Home
last modified time | relevance | path

Searched refs:secret (Results 1 – 25 of 137) sorted by relevance

123456

/openbmc/qemu/crypto/
H A Dsecret.c39 QCryptoSecret *secret = QCRYPTO_SECRET(sec_common); in qcrypto_secret_load_data() local
44 if (secret->file) { in qcrypto_secret_load_data()
45 if (secret->data) { in qcrypto_secret_load_data()
50 if (!g_file_get_contents(secret->file, &data, &length, &gerr)) { in qcrypto_secret_load_data()
53 secret->file, gerr->message); in qcrypto_secret_load_data()
59 } else if (secret->data) { in qcrypto_secret_load_data()
60 *outputlen = strlen(secret->data); in qcrypto_secret_load_data()
61 *output = (uint8_t *)g_strdup(secret->data); in qcrypto_secret_load_data()
73 QCryptoSecret *secret = QCRYPTO_SECRET(obj); in qcrypto_secret_prop_set_data() local
75 g_free(secret->data); in qcrypto_secret_prop_set_data()
[all …]
H A Dsecret_common.c31 static void qcrypto_secret_decrypt(QCryptoSecretCommon *secret, in qcrypto_secret_decrypt() argument
48 if (qcrypto_secret_lookup(secret->keyid, in qcrypto_secret_decrypt()
59 if (!secret->iv) { in qcrypto_secret_decrypt()
64 iv = qbase64_decode(secret->iv, -1, &ivlen, errp); in qcrypto_secret_decrypt()
86 if (secret->format == QCRYPTO_SECRET_FORMAT_BASE64) { in qcrypto_secret_decrypt()
143 QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(uc); in qcrypto_secret_complete() local
154 sec_class->load_data(secret, &input, &inputlen, &local_err); in qcrypto_secret_complete()
165 if (secret->keyid) { in qcrypto_secret_complete()
166 qcrypto_secret_decrypt(secret, input, inputlen, in qcrypto_secret_complete()
176 if (secret->format == QCRYPTO_SECRET_FORMAT_BASE64) { in qcrypto_secret_complete()
[all …]
H A Dsecret_keyring.c43 QCryptoSecretKeyring *secret = QCRYPTO_SECRET_KEYRING(sec_common); in qcrypto_secret_keyring_load_data() local
50 if (!secret->serial) { in qcrypto_secret_keyring_load_data()
55 retcode = keyctl_read(secret->serial, NULL, 0); in qcrypto_secret_keyring_load_data()
62 retcode = keyctl_read(secret->serial, buffer, retcode); in qcrypto_secret_keyring_load_data()
75 secret->serial); in qcrypto_secret_keyring_load_data()
84 QCryptoSecretKeyring *secret = QCRYPTO_SECRET_KEYRING(obj); in qcrypto_secret_prop_set_key() local
90 secret->serial = value; in qcrypto_secret_prop_set_key()
99 QCryptoSecretKeyring *secret = QCRYPTO_SECRET_KEYRING(obj); in qcrypto_secret_prop_get_key() local
100 int32_t value = secret->serial; in qcrypto_secret_prop_get_key()
/openbmc/linux/include/crypto/
H A Dcurve25519.h29 const u8 secret[CURVE25519_KEY_SIZE]);
35 const u8 secret[CURVE25519_KEY_SIZE], in curve25519()
39 curve25519_arch(mypublic, secret, basepoint); in curve25519()
41 curve25519_generic(mypublic, secret, basepoint); in curve25519()
48 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_generate_public()
50 if (unlikely(!crypto_memneq(secret, curve25519_null_point, in curve25519_generate_public()
55 curve25519_base_arch(pub, secret); in curve25519_generate_public()
57 curve25519_generic(pub, secret, curve25519_base_point); in curve25519_generate_public()
61 static inline void curve25519_clamp_secret(u8 secret[CURVE25519_KEY_SIZE]) in curve25519_clamp_secret()
63 secret[0] &= 248; in curve25519_clamp_secret()
[all …]
/openbmc/qemu/tests/qemu-iotests/
H A D29370 _make_test_img $S0 $EXTRA_IMG_ARGS -o ${PR}key-secret=sec0,${PR}iter-time=10 32M
78 $QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=active,${PR}new-secret=sec4,${PR}iter-time=10,${PR}ke…
80 $QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=active,${PR}new-secret=sec1,${PR}iter-time=10
