Home
last modified time | relevance | path

Searched full:secret (Results 1 – 25 of 349) sorted by relevance

12345678910>>...14

/openbmc/qemu/crypto/
H A Dsecret_common.c2 * QEMU crypto secret support
31 static void qcrypto_secret_decrypt(QCryptoSecretCommon *secret, in qcrypto_secret_decrypt() argument
48 if (qcrypto_secret_lookup(secret->keyid, in qcrypto_secret_decrypt()
59 if (!secret->iv) { in qcrypto_secret_decrypt()
60 error_setg(errp, "IV is required to decrypt secret"); in qcrypto_secret_decrypt()
64 iv = qbase64_decode(secret->iv, -1, &ivlen, errp); in qcrypto_secret_decrypt()
86 if (secret->format == QCRYPTO_SECRET_FORMAT_BASE64) { in qcrypto_secret_decrypt()
143 QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(uc); in qcrypto_secret_complete() local
154 sec_class->load_data(secret, &input, &inputlen, &local_err); in qcrypto_secret_complete()
165 if (secret->keyid) { in qcrypto_secret_complete()
[all …]
H A Dsecret.c2 * QEMU crypto secret support
22 #include "crypto/secret.h"
39 QCryptoSecret *secret = QCRYPTO_SECRET(sec_common); in qcrypto_secret_load_data() local
44 if (secret->file) { in qcrypto_secret_load_data()
45 if (secret->data) { in qcrypto_secret_load_data()
50 if (!g_file_get_contents(secret->file, &data, &length, &gerr)) { in qcrypto_secret_load_data()
53 secret->file, gerr->message); in qcrypto_secret_load_data()
59 } else if (secret->data) { in qcrypto_secret_load_data()
60 *outputlen = strlen(secret->data); in qcrypto_secret_load_data()
61 *output = (uint8_t *)g_strdup(secret->data); in qcrypto_secret_load_data()
[all …]
H A Dsecret_keyring.c2 * QEMU crypto secret support
43 QCryptoSecretKeyring *secret = QCRYPTO_SECRET_KEYRING(sec_common); in qcrypto_secret_keyring_load_data() local
50 if (!secret->serial) { in qcrypto_secret_keyring_load_data()
55 retcode = keyctl_read(secret->serial, NULL, 0); in qcrypto_secret_keyring_load_data()
62 retcode = keyctl_read(secret->serial, buffer, retcode); in qcrypto_secret_keyring_load_data()
75 secret->serial); in qcrypto_secret_keyring_load_data()
84 QCryptoSecretKeyring *secret = QCRYPTO_SECRET_KEYRING(obj); in qcrypto_secret_prop_set_key() local
90 secret->serial = value; in qcrypto_secret_prop_set_key()
99 QCryptoSecretKeyring *secret = QCRYPTO_SECRET_KEYRING(obj); in qcrypto_secret_prop_get_key() local
100 int32_t value = secret->serial; in qcrypto_secret_prop_get_key()
/openbmc/qemu/tests/qemu-iotests/
H A D29354 S0="--object secret,id=sec0,data=hunter0"
55 S1="--object secret,id=sec1,data=hunter1"
56 S2="--object secret,id=sec2,data=hunter2"
57 S3="--object secret,id=sec3,data=hunter3"
58 S4="--object secret,id=sec4,data=hunter4"
61 # image with given secret
62 IMGS0="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec0"
63 IMGS1="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec1"
64 IMGS2="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec2"
65 IMGS3="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec3"
[all …]
H A D15846 SECRET="secret,id=sec0,data=astrochicken"
51 _make_test_img --object $SECRET -o "encryption=on,encrypt.key-secret=sec0" $size
54 IMGSPECBASE="driver=$IMGFMT,file.filename=$TEST_IMG_BASE,encrypt.key-secret=sec0"
