Startseite Erkunden Hilfe
Anmelden
lechercheur123
/
Aquaris-M10-4G
1
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Struktur: 30697f8dd8
Branches Tags
Aquaris-M10-4G
/
security
/
integrity
/
ima
/
ima_crypto.c

ima_crypto.c 14 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603 
  1. /*
    2. 

  2.  * Copyright (C) 2005,2006,2007,2008 IBM Corporation
    3. 

  3.  *
    4. 

  4.  * Authors:
    5. 

  5.  * Mimi Zohar <zohar@us.ibm.com>
    6. 

  6.  * Kylene Hall <kjhall@us.ibm.com>
    7. 

  7.  *
    8. 

  8.  * This program is free software; you can redistribute it and/or modify
    9. 

  9.  * it under the terms of the GNU General Public License as published by
    10. 

  10.  * the Free Software Foundation, version 2 of the License.
    11. 

  11.  *
    12. 

  12.  * File: ima_crypto.c
    13. 

  13.  *	Calculates md5/sha1 file hash, template hash, boot-aggreate hash
    14. 

  14.  */
    15. 

  15. 

  16. #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
    17. 

  17. 

  18. #include <linux/kernel.h>
    19. 

  19. #include <linux/moduleparam.h>
    20. 

  20. #include <linux/ratelimit.h>
    21. 

  21. #include <linux/file.h>
    22. 

  22. #include <linux/crypto.h>
    23. 

  23. #include <linux/scatterlist.h>
    24. 

  24. #include <linux/err.h>
    25. 

  25. #include <linux/slab.h>
    26. 

  26. #include <crypto/hash.h>
    27. 

  27. #include <crypto/hash_info.h>
    28. 

  28. #include "ima.h"
    29. 

  29. 

  30. struct ahash_completion {
    31. 

  31. 	struct completion completion;
    32. 

  32. 	int err;
    33. 

  33. };
    34. 

  34. 

  35. /* minimum file size for ahash use */
    36. 

  36. static unsigned long ima_ahash_minsize;
    37. 

  37. module_param_named(ahash_minsize, ima_ahash_minsize, ulong, 0644);
    38. 

  38. MODULE_PARM_DESC(ahash_minsize, "Minimum file size for ahash use");
    39. 

  39. 

  40. /* default is 0 - 1 page. */
    41. 

  41. static int ima_maxorder;
    42. 

  42. static unsigned int ima_bufsize = PAGE_SIZE;
    43. 

  43. 

  44. static int param_set_bufsize(const char *val, const struct kernel_param *kp)
    45. 

  45. {
    46. 

  46. 	unsigned long long size;
    47. 

  47. 	int order;
    48. 

  48. 

  49. 	size = memparse(val, NULL);
    50. 

  50. 	order = get_order(size);
    51. 

  51. 	if (order >= MAX_ORDER)
    52. 

  52. 		return -EINVAL;
    53. 

  53. 	ima_maxorder = order;
    54. 

  54. 	ima_bufsize = PAGE_SIZE << order;
    55. 

  55. 	return 0;
    56. 

  56. }
    57. 

  57. 

  58. static struct kernel_param_ops param_ops_bufsize = {
    59. 

  59. 	.set = param_set_bufsize,
    60. 

  60. 	.get = param_get_uint,
    61. 

  61. };
    62. 

  62. #define param_check_bufsize(name, p) __param_check(name, p, unsigned int)
    63. 

  63. 

  64. module_param_named(ahash_bufsize, ima_bufsize, bufsize, 0644);
    65. 

  65. MODULE_PARM_DESC(ahash_bufsize, "Maximum ahash buffer size");
    66. 

  66. 

  67. static struct crypto_shash *ima_shash_tfm;
    68. 

  68. static struct crypto_ahash *ima_ahash_tfm;
    69. 

  69. 

  70. /**
    71. 

  71.  * ima_kernel_read - read file content
    72. 

  72.  *
    73. 

  73.  * This is a function for reading file content instead of kernel_read().
    74. 

  74.  * It does not perform locking checks to ensure it cannot be blocked.
    75. 

  75.  * It does not perform security checks because it is irrelevant for IMA.
    76. 

  76.  *
    77. 

  77.  */
    78. 

  78. static int ima_kernel_read(struct file *file, loff_t offset,
    79. 

  79. 			   char *addr, unsigned long count)
    80. 