82 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=active,${PR}new-secret=sec3,${PR}iter-time=10,${PR}ke…
85 $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=active,${PR}new-secret=sec2,${PR}iter-time=10
100 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec0 | _filter_img_create
114 $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=active,${PR}new-secret=sec2,${PR}iter-time=10
119 $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=active,${PR}new-secret=sec0,${PR}iter-time=10
123 $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=active,${PR}new-secret=sec3,${PR}iter-time=10
127 $QEMU_IMG amend $SECRETS $IMGS2 -o ${PR}state=active,${PR}new-secret=sec3,${PR}iter-time=10
[all …]
H A D29538 def secret(self): member in Secret
46 "data": self.secret() }
59 for secret in self.secrets:
60 self.vm.cmd("object-add", **secret.to_qmp_object())
76 def createImg(self, file, secret): argument
80 '--object', *secret.to_cmdline_object(),
82 '-o', self.pfx + 'key-secret=' + secret.id(),
90 def openImageQmp(self, id, file, secret, read_only = False): argument
93 'key-secret' : secret.id()
124 def addKeyQmp(self, id, new_secret, secret = None, argument
[all …]
H A D29638 def secret(self): member in Secret
46 "data": self.secret() }
63 for secret in self.secrets:
64 self.vm1.cmd("object-add", secret.to_qmp_object())
65 self.vm2.cmd("object-add", secret.to_qmp_object())
75 def createImg(self, file, secret): argument
79 '--object', *secret.to_cmdline_object(),
81 '-o', 'key-secret=' + secret.id(),
88 def addKey(self, file, secret, new_secret): argument
91 'key-secret' : secret.id(),
[all …]
H A D282.out2 == Create non-UTF8 secret ==
3 == Throws an error because of invalid UTF-8 secret ==
4 Formatting 'vol.img', fmt=luks size=4194304 key-secret=sec0
5 qemu-img: vol.img: Data from secret sec0 is not valid UTF-8
8 Formatting 'vol.img', fmt=luks size=4194304 key-secret=sec0
9 qemu-img: vol.img: Data from secret sec0 is not valid UTF-8
H A D149.out23 …io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
28 …c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
33 …o -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
38 … write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
63 qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,iter…
81 …io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
86 …c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
91 …o -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
96 … write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
141 …io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive…
[all …]
H A D087139 _make_test_img --object secret,id=sec0,data=123456 -o encryption=on,encrypt.key-secret=sec0 $size
170 _make_test_img --object secret,id=sec0,data=123456 -o encrypt.format=luks,encrypt.key-secret=sec0 $…
201 _make_test_img --object secret,id=sec0,data=123456 -o encryption=on,encrypt.key-secret=sec0 $size
H A D28846 SECRET=secret,id=sec0,data=passphrase
53 -o key-secret=sec0,iter-time=10 \
76 -o key-secret=sec0,iter-time=10,preallocation=falloc \
87 -o key-secret=sec0,iter-time=10 \
H A D293.out31 == filling 4 slots with secret 2 ==
33 == adding secret 0 ==
35 == adding secret 3 (last slot) ==
50 == erase all keys of secret 2==
51 == erase all keys of secret 1==
52 == erase all keys of secret 0==
53 == erasing secret3 will fail now since it is the only secret (in 3 slots) ==
85 == erase last secret (should fail) ==
89 qemu-img: No secret with id 'sec5'
92 == erase last secret with force by slot (should work) ==
H A D210.out10 …, "options": {"driver": "luks", "file": "imgfile", "iter-time": 10, "key-secret": "keysec0", "size…
