1 files changed, 97 insertions, 0 deletions
diff --git a/security/apparmor/crypto.c b/security/apparmor/crypto.c
new file mode 100644
index 000000000000..d6222ba4e919
--- /dev/null
+++ b/security/apparmor/crypto.c
@@ -0,0 +1,97 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor policy loading interface function definitions.
+ *
+ * Copyright 2013 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ *
+ * Fns to provide a checksum of policy that has been loaded this can be
+ * compared to userspace policy compiles to check loaded policy is what
+ * it should be.
+ */
+#include <linux/crypto.h>
+#include "include/apparmor.h"
+#include "include/crypto.h"
+static unsigned int apparmor_hash_size;
+static struct crypto_hash *apparmor_tfm;
+unsigned int aa_hash_size(void)
+{
+        return apparmor_hash_size;
+}
+int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
+                         size_t len)
+{
+        struct scatterlist sg[2];
+        struct hash_desc desc = {
+                .tfm = apparmor_tfm,
+                .flags = 0
+        };
+        int error = -ENOMEM;
+        u32 le32_version = cpu_to_le32(version);
+        if (!apparmor_tfm)
+                return 0;
+        sg_init_table(sg, 2);
+        sg_set_buf(&sg[0], &le32_version, 4);
+        sg_set_buf(&sg[1], (u8 *) start, len);
+        profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
+        if (!profile->hash)
+                goto fail;
+        error = crypto_hash_init(&desc);
+        if (error)
+                goto fail;
+        error = crypto_hash_update(&desc, &sg[0], 4);
+        if (error)
+                goto fail;
+        error = crypto_hash_update(&desc, &sg[1], len);
+        if (error)
+                goto fail;
+        error = crypto_hash_final(&desc, profile->hash);
+        if (error)
+                goto fail;
+        return 0;
+fail:
+        kfree(profile->hash);
+        profile->hash = NULL;
+        return error;
+}
+static int __init init_profile_hash(void)
+{
+        struct crypto_hash *tfm;
+        if (!apparmor_initialized)
+                return 0;
+        tfm = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC);
+        if (IS_ERR(tfm)) {
+                int error = PTR_ERR(tfm);
+                AA_ERROR("failed to setup profile sha1 hashing: %d\n", error);
+                return error;
+        }
+        apparmor_tfm = tfm;
+        apparmor_hash_size = crypto_hash_digestsize(apparmor_tfm);
+        aa_info_message("AppArmor sha1 policy hashing enabled");
+        return 0;
+}
+late_initcall(init_profile_hash);

diff --git a/security/apparmor/crypto.c b/security/apparmor/crypto.c new file mode 100644 index 000000000000..d6222ba4e919 --- /dev/null +++ b/security/apparmor/crypto.c
@@ -0,0 +1,97 @@
	1	/*
	2	* AppArmor security module
	3	*
	4	* This file contains AppArmor policy loading interface function definitions.
	5	*
	6	* Copyright 2013 Canonical Ltd.
	7	*
	8	* This program is free software; you can redistribute it and/or
	9	* modify it under the terms of the GNU General Public License as
	10	* published by the Free Software Foundation, version 2 of the
	11	* License.
	12	*
	13	* Fns to provide a checksum of policy that has been loaded this can be
	14	* compared to userspace policy compiles to check loaded policy is what
	15	* it should be.
	16	*/
	17
	18	#include <linux/crypto.h>
	19
	20	#include "include/apparmor.h"
	21	#include "include/crypto.h"
	22
	23	static unsigned int apparmor_hash_size;
	24
	25	static struct crypto_hash *apparmor_tfm;
	26
	27	unsigned int aa_hash_size(void)
	28	{
	29	return apparmor_hash_size;
	30	}
	31
	32	int aa_calc_profile_hash(struct aa_profile profile, u32 version, void start,
	33	size_t len)
	34	{
	35	struct scatterlist sg[2];
	36	struct hash_desc desc = {
	37	.tfm = apparmor_tfm,
	38	.flags = 0
	39	};
	40	int error = -ENOMEM;
	41	u32 le32_version = cpu_to_le32(version);
	42
	43	if (!apparmor_tfm)
	44	return 0;
	45
	46	sg_init_table(sg, 2);
	47	sg_set_buf(&sg[0], &le32_version, 4);
	48	sg_set_buf(&sg[1], (u8 *) start, len);
	49
	50	profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
	51	if (!profile->hash)
	52	goto fail;
	53
	54	error = crypto_hash_init(&desc);
	55	if (error)
	56	goto fail;
	57	error = crypto_hash_update(&desc, &sg[0], 4);
	58	if (error)
	59	goto fail;
	60	error = crypto_hash_update(&desc, &sg[1], len);
	61	if (error)
	62	goto fail;
	63	error = crypto_hash_final(&desc, profile->hash);
	64	if (error)
	65	goto fail;
	66
	67	return 0;
	68
	69	fail:
	70	kfree(profile->hash);
	71	profile->hash = NULL;
	72
	73	return error;
	74	}
	75
	76	static int __init init_profile_hash(void)
	77	{
	78	struct crypto_hash *tfm;
	79
	80	if (!apparmor_initialized)
	81	return 0;
	82
	83	tfm = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC);
	84	if (IS_ERR(tfm)) {
	85	int error = PTR_ERR(tfm);
	86	AA_ERROR("failed to setup profile sha1 hashing: %d\n", error);
	87	return error;
	88	}
	89	apparmor_tfm = tfm;
	90	apparmor_hash_size = crypto_hash_digestsize(apparmor_tfm);
	91
	92	aa_info_message("AppArmor sha1 policy hashing enabled");
	93
	94	return 0;
	95	}
	96
	97	late_initcall(init_profile_hash);