  80. {
    81. 

  81. 	mm_segment_t old_fs;
    82. 

  82. 	char __user *buf = addr;
    83. 

  83. 	ssize_t ret = -EINVAL;
    84. 

  84. 

  85. 	if (!(file->f_mode & FMODE_READ))
    86. 

  86. 		return -EBADF;
    87. 

  87. 

  88. 	old_fs = get_fs();
    89. 

  89. 	set_fs(get_ds());
    90. 

  90. 	if (file->f_op->read)
    91. 

  91. 		ret = file->f_op->read(file, buf, count, &offset);
    92. 

  92. 	else if (file->f_op->aio_read)
    93. 

  93. 		ret = do_sync_read(file, buf, count, &offset);
    94. 

  94. 	else if (file->f_op->read_iter)
    95. 

  95. 		ret = new_sync_read(file, buf, count, &offset);
    96. 

  96. 	set_fs(old_fs);
    97. 

  97. 	return ret;
    98. 

  98. }
    99. 

  99. 

  100. int __init ima_init_crypto(void)
    101. 

  101. {
    102. 

  102. 	long rc;
    103. 

  103. 

  104. 	ima_shash_tfm = crypto_alloc_shash(hash_algo_name[ima_hash_algo], 0, 0);
    105. 

  105. 	if (IS_ERR(ima_shash_tfm)) {
    106. 

  106. 		rc = PTR_ERR(ima_shash_tfm);
    107. 

  107. 		pr_err("Can not allocate %s (reason: %ld)\n",
    108. 

  108. 		       hash_algo_name[ima_hash_algo], rc);
    109. 

  109. 		return rc;
    110. 

  110. 	}
    111. 

  111. 	return 0;
    112. 

  112. }
    113. 

  113. 

  114. static struct crypto_shash *ima_alloc_tfm(enum hash_algo algo)
    115. 

  115. {
    116. 

  116. 	struct crypto_shash *tfm = ima_shash_tfm;
    117. 

  117. 	int rc;
    118. 

  118. 

  119. 	if (algo < 0 || algo >= HASH_ALGO__LAST)
    120. 

  120. 		algo = ima_hash_algo;
    121. 

  121. 

  122. 	if (algo != ima_hash_algo) {
    123. 

  123. 		tfm = crypto_alloc_shash(hash_algo_name[algo], 0, 0);
    124. 

  124. 		if (IS_ERR(tfm)) {
    125. 

  125. 			rc = PTR_ERR(tfm);
    126. 

  126. 			pr_err("Can not allocate %s (reason: %d)\n",
    127. 

  127. 			       hash_algo_name[algo], rc);
    128. 

  128. 		}
    129. 

  129. 	}
    130. 

  130. 	return tfm;
    131. 

  131. }
    132. 

  132. 

  133. static void ima_free_tfm(struct crypto_shash *tfm)
    134. 

  134. {
    135. 

  135. 	if (tfm != ima_shash_tfm)
    136. 

  136. 		crypto_free_shash(tfm);
    137. 

  137. }
    138. 

  138. 

  139. /**
    140. 

  140.  * ima_alloc_pages() - Allocate contiguous pages.
    141. 

  141.  * @max_size:       Maximum amount of memory to allocate.
    142. 

  142.  * @allocated_size: Returned size of actual allocation.
    143. 

  143.  * @last_warn:      Should the min_size allocation warn or not.
    144. 

  144.  *
    145. 

  145.  * Tries to do opportunistic allocation for memory first trying to allocate
    146. 

  146.  * max_size amount of memory and then splitting that until zero order is
    147. 

  147.  * reached. Allocation is tried without generating allocation warnings unless
    148. 

  148.  * last_warn is set. Last_warn set affects only last allocation of zero order.
    149. 

  149.  *
    150. 

  150.  * By default, ima_maxorder is 0 and it is equivalent to kmalloc(GFP_KERNEL)
    151. 

  151.  *
    152. 

  152.  * Return pointer to allocated memory, or NULL on failure.
    153. 

  153.  */
    154. 

  154. static void *ima_alloc_pages(loff_t max_size, size_t *allocated_size,
    155. 

  155. 			     int last_warn)
    156. 

  156. {
    157. 

  157. 	void *ptr;
    158. 

  158. 	int order = ima_maxorder;
    159. 

