Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€

Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€ - Ð ÐµÐ´Ð°ÐºÑ‚Ð¸Ñ€Ð¾Ð²Ð°Ñ‚ÑŒ - /var/www/html/keys.zip

ÐÐ°Ð·Ð°Ð´
PK��!�=Z��g��g��encrypted-keys/Makefilenu��[��# SPDX-License-Identifier: GPL-2.0 # # Makefile for encrypted keys # obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys.o encrypted-keys-y := encrypted.o ecryptfs_format.o masterkey-$(CONFIG_TRUSTED_KEYS) := masterkey_trusted.o masterkey-$(CONFIG_TRUSTED_KEYS)-$(CONFIG_ENCRYPTED_KEYS) := masterkey_trusted.o encrypted-keys-y += $(masterkey-y) $(masterkey-m-m) PK��!��j��Kconfignu��[��# SPDX-License-Identifier: GPL-2.0-only # # Key management configuration # config KEYS bool "Enable access key retention support" select ASSOCIATIVE_ARRAY help This option provides support for retaining authentication tokens and access keys in the kernel. It also includes provision of methods by which such keys might be associated with a process so that network filesystems, encryption support and the like can find them. Furthermore, a special type of key is available that acts as keyring: a searchable sequence of keys. Each process is equipped with access to five standard keyrings: UID-specific, GID-specific, session, process and thread. If you are unsure as to whether this is required, answer N. config KEYS_REQUEST_CACHE bool "Enable temporary caching of the last request_key() result" depends on KEYS help This option causes the result of the last successful request_key() call that didn't upcall to the kernel to be cached temporarily in the task_struct. The cache is cleared by exit and just prior to the resumption of userspace. This allows the key used for multiple step processes where each step wants to request a key that is likely the same as the one requested by the last step to save on the searching. An example of such a process is a pathwalk through a network filesystem in which each method needs to request an authentication key. Pathwalk will call multiple methods for each dentry traversed (permission, d_revalidate, lookup, getxattr, getacl, ...). config PERSISTENT_KEYRINGS bool "Enable register of persistent per-UID keyrings" depends on KEYS help This option provides a register of persistent per-UID keyrings, primarily aimed at Kerberos key storage. The keyrings are persistent in the sense that they stay around after all processes of that UID have exited, not that they survive the machine being rebooted. A particular keyring may be accessed by either the user whose keyring it is or by a process with administrative privileges. The active LSMs gets to rule on which admin-level processes get to access the cache. Keyrings are created and added into the register upon demand and get removed if they expire (a default timeout is set upon creation). config BIG_KEYS bool "Large payload keys" depends on KEYS depends on TMPFS depends on CRYPTO_LIB_CHACHA20POLY1305 = y help This option provides support for holding large keys within the kernel (for example Kerberos ticket caches). The data may be stored out to swapspace by tmpfs. If you are unsure as to whether this is required, answer N. config TRUSTED_KEYS tristate "TRUSTED KEYS" depends on KEYS && TCG_TPM select CRYPTO select CRYPTO_HMAC select CRYPTO_SHA1 select CRYPTO_HASH_INFO select ASN1_ENCODER select OID_REGISTRY select ASN1 help This option provides support for creating, sealing, and unsealing keys in the kernel. Trusted keys are random number symmetric keys, generated and RSA-sealed by the TPM. The TPM only unseals the keys, if the boot PCRs and other criteria match. Userspace will only ever see encrypted blobs. If you are unsure as to whether this is required, answer N. config ENCRYPTED_KEYS tristate "ENCRYPTED KEYS" depends on KEYS select CRYPTO select CRYPTO_HMAC select CRYPTO_AES select CRYPTO_CBC select CRYPTO_SHA256 select CRYPTO_RNG