55 …MGFMT,backing.file.filename=$TEST_IMG_BASE,backing.encrypt.key-secret=sec0,encrypt.key-secret=sec0"
60 $QEMU_IO --object $SECRET -c "write -P 0xa 0 $size" --image-opts $IMGSPECBASE | _filter_qemu_io | _…
64 $QEMU_IO --object $SECRET -c "read -P 0xa 0 $size" --image-opts $IMGSPECBASE | _filter_qemu_io | _f…
67 _make_test_img -u --object $SECRET -o "encryption=on,encrypt.key-secret=sec0" -b "$TEST_IMG_BASE" -…
71 $QEMU_IO --object $SECRET -c "write -P 0xe 0 1024" --image-opts $IMGSPEC | _filter_qemu_io | _filte…
75 $QEMU_IO --object $SECRET -c "read -P 0xe 0 1024" --image-opts $IMGSPEC | _filter_qemu_io | _filter…
78 $QEMU_IO --object $SECRET -c "read -P 0xa 1024 64512" --image-opts $IMGSPEC | _filter_qemu_io | _fi…
H A D26351 SECRET="secret,id=sec0,data=astrochicken"
58 …$QEMU_IO --object $SECRET -c "read -P 0 0 $size" --image-opts "$1" | _filter_qemu_io | _filter_tes…
62 …$QEMU_IO --object $SECRET -c "write -P 0xAA 0xFE00 0x400" --image-opts "$1" | _filter_qemu_io | _f…
66 …$QEMU_IO --object $SECRET -c "read -P 0x00 0x00000 0xFE00" --image-opts "$1" | _filter_qemu_io | _…
67 …$QEMU_IO --object $SECRET -c "read -P 0xAA 0x0FE00 0x400" --image-opts "$1" | _filter_qemu_io | _f…
68 …$QEMU_IO --object $SECRET -c "read -P 0x00 0x10200 0xEFE00" --image-opts "$1" | _filter_qemu_io | …
77 _make_test_img --object $SECRET -o "encrypt.format=luks,encrypt.key-secret=sec0,encrypt.iter-time=1…
78 _run_test "$TEST_IMG,encrypt.key-secret=sec0"
86 _make_test_img --object $SECRET -o "encrypt.format=aes,encrypt.key-secret=sec0,cluster_size=64K" $s…
87 _run_test "$TEST_IMG,encrypt.key-secret=sec0"
H A D13446 SECRET="secret,id=sec0,data=astrochicken"
47 SECRETALT="secret,id=sec0,data=platypus"
49 _make_test_img --object $SECRET -o "encryption=on,encrypt.key-secret=sec0" $size
51 IMGSPEC="driver=$IMGFMT,file.filename=$TEST_IMG,encrypt.key-secret=sec0"
57 $QEMU_IO --object $SECRET -c "read 0 $size" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testd…
61 $QEMU_IO --object $SECRET -c "write -P 0xb 512 512" --image-opts $IMGSPEC | _filter_qemu_io | _filt…
65 $QEMU_IO --object $SECRET -c "read -P 0 0 512" --image-opts $IMGSPEC | _filter_qemu_io | _filter_t…
66 $QEMU_IO --object $SECRET -c "read -P 0xb 512 512" --image-opts $IMGSPEC | _filter_qemu_io | _filt…
70 $QEMU_IO --object $SECRET -c "write -P 0xa 0 $size" --image-opts $IMGSPEC | _filter_qemu_io | _filt…
74 $QEMU_IO --object $SECRET -c "read -P 0xa 0 $size" --image-opts $IMGSPEC | _filter_qemu_io | _filt…
H A D29529 class Secret: class
38 def secret(self): member in Secret
42 return [ "secret,id=" + self._id + ",data=" + self._secret]
45 return { "qom_type" : "secret", "id": self.id(),
46 "data": self.secret() }
58 self.secrets = [ Secret(i) for i in range(0, 6) ]
59 for secret in self.secrets:
60 self.vm.cmd("object-add", **secret.to_qmp_object())
76 def createImg(self, file, secret): argument
80 '--object', *secret.to_cmdline_object(),
[all …]
H A D149.out23 …io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
28 …c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
33 …o -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
38 … write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
63 qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,iter…