  159. 	gfp_t gfp_mask = __GFP_WAIT | __GFP_NOWARN | __GFP_NORETRY;
    160. 

  160. 

  161. 	if (order)
    162. 

  162. 		order = min(get_order(max_size), order);
    163. 

  163. 

  164. 	for (; order; order--) {
    165. 

  165. 		ptr = (void *)__get_free_pages(gfp_mask, order);
    166. 

  166. 		if (ptr) {
    167. 

  167. 			*allocated_size = PAGE_SIZE << order;
    168. 

  168. 			return ptr;
    169. 

  169. 		}
    170. 

  170. 	}
    171. 

  171. 

  172. 	/* order is zero - one page */
    173. 

  173. 

  174. 	gfp_mask = GFP_KERNEL;
    175. 

  175. 

  176. 	if (!last_warn)
    177. 

  177. 		gfp_mask |= __GFP_NOWARN;
    178. 

  178. 

  179. 	ptr = (void *)__get_free_pages(gfp_mask, 0);
    180. 

  180. 	if (ptr) {
    181. 

  181. 		*allocated_size = PAGE_SIZE;
    182. 

  182. 		return ptr;
    183. 

  183. 	}
    184. 

  184. 

  185. 	*allocated_size = 0;
    186. 

  186. 	return NULL;
    187. 

  187. }
    188. 

  188. 

  189. /**
    190. 

  190.  * ima_free_pages() - Free pages allocated by ima_alloc_pages().
    191. 

  191.  * @ptr:  Pointer to allocated pages.
    192. 

  192.  * @size: Size of allocated buffer.
    193. 

  193.  */
    194. 

  194. static void ima_free_pages(void *ptr, size_t size)
    195. 

  195. {
    196. 

  196. 	if (!ptr)
    197. 

  197. 		return;
    198. 

  198. 	free_pages((unsigned long)ptr, get_order(size));
    199. 

  199. }
    200. 

  200. 

  201. static struct crypto_ahash *ima_alloc_atfm(enum hash_algo algo)
    202. 

  202. {
    203. 

  203. 	struct crypto_ahash *tfm = ima_ahash_tfm;
    204. 

  204. 	int rc;
    205. 

  205. 

  206. 	if (algo < 0 || algo >= HASH_ALGO__LAST)
    207. 

  207. 		algo = ima_hash_algo;
    208. 

  208. 

  209. 	if (algo != ima_hash_algo || !tfm) {
    210. 

  210. 		tfm = crypto_alloc_ahash(hash_algo_name[algo], 0, 0);
    211. 

  211. 		if (!IS_ERR(tfm)) {
    212. 

  212. 			if (algo == ima_hash_algo)
    213. 

  213. 				ima_ahash_tfm = tfm;
    214. 

  214. 		} else {
    215. 

  215. 			rc = PTR_ERR(tfm);
    216. 

  216. 			pr_err("Can not allocate %s (reason: %d)\n",
    217. 

  217. 			       hash_algo_name[algo], rc);
    218. 

  218. 		}
    219. 

  219. 	}
    220. 

  220. 	return tfm;
    221. 

  221. }
    222. 

  222. 

  223. static void ima_free_atfm(struct crypto_ahash *tfm)
    224. 

  224. {
    225. 

  225. 	if (tfm != ima_ahash_tfm)
    226. 

  226. 		crypto_free_ahash(tfm);
    227. 

  227. }
    228. 

  228. 

  229. static void ahash_complete(struct crypto_async_request *req, int err)
    230. 

  230. {
    231. 

  231. 	struct ahash_completion *res = req->data;
    232. 

  232. 

  233. 	if (err == -EINPROGRESS)
    234. 

  234. 		return;
    235. 

  235. 	res->err = err;
    236. 

  236. 	complete(&res->completion);
    237. 

  237. }
    238. 

  238. 

  239. static int ahash_wait(int err, struct ahash_completion *res)
    240. 

  240. {
    241. 

  241. 	switch (err) {
    242. 

  242. 	case 0:
    243. 

  243. 		break;
    244. 

  244. 	case -EINPROGRESS:
    245. 

  245. 	case -EBUSY:
    246. 

  246. 		wait_for_completion(&res->completion);
    247. 

  247. 		reinit_completion(&res->completion);
    248. 

  248. 		err = res->err;
    249. 

  249. 		/* fall through */
    250. 

  250. 	default:
    251. 