15 image: json:{"driver": "IMGFMT", "file": {"driver": "file", "filename": "TEST_IMG"}, "key-secret": …
63 …, "iter-time": 10, "ivgen-alg": "plain64", "ivgen-hash-alg": "md5", "key-secret": "keysec0", "size…
68 image: json:{"driver": "IMGFMT", "file": {"driver": "file", "filename": "TEST_IMG"}, "key-secret": …
119 …0", "options": {"driver": "luks", "file": "node0", "iter-time": 10, "key-secret": "keysec0", "size…
124 image: json:{"driver": "IMGFMT", "file": {"driver": "file", "filename": "TEST_IMG"}, "key-secret": …
167 …: {"job-id": "job0", "options": {"driver": "luks", "file": "node0", "key-secret": "keysec0", "size…
173 …: {"job-id": "job0", "options": {"driver": "luks", "file": "node0", "key-secret": "keysec0", "size…
179 …: {"job-id": "job0", "options": {"driver": "luks", "file": "node0", "key-secret": "keysec0", "size…
195 image: json:{"driver": "IMGFMT", "file": {"driver": "file", "filename": "TEST_IMG"}, "key-secret": …
/openbmc/linux/fs/crypto/
H A Dkeyring.c41 static void wipe_master_key_secret(struct fscrypt_master_key_secret *secret) in wipe_master_key_secret() argument
43 fscrypt_destroy_hkdf(&secret->hkdf); in wipe_master_key_secret()
44 memzero_explicit(secret, sizeof(*secret)); in wipe_master_key_secret()
414 struct fscrypt_master_key_secret *secret, in add_new_master_key() argument
441 move_master_key_secret(&mk->mk_secret, secret); in add_new_master_key()
458 struct fscrypt_master_key_secret *secret) in add_existing_master_key() argument
485 move_master_key_secret(&mk->mk_secret, secret); in add_existing_master_key()
492 struct fscrypt_master_key_secret *secret, in do_add_master_key() argument
506 err = add_new_master_key(sb, secret, mk_spec); in do_add_master_key()
513 err = add_existing_master_key(mk, secret); in do_add_master_key()
[all …]
/openbmc/linux/crypto/
H A Decdh_helper.c37 struct kpp_secret secret = { in crypto_ecdh_encode_key() local
48 ptr = ecdh_pack_data(ptr, &secret, sizeof(secret)); in crypto_ecdh_encode_key()
60 struct kpp_secret secret; in crypto_ecdh_decode_key() local
65 ptr = ecdh_unpack_data(&secret, ptr, sizeof(secret)); in crypto_ecdh_decode_key()
66 if (secret.type != CRYPTO_KPP_SECRET_TYPE_ECDH) in crypto_ecdh_decode_key()
69 if (unlikely(len < secret.len)) in crypto_ecdh_decode_key()
73 if (secret.len != crypto_ecdh_key_len(params)) in crypto_ecdh_decode_key()
H A Ddh_helper.c44 struct kpp_secret secret = { in crypto_dh_encode_key() local
52 ptr = dh_pack_data(ptr, end, &secret, sizeof(secret)); in crypto_dh_encode_key()
69 struct kpp_secret secret; in __crypto_dh_decode_key() local
74 ptr = dh_unpack_data(&secret, ptr, sizeof(secret)); in __crypto_dh_decode_key()
75 if (secret.type != CRYPTO_KPP_SECRET_TYPE_DH) in __crypto_dh_decode_key()
81 if (secret.len != crypto_dh_key_len(params)) in __crypto_dh_decode_key()
H A Dcurve25519-generic.c12 u8 *secret = kpp_tfm_ctx(tfm); in curve25519_set_secret() local
15 curve25519_generate_secret(secret); in curve25519_set_secret()
18 memcpy(secret, buf, CURVE25519_KEY_SIZE); in curve25519_set_secret()
27 const u8 *secret = kpp_tfm_ctx(tfm); in curve25519_compute_value() local
45 curve25519_generic(buf, secret, bp); in curve25519_compute_value()
H A Dtestmgr.h166 const unsigned char *secret; member
1349 .secret =
1456 .secret =
1566 .secret =
1654 .secret =
1727 .secret =
1847 .secret =
1936 .secret =
2088 .secret =
2193 .secret =
[all …]
/openbmc/qemu/docs/system/
H A Dsecrets.rst3 Providing secret data to QEMU
6 There are a variety of objects in QEMU which require secret data to be provided
10 QEMU has a general purpose mechanism for providing secret data to QEMU in a
11 secure manner, using the ``secret`` object type.
