에프에이리눅스 / 1611_0007_prime_oven

Blame view

kernel/linux-imx6_3.14.28/security/apparmor/crypto.c 2.05 KB
edit raw normal view history
6b13f685e   김민수   BSP 최초 추가 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
  /*
   * AppArmor security module
   *
   * This file contains AppArmor policy loading interface function definitions.
   *
   * Copyright 2013 Canonical Ltd.
   *
   * This program is free software; you can redistribute it and/or
   * modify it under the terms of the GNU General Public License as
   * published by the Free Software Foundation, version 2 of the
   * License.
   *
   * Fns to provide a checksum of policy that has been loaded this can be
   * compared to userspace policy compiles to check loaded policy is what
   * it should be.
   */
  
  #include <crypto/hash.h>
  
  #include "include/apparmor.h"
  #include "include/crypto.h"
  
  static unsigned int apparmor_hash_size;
  
  static struct crypto_shash *apparmor_tfm;
  
  unsigned int aa_hash_size(void)
  {
  	return apparmor_hash_size;
  }
  
  int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
  			 size_t len)
  {
  	struct {
  		struct shash_desc shash;
  		char ctx[crypto_shash_descsize(apparmor_tfm)];
  	} desc;
  	int error = -ENOMEM;
  	u32 le32_version = cpu_to_le32(version);
  
  	if (!apparmor_tfm)
  		return 0;
  
  	profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
  	if (!profile->hash)
  		goto fail;
  
  	desc.shash.tfm = apparmor_tfm;
  	desc.shash.flags = 0;
  
  	error = crypto_shash_init(&desc.shash);
  	if (error)
  		goto fail;
  	error = crypto_shash_update(&desc.shash, (u8 *) &le32_version, 4);
  	if (error)
  		goto fail;
  	error = crypto_shash_update(&desc.shash, (u8 *) start, len);
  	if (error)
  		goto fail;
  	error = crypto_shash_final(&desc.shash, profile->hash);
  	if (error)
  		goto fail;
  
  	return 0;
  
  fail:
  	kfree(profile->hash);
  	profile->hash = NULL;
  
  	return error;
  }
  
  static int __init init_profile_hash(void)
  {
  	struct crypto_shash *tfm;
  
  	if (!apparmor_initialized)
  		return 0;
  
  	tfm = crypto_alloc_shash("sha1", 0, CRYPTO_ALG_ASYNC);
  	if (IS_ERR(tfm)) {
  		int error = PTR_ERR(tfm);
  		AA_ERROR("failed to setup profile sha1 hashing: %d
  ", error);
  		return error;
  	}
  	apparmor_tfm = tfm;
  	apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm);
  
  	aa_info_message("AppArmor sha1 policy hashing enabled");
  
  	return 0;
  }
  
  late_initcall(init_profile_hash);