  251. 		pr_crit_ratelimited("ahash calculation failed: err: %d\n", err);
    252. 

  252. 	}
    253. 

  253. 

  254. 	return err;
    255. 

  255. }
    256. 

  256. 

  257. static int ima_calc_file_hash_atfm(struct file *file,
    258. 

  258. 				   struct ima_digest_data *hash,
    259. 

  259. 				   struct crypto_ahash *tfm)
    260. 

  260. {
    261. 

  261. 	loff_t i_size, offset;
    262. 

  262. 	char *rbuf[2] = { NULL, };
    263. 

  263. 	int rc, read = 0, rbuf_len, active = 0, ahash_rc = 0;
    264. 

  264. 	struct ahash_request *req;
    265. 

  265. 	struct scatterlist sg[1];
    266. 

  266. 	struct ahash_completion res;
    267. 

  267. 	size_t rbuf_size[2];
    268. 

  268. 

  269. 	hash->length = crypto_ahash_digestsize(tfm);
    270. 

  270. 

  271. 	req = ahash_request_alloc(tfm, GFP_KERNEL);
    272. 

  272. 	if (!req)
    273. 

  273. 		return -ENOMEM;
    274. 

  274. 

  275. 	init_completion(&res.completion);
    276. 

  276. 	ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
    277. 

  277. 				   CRYPTO_TFM_REQ_MAY_SLEEP,
    278. 

  278. 				   ahash_complete, &res);
    279. 

  279. 

  280. 	rc = ahash_wait(crypto_ahash_init(req), &res);
    281. 

  281. 	if (rc)
    282. 

  282. 		goto out1;
    283. 

  283. 

  284. 	i_size = i_size_read(file_inode(file));
    285. 

  285. 

  286. 	if (i_size == 0)
    287. 

  287. 		goto out2;
    288. 

  288. 

  289. 	/*
    290. 

  290. 	 * Try to allocate maximum size of memory.
    291. 

  291. 	 * Fail if even a single page cannot be allocated.
    292. 

  292. 	 */
    293. 

  293. 	rbuf[0] = ima_alloc_pages(i_size, &rbuf_size[0], 1);
    294. 

  294. 	if (!rbuf[0]) {
    295. 

  295. 		rc = -ENOMEM;
    296. 

  296. 		goto out1;
    297. 

  297. 	}
    298. 

  298. 

  299. 	/* Only allocate one buffer if that is enough. */
    300. 

  300. 	if (i_size > rbuf_size[0]) {
    301. 

  301. 		/*
    302. 

  302. 		 * Try to allocate secondary buffer. If that fails fallback to
    303. 

  303. 		 * using single buffering. Use previous memory allocation size
    304. 

  304. 		 * as baseline for possible allocation size.
    305. 

  305. 		 */
    306. 

  306. 		rbuf[1] = ima_alloc_pages(i_size - rbuf_size[0],
    307. 

  307. 					  &rbuf_size[1], 0);
    308. 

  308. 	}
    309. 

  309. 

  310. 	if (!(file->f_mode & FMODE_READ)) {
    311. 

  311. 		file->f_mode |= FMODE_READ;
    312. 

  312. 		read = 1;
    313. 

  313. 	}
    314. 

  314. 

  315. 	for (offset = 0; offset < i_size; offset += rbuf_len) {
    316. 

  316. 		if (!rbuf[1] && offset) {
    317. 

  317. 			/* Not using two buffers, and it is not the first
    318. 

  318. 			 * read/request, wait for the completion of the
    319. 

  319. 			 * previous ahash_update() request.
    320. 

  320. 			 */
    321. 

  321. 			rc = ahash_wait(ahash_rc, &res);
    322. 

  322. 			if (rc)
    323. 

  323. 				goto out3;
    324. 

  324. 		}
    325. 

  325. 		/* read buffer */
    326. 

  326. 		rbuf_len = min_t(loff_t, i_size - offset, rbuf_size[active]);
    327. 

  327. 		rc = ima_kernel_read(file, offset, rbuf[active], rbuf_len);
    328. 

  328. 		if (rc != rbuf_len)
    329. 

  329. 			goto out3;
    330. 

  330. 

  331. 		if (rbuf[1] && offset) {
    332. 

  332. 			/* Using two buffers, and it is not the first
    333. 

  333. 			 * read/request, wait for the completion of the
    334. 