81 …io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
86 …c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
91 …o -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
96 … write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
141 …io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
[all …]
H A D18848 SECRET="secret,id=sec0,data=astrochicken"
49 SECRETALT="secret,id=sec0,data=platypus"
51 _make_test_img --object $SECRET -o "encrypt.format=luks,encrypt.key-secret=sec0,encrypt.iter-time=1…
53 IMGSPEC="driver=$IMGFMT,encrypt.key-secret=sec0,file.filename=$TEST_IMG"
59 $QEMU_IO --object $SECRET -c "read -P 0 0 $size" --image-opts $IMGSPEC | _filter_qemu_io | _filter_…
63 $QEMU_IO --object $SECRET -c "write -P 0xa 0 $size" --image-opts $IMGSPEC | _filter_qemu_io | _filt…
67 $QEMU_IO --object $SECRET -c "read -P 0xa 0 $size" --image-opts $IMGSPEC | _filter_qemu_io | _filt…
85 $QEMU_IMG convert -O "$IMGFMT" --object $SECRET \
86 -o "encrypt.format=luks,encrypt.key-secret=sec0,encrypt.iter-time=10,preallocation=metadata" \
89 $QEMU_IMG compare --object $SECRET --image-opts "${IMGSPEC}.orig" "$IMGSPEC"
H A D29629 class Secret: class
38 def secret(self): member in Secret
42 return [ "secret,id=" + self._id + ",data=" + self._secret]
45 return { "qom-type" : "secret", "id": self.id(),
46 "data": self.secret() }
62 self.secrets = [ Secret(i) for i in range(0, 4) ]
63 for secret in self.secrets:
64 self.vm1.cmd("object-add", secret.to_qmp_object())
65 self.vm2.cmd("object-add", secret.to_qmp_object())
75 def createImg(self, file, secret): argument
[all …]
H A D2824 # Test qemu-img file cleanup for LUKS when using a non-UTF8 secret
43 echo "== Create non-UTF8 secret =="
45 SECRET="secret,id=sec0,file=non_utf8_secret"
47 echo "== Throws an error because of invalid UTF-8 secret =="
48 $QEMU_IMG create -f $IMGFMT --object $SECRET -o "key-secret=sec0" $TEST_IMAGE_FILE 4M
57 $QEMU_IMG create -f $IMGFMT --object $SECRET -o "key-secret=sec0" $TEST_IMAGE_FILE 4M
H A D21035 vm.add_object('secret,id=keysec0,data=foo')
55 'key-secret': 'keysec0',
62 'driver=luks,file.driver=file,file.filename=%s,key-secret=keysec0' % (disk_path),
64 extra_args=['--object', 'secret,id=keysec0,data=foo'],
85 'key-secret': 'keysec0',
96 'driver=luks,file.driver=file,file.filename=%s,key-secret=keysec0' % (disk_path),
98 extra_args=['--object', 'secret,id=keysec0,data=foo'],
125 'key-secret': 'keysec0',
132 'driver=luks,file.driver=file,file.filename=%s,key-secret=keysec0' % (disk_path),
134 extra_args=['--object', 'secret,id=keysec0,data=foo'],
[all …]
H A D28846 SECRET=secret,id=sec0,data=passphrase
51 $QEMU_IMG measure --object "$SECRET" \
53 -o key-secret=sec0,iter-time=10 \
67 $QEMU_IO --object "$SECRET" --image-opts "$TEST_IMG" -c "write -P 0x51 0x10000 0x400" | _filter_qem…
74 $QEMU_IMG measure --object "$SECRET" \
76 -o key-secret=sec0,iter-time=10,preallocation=falloc \
85 $QEMU_IMG measure --object "$SECRET" \
87 -o key-secret=sec0,iter-time=10 \
H A D282.out2 == Create non-UTF8 secret ==
3 == Throws an error because of invalid UTF-8 secret ==
4 Formatting 'vol.img', fmt=luks size=4194304 key-secret=sec0
5 qemu-img: vol.img: Data from secret sec0 is not valid UTF-8
