]> git.proxmox.com Git - mirror_ubuntu-eoan-kernel.git/blob - security/apparmor/crypto.c
projects / mirror_ubuntu-eoan-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
UBUNTU: SAUCE: drm/i915: Disable PSR by default on all platforms
[mirror_ubuntu-eoan-kernel.git] / security / apparmor / crypto.c
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * AppArmor security module
4 *
5 * This file contains AppArmor policy loading interface function definitions.
6 *
7 * Copyright 2013 Canonical Ltd.
8 *
9 * Fns to provide a checksum of policy that has been loaded this can be
10 * compared to userspace policy compiles to check loaded policy is what
11 * it should be.
12 */
13
14 #include <crypto/hash.h>
15
16 #include "include/apparmor.h"
17 #include "include/crypto.h"
18
19 static unsigned int apparmor_hash_size;
20
21 static struct crypto_shash *apparmor_tfm;
22
23 unsigned int aa_hash_size(void)
24 {
25 return apparmor_hash_size;
26 }
27
28 void aa_snprint_hashstr(char *out, unsigned char *hash, unsigned int hsize)
29 {
30 unsigned int i;
31
32 for (i = 0; i < hsize; i++)
33 sprintf(out + i*2, "%.2x", hash[i]);
34 out[hsize*2] = 0;
35 }
36
37 char *aa_asprint_hashstr(unsigned char *hash, unsigned int hsize, gfp_t gfp)
38 {
39 char *buffer = kmalloc(hsize*2 + 1, gfp);
40 if (!buffer)
41 return NULL;
42 aa_snprint_hashstr(buffer, hash, hsize);
43
44 return buffer;
45 }
46
47 char *aa_calc_hash(void *data, size_t len)
48 {
49 SHASH_DESC_ON_STACK(desc, apparmor_tfm);
50 char *hash = NULL;
51 int error = -ENOMEM;
52
53 if (!apparmor_tfm)
54 return NULL;
55
56 hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
57 if (!hash)
58 goto fail;
59
60 desc->tfm = apparmor_tfm;
61
62 error = crypto_shash_init(desc);
63 if (error)
64 goto fail;
65 error = crypto_shash_update(desc, (u8 *) data, len);
66 if (error)
67 goto fail;
68 error = crypto_shash_final(desc, hash);
69 if (error)
70 goto fail;
71
72 return hash;
73
74 fail:
75 kfree(hash);
76
77 return ERR_PTR(error);
78 }
79
80 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
81 size_t len)
82 {
83 SHASH_DESC_ON_STACK(desc, apparmor_tfm);
84 int error = -ENOMEM;
85 __le32 le32_version = cpu_to_le32(version);
86
87 if (!aa_g_hash_policy)
88 return 0;
89
90 if (!apparmor_tfm)
91 return 0;
92
93 profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
94 if (!profile->hash)
95 goto fail;
96
97 desc->tfm = apparmor_tfm;
98
99 error = crypto_shash_init(desc);
100 if (error)
101 goto fail;
102 error = crypto_shash_update(desc, (u8 *) &le32_version, 4);
103 if (error)
104 goto fail;
105 error = crypto_shash_update(desc, (u8 *) start, len);
106 if (error)
107 goto fail;
108 error = crypto_shash_final(desc, profile->hash);
109 if (error)
110 goto fail;
111
112 return 0;
113
114 fail:
115 kfree(profile->hash);
116 profile->hash = NULL;
117
118 return error;
119 }
120
121 static int __init init_profile_hash(void)
122 {
123 struct crypto_shash *tfm;
124
125 if (!apparmor_initialized)
126 return 0;
127
128 tfm = crypto_alloc_shash("sha1", 0, 0);
129 if (IS_ERR(tfm)) {
130 int error = PTR_ERR(tfm);
131 AA_ERROR("failed to setup profile sha1 hashing: %d\n", error);
132 return error;
133 }
134 apparmor_tfm = tfm;
135 apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm);
136
137 aa_info_message("AppArmor sha1 policy hashing enabled");
138
139 return 0;
140 }
141
142 late_initcall(init_profile_hash);
Ubuntu Eoan Linux kernel mirror