help This option provides support for create/encrypting/decrypting keys in the kernel. Encrypted keys are kernel generated random numbers, which are encrypted/decrypted with a 'master' symmetric key. The 'master' key can be either a trusted-key or user-key type. Userspace only ever sees/stores encrypted blobs. If you are unsure as to whether this is required, answer N. config KEY_DH_OPERATIONS bool "Diffie-Hellman operations on retained keys" depends on KEYS select CRYPTO select CRYPTO_HASH select CRYPTO_DH help This option provides support for calculating Diffie-Hellman public keys and shared secrets using values stored as keys in the kernel. If you are unsure as to whether this is required, answer N. config KEY_NOTIFICATIONS bool "Provide key/keyring change notifications" depends on KEYS && WATCH_QUEUE help This option provides support for getting change notifications on keys and keyrings on which the caller has View permission. This makes use of pipes to handle the notification buffer and provides KEYCTL_WATCH_KEY to enable/disable watches. PK��!��Iȥ��Makefilenu��[��# SPDX-License-Identifier: GPL-2.0 # # Makefile for key management # # # Core # obj-y := \ gc.o \ key.o \ keyring.o \ keyctl.o \ permission.o \ process_keys.o \ request_key.o \ request_key_auth.o \ user_defined.o compat-obj-$(CONFIG_KEY_DH_OPERATIONS) += compat_dh.o obj-$(CONFIG_COMPAT) += compat.o $(compat-obj-y) obj-$(CONFIG_PROC_FS) += proc.o obj-$(CONFIG_SYSCTL) += sysctl.o obj-$(CONFIG_PERSISTENT_KEYRINGS) += persistent.o obj-$(CONFIG_KEY_DH_OPERATIONS) += dh.o obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += keyctl_pkey.o # # Key types # obj-$(CONFIG_BIG_KEYS) += big_key.o obj-$(CONFIG_TRUSTED_KEYS) += trusted-keys/ obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/ PK��!�]��i2��2��trusted-keys/Makefilenu��[��# SPDX-License-Identifier: GPL-2.0 # # Makefile for trusted keys # obj-$(CONFIG_TRUSTED_KEYS) += trusted.o trusted-y += trusted_core.o trusted-y += trusted_tpm1.o $(obj)/trusted_tpm2.o: $(obj)/tpm2key.asn1.h trusted-y += trusted_tpm2.o trusted-y += tpm2key.asn1.o trusted-$(CONFIG_TEE) += trusted_tee.o PK��!�.Cz9^��^��encrypted-type.hnu��[��/* SPDX-License-Identifier: GPL-2.0-only / / * Copyright (C) 2010 IBM Corporation * Copyright (C) 2010 Politecnico di Torino, Italy * TORSEC group -- https://security.polito.it * * Authors: * Mimi Zohar <zohar@us.ibm.com> * Roberto Sassu <roberto.sassu@polito.it> / #ifndef _KEYS_ENCRYPTED_TYPE_H #define _KEYS_ENCRYPTED_TYPE_H #include <linux/key.h> #include <linux/rcupdate.h> struct encrypted_key_payload { struct rcu_head rcu; char format; /* datablob: format / char master_desc; /* datablob: master key name / char datalen; /* datablob: decrypted key length / u8 iv; /* datablob: iv / u8 encrypted_data; /* datablob: encrypted data / unsigned short datablob_len; / length of datablob / unsigned short decrypted_datalen; / decrypted data length / unsigned short payload_datalen; / payload data length / unsigned short encrypted_key_format; / encrypted key format / u8 decrypted_data; /* decrypted data / u8 payload_data[]; / payload data + datablob + hmac / }; extern struct key_type key_type_encrypted; #endif / _KEYS_ENCRYPTED_TYPE_H / PK��!�=��asymmetric-parser.hnu��[��/ SPDX-License-Identifier: GPL-2.0-or-later / / Asymmetric public-key cryptography data parser * * See Documentation/crypto/asymmetric-keys.rst * * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) / #ifndef _KEYS_ASYMMETRIC_PARSER_H #define _KEYS_ASYMMETRIC_PARSER_H / * Key data parser. Called during key instantiation. / struct asymmetric_key_parser { struct list_head link; struct module owner; const char name; / Attempt to parse a key from the data blob passed to add_key() or * keyctl_instantiate(). Should also generate a proposed description * that the caller can optionally use for the key. * * Return EBADMSG if not recognised. / int (parse)(struct key_preparsed_payload prep); }; extern int register_asymmetric_key_parser(struct asymmetric_key_parser ); extern void unregister_asymmetric_key_parser(struct asymmetric_key_parser ); #endif / _KEYS_ASYMMETRIC_PARSER_H / PK��!