1
// SPDX-License-Identifier: GPL-2.0-only
2
/*
3
 * AppArmor security module
4
 *
5
 * This file contains AppArmor policy loading interface function definitions.
6
 *
7
 * Copyright 2013 Canonical Ltd.
8
 *
9
 * Fns to provide a checksum of policy that has been loaded this can be
10
 * compared to userspace policy compiles to check loaded policy is what
11
 * it should be.
12
 */
13

14
#include <crypto/sha2.h>
15

16
#include "include/apparmor.h"
17
#include "include/crypto.h"
18

19
unsigned int aa_hash_size(void)
20
{
21
	return SHA256_DIGEST_SIZE;
22
}
23

24
char *aa_calc_hash(void *data, size_t len)
25
{
26
	char *hash;
27

28
	hash = kzalloc(SHA256_DIGEST_SIZE, GFP_KERNEL);
29
	if (!hash)
30
		return ERR_PTR(-ENOMEM);
31

32
	sha256(data, len, hash);
33
	return hash;
34
}
35

36
int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
37
			 size_t len)
38
{
39
	struct sha256_ctx sctx;
40
	__le32 le32_version = cpu_to_le32(version);
41

42
	if (!aa_g_hash_policy)
43
		return 0;
44

45
	profile->hash = kzalloc(SHA256_DIGEST_SIZE, GFP_KERNEL);
46
	if (!profile->hash)
47
		return -ENOMEM;
48

49
	sha256_init(&sctx);
50
	sha256_update(&sctx, (u8 *)&le32_version, 4);
51
	sha256_update(&sctx, (u8 *)start, len);
52
	sha256_final(&sctx, profile->hash);
53
	return 0;
54
}
55

56
static int __init init_profile_hash(void)
57
{
58
	if (apparmor_initialized)
59
		aa_info_message("AppArmor sha256 policy hashing enabled");
60
	return 0;
61
}
62
late_initcall(init_profile_hash);
63

64