Merge tag 'hwlock-v5.3' of git://github.com/andersson/remoteproc
[platform/kernel/linux-starfive.git] / security / apparmor / crypto.c
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * AppArmor security module
4  *
5  * This file contains AppArmor policy loading interface function definitions.
6  *
7  * Copyright 2013 Canonical Ltd.
8  *
9  * Fns to provide a checksum of policy that has been loaded this can be
10  * compared to userspace policy compiles to check loaded policy is what
11  * it should be.
12  */
13
14 #include <crypto/hash.h>
15
16 #include "include/apparmor.h"
17 #include "include/crypto.h"
18
19 static unsigned int apparmor_hash_size;
20
21 static struct crypto_shash *apparmor_tfm;
22
23 unsigned int aa_hash_size(void)
24 {
25         return apparmor_hash_size;
26 }
27
28 char *aa_calc_hash(void *data, size_t len)
29 {
30         SHASH_DESC_ON_STACK(desc, apparmor_tfm);
31         char *hash = NULL;
32         int error = -ENOMEM;
33
34         if (!apparmor_tfm)
35                 return NULL;
36
37         hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
38         if (!hash)
39                 goto fail;
40
41         desc->tfm = apparmor_tfm;
42
43         error = crypto_shash_init(desc);
44         if (error)
45                 goto fail;
46         error = crypto_shash_update(desc, (u8 *) data, len);
47         if (error)
48                 goto fail;
49         error = crypto_shash_final(desc, hash);
50         if (error)
51                 goto fail;
52
53         return hash;
54
55 fail:
56         kfree(hash);
57
58         return ERR_PTR(error);
59 }
60
61 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
62                          size_t len)
63 {
64         SHASH_DESC_ON_STACK(desc, apparmor_tfm);
65         int error = -ENOMEM;
66         __le32 le32_version = cpu_to_le32(version);
67
68         if (!aa_g_hash_policy)
69                 return 0;
70
71         if (!apparmor_tfm)
72                 return 0;
73
74         profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
75         if (!profile->hash)
76                 goto fail;
77
78         desc->tfm = apparmor_tfm;
79
80         error = crypto_shash_init(desc);
81         if (error)
82                 goto fail;
83         error = crypto_shash_update(desc, (u8 *) &le32_version, 4);
84         if (error)
85                 goto fail;
86         error = crypto_shash_update(desc, (u8 *) start, len);
87         if (error)
88                 goto fail;
89         error = crypto_shash_final(desc, profile->hash);
90         if (error)
91                 goto fail;
92
93         return 0;
94
95 fail:
96         kfree(profile->hash);
97         profile->hash = NULL;
98
99         return error;
100 }
101
102 static int __init init_profile_hash(void)
103 {
104         struct crypto_shash *tfm;
105
106         if (!apparmor_initialized)
107                 return 0;
108
109         tfm = crypto_alloc_shash("sha1", 0, 0);
110         if (IS_ERR(tfm)) {
111                 int error = PTR_ERR(tfm);
112                 AA_ERROR("failed to setup profile sha1 hashing: %d\n", error);
113                 return error;
114         }
115         apparmor_tfm = tfm;
116         apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm);
117
118         aa_info_message("AppArmor sha1 policy hashing enabled");
119
120         return 0;
121 }
122
123 late_initcall(init_profile_hash);