diff options
Diffstat (limited to 'security/apparmor/crypto.c')
-rw-r--r-- | security/apparmor/crypto.c | 129 |
1 files changed, 129 insertions, 0 deletions
diff --git a/security/apparmor/crypto.c b/security/apparmor/crypto.c new file mode 100644 index 000000000..136f2a047 --- /dev/null +++ b/security/apparmor/crypto.c @@ -0,0 +1,129 @@ +/* + * AppArmor security module + * + * This file contains AppArmor policy loading interface function definitions. + * + * Copyright 2013 Canonical Ltd. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + * + * Fns to provide a checksum of policy that has been loaded this can be + * compared to userspace policy compiles to check loaded policy is what + * it should be. + */ + +#include <crypto/hash.h> + +#include "include/apparmor.h" +#include "include/crypto.h" + +static unsigned int apparmor_hash_size; + +static struct crypto_shash *apparmor_tfm; + +unsigned int aa_hash_size(void) +{ + return apparmor_hash_size; +} + +char *aa_calc_hash(void *data, size_t len) +{ + SHASH_DESC_ON_STACK(desc, apparmor_tfm); + char *hash = NULL; + int error = -ENOMEM; + + if (!apparmor_tfm) + return NULL; + + hash = kzalloc(apparmor_hash_size, GFP_KERNEL); + if (!hash) + goto fail; + + desc->tfm = apparmor_tfm; + desc->flags = 0; + + error = crypto_shash_init(desc); + if (error) + goto fail; + error = crypto_shash_update(desc, (u8 *) data, len); + if (error) + goto fail; + error = crypto_shash_final(desc, hash); + if (error) + goto fail; + + return hash; + +fail: + kfree(hash); + + return ERR_PTR(error); +} + +int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, + size_t len) +{ + SHASH_DESC_ON_STACK(desc, apparmor_tfm); + int error = -ENOMEM; + __le32 le32_version = cpu_to_le32(version); + + if (!aa_g_hash_policy) + return 0; + + if (!apparmor_tfm) + return 0; + + profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL); + if (!profile->hash) + goto fail; + + desc->tfm = apparmor_tfm; + desc->flags = 0; + + error = crypto_shash_init(desc); + if (error) + goto fail; + error = crypto_shash_update(desc, (u8 *) &le32_version, 4); + if (error) + goto fail; + error = crypto_shash_update(desc, (u8 *) start, len); + if (error) + goto fail; + error = crypto_shash_final(desc, profile->hash); + if (error) + goto fail; + + return 0; + +fail: + kfree(profile->hash); + profile->hash = NULL; + + return error; +} + +static int __init init_profile_hash(void) +{ + struct crypto_shash *tfm; + + if (!apparmor_initialized) + return 0; + + tfm = crypto_alloc_shash("sha1", 0, CRYPTO_ALG_ASYNC); + if (IS_ERR(tfm)) { + int error = PTR_ERR(tfm); + AA_ERROR("failed to setup profile sha1 hashing: %d\n", error); + return error; + } + apparmor_tfm = tfm; + apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm); + + aa_info_message("AppArmor sha1 policy hashing enabled"); + + return 0; +} + +late_initcall(init_profile_hash); |