��VN��request_key_auth-type.hnu��[��/ SPDX-License-Identifier: GPL-2.0-or-later / / request_key authorisation token key type * * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) / #ifndef _KEYS_REQUEST_KEY_AUTH_TYPE_H #define _KEYS_REQUEST_KEY_AUTH_TYPE_H #include <linux/key.h> / * Authorisation record for request_key(). / struct request_key_auth { struct rcu_head rcu; struct key target_key; struct key dest_keyring; const struct cred cred; void callout_info; size_t callout_len; pid_t pid; char op[8]; } __randomize_layout; static inline struct request_key_auth get_request_key_auth(const struct key key) { return key->payload.data[0]; } #endif / _KEYS_REQUEST_KEY_AUTH_TYPE_H / PK��!�{D��ceph-type.hnu��[��/ SPDX-License-Identifier: GPL-2.0 / #ifndef _KEYS_CEPH_TYPE_H #define _KEYS_CEPH_TYPE_H #include <linux/key.h> extern struct key_type key_type_ceph; #endif PK��!�<�A Q��Q��keyring-type.hnu��[��/ SPDX-License-Identifier: GPL-2.0-or-later / / Keyring key type * * Copyright (C) 2008, 2013 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) / #ifndef _KEYS_KEYRING_TYPE_H #define _KEYS_KEYRING_TYPE_H #include <linux/key.h> #include <linux/assoc_array.h> #endif / _KEYS_KEYRING_TYPE_H / PK��!��'ɻ� �� system_keyring.hnu��[��/ SPDX-License-Identifier: GPL-2.0-or-later / / System keyring containing trusted public keys. * * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) / #ifndef _KEYS_SYSTEM_KEYRING_H #define _KEYS_SYSTEM_KEYRING_H #include <linux/key.h> #ifdef CONFIG_SYSTEM_TRUSTED_KEYRING extern int restrict_link_by_builtin_trusted(struct key keyring, const struct key_type type, const union key_payload payload, struct key restriction_key); extern __init int load_module_cert(struct key keyring); #else #define restrict_link_by_builtin_trusted restrict_link_reject static inline __init int load_module_cert(struct key keyring) { return 0; } #endif #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING extern int restrict_link_by_builtin_and_secondary_trusted( struct key keyring, const struct key_type type, const union key_payload payload, struct key restriction_key); #else #define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted #endif extern struct pkcs7_message pkcs7; #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING extern int mark_hash_blacklisted(const char hash); extern int is_hash_blacklisted(const u8 hash, size_t hash_len, const char type); extern int is_binary_blacklisted(const u8 hash, size_t hash_len); #else static inline int is_hash_blacklisted(const u8 hash, size_t hash_len, const char type) { return 0; } static inline int is_binary_blacklisted(const u8 hash, size_t hash_len) { return 0; } #endif #ifdef CONFIG_SYSTEM_REVOCATION_LIST extern int add_key_to_revocation_list(const char data, size_t size); extern int is_key_on_revocation_list(struct pkcs7_message pkcs7); #else static inline int add_key_to_revocation_list(const char data, size_t size) { return 0; } static inline int is_key_on_revocation_list(struct pkcs7_message pkcs7) { return -ENOKEY; } #endif #ifdef CONFIG_IMA_BLACKLIST_KEYRING extern struct key ima_blacklist_keyring; static inline struct key get_ima_blacklist_keyring(void) { return ima_blacklist_keyring; } #else static inline struct key get_ima_blacklist_keyring(void) { return NULL; } #endif /* CONFIG_IMA_BLACKLIST_KEYRING / #if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \ defined(CONFIG_SYSTEM_TRUSTED_KEYRING) extern void __init set_platform_trusted_keys(struct key keyring); #else static inline void set_platform_trusted_keys(struct key keyring) { } #endif #endif / _KEYS_SYSTEM_KEYRING_H / PK��!