  334. 			 * previous ahash_update() request.
    335. 

  335. 			 */
    336. 

  336. 			rc = ahash_wait(ahash_rc, &res);
    337. 

  337. 			if (rc)
    338. 

  338. 				goto out3;
    339. 

  339. 		}
    340. 

  340. 

  341. 		sg_init_one(&sg[0], rbuf[active], rbuf_len);
    342. 

  342. 		ahash_request_set_crypt(req, sg, NULL, rbuf_len);
    343. 

  343. 

  344. 		ahash_rc = crypto_ahash_update(req);
    345. 

  345. 

  346. 		if (rbuf[1])
    347. 

  347. 			active = !active; /* swap buffers, if we use two */
    348. 

  348. 	}
    349. 

  349. 	/* wait for the last update request to complete */
    350. 

  350. 	rc = ahash_wait(ahash_rc, &res);
    351. 

  351. out3:
    352. 

  352. 	if (read)
    353. 

  353. 		file->f_mode &= ~FMODE_READ;
    354. 

  354. 	ima_free_pages(rbuf[0], rbuf_size[0]);
    355. 

  355. 	ima_free_pages(rbuf[1], rbuf_size[1]);
    356. 

  356. out2:
    357. 

  357. 	if (!rc) {
    358. 

  358. 		ahash_request_set_crypt(req, NULL, hash->digest, 0);
    359. 

  359. 		rc = ahash_wait(crypto_ahash_final(req), &res);
    360. 

  360. 	}
    361. 

  361. out1:
    362. 

  362. 	ahash_request_free(req);
    363. 

  363. 	return rc;
    364. 

  364. }
    365. 

  365. 

  366. static int ima_calc_file_ahash(struct file *file, struct ima_digest_data *hash)
    367. 

  367. {
    368. 

  368. 	struct crypto_ahash *tfm;
    369. 

  369. 	int rc;
    370. 

  370. 

  371. 	tfm = ima_alloc_atfm(hash->algo);
    372. 

  372. 	if (IS_ERR(tfm))
    373. 

  373. 		return PTR_ERR(tfm);
    374. 

  374. 

  375. 	rc = ima_calc_file_hash_atfm(file, hash, tfm);
    376. 

  376. 

  377. 	ima_free_atfm(tfm);
    378. 

  378. 

  379. 	return rc;
    380. 

  380. }
    381. 

  381. 

  382. static int ima_calc_file_hash_tfm(struct file *file,
    383. 

  383. 				  struct ima_digest_data *hash,
    384. 

  384. 				  struct crypto_shash *tfm)
    385. 

  385. {
    386. 

  386. 	loff_t i_size, offset = 0;
    387. 

  387. 	char *rbuf;
    388. 

  388. 	int rc, read = 0;
    389. 

  389. 	SHASH_DESC_ON_STACK(shash, tfm);
    390. 

  390. 

  391. 	shash->tfm = tfm;
    392. 

  392. 	shash->flags = 0;
    393. 

  393. 

  394. 	hash->length = crypto_shash_digestsize(tfm);
    395. 

  395. 

  396. 	rc = crypto_shash_init(shash);
    397. 

  397. 	if (rc != 0)
    398. 

  398. 		return rc;
    399. 

  399. 

  400. 	i_size = i_size_read(file_inode(file));
    401. 

  401. 

  402. 	if (i_size == 0)
    403. 

  403. 		goto out;
    404. 

  404. 

  405. 	rbuf = kzalloc(PAGE_SIZE, GFP_KERNEL);
    406. 

  406. 	if (!rbuf)
    407. 

  407. 		return -ENOMEM;
    408. 

  408. 

  409. 	if (!(file->f_mode & FMODE_READ)) {
    410. 

  410. 		file->f_mode |= FMODE_READ;
    411. 

  411. 		read = 1;
    412. 

  412. 	}
    413. 

  413. 

  414. 	while (offset < i_size) {
    415. 

  415. 		int rbuf_len;
    416. 

  416. 

  417. 		rbuf_len = ima_kernel_read(file, offset, rbuf, PAGE_SIZE);
    418. 

  418. 		if (rbuf_len < 0) {
    419. 

  419. 			rc = rbuf_len;
    420. 

  420. 			break;
    421. 

  421. 		}
    422. 

  422. 		if (rbuf_len == 0)
    423. 

  423. 			break;
    424. 