13 At startup this can be done using the ``-object secret,...`` command line
17 a ``secret`` object it must be given a unique ID string. This ID is then
32 to pass secret data inline on the command line.
36 -object secret,id=secvnc0,data=87539319
45 -object secret,id=secvnc0,data=ODc1MzkzMTk=,format=base64
54 the secret:
[all …]
/openbmc/linux/arch/arm/crypto/
H A Dcurve25519-glue.c23 const u8 secret[CURVE25519_KEY_SIZE],
43 const u8 secret[CURVE25519_KEY_SIZE]) in curve25519_base_arch()
45 return curve25519_arch(pub, secret, curve25519_base_point); in curve25519_base_arch()
52 u8 *secret = kpp_tfm_ctx(tfm); in curve25519_set_secret() local
55 curve25519_generate_secret(secret); in curve25519_set_secret()
58 memcpy(secret, buf, CURVE25519_KEY_SIZE); in curve25519_set_secret()
67 const u8 *secret = kpp_tfm_ctx(tfm); in curve25519_compute_value() local
85 curve25519_arch(buf, secret, bp); in curve25519_compute_value()
/openbmc/linux/Documentation/ABI/testing/
H A Dsecurityfs-secrets-coco9 platforms (such as AMD SEV and SEV-ES) for secret injection by
15 secret appears as a file under <securityfs>/secrets/coco,
18 if the EFI secret area is populated.
21 Reading the file returns the content of secret entry.
22 Unlinking the file overwrites the secret data with zeroes and
23 removes the entry from the filesystem. A secret cannot be read
35 Reading the secret data by reading a file::
38 the-content-of-the-secret-data
40 Wiping a secret by unlinking a file::
51 the EFI secret area".
/openbmc/linux/Documentation/security/secrets/
H A Dcoco.rst7 This document describes how Confidential Computing secret injection is handled
18 secret injection is performed early in the VM launch process, before the
28 The guest firmware may reserve a designated memory area for secret injection,
35 During the VM's launch, the virtual machine manager may inject a secret to that
38 Guest Owner secret data should be a GUIDed table of secret values; the binary
40 "Structure of the EFI secret area".
42 On kernel start, the kernel's EFI driver saves the location of the secret area
44 Later it checks if the secret area is populated: it maps the area and checks
46 (``1e74f542-71dd-4d66-963e-ef4287ff173b``). If the secret area is populated,
56 provides the decryption key (= secret) using the secret injection mechanism.
[all …]
/openbmc/linux/drivers/virt/coco/efi_secret/
H A DKconfig3 tristate "EFI secret area securityfs support"
8 This is a driver for accessing the EFI secret area via securityfs.
9 The EFI secret area is a memory area designated by the firmware for
10 confidential computing secret injection (for example for AMD SEV
13 a file wipes the secret from memory).
/openbmc/qemu/docs/devel/
H A Dluks-detached-header.rst102 # qemu-img create --object secret,id=sec0,data=abc123 -f luks \
103 -o cipher-alg=aes-256,cipher-mode=xts -o key-secret=sec0 \
115 -object '{"qom-type":"secret","id":"libvirt-3-format-secret", \
126 "file":"libvirt-2-format","header":"libvirt-1-format","key-secret": \
127 "libvirt-3-format-secret"}' \
134 1. object-add the secret for decrypting the cipher stored in
138 "arguments":{"qom-type":"secret", "id": \
139 "libvirt-4-format-secret", "data":"abc123"}}'
171 "key-secret":"libvirt-2-format-secret"}}'
/openbmc/qemu/qapi/
H A Dcrypto.json28 # The data format that the secret is provided in
177 # @key-secret: the ID of a QCryptoSecret object providing the
184 'data': { '*key-secret': 'str' }}
191 # @key-secret: the ID of a QCryptoSecret object providing the
198 'data': { '*key-secret': 'str' }}
370 # @new-secret: The ID of a QCryptoSecret object providing the password
373 # @old-secret: Optional (for deactivation only) If given will
390 # @secret: Optional. The ID of a QCryptoSecret object providing the
392 # same secret that was used to open the image
398 '*new-secret': 'str',
[all …]

123456