security/apparmor/crypto.c - linux - Git at Google

 // SPDX-License-Identifier: GPL-2.0-only
 /*
  * AppArmor security module
  *
  * This file contains AppArmor policy loading interface function definitions.
  *
  * Copyright 2013 Canonical Ltd.
  *
  * Fns to provide a checksum of policy that has been loaded this can be
  * compared to userspace policy compiles to check loaded policy is what
  * it should be.
  */

 #include <crypto/hash.h>

 #include "include/apparmor.h"
 #include "include/crypto.h"

 static unsigned int apparmor_hash_size;

 static struct crypto_shash *apparmor_tfm;

 unsigned int aa_hash_size(void)
 {
 	return apparmor_hash_size;
 }

 char *aa_calc_hash(void *data, size_t len)
 {
 	SHASH_DESC_ON_STACK(desc, apparmor_tfm);
 	char *hash;
 	int error;

 	if (!apparmor_tfm)
 		return NULL;

 	hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
 	if (!hash)
 		return ERR_PTR(-ENOMEM);

 	desc->tfm = apparmor_tfm;

 	error = crypto_shash_init(desc);
 	if (error)
 		goto fail;
 	error = crypto_shash_update(desc, (u8 *) data, len);
 	if (error)
 		goto fail;
 	error = crypto_shash_final(desc, hash);
 	if (error)
 		goto fail;

 	return hash;

 fail:
 	kfree(hash);

 	return ERR_PTR(error);
 }

 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
 			 size_t len)
 {
 	SHASH_DESC_ON_STACK(desc, apparmor_tfm);
 	int error;
 	__le32 le32_version = cpu_to_le32(version);

 	if (!aa_g_hash_policy)
 		return 0;

 	if (!apparmor_tfm)
 		return 0;

 	profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
 	if (!profile->hash)
 		return -ENOMEM;

 	desc->tfm = apparmor_tfm;

 	error = crypto_shash_init(desc);
 	if (error)
 		goto fail;
 	error = crypto_shash_update(desc, (u8 *) &le32_version, 4);
 	if (error)
 		goto fail;
 	error = crypto_shash_update(desc, (u8 *) start, len);
 	if (error)
 		goto fail;
 	error = crypto_shash_final(desc, profile->hash);
 	if (error)
 		goto fail;

 	return 0;

 fail:
 	kfree(profile->hash);
 	profile->hash = NULL;

 	return error;
 }

 static int __init init_profile_hash(void)
 {
 	struct crypto_shash *tfm;

 	if (!apparmor_initialized)
 		return 0;

 	tfm = crypto_alloc_shash("sha256", 0, 0);
 	if (IS_ERR(tfm)) {
 		int error = PTR_ERR(tfm);
 		AA_ERROR("failed to setup profile sha256 hashing: %d\n", error);
 		return error;
 	}
 	apparmor_tfm = tfm;
 	apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm);

 	aa_info_message("AppArmor sha256 policy hashing enabled");

 	return 0;
 }

 late_initcall(init_profile_hash);
	// SPDX-License-Identifier: GPL-2.0-only
	/*
	* AppArmor security module
	*
	* This file contains AppArmor policy loading interface function definitions.
	*
	* Copyright 2013 Canonical Ltd.
	*
	* Fns to provide a checksum of policy that has been loaded this can be
	* compared to userspace policy compiles to check loaded policy is what
	* it should be.
	*/

	#include <crypto/hash.h>

	#include "include/apparmor.h"
	#include "include/crypto.h"

	static unsigned int apparmor_hash_size;

	static struct crypto_shash *apparmor_tfm;

	unsigned int aa_hash_size(void)
	{
	return apparmor_hash_size;
	}

	char aa_calc_hash(void data, size_t len)
	{
	SHASH_DESC_ON_STACK(desc, apparmor_tfm);
	char *hash;
	int error;

	if (!apparmor_tfm)
	return NULL;

	hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
	if (!hash)
	return ERR_PTR(-ENOMEM);

	desc->tfm = apparmor_tfm;

	error = crypto_shash_init(desc);
	if (error)
	goto fail;
	error = crypto_shash_update(desc, (u8 *) data, len);
	if (error)
	goto fail;
	error = crypto_shash_final(desc, hash);
	if (error)
	goto fail;

	return hash;

	fail:
	kfree(hash);

	return ERR_PTR(error);
	}

	int aa_calc_profile_hash(struct aa_profile profile, u32 version, void start,
	size_t len)
	{
	SHASH_DESC_ON_STACK(desc, apparmor_tfm);
	int error;
	__le32 le32_version = cpu_to_le32(version);

	if (!aa_g_hash_policy)
	return 0;

	if (!apparmor_tfm)
	return 0;

	profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
	if (!profile->hash)
	return -ENOMEM;

	desc->tfm = apparmor_tfm;

	error = crypto_shash_init(desc);
	if (error)
	goto fail;
	error = crypto_shash_update(desc, (u8 *) &le32_version, 4);
	if (error)
	goto fail;
	error = crypto_shash_update(desc, (u8 *) start, len);
	if (error)
	goto fail;
	error = crypto_shash_final(desc, profile->hash);
	if (error)
	goto fail;

	return 0;

	fail:
	kfree(profile->hash);
	profile->hash = NULL;

	return error;
	}

	static int __init init_profile_hash(void)
	{
	struct crypto_shash *tfm;

	if (!apparmor_initialized)
	return 0;

	tfm = crypto_alloc_shash("sha256", 0, 0);
	if (IS_ERR(tfm)) {
	int error = PTR_ERR(tfm);
	AA_ERROR("failed to setup profile sha256 hashing: %d\n", error);
	return error;
	}
	apparmor_tfm = tfm;
	apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm);

	aa_info_message("AppArmor sha256 policy hashing enabled");

	return 0;
	}

	late_initcall(init_profile_hash);