xref: /linux/security/apparmor/crypto.c (revision 10accd2e6890b57db8e717e9aee91b791f90fe14)
1 /*
2  * AppArmor security module
3  *
4  * This file contains AppArmor policy loading interface function definitions.
5  *
6  * Copyright 2013 Canonical Ltd.
7  *
8  * This program is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU General Public License as
10  * published by the Free Software Foundation, version 2 of the
11  * License.
12  *
13  * Fns to provide a checksum of policy that has been loaded this can be
14  * compared to userspace policy compiles to check loaded policy is what
15  * it should be.
16  */
17 
18 #include <crypto/hash.h>
19 
20 #include "include/apparmor.h"
21 #include "include/crypto.h"
22 
23 static unsigned int apparmor_hash_size;
24 
25 static struct crypto_shash *apparmor_tfm;
26 
27 unsigned int aa_hash_size(void)
28 {
29 	return apparmor_hash_size;
30 }
31 
32 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
33 			 size_t len)
34 {
35 	struct {
36 		struct shash_desc shash;
37 		char ctx[crypto_shash_descsize(apparmor_tfm)];
38 	} desc;
39 	int error = -ENOMEM;
40 	u32 le32_version = cpu_to_le32(version);
41 
42 	if (!aa_g_hash_policy)
43 		return 0;
44 
45 	if (!apparmor_tfm)
46 		return 0;
47 
48 	profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
49 	if (!profile->hash)
50 		goto fail;
51 
52 	desc.shash.tfm = apparmor_tfm;
53 	desc.shash.flags = 0;
54 
55 	error = crypto_shash_init(&desc.shash);
56 	if (error)
57 		goto fail;
58 	error = crypto_shash_update(&desc.shash, (u8 *) &le32_version, 4);
59 	if (error)
60 		goto fail;
61 	error = crypto_shash_update(&desc.shash, (u8 *) start, len);
62 	if (error)
63 		goto fail;
64 	error = crypto_shash_final(&desc.shash, profile->hash);
65 	if (error)
66 		goto fail;
67 
68 	return 0;
69 
70 fail:
71 	kfree(profile->hash);
72 	profile->hash = NULL;
73 
74 	return error;
75 }
76 
77 static int __init init_profile_hash(void)
78 {
79 	struct crypto_shash *tfm;
80 
81 	if (!apparmor_initialized)
82 		return 0;
83 
84 	tfm = crypto_alloc_shash("sha1", 0, CRYPTO_ALG_ASYNC);
85 	if (IS_ERR(tfm)) {
86 		int error = PTR_ERR(tfm);
87 		AA_ERROR("failed to setup profile sha1 hashing: %d\n", error);
88 		return error;
89 	}
90 	apparmor_tfm = tfm;
91 	apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm);
92 
93 	aa_info_message("AppArmor sha1 policy hashing enabled");
94 
95 	return 0;
96 }
97 
98 late_initcall(init_profile_hash);
99