linux/security/apparmor/crypto.c
<<
>>
Prefs 
   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 * AppArmor security module
   4 *
   5 * This file contains AppArmor policy loading interface function definitions.
   6 *
   7 * Copyright 2013 Canonical Ltd.
   8 *
   9 * Fns to provide a checksum of policy that has been loaded this can be
  10 * compared to userspace policy compiles to check loaded policy is what
  11 * it should be.
  12 */
  13
  14#include <crypto/hash.h>
  15
  16#include "include/apparmor.h"
  17#include "include/crypto.h"
  18
  19static unsigned int apparmor_hash_size;
  20
  21static struct crypto_shash *apparmor_tfm;
  22
  23unsigned int aa_hash_size(void)
  24{
  25        return apparmor_hash_size;
  26}
  27
  28char *aa_calc_hash(void *data, size_t len)
  29{
  30        SHASH_DESC_ON_STACK(desc, apparmor_tfm);
  31        char *hash = NULL;
  32        int error = -ENOMEM;
  33
  34        if (!apparmor_tfm)
  35                return NULL;
  36
  37        hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
  38        if (!hash)
  39                goto fail;
  40
  41        desc->tfm = apparmor_tfm;
  42
  43        error = crypto_shash_init(desc);
  44        if (error)
  45                goto fail;
  46        error = crypto_shash_update(desc, (u8 *) data, len);
  47        if (error)
  48                goto fail;
  49        error = crypto_shash_final(desc, hash);
  50        if (error)
  51                goto fail;
  52
  53        return hash;
  54
  55fail:
  56        kfree(hash);
  57
  58        return ERR_PTR(error);
  59}
  60
  61int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
  62                         size_t len)
  63{
  64        SHASH_DESC_ON_STACK(desc, apparmor_tfm);
  65        int error = -ENOMEM;
  66        __le32 le32_version = cpu_to_le32(version);
  67
  68        if (!aa_g_hash_policy)
  69                return 0;
  70
  71        if (!apparmor_tfm)
  72                return 0;
  73
  74        profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
  75        if (!profile->hash)
  76                goto fail;
  77
  78        desc->tfm = apparmor_tfm;
  79
  80        error = crypto_shash_init(desc);
  81        if (error)
  82                goto fail;
  83        error = crypto_shash_update(desc, (u8 *) &le32_version, 4);
  84        if (error)
  85                goto fail;
  86        error = crypto_shash_update(desc, (u8 *) start, len);
  87        if (error)
  88                goto fail;
  89        error = crypto_shash_final(desc, profile->hash);
  90        if (error)
  91                goto fail;
  92
  93        return 0;
  94
  95fail:
  96        kfree(profile->hash);
  97        profile->hash = NULL;
  98
  99        return error;
 100}
 101
 102static int __init init_profile_hash(void)
 103{
 104        struct crypto_shash *tfm;
 105
 106        if (!apparmor_initialized)
 107                return 0;
 108
 109        tfm = crypto_alloc_shash("sha1", 0, 0);
 110        if (IS_ERR(tfm)) {
 111                int error = PTR_ERR(tfm);
 112                AA_ERROR("failed to setup profile sha1 hashing: %d\n", error);
 113                return error;
 114        }
 115        apparmor_tfm = tfm;
 116        apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm);
 117
 118        aa_info_message("AppArmor sha1 policy hashing enabled");
 119
 120        return 0;
 121}
 122
 123late_initcall(init_profile_hash);
 124
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.