�K-l�� trusted_tee.hnu��[��/ SPDX-License-Identifier: GPL-2.0 / / * Copyright (C) 2019-2021 Linaro Ltd. * * Author: * Sumit Garg <sumit.garg@linaro.org> / #ifndef __TEE_TRUSTED_KEY_H #define __TEE_TRUSTED_KEY_H #include <keys/trusted-type.h> extern struct trusted_key_ops trusted_key_tee_ops; #endif PK��!��W��user-type.hnu��[��/ SPDX-License-Identifier: GPL-2.0-or-later / / user-type.h: User-defined key type * * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) / #ifndef _KEYS_USER_TYPE_H #define _KEYS_USER_TYPE_H #include <linux/key.h> #include <linux/rcupdate.h> #ifdef CONFIG_KEYS /***************************************************************************/ / * the payload for a key of type "user" or "logon" * - once filled in and attached to a key: * - the payload struct is invariant may not be changed, only replaced * - the payload must be read with RCU procedures or with the key semaphore * held * - the payload may only be replaced with the key semaphore write-locked * - the key's data length is the size of the actual data, not including the * payload wrapper / struct user_key_payload { struct rcu_head rcu; / RCU destructor / unsigned short datalen; / length of this data / char data[] __aligned(__alignof__(u64)); / actual data / }; extern struct key_type key_type_user; extern struct key_type key_type_logon; struct key_preparsed_payload; extern int user_preparse(struct key_preparsed_payload prep); extern void user_free_preparse(struct key_preparsed_payload prep); extern int user_update(struct key key, struct key_preparsed_payload prep); extern void user_revoke(struct key key); extern void user_destroy(struct key key); extern void user_describe(const struct key user, struct seq_file m); extern long user_read(const struct key key, char buffer, size_t buflen); static inline const struct user_key_payload user_key_payload_rcu(const struct key key) { return (struct user_key_payload )dereference_key_rcu(key); } static inline struct user_key_payload user_key_payload_locked(const struct key key) { return (struct user_key_payload )dereference_key_locked((struct key )key); } #endif /* CONFIG_KEYS / #endif / _KEYS_USER_TYPE_H / PK��!��dns_resolver-type.hnu��[��/ SPDX-License-Identifier: GPL-2.0-or-later / / DNS resolver key type * * Copyright (C) 2010 Wang Lei. All Rights Reserved. * Written by Wang Lei (wang840925@gmail.com) / #ifndef _KEYS_DNS_RESOLVER_TYPE_H #define _KEYS_DNS_RESOLVER_TYPE_H #include <linux/key-type.h> extern struct key_type key_type_dns_resolver; extern int request_dns_resolver_key(const char description, const char callout_info, char data); #endif / _KEYS_DNS_RESOLVER_TYPE_H / PK��!�בN,��,��asymmetric-type.hnu��[��/ SPDX-License-Identifier: GPL-2.0-or-later / / Asymmetric Public-key cryptography key type interface * * See Documentation/crypto/asymmetric-keys.rst * * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) / #ifndef _KEYS_ASYMMETRIC_TYPE_H #define _KEYS_ASYMMETRIC_TYPE_H #include <linux/key-type.h> #include <linux/verification.h> extern struct key_type key_type_asymmetric; / * The key payload is four words. The asymmetric-type key uses them as * follows: / enum asymmetric_payload_bits { asym_crypto, / The data representing the key / asym_subtype, / Pointer to an asymmetric_key_subtype struct / asym_key_ids, / Pointer to an asymmetric_key_ids struct / asym_auth / The key's authorisation (signature, parent key ID) / }; / * Identifiers for an asymmetric key ID. We have three ways of looking up a * key derived from an X.509 certificate: * * (1) Serial Number & Issuer. Non-optional. This is the only valid way to * map a PKCS#7 signature to an X.509 certificate. * * (2) Issuer & Subject Unique IDs. Optional. These were the original way to * match X.509 certificates, but have fallen into disuse in favour of (3). * * (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on * CA keys that are intended to sign other keys, so don't appear in end * user certificates unless forced. * * We could also support an PGP key identifier, which is just a SHA1 sum of the * public key and certain parameters, but since we don't support PGP keys at * the moment, we shall ignore those. * * What we actually do is provide a place where binary identifiers can be * stashed and then compare against them when checking for an id match. / struct asymmetric_key_id { unsigned short len; unsigned char data[]; }; struct asymmetric_key_ids { void id[2]; }; extern bool asymmetric_key_id_same(const struct asymmetric_key_id kid1, const struct asymmetric_key_id kid2); extern bool asymmetric_key_id_partial(const struct asymmetric_key_id kid1, const struct asymmetric_key_id kid2); extern struct asymmetric_key_id asymmetric_key_generate_id(const void val_1, size_t len_1, const void val_2, size_t len_2); static inline const struct asymmetric_key_ids asymmetric_key_ids(const struct key key) { return key->payload.data[asym_key_ids]; } static inline const struct public_key asymmetric_key_public_key(const struct key key) { return key->payload.data[asym_crypto]; } extern struct key find_asymmetric_key(struct key keyring, const struct asymmetric_key_id id_0, const struct asymmetric_key_id id_1, bool partial); / * The payload is at the discretion of the subtype. / #endif / _KEYS_ASYMMETRIC_TYPE_H / PK��!��ޗ� �� trusted_tpm.hnu��[��/ SPDX-License-Identifier: GPL-2.0 / #ifndef __TRUSTED_TPM_H #define __TRUSTED_TPM_H #include <keys/trusted-type.h> #include <linux/tpm_command.h> / implementation specific TPM constants / #define MAX_BUF_SIZE 1024 #define TPM_GETRANDOM_SIZE 14 #define TPM_SIZE_OFFSET 2 #define TPM_RETURN_OFFSET 6 #define TPM_DATA_OFFSET 10 #define LOAD32(buffer, offset) (ntohl((uint32_t )&buffer[offset])) #define LOAD32N(buffer, offset) ((uint32_t )&buffer[offset]) #define LOAD16(buffer, offset) (ntohs((uint16_t )&buffer[offset])) extern struct trusted_key_ops trusted_key_tpm_ops; struct osapsess { uint32_t handle; unsigned char secret[SHA1_DIGEST_SIZE]; unsigned char enonce[TPM_NONCE_SIZE]; }; / discrete values, but have to store in uint16_t for TPM use / enum { SEAL_keytype = 1, SRK_keytype = 4 }; int TSS_authhmac(unsigned char digest, const unsigned char key, unsigned int keylen, unsigned char h1, unsigned char h2, unsigned int h3, ...); int TSS_checkhmac1(unsigned char buffer, const uint32_t command, const unsigned char ononce, const unsigned char key, unsigned int keylen, ...); int trusted_tpm_send(unsigned char cmd, size_t buflen); int oiap(struct tpm_buf tb, uint32_t handle, unsigned char nonce); int tpm2_seal_trusted(struct tpm_chip chip, struct trusted_key_payload payload, struct trusted_key_options options); int tpm2_unseal_trusted(struct tpm_chip chip, struct trusted_key_payload payload, struct trusted_key_options options); #define TPM_DEBUG 0 #if TPM_DEBUG static inline void dump_options(struct trusted_key_options o) { pr_info("sealing key type %d\n", o->keytype); pr_info("sealing key handle %0X\n", o->keyhandle); pr_info("pcrlock %d\n", o->pcrlock); pr_info("pcrinfo %d\n", o->pcrinfo_len); print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE, 16, 1, o->pcrinfo, o->pcrinfo_len, 0); } static inline void dump_sess(struct osapsess s) { print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE, 16, 1, &s->handle, 4, 0); pr_info("secret:\n"); print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, &s->secret, SHA1_DIGEST_SIZE, 0); pr_info("trusted-key: enonce:\n"); print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0); } static inline void dump_tpm_buf(unsigned char buf) { int len; pr_info("\ntpm buffer\n"); len = LOAD32(buf, TPM_SIZE_OFFSET); print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0); } #else static inline void dump_options(struct trusted_key_options o) { } static inline void dump_sess(struct osapsess s) { } static inline void dump_tpm_buf(unsigned char buf) { } #endif #endif PK��!