8 Formatting 'vol.img', fmt=luks size=4194304 key-secret=sec0
9 qemu-img: vol.img: Data from secret sec0 is not valid UTF-8
/openbmc/linux/include/crypto/
H A Dcurve25519.h29 const u8 secret[CURVE25519_KEY_SIZE]);
35 const u8 secret[CURVE25519_KEY_SIZE], in curve25519()
39 curve25519_arch(mypublic, secret, basepoint); in curve25519()
41 curve25519_generic(mypublic, secret, basepoint); in curve25519()
48 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_generate_public()
50 if (unlikely(!crypto_memneq(secret, curve25519_null_point, in curve25519_generate_public()
55 curve25519_base_arch(pub, secret); in curve25519_generate_public()
57 curve25519_generic(pub, secret, curve25519_base_point); in curve25519_generate_public()
61 static inline void curve25519_clamp_secret(u8 secret[CURVE25519_KEY_SIZE]) in curve25519_clamp_secret()
63 secret[0] &= 248; in curve25519_clamp_secret()
[all …]
/openbmc/linux/drivers/virt/coco/efi_secret/
H A Defi_secret.c10 * DOC: efi_secret: Allow reading EFI confidential computing (coco) secret area
15 * In it, a file is created for each secret entry. The name of each such file
16 * is the GUID of the secret entry, and its content is the secret data.
41 * Structure of the EFI secret area
46 * 0 16 Secret table header GUID (must be 1e74f542-71dd-4d66-963e-ef4287ff173b)
47 * 16 4 Length of bytes of the entire secret area
49 * 20 16 First secret entry's GUID
50 * 36 4 First secret entry's length in bytes (= 16 + 4 + x)
51 * 40 x First secret entry's data
53 * 40+x 16 Second secret entry's GUID
[all …]
/openbmc/qemu/docs/system/
H A Dsecrets.rst3 Providing secret data to QEMU
6 There are a variety of objects in QEMU which require secret data to be provided
10 QEMU has a general purpose mechanism for providing secret data to QEMU in a
11 secure manner, using the ``secret`` object type.
13 At startup this can be done using the ``-object secret,...`` command line
17 a ``secret`` object it must be given a unique ID string. This ID is then
32 to pass secret data inline on the command line.
36 -object secret,id=secvnc0,data=87539319
45 -object secret,id=secvnc0,data=ODc1MzkzMTk=,format=base64
54 the secret:
[all …]
/openbmc/qemu/include/crypto/
H A Dsecret.h2 * QEMU crypto secret support
28 #define TYPE_QCRYPTO_SECRET "secret"
43 * The sensitive data associated with the secret can
49 * The data for a secret can be provided in two formats,
67 * $QEMU -object secret,id=sec0,data=letmein
73 * -object secret,id=sec0,file=password.txt
83 * Each secret to be encrypted needs to have a random
85 * to be kept secret
90 * A secret to be defined can now be encrypted
92 * # SECRET=$(printf "letmein" |
[all …]
/openbmc/linux/Documentation/security/secrets/
H A Dcoco.rst7 This document describes how Confidential Computing secret injection is handled
18 secret injection is performed early in the VM launch process, before the
25 Secret data flow
28 The guest firmware may reserve a designated memory area for secret injection,
35 During the VM's launch, the virtual machine manager may inject a secret to that
38 Guest Owner secret data should be a GUIDed table of secret values; the binary
40 "Structure of the EFI secret area".
