTO_KPP_SECRET_TYPE_DH) in __crypto_dh_decode_key() 81 if (secret.len != crypto_dh_key_len(params)) in __crypto_dh_decode_key()
|
D | curve25519-generic.c | 12 u8 *secret = kpp_tfm_ctx(tfm); in curve25519_set_secret() local 15 curve25519_generate_secret(secret); in curve25519_set_secret() 18 memcpy(secret, buf, CURVE25519_KEY_SIZE); in curve25519_set_secret() 27 const u8 *secret = kpp_tfm_ctx(tfm); in curve25519_compute_value() local 45 curve25519_generic(buf, secret, bp); in curve25519_compute_value()
|
/linux-6.12.1/fs/crypto/ |
D | keyring.c | 41 static void wipe_master_key_secret(struct fscrypt_master_key_secret *secret) in wipe_master_key_secret() argument 43 fscrypt_destroy_hkdf(&secret->hkdf); in wipe_master_key_secret() 44 memzero_explicit(secret, sizeof(*secret)); in wipe_master_key_secret() 59 * The master key secret and any embedded subkeys should have already in fscrypt_free_master_key() 425 * Allocate a new fscrypt_master_key, transfer the given secret over to it, and 429 struct fscrypt_master_key_secret *secret, in add_new_master_key() argument 456 move_master_key_secret(&mk->mk_secret, secret); in add_new_master_key() 474 struct fscrypt_master_key_secret *secret) in add_existing_master_key() argument 507 move_master_key_secret(&mk->mk_secret, secret); in add_existing_master_key() 515 struct fscrypt_master_key_secret *secret, in do_add_master_key() argument [all …]
|
/linux-6.12.1/include/net/ |
D | hotdata.h | 46 #define inet_ehash_secret net_hotdata.tcp_protocol.secret 47 #define udp_ehash_secret net_hotdata.udp_protocol.secret 48 #define inet6_ehash_secret net_hotdata.tcpv6_protocol.secret 49 #define tcp_ipv6_hash_secret net_hotdata.tcpv6_offload.secret 50 #define udp6_ehash_secret net_hotdata.udpv6_protocol.secret 51 #define udp_ipv6_hash_secret net_hotdata.udpv6_offload.secret
|
D | protocol.h | 49 u32 secret; member 63 u32 secret; member 73 u32 secret; member
|
/linux-6.12.1/arch/arm/crypto/ |
D | curve25519-glue.c | 23 const u8 secret[CURVE25519_KEY_SIZE], 43 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_base_arch() 45 return curve25519_arch(pub, secret, curve25519_base_point); in curve25519_base_arch() 52 u8 *secret = kpp_tfm_ctx(tfm); in curve25519_set_secret() local 55 curve25519_generate_secret(secret); in curve25519_set_secret() 58 memcpy(secret, buf, CURVE25519_KEY_SIZE); in curve25519_set_secret() 67 const u8 *secret = kpp_tfm_ctx(tfm); in curve25519_compute_value() local 85 curve25519_arch(buf, secret, bp); in curve25519_compute_value()
|
/linux-6.12.1/arch/powerpc/crypto/ |
D | curve25519-ppc64le-core.c | 181 const u8 secret[CURVE25519_KEY_SIZE], in curve25519_arch() 184 curve25519_fe51(mypublic, secret, basepoint); in curve25519_arch() 189 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_base_arch() 191 curve25519_fe51(pub, secret, curve25519_base_point); in curve25519_base_arch() 198 u8 *secret = kpp_tfm_ctx(tfm); in curve25519_set_secret() local 201 curve25519_generate_secret(secret); in curve25519_set_secret() 204 memcpy(secret, buf, CURVE25519_KEY_SIZE); in curve25519_set_secret() 213 const u8 *secret = kpp_tfm_ctx(tfm); in curve25519_generate_public_key() local 220 curve25519_base_arch(buf, secret); in curve25519_generate_public_key() 235 const u8 *secret = kpp_tfm_ctx(tfm); in curve25519_compute_shared_secret() local [all …]
|
/linux-6.12.1/net/ceph/ |
D | auth_x.c | 57 static int ceph_x_encrypt(struct ceph_crypto_key *secret, void *buf, in ceph_x_encrypt() argument 67 ret = ceph_crypt(secret, true, buf + sizeof(u32), buf_len - sizeof(u32), in ceph_x_encrypt() 77 static int __ceph_x_decrypt(struct ceph_crypto_key *secret, void *p, in __ceph_x_decrypt() argument 84 ret = ceph_crypt(secret, false, p, ciphertext_len, ciphertext_len, in __ceph_x_decrypt() 97 static int ceph_x_decrypt(struct ceph_crypto_key *secret, void **p, void *end) in ceph_x_decrypt() argument 105 ret = __ceph_x_decrypt(secret, *p, ciphertext_len); in ceph_x_decrypt() 161 struct ceph_crypto_key *secret, in process_one_ticket() argument 197 ret = ceph_x_decrypt(secret, p, end); in process_one_ticket() 271 struct ceph_crypto_key *secret, in ceph_x_proc_ticket_reply() argument 286 ret = process_one_ticket(ac, secret, p, end); in ceph_x_proc_ticket_reply() [all …]
|
/linux-6.12.1/security/keys/ |
D | dh.c | 136 uint8_t *secret; in __keyctl_dh_compute() local 201 secret = kmalloc(secretlen, GFP_KERNEL); in __keyctl_dh_compute() 202 if (!secret) { in __keyctl_dh_compute() 206 ret = crypto_dh_encode_key(secret, secretlen, &dh_inputs); in __keyctl_dh_compute() 216 ret = crypto_kpp_set_secret(tfm, secret, secretlen); in __keyctl_dh_compute() 268 * Concatenate SP800-56A otherinfo past DH shared secret -- the in __keyctl_dh_compute() 269 * input to the KDF is (DH shared secret || otherinfo) in __keyctl_dh_compute() 292 kfree_sensitive(secret); in __keyctl_dh_compute()