�p�a@��asymmetric-subtype.hnu��[��/* SPDX-License-Identifier: GPL-2.0-or-later / / Asymmetric public-key cryptography key subtype * * See Documentation/crypto/asymmetric-keys.rst * * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) / #ifndef _KEYS_ASYMMETRIC_SUBTYPE_H #define _KEYS_ASYMMETRIC_SUBTYPE_H #include <linux/seq_file.h> #include <keys/asymmetric-type.h> struct kernel_pkey_query; struct kernel_pkey_params; struct public_key_signature; / * Keys of this type declare a subtype that indicates the handlers and * capabilities. / struct asymmetric_key_subtype { struct module owner; const char name; unsigned short name_len; / length of name / / Describe a key of this subtype for /proc/keys / void (describe)(const struct key key, struct seq_file m); /* Destroy a key of this subtype / void (destroy)(void payload_crypto, void payload_auth); int (query)(const struct kernel_pkey_params params, struct kernel_pkey_query info); / Encrypt/decrypt/sign data / int (eds_op)(struct kernel_pkey_params params, const void in, void out); / Verify the signature on a key of this subtype (optional) / int (verify_signature)(const struct key key, const struct public_key_signature sig); }; /** * asymmetric_key_subtype - Get the subtype from an asymmetric key * @key: The key of interest. * * Retrieves and returns the subtype pointer of the asymmetric key from the * type-specific data attached to the key. / static inline struct asymmetric_key_subtype asymmetric_key_subtype(const struct key key) { return key->payload.data[asym_subtype]; } #endif / _KEYS_ASYMMETRIC_SUBTYPE_H / PK��!�TבZ0��0��big_key-type.hnu��[��/ SPDX-License-Identifier: GPL-2.0-or-later / / Big capacity key type. * * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) / #ifndef _KEYS_BIG_KEY_TYPE_H #define _KEYS_BIG_KEY_TYPE_H #include <linux/key-type.h> extern struct key_type key_type_big_key; extern int big_key_preparse(struct key_preparsed_payload prep); extern void big_key_free_preparse(struct key_preparsed_payload prep); extern void big_key_revoke(struct key key); extern void big_key_destroy(struct key key); extern void big_key_describe(const struct key big_key, struct seq_file m); extern long big_key_read(const struct key key, char buffer, size_t buflen); extern int big_key_update(struct key key, struct key_preparsed_payload prep); #endif / _KEYS_BIG_KEY_TYPE_H / PK��!�<i�h_ ��_ ��rxrpc-type.hnu��[��/ SPDX-License-Identifier: GPL-2.0-or-later / / RxRPC key type * * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) / #ifndef _KEYS_RXRPC_TYPE_H #define _KEYS_RXRPC_TYPE_H #include <linux/key.h> / * key type for AF_RXRPC keys / extern struct key_type key_type_rxrpc; extern struct key rxrpc_get_null_key(const char ); / * RxRPC key for Kerberos IV (type-2 security) / struct rxkad_key { u32 vice_id; u32 start; / time at which ticket starts / u32 expiry; / time at which ticket expires / u32 kvno; / key version number / u8 primary_flag; / T if key for primary cell for this user / u16 ticket_len; / length of ticket[] / u8 session_key[8]; / DES session key / u8 ticket[]; / the encrypted ticket / }; / * list of tokens attached to an rxrpc key / struct rxrpc_key_token { u16 security_index; / RxRPC header security index / bool no_leak_key; / Don't copy the key to userspace / struct rxrpc_key_token next; /* the next token in the list / union { struct rxkad_key kad; }; }; /* * structure of raw payloads passed to add_key() or instantiate key / struct rxrpc_key_data_v1 { u16 security_index; u16 ticket_length; u32 expiry; / time_t / u32 kvno; u8 session_key[8]; u8 ticket[]; }; / * AF_RXRPC key payload derived from XDR format * - based on openafs-1.4.10/src/auth/afs_token.xg / #define AFSTOKEN_LENGTH_MAX 16384 / max payload