cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

crypto.c (2387B)

      1// SPDX-License-Identifier: GPL-2.0-only
      2/*
      3 * AppArmor security module
      4 *
      5 * This file contains AppArmor policy loading interface function definitions.
      6 *
      7 * Copyright 2013 Canonical Ltd.
      8 *
      9 * Fns to provide a checksum of policy that has been loaded this can be
     10 * compared to userspace policy compiles to check loaded policy is what
     11 * it should be.
     12 */
     13
     14#include <crypto/hash.h>
     15
     16#include "include/apparmor.h"
     17#include "include/crypto.h"
     18
     19static unsigned int apparmor_hash_size;
     20
     21static struct crypto_shash *apparmor_tfm;
     22
     23unsigned int aa_hash_size(void)
     24{
     25	return apparmor_hash_size;
     26}
     27
     28char *aa_calc_hash(void *data, size_t len)
     29{
     30	SHASH_DESC_ON_STACK(desc, apparmor_tfm);
     31	char *hash = NULL;
     32	int error = -ENOMEM;
     33
     34	if (!apparmor_tfm)
     35		return NULL;
     36
     37	hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
     38	if (!hash)
     39		goto fail;
     40
     41	desc->tfm = apparmor_tfm;
     42
     43	error = crypto_shash_init(desc);
     44	if (error)
     45		goto fail;
     46	error = crypto_shash_update(desc, (u8 *) data, len);
     47	if (error)
     48		goto fail;
     49	error = crypto_shash_final(desc, hash);
     50	if (error)
     51		goto fail;
     52
     53	return hash;
     54
     55fail:
     56	kfree(hash);
     57
     58	return ERR_PTR(error);
     59}
     60
     61int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
     62			 size_t len)
     63{
     64	SHASH_DESC_ON_STACK(desc, apparmor_tfm);
     65	int error = -ENOMEM;
     66	__le32 le32_version = cpu_to_le32(version);
     67
     68	if (!aa_g_hash_policy)
     69		return 0;
     70
     71	if (!apparmor_tfm)
     72		return 0;
     73
     74	profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
     75	if (!profile->hash)
     76		goto fail;
     77
     78	desc->tfm = apparmor_tfm;
     79
     80	error = crypto_shash_init(desc);
     81	if (error)
     82		goto fail;
     83	error = crypto_shash_update(desc, (u8 *) &le32_version, 4);
     84	if (error)
     85		goto fail;
     86	error = crypto_shash_update(desc, (u8 *) start, len);
     87	if (error)
     88		goto fail;
     89	error = crypto_shash_final(desc, profile->hash);
     90	if (error)
     91		goto fail;
     92
     93	return 0;
     94
     95fail:
     96	kfree(profile->hash);
     97	profile->hash = NULL;
     98
     99	return error;
    100}
    101
    102static int __init init_profile_hash(void)
    103{
    104	struct crypto_shash *tfm;
    105
    106	if (!apparmor_initialized)
    107		return 0;
    108
    109	tfm = crypto_alloc_shash("sha1", 0, 0);
    110	if (IS_ERR(tfm)) {
    111		int error = PTR_ERR(tfm);
    112		AA_ERROR("failed to setup profile sha1 hashing: %d\n", error);
    113		return error;
    114	}
    115	apparmor_tfm = tfm;
    116	apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm);
    117
    118	aa_info_message("AppArmor sha1 policy hashing enabled");
    119
    120	return 0;
    121}
    122
    123late_initcall(init_profile_hash);