1 // SPDX-License-Identifier: GPL-2.0-only
7  * Kylene Hall <kjhall@us.ibm.com>
10  *	Calculates md5/sha1 file hash, template hash, boot-aggreate hash
30 /* default is 0 - 1 page. */
42 		return -EINVAL;  in param_set_bufsize()
125 	ima_sha1_idx = -1;  in ima_init_crypto()
126 	ima_hash_algo_idx = -1;  in ima_init_crypto()
129 		algo = ima_tpm_chip->allocated_banks[i].crypto_id;  in ima_init_crypto()
149 		rc = -ENOMEM;  in ima_init_crypto()
154 		algo = ima_tpm_chip->allocated_banks[i].crypto_id;  in ima_init_crypto()
229  * ima_alloc_pages() - Allocate contiguous pages.
253 	for (; order; order--) {  in ima_alloc_pages()
261 	/* order is zero - one page */  in ima_alloc_pages()
279  * ima_free_pages() - Free pages allocated by ima_alloc_pages().
341 	hash->length = crypto_ahash_digestsize(tfm);  in ima_calc_file_hash_atfm()
345 		return -ENOMEM;  in ima_calc_file_hash_atfm()
367 		rc = -ENOMEM;  in ima_calc_file_hash_atfm()
378 		rbuf[1] = ima_alloc_pages(i_size - rbuf_size[0],  in ima_calc_file_hash_atfm()
393 		rbuf_len = min_t(loff_t, i_size - offset, rbuf_size[active]);  in ima_calc_file_hash_atfm()
398 				rc = -EINVAL;  in ima_calc_file_hash_atfm()
432 		ahash_request_set_crypt(req, NULL, hash->digest, 0);  in ima_calc_file_hash_atfm()
445 	tfm = ima_alloc_atfm(hash->algo);  in ima_calc_file_ahash()
465 	shash->tfm = tfm;  in ima_calc_file_hash_tfm()
467 	hash->length = crypto_shash_digestsize(tfm);  in ima_calc_file_hash_tfm()
480 		return -ENOMEM;  in ima_calc_file_hash_tfm()
491 			rc = -EINVAL;  in ima_calc_file_hash_tfm()
503 		rc = crypto_shash_final(shash, hash->digest);  in ima_calc_file_hash_tfm()
512 	tfm = ima_alloc_tfm(hash->algo);  in ima_calc_file_shash()
524  * ima_calc_file_hash - calculate file hash
547 	if (file->f_flags & O_DIRECT) {  in ima_calc_file_hash()
548 		hash->length = hash_digest_size[ima_hash_algo];  in ima_calc_file_hash()
549 		hash->algo = ima_hash_algo;  in ima_calc_file_hash()
550 		return -EINVAL;  in ima_calc_file_hash()
554 	if (!(file->f_mode & FMODE_READ)) {  in ima_calc_file_hash()
555 		int flags = file->f_flags & ~(O_WRONLY | O_APPEND |  in ima_calc_file_hash()
558 		f = dentry_open(&file->f_path, flags, file->f_cred);  in ima_calc_file_hash()
588 	struct ima_template_desc *td = entry->template_desc;  in ima_calc_field_array_hash_tfm()
589 	int num_fields = entry->template_desc->num_fields;  in ima_calc_field_array_hash_tfm()
592 	shash->tfm = ima_algo_array[tfm_idx].tfm;  in ima_calc_field_array_hash_tfm()
605 		if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {  in ima_calc_field_array_hash_tfm()
611 		} else if (strcmp(td->fields[i]->field_id, "n") == 0) {  in ima_calc_field_array_hash_tfm()
622 		rc = crypto_shash_final(shash, entry->digests[tfm_idx].digest);  in ima_calc_field_array_hash_tfm()
637 	entry->digests[ima_sha1_idx].alg_id = TPM_ALG_SHA1;  in ima_calc_field_array_hash()
644 			alg_id = ima_tpm_chip->allocated_banks[i].alg_id;  in ima_calc_field_array_hash()
645 			entry->digests[i].alg_id = alg_id;  in ima_calc_field_array_hash()
650 			memcpy(entry->digests[i].digest,  in ima_calc_field_array_hash()
651 			       entry->digests[ima_sha1_idx].digest,  in ima_calc_field_array_hash()
672 	hash->length = crypto_ahash_digestsize(tfm);  in calc_buffer_ahash_atfm()
676 		return -ENOMEM;  in calc_buffer_ahash_atfm()
695 		ahash_request_set_crypt(req, NULL, hash->digest, 0);  in calc_buffer_ahash_atfm()
709 	tfm = ima_alloc_atfm(hash->algo);  in calc_buffer_ahash()
728 	shash->tfm = tfm;  in calc_buffer_shash_tfm()
730 	hash->length = crypto_shash_digestsize(tfm);  in calc_buffer_shash_tfm()
742 		size -= len;  in calc_buffer_shash_tfm()
746 		rc = crypto_shash_final(shash, hash->digest);  in calc_buffer_shash_tfm()
756 	tfm = ima_alloc_tfm(hash->algo);  in calc_buffer_shash()
790  * The boot_aggregate is a cumulative hash over TPM registers 0 - 7.  With
793  * allowing firmware to configure and enable different banks.
808 	shash->tfm = tfm;  in ima_calc_boot_aggregate_tfm()
810 	pr_devel("calculating the boot-aggregate based on TPM bank: %04x\n",  in ima_calc_boot_aggregate_tfm()
817 	/* cumulative digest over TPM registers 0-7 */  in ima_calc_boot_aggregate_tfm()
827 	 * Extend cumulative digest over TPM registers 8-9, which contain  in ima_calc_boot_aggregate_tfm()
829 	 * in a typical PCR allocation. Registers 8-9 are only included in  in ima_calc_boot_aggregate_tfm()
830 	 * non-SHA1 boot_aggregate digests to avoid ambiguity.  in ima_calc_boot_aggregate_tfm()
848 	int rc, i, bank_idx = -1;  in ima_calc_boot_aggregate()
850 	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) {  in ima_calc_boot_aggregate()
851 		crypto_id = ima_tpm_chip->allocated_banks[i].crypto_id;  in ima_calc_boot_aggregate()
852 		if (crypto_id == hash->algo) {  in ima_calc_boot_aggregate()
860 		if (bank_idx == -1 && crypto_id == HASH_ALGO_SHA1)  in ima_calc_boot_aggregate()
864 	if (bank_idx == -1) {  in ima_calc_boot_aggregate()
869 	hash->algo = ima_tpm_chip->allocated_banks[bank_idx].crypto_id;  in ima_calc_boot_aggregate()
871 	tfm = ima_alloc_tfm(hash->algo);  in ima_calc_boot_aggregate()
875 	hash->length = crypto_shash_digestsize(tfm);  in ima_calc_boot_aggregate()
876 	alg_id = ima_tpm_chip->allocated_banks[bank_idx].alg_id;  in ima_calc_boot_aggregate()
877 	rc = ima_calc_boot_aggregate_tfm(hash->digest, alg_id, tfm);  in ima_calc_boot_aggregate()