42 On kernel start, the kernel's EFI driver saves the location of the secret area
44 Later it checks if the secret area is populated: it maps the area and checks
46 (``1e74f542-71dd-4d66-963e-ef4287ff173b``). If the secret area is populated,
[all …]
/openbmc/phosphor-dbus-interfaces/yaml/xyz/openbmc_project/User/
H A DTOTPAuthenticator.interface.yaml4 support multi-factor authentication secret key setup for each user. This
12 secret key for the given user and returns secret key string to share
13 secret key to user.
18 Secret key string which will be shared to user to setup TOTP
27 authenticator secret key for the given user and returns weather this
28 OTP is valid or not which make sure user has setup valid secret key
46 This method clears Time-based One-time Password authenticator secret
58 This property indicates whether TOTP authenticator secret key setup
66 This property indicates whether TOTP authenticator secret key setup
/openbmc/linux/Documentation/ABI/testing/
H A Dsecurityfs-secrets-coco9 platforms (such as AMD SEV and SEV-ES) for secret injection by
15 secret appears as a file under <securityfs>/secrets/coco,
18 if the EFI secret area is populated.
21 Reading the file returns the content of secret entry.
22 Unlinking the file overwrites the secret data with zeroes and
23 removes the entry from the filesystem. A secret cannot be read
35 Reading the secret data by reading a file::
38 the-content-of-the-secret-data
40 Wiping a secret by unlinking a file::
51 the EFI secret area".
/openbmc/linux/fs/crypto/
H A Dkeyring.c41 static void wipe_master_key_secret(struct fscrypt_master_key_secret *secret) in wipe_master_key_secret() argument
43 fscrypt_destroy_hkdf(&secret->hkdf); in wipe_master_key_secret()
44 memzero_explicit(secret, sizeof(*secret)); in wipe_master_key_secret()
59 * The master key secret and any embedded subkeys should have already in fscrypt_free_master_key()
410 * Allocate a new fscrypt_master_key, transfer the given secret over to it, and
414 struct fscrypt_master_key_secret *secret, in add_new_master_key() argument
441 move_master_key_secret(&mk->mk_secret, secret); in add_new_master_key()
458 struct fscrypt_master_key_secret *secret) in add_existing_master_key() argument
481 /* Re-add the secret if needed. */ in add_existing_master_key()
485 move_master_key_secret(&mk->mk_secret, secret); in add_existing_master_key()
[all …]
/openbmc/qemu/tests/unit/
H A Dtest-crypto-secret.c2 * QEMU Crypto secret handling
24 #include "crypto/secret.h"
56 int fd = g_file_open_tmp("qemu-test-crypto-secret-XXXXXX", in test_secret_indirect_good()
565 g_test_add_func("/crypto/secret/direct", in main()
567 g_test_add_func("/crypto/secret/indirect/good", in main()
569 g_test_add_func("/crypto/secret/indirect/badfile", in main()
571 g_test_add_func("/crypto/secret/indirect/emptyfile", in main()
575 g_test_add_func("/crypto/secret/keyring/good", in main()
577 g_test_add_func("/crypto/secret/keyring/revoked_key", in main()
579 g_test_add_func("/crypto/secret/keyring/expired_key", in main()
[all …]
/openbmc/linux/crypto/
H A Decdh_helper.c37 struct kpp_secret secret = { in crypto_ecdh_encode_key() local
48 ptr = ecdh_pack_data(ptr, &secret, sizeof(secret)); in crypto_ecdh_encode_key()
60 struct kpp_secret secret; in crypto_ecdh_decode_key() local
65 ptr = ecdh_unpack_data(&secret, ptr, sizeof(secret)); in crypto_ecdh_decode_key()
66 if (secret.type != CRYPTO_KPP_SECRET_TYPE_ECDH) in crypto_ecdh_decode_key()
69 if (unlikely(len < secret.len)) in crypto_ecdh_decode_key()
73 if (secret.len != crypto_ecdh_key_len(params)) in crypto_ecdh_decode_key()

12345678910>>...14