|
/linux-6.12.1/drivers/nvme/common/ |
D | auth.c | 161 struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret, in nvme_auth_extract_key() argument 168 size_t allocated_len = strlen(secret); in nvme_auth_extract_key() 170 /* Secret might be affixed with a ':' */ in nvme_auth_extract_key() 171 p = strrchr(secret, ':'); in nvme_auth_extract_key() 173 allocated_len = p - secret; in nvme_auth_extract_key() 178 key_len = base64_decode(secret, allocated_len, key->key); in nvme_auth_extract_key() 449 int nvme_auth_generate_key(u8 *secret, struct nvme_dhchap_key **ret_key) in nvme_auth_generate_key() argument 454 if (!secret) { in nvme_auth_generate_key() 459 if (sscanf(secret, "DHHC-1:%hhd:%*s:", &key_hash) != 1) in nvme_auth_generate_key() 462 /* Pass in the secret without the 'DHHC-1:XX:' prefix */ in nvme_auth_generate_key() [all …]
|
/linux-6.12.1/net/bluetooth/ |
D | ecdh_helper.c | 40 * secret: memory where the ecdh computed shared secret will be saved. 45 u8 secret[32]) in compute_ecdh_secret() 67 sg_init_one(&dst, secret, 32); in compute_ecdh_secret() 75 pr_err("alg: ecdh: compute shared secret failed. err %d\n", in compute_ecdh_secret() 80 swap_digits((u64 *)secret, (u64 *)tmp, 4); in compute_ecdh_secret() 81 memcpy(secret, tmp, 32); in compute_ecdh_secret()
|
/linux-6.12.1/drivers/s390/char/ |
D | uvdevice.c | 240 /** uvio_add_secret() - perform an Add Secret UVC 244 * uvio_add_secret() performs the Add Secret Ultravisor Call. 252 * The argument has to point to an Add Secret Request Control Block 257 * If the Add Secret UV facility is not present, UV will return 299 /** uvio_list_secrets() - perform a List Secret UVC 302 * uvio_list_secrets() performs the List Secret Ultravisor Call. It verifies 347 /** uvio_lock_secrets() - perform a Lock Secret Store UVC 350 * uvio_lock_secrets() performs the Lock Secret Store Ultravisor Call. It 352 * After this call was dispatched successfully every following Add Secret UVC
|
/linux-6.12.1/net/sctp/ |
D | auth.c | 258 struct sctp_auth_bytes *secret; in sctp_auth_asoc_set_secret() local 266 secret = sctp_auth_create_key(auth_len, gfp); in sctp_auth_asoc_set_secret() 267 if (!secret) in sctp_auth_asoc_set_secret() 271 memcpy(secret->data, ep_key->key->data, ep_key->key->len); in sctp_auth_asoc_set_secret() 275 memcpy(secret->data + offset, first_vector->data, first_vector->len); in sctp_auth_asoc_set_secret() 278 memcpy(secret->data + offset, last_vector->data, last_vector->len); in sctp_auth_asoc_set_secret() 280 return secret; in sctp_auth_asoc_set_secret() 295 struct sctp_auth_bytes *secret = NULL; in sctp_auth_asoc_create_secret() local 340 secret = sctp_auth_asoc_set_secret(ep_key, first_vector, last_vector, in sctp_auth_asoc_create_secret() 346 return secret; in sctp_auth_asoc_create_secret() [all …]
|
/linux-6.12.1/include/keys/ |
D | trusted_tpm.h | 21 unsigned char secret[SHA1_DIGEST_SIZE]; member 67 pr_info("secret:\n"); in dump_sess() 69 16, 1, &s->secret, SHA1_DIGEST_SIZE, 0); in dump_sess()
|
/linux-6.12.1/Documentation/security/keys/ |
D | ecryptfs.rst | 70 into the '/secret' directory:: 73 ecryptfs_cipher=aes,ecryptfs_key_bytes=32 /secret /secret
|
/linux-6.12.1/Documentation/security/tpm/ |
D | tpm-security.rst | 74 encryption to prevent the loss of secret information. 80 asymmetric secret must be established which must also be unknown to 108 know there's an interposer on your system (and that any secret used 135 authorization secret, but for a lot of kernel operations that is well 173 it's name and the EK public key can be used to encrypt a secret using 175 will only recover the secret if the binding between the TPM, the EK
|
/linux-6.12.1/include/crypto/internal/ |
D | ecc.h | 116 * crypto_ecdh_shared_secret() - Compute a shared secret 122 * @secret: buffer for storing the calculated shared secret 127 * Returns 0 if the shared secret was generated successfully, a negative value 132 u64 *secret);
|
/linux-6.12.1/drivers/net/wireguard/ |
D | noise.c | 349 u8 secret[BLAKE2S_HASH_SIZE]; in kdf() local 359 /* Extract entropy from data into secret */ in kdf() 360 hmac(secret, data, chaining_key, data_len, NOISE_HASH_LEN); in kdf() 365 /* Expand first key: key = secret, data = 0x1 */ in kdf() 367 hmac(output, output, secret, 1, BLAKE2S_HASH_SIZE); in kdf() 373 /* Expand second key: key = secret, data = first-key || 0x2 */ in kdf() 375 hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); in kdf() 381 /* Expand third key: key = secret, data = second-key || 0x3 */ in kdf() 383 hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); in kdf() 388 memzero_explicit(secret, BLAKE2S_HASH_SIZE); in kdf()
|