Linux Audio

Check our new training course

Open Menu / security / apparmor / crypto.c
Loading...
v4.17
 
  1/*
  2 * AppArmor security module
  3 *
  4 * This file contains AppArmor policy loading interface function definitions.
  5 *
  6 * Copyright 2013 Canonical Ltd.
  7 *
  8 * This program is free software; you can redistribute it and/or
  9 * modify it under the terms of the GNU General Public License as
 10 * published by the Free Software Foundation, version 2 of the
 11 * License.
 12 *
 13 * Fns to provide a checksum of policy that has been loaded this can be
 14 * compared to userspace policy compiles to check loaded policy is what
 15 * it should be.
 16 */
 17
 18#include <crypto/hash.h>
 19
 20#include "include/apparmor.h"
 21#include "include/crypto.h"
 22
 23static unsigned int apparmor_hash_size;
 24
 25static struct crypto_shash *apparmor_tfm;
 26
 27unsigned int aa_hash_size(void)
 28{
 29	return apparmor_hash_size;
 30}
 31
 32char *aa_calc_hash(void *data, size_t len)
 33{
 34	SHASH_DESC_ON_STACK(desc, apparmor_tfm);
 35	char *hash = NULL;
 36	int error = -ENOMEM;
 37
 38	if (!apparmor_tfm)
 39		return NULL;
 40
 41	hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
 42	if (!hash)
 43		goto fail;
 44
 45	desc->tfm = apparmor_tfm;
 46	desc->flags = 0;
 47
 48	error = crypto_shash_init(desc);
 49	if (error)
 50		goto fail;
 51	error = crypto_shash_update(desc, (u8 *) data, len);
 52	if (error)
 53		goto fail;
 54	error = crypto_shash_final(desc, hash);
 55	if (error)
 56		goto fail;
 57
 58	return hash;
 59
 60fail:
 61	kfree(hash);
 62
 63	return ERR_PTR(error);
 64}
 65
 66int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
 67			 size_t len)
 68{
 69	SHASH_DESC_ON_STACK(desc, apparmor_tfm);
 70	int error = -ENOMEM;
 71	__le32 le32_version = cpu_to_le32(version);
 72
 73	if (!aa_g_hash_policy)
 74		return 0;
 75
 76	if (!apparmor_tfm)
 77		return 0;
 78
 79	profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
 80	if (!profile->hash)
 81		goto fail;
 82
 83	desc->tfm = apparmor_tfm;
 84	desc->flags = 0;
 85
 86	error = crypto_shash_init(desc);
 87	if (error)
 88		goto fail;
 89	error = crypto_shash_update(desc, (u8 *) &le32_version, 4);
 90	if (error)
 91		goto fail;
 92	error = crypto_shash_update(desc, (u8 *) start, len);
 93	if (error)
 94		goto fail;
 95	error = crypto_shash_final(desc, profile->hash);
 96	if (error)
 97		goto fail;
 98
 99	return 0;
100
101fail:
102	kfree(profile->hash);
103	profile->hash = NULL;
104
105	return error;
106}
107
108static int __init init_profile_hash(void)
109{
110	struct crypto_shash *tfm;
111
112	if (!apparmor_initialized)
113		return 0;
114
115	tfm = crypto_alloc_shash("sha1", 0, CRYPTO_ALG_ASYNC);
116	if (IS_ERR(tfm)) {
117		int error = PTR_ERR(tfm);
118		AA_ERROR("failed to setup profile sha1 hashing: %d\n", error);
119		return error;
120	}
121	apparmor_tfm = tfm;
122	apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm);
123
124	aa_info_message("AppArmor sha1 policy hashing enabled");
125
126	return 0;
127}
128
129late_initcall(init_profile_hash);
v5.9
  1// SPDX-License-Identifier: GPL-2.0-only
  2/*
  3 * AppArmor security module
  4 *
  5 * This file contains AppArmor policy loading interface function definitions.
  6 *
  7 * Copyright 2013 Canonical Ltd.
  8 *
 
 
 
 
 
  9 * Fns to provide a checksum of policy that has been loaded this can be
 10 * compared to userspace policy compiles to check loaded policy is what
 11 * it should be.
 12 */
 13
 14#include <crypto/hash.h>
 15
 16#include "include/apparmor.h"
 17#include "include/crypto.h"
 18
 19static unsigned int apparmor_hash_size;
 20
 21static struct crypto_shash *apparmor_tfm;
 22
 23unsigned int aa_hash_size(void)
 24{
 25	return apparmor_hash_size;
 26}
 27
 28char *aa_calc_hash(void *data, size_t len)
 29{
 30	SHASH_DESC_ON_STACK(desc, apparmor_tfm);
 31	char *hash = NULL;
 32	int error = -ENOMEM;
 33
 34	if (!apparmor_tfm)
 35		return NULL;
 36
 37	hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
 38	if (!hash)
 39		goto fail;
 40
 41	desc->tfm = apparmor_tfm;
 
 42
 43	error = crypto_shash_init(desc);
 44	if (error)
 45		goto fail;
 46	error = crypto_shash_update(desc, (u8 *) data, len);
 47	if (error)
 48		goto fail;
 49	error = crypto_shash_final(desc, hash);
 50	if (error)
 51		goto fail;
 52
 53	return hash;
 54
 55fail:
 56	kfree(hash);
 57
 58	return ERR_PTR(error);
 59}
 60
 61int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
 62			 size_t len)
 63{
 64	SHASH_DESC_ON_STACK(desc, apparmor_tfm);
 65	int error = -ENOMEM;
 66	__le32 le32_version = cpu_to_le32(version);
 67
 68	if (!aa_g_hash_policy)
 69		return 0;
 70
 71	if (!apparmor_tfm)
 72		return 0;
 73
 74	profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
 75	if (!profile->hash)
 76		goto fail;
 77
 78	desc->tfm = apparmor_tfm;
 
 79
 80	error = crypto_shash_init(desc);
 81	if (error)
 82		goto fail;
 83	error = crypto_shash_update(desc, (u8 *) &le32_version, 4);
 84	if (error)
 85		goto fail;
 86	error = crypto_shash_update(desc, (u8 *) start, len);
 87	if (error)
 88		goto fail;
 89	error = crypto_shash_final(desc, profile->hash);
 90	if (error)
 91		goto fail;
 92
 93	return 0;
 94
 95fail:
 96	kfree(profile->hash);
 97	profile->hash = NULL;
 98
 99	return error;
100}
101
102static int __init init_profile_hash(void)
103{
104	struct crypto_shash *tfm;
105
106	if (!apparmor_initialized)
107		return 0;
108
109	tfm = crypto_alloc_shash("sha1", 0, 0);
110	if (IS_ERR(tfm)) {
111		int error = PTR_ERR(tfm);
112		AA_ERROR("failed to setup profile sha1 hashing: %d\n", error);
113		return error;
114	}
115	apparmor_tfm = tfm;
116	apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm);
117
118	aa_info_message("AppArmor sha1 policy hashing enabled");
119
120	return 0;
121}
122
123late_initcall(init_profile_hash);