  424. 		offset += rbuf_len;
    425. 

  425. 

  426. 		rc = crypto_shash_update(shash, rbuf, rbuf_len);
    427. 

  427. 		if (rc)
    428. 

  428. 			break;
    429. 

  429. 	}
    430. 

  430. 	if (read)
    431. 

  431. 		file->f_mode &= ~FMODE_READ;
    432. 

  432. 	kfree(rbuf);
    433. 

  433. out:
    434. 

  434. 	if (!rc)
    435. 

  435. 		rc = crypto_shash_final(shash, hash->digest);
    436. 

  436. 	return rc;
    437. 

  437. }
    438. 

  438. 

  439. static int ima_calc_file_shash(struct file *file, struct ima_digest_data *hash)
    440. 

  440. {
    441. 

  441. 	struct crypto_shash *tfm;
    442. 

  442. 	int rc;
    443. 

  443. 

  444. 	tfm = ima_alloc_tfm(hash->algo);
    445. 

  445. 	if (IS_ERR(tfm))
    446. 

  446. 		return PTR_ERR(tfm);
    447. 

  447. 

  448. 	rc = ima_calc_file_hash_tfm(file, hash, tfm);
    449. 

  449. 

  450. 	ima_free_tfm(tfm);
    451. 

  451. 

  452. 	return rc;
    453. 

  453. }
    454. 

  454. 

  455. /*
    456. 

  456.  * ima_calc_file_hash - calculate file hash
    457. 

  457.  *
    458. 

  458.  * Asynchronous hash (ahash) allows using HW acceleration for calculating
    459. 

  459.  * a hash. ahash performance varies for different data sizes on different
    460. 

  460.  * crypto accelerators. shash performance might be better for smaller files.
    461. 

  461.  * The 'ima.ahash_minsize' module parameter allows specifying the best
    462. 

  462.  * minimum file size for using ahash on the system.
    463. 

  463.  *
    464. 

  464.  * If the ima.ahash_minsize parameter is not specified, this function uses
    465. 

  465.  * shash for the hash calculation.  If ahash fails, it falls back to using
    466. 

  466.  * shash.
    467. 

  467.  */
    468. 

  468. int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
    469. 

  469. {
    470. 

  470. 	loff_t i_size;
    471. 

  471. 	int rc;
    472. 

  472. 

  473. 	i_size = i_size_read(file_inode(file));
    474. 

  474. 

  475. 	if (ima_ahash_minsize && i_size >= ima_ahash_minsize) {
    476. 

  476. 		rc = ima_calc_file_ahash(file, hash);
    477. 

  477. 		if (!rc)
    478. 

  478. 			return 0;
    479. 

  479. 	}
    480. 

  480. 

  481. 	return ima_calc_file_shash(file, hash);
    482. 

  482. }
    483. 

  483. 

  484. /*
    485. 

  485.  * Calculate the hash of template data
    486. 

  486.  */
    487. 

  487. static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
    488. 

  488. 					 struct ima_template_desc *td,
    489. 

  489. 					 int num_fields,
    490. 

  490. 					 struct ima_digest_data *hash,
    491. 

  491. 					 struct crypto_shash *tfm)
    492. 

  492. {
    493. 

  493. 	SHASH_DESC_ON_STACK(shash, tfm);
    494. 

  494. 	int rc, i;
    495. 

  495. 

  496. 	shash->tfm = tfm;
    497. 

  497. 	shash->flags = 0;
    498. 

  498. 

  499. 	hash->length = crypto_shash_digestsize(tfm);
    500. 

  500. 

  501. 	rc = crypto_shash_init(shash);
    502. 

  502. 	if (rc != 0)
    503. 

  503. 		return rc;
    504. 

  504. 

  505. 	for (i = 0; i < num_fields; i++) {
    506. 

  506. 		u8 buffer[IMA_EVENT_NAME_LEN_MAX + 1] = { 0 };
    507. 

  507. 		u8 *data_to_hash = field_data[i].data;
    508. 

  508. 		u32 datalen = field_data[i].len;
    509. 

  509. 

  510. 		if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {
    511. 

  511. 			rc = crypto_shash_update(shash,
    512. 

  512. 						(const u8 *) &field_data[i].len,
    513. 

  513. 						sizeof(field_data[i].len));
    514. 

  514. 			if (rc)
    515. 

  515. 				break;
    516. 

