1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * AppArmor security module 4 * 5 * This file contains AppArmor policy loading interface function definitions. 6 * 7 * Copyright 2013 Canonical Ltd. 8 * 9 * Fns to provide a checksum of policy that has been loaded this can be 10 * compared to userspace policy compiles to check loaded policy is what 11 * it should be. 12 */ 13 14 #include <crypto/sha2.h> 15 16 #include "include/apparmor.h" 17 #include "include/crypto.h" 18 19 unsigned int aa_hash_size(void) 20 { 21 return SHA256_DIGEST_SIZE; 22 } 23 24 char *aa_calc_hash(void *data, size_t len) 25 { 26 char *hash; 27 28 hash = kzalloc(SHA256_DIGEST_SIZE, GFP_KERNEL); 29 if (!hash) 30 return ERR_PTR(-ENOMEM); 31 32 sha256(data, len, hash); 33 return hash; 34 } 35 36 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, 37 size_t len) 38 { 39 struct sha256_ctx sctx; 40 __le32 le32_version = cpu_to_le32(version); 41 42 if (!aa_g_hash_policy) 43 return 0; 44 45 profile->hash = kzalloc(SHA256_DIGEST_SIZE, GFP_KERNEL); 46 if (!profile->hash) 47 return -ENOMEM; 48 49 sha256_init(&sctx); 50 sha256_update(&sctx, (u8 *)&le32_version, 4); 51 sha256_update(&sctx, (u8 *)start, len); 52 sha256_final(&sctx, profile->hash); 53 return 0; 54 } 55 56 static int __init init_profile_hash(void) 57 { 58 if (apparmor_initialized) 59 aa_info_message("AppArmor sha256 policy hashing enabled"); 60 return 0; 61 } 62 late_initcall(init_profile_hash); 63