size / #define AFSTOKEN_STRING_MAX 256 / max small string length / #define AFSTOKEN_DATA_MAX 64 / max small data length / #define AFSTOKEN_CELL_MAX 64 / max cellname length / #define AFSTOKEN_MAX 8 / max tokens per payload / #define AFSTOKEN_BDATALN_MAX 16384 / max big data length / #define AFSTOKEN_RK_TIX_MAX 12000 / max RxKAD ticket size / #define AFSTOKEN_GK_KEY_MAX 64 / max GSSAPI key size / #define AFSTOKEN_GK_TOKEN_MAX 16384 / max GSSAPI token size / / * Truncate a time64_t to the range from 1970 to 2106 as in the network * protocol. / static inline u32 rxrpc_time64_to_u32(time64_t time) { if (time < 0) return 0; if (time > UINT_MAX) return UINT_MAX; return (u32)time; } / * Extend u32 back to time64_t using the same 1970-2106 range. / static inline time64_t rxrpc_u32_to_time64(u32 time) { return (time64_t)time; } #endif / _KEYS_RXRPC_TYPE_H / PK��!�ʟo��trusted-type.hnu��[��/ SPDX-License-Identifier: GPL-2.0-only / / * Copyright (C) 2010 IBM Corporation * Author: David Safford <safford@us.ibm.com> / #ifndef _KEYS_TRUSTED_TYPE_H #define _KEYS_TRUSTED_TYPE_H #include <linux/key.h> #include <linux/rcupdate.h> #include <linux/tpm.h> #ifdef pr_fmt #undef pr_fmt #endif #define pr_fmt(fmt) "trusted_key: " fmt #define MIN_KEY_SIZE 32 #define MAX_KEY_SIZE 128 #define MAX_BLOB_SIZE 512 #define MAX_PCRINFO_SIZE 64 #define MAX_DIGEST_SIZE 64 struct trusted_key_payload { struct rcu_head rcu; unsigned int key_len; unsigned int blob_len; unsigned char migratable; unsigned char old_format; unsigned char key[MAX_KEY_SIZE + 1]; unsigned char blob[MAX_BLOB_SIZE]; }; struct trusted_key_options { uint16_t keytype; uint32_t keyhandle; unsigned char keyauth[TPM_DIGEST_SIZE]; uint32_t blobauth_len; unsigned char blobauth[TPM_DIGEST_SIZE]; uint32_t pcrinfo_len; unsigned char pcrinfo[MAX_PCRINFO_SIZE]; int pcrlock; uint32_t hash; uint32_t policydigest_len; unsigned char policydigest[MAX_DIGEST_SIZE]; uint32_t policyhandle; }; struct trusted_key_ops { / * flag to indicate if trusted key implementation supports migration * or not. / unsigned char migratable; / Initialize key interface. / int (init)(void); /* Seal a key. / int (seal)(struct trusted_key_payload p, char datablob); /* Unseal a key. / int (unseal)(struct trusted_key_payload p, char datablob); /* Optional: Get a randomized key. / int (get_random)(unsigned char key, size_t key_len); / Exit key interface. / void (exit)(void); }; struct trusted_key_source { char name; struct trusted_key_ops ops; }; extern struct key_type key_type_trusted; #define TRUSTED_DEBUG 0 #if TRUSTED_DEBUG static inline void dump_payload(struct trusted_key_payload p) { pr_info("key_len %d\n", p->key_len); print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE, 16, 1, p->key, p->key_len, 0); pr_info("bloblen %d\n", p->blob_len); print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE, 16, 1, p->blob, p->blob_len, 0); pr_info("migratable %d\n", p->migratable); } #else static inline void dump_payload(struct trusted_key_payload p) { } #endif #endif /* _KEYS_TRUSTED_TYPE_H */ PK��!�=Z��g��g��encrypted-keys/Makefilenu��[��PK��!��j��Kconfignu��[��PK��!��Iȥ��Makefilenu��[��PK��!�]��i2��2��trusted-keys/Makefilenu��[��PK��!�.Cz9^��^��encrypted-type.hnu��[��PK��!�=��asymmetric-parser.hnu��[��PK��!��VN�� request_key_auth-type.hnu��[��PK��!�{D��$��ceph-type.hnu��[��PK��!�<�A Q��Q��$��keyring-type.hnu��[��PK��!��'ɻ� �� o&��system_keyring.hnu��[��PK��!�K-l�� \|0��trusted_tee.hnu��[��PK��!��W��1��user-type.hnu��[��PK��!��9��dns_resolver-type.hnu��[��PK��!�בN,��,��;��asymmetric-type.hnu��[��PK��!��ޗ� �� KG��trusted_tpm.hnu��[��PK��!�p�a@��AR��asymmetric-subtype.hnu��[��PK��!�TבZ0��0��%Y��big_key-type.hnu��[��PK��!�<i�h_ ��_ ��\��rxrpc-type.hnu��[��PK��!�ʟo��.f��trusted-type.hnu��[��PK��:o��

| ver. 1.1 | | . | PHP 8.4.22 | Ð“ÐµÐ½ÐµÑ€Ð°Ñ†Ð¸Ñ ÑÑ‚Ñ€Ð°Ð½Ð¸Ñ†Ñ‹: 0 | proxy | phpinfo | ÐÐ°ÑÑ‚Ñ€Ð¾Ð¹ÐºÐ°