  516. 		} else if (strcmp(td->fields[i]->field_id, "n") == 0) {
    517. 

  517. 			memcpy(buffer, data_to_hash, datalen);
    518. 

  518. 			data_to_hash = buffer;
    519. 

  519. 			datalen = IMA_EVENT_NAME_LEN_MAX + 1;
    520. 

  520. 		}
    521. 

  521. 		rc = crypto_shash_update(shash, data_to_hash, datalen);
    522. 

  522. 		if (rc)
    523. 

  523. 			break;
    524. 

  524. 	}
    525. 

  525. 

  526. 	if (!rc)
    527. 

  527. 		rc = crypto_shash_final(shash, hash->digest);
    528. 

  528. 

  529. 	return rc;
    530. 

  530. }
    531. 

  531. 

  532. int ima_calc_field_array_hash(struct ima_field_data *field_data,
    533. 

  533. 			      struct ima_template_desc *desc, int num_fields,
    534. 

  534. 			      struct ima_digest_data *hash)
    535. 

  535. {
    536. 

  536. 	struct crypto_shash *tfm;
    537. 

  537. 	int rc;
    538. 

  538. 

  539. 	tfm = ima_alloc_tfm(hash->algo);
    540. 

  540. 	if (IS_ERR(tfm))
    541. 

  541. 		return PTR_ERR(tfm);
    542. 

  542. 

  543. 	rc = ima_calc_field_array_hash_tfm(field_data, desc, num_fields,
    544. 

  544. 					   hash, tfm);
    545. 

  545. 

  546. 	ima_free_tfm(tfm);
    547. 

  547. 

  548. 	return rc;
    549. 

  549. }
    550. 

  550. 

  551. static void __init ima_pcrread(int idx, u8 *pcr)
    552. 

  552. {
    553. 

  553. 	if (!ima_used_chip)
    554. 

  554. 		return;
    555. 

  555. 

  556. 	if (tpm_pcr_read(TPM_ANY_NUM, idx, pcr) != 0)
    557. 

  557. 		pr_err("Error Communicating to TPM chip\n");
    558. 

  558. }
    559. 

  559. 

  560. /*
    561. 

  561.  * Calculate the boot aggregate hash
    562. 

  562.  */
    563. 

  563. static int __init ima_calc_boot_aggregate_tfm(char *digest,
    564. 

  564. 					      struct crypto_shash *tfm)
    565. 

  565. {
    566. 

  566. 	u8 pcr_i[TPM_DIGEST_SIZE];
    567. 

  567. 	int rc, i;
    568. 

  568. 	SHASH_DESC_ON_STACK(shash, tfm);
    569. 

  569. 

  570. 	shash->tfm = tfm;
    571. 

  571. 	shash->flags = 0;
    572. 

  572. 

  573. 	rc = crypto_shash_init(shash);
    574. 

  574. 	if (rc != 0)
    575. 

  575. 		return rc;
    576. 

  576. 

  577. 	/* cumulative sha1 over tpm registers 0-7 */
    578. 

  578. 	for (i = TPM_PCR0; i < TPM_PCR8; i++) {
    579. 

  579. 		ima_pcrread(i, pcr_i);
    580. 

  580. 		/* now accumulate with current aggregate */
    581. 

  581. 		rc = crypto_shash_update(shash, pcr_i, TPM_DIGEST_SIZE);
    582. 

  582. 	}
    583. 

  583. 	if (!rc)
    584. 

  584. 		crypto_shash_final(shash, digest);
    585. 

  585. 	return rc;
    586. 

  586. }
    587. 

  587. 

  588. int __init ima_calc_boot_aggregate(struct ima_digest_data *hash)
    589. 

  589. {
    590. 

  590. 	struct crypto_shash *tfm;
    591. 

  591. 	int rc;
    592. 

  592. 

  593. 	tfm = ima_alloc_tfm(hash->algo);
    594. 

  594. 	if (IS_ERR(tfm))
    595. 

  595. 		return PTR_ERR(tfm);
    596. 

  596. 

  597. 	hash->length = crypto_shash_digestsize(tfm);
    598. 

  598. 	rc = ima_calc_boot_aggregate_tfm(hash->digest, tfm);
    599. 

  599. 

  600. 	ima_free_tfm(tfm);
    601. 

  601. 

  602. 	return rc;
    603. 

  603. }
    604.