1 // SPDX-License-Identifier: GPL-2.0-only
7  * Kylene Hall <kjhall@us.ibm.com>
10  *	Calculates md5/sha1 file hash, template hash, boot-aggreate hash
30 /* default is 0 - 1 page. */
42 		return -EINVAL;  in param_set_bufsize()
125 	ima_sha1_idx = -1;  in ima_init_crypto()
126 	ima_hash_algo_idx = -1;  in ima_init_crypto()
129 		algo = ima_tpm_chip->allocated_banks[i].crypto_id;  in ima_init_crypto()
149 		rc = -ENOMEM;  in ima_init_crypto()
154 		algo = ima_tpm_chip->allocated_banks[i].crypto_id;  in ima_init_crypto()
228  * ima_alloc_pages() - Allocate contiguous pages.
252 	for (; order; order--) {  in ima_alloc_pages()
260 	/* order is zero - one page */  in ima_alloc_pages()
278  * ima_free_pages() - Free pages allocated by ima_alloc_pages().
340 	hash->length = crypto_ahash_digestsize(tfm);  in ima_calc_file_hash_atfm()
344 		return -ENOMEM;  in ima_calc_file_hash_atfm()
366 		rc = -ENOMEM;  in ima_calc_file_hash_atfm()
377 		rbuf[1] = ima_alloc_pages(i_size - rbuf_size[0],  in ima_calc_file_hash_atfm()
392 		rbuf_len = min_t(loff_t, i_size - offset, rbuf_size[active]);  in ima_calc_file_hash_atfm()
397 				rc = -EINVAL;  in ima_calc_file_hash_atfm()
431 		ahash_request_set_crypt(req, NULL, hash->digest, 0);  in ima_calc_file_hash_atfm()
444 	tfm = ima_alloc_atfm(hash->algo);  in ima_calc_file_ahash()
464 	shash->tfm = tfm;  in ima_calc_file_hash_tfm()
466 	hash->length = crypto_shash_digestsize(tfm);  in ima_calc_file_hash_tfm()
479 		return -ENOMEM;  in ima_calc_file_hash_tfm()
490 			rc = -EINVAL;  in ima_calc_file_hash_tfm()
502 		rc = crypto_shash_final(shash, hash->digest);  in ima_calc_file_hash_tfm()
511 	tfm = ima_alloc_tfm(hash->algo);  in ima_calc_file_shash()
523  * ima_calc_file_hash - calculate file hash
546 	if (file->f_flags & O_DIRECT) {  in ima_calc_file_hash()
547 		hash->length = hash_digest_size[ima_hash_algo];  in ima_calc_file_hash()
548 		hash->algo = ima_hash_algo;  in ima_calc_file_hash()
549 		return -EINVAL;  in ima_calc_file_hash()
553 	if (!(file->f_mode & FMODE_READ)) {  in ima_calc_file_hash()
554 		int flags = file->f_flags & ~(O_WRONLY | O_APPEND |  in ima_calc_file_hash()
557 		f = dentry_open(&file->f_path, flags, file->f_cred);  in ima_calc_file_hash()
565 			f->f_mode |= FMODE_READ;  in ima_calc_file_hash()
585 		f->f_mode &= ~FMODE_READ;  in ima_calc_file_hash()
597 	struct ima_template_desc *td = entry->template_desc;  in ima_calc_field_array_hash_tfm()
598 	int num_fields = entry->template_desc->num_fields;  in ima_calc_field_array_hash_tfm()
601 	shash->tfm = ima_algo_array[tfm_idx].tfm;  in ima_calc_field_array_hash_tfm()
614 		if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {  in ima_calc_field_array_hash_tfm()
620 		} else if (strcmp(td->fields[i]->field_id, "n") == 0) {  in ima_calc_field_array_hash_tfm()
631 		rc = crypto_shash_final(shash, entry->digests[tfm_idx].digest);  in ima_calc_field_array_hash_tfm()
646 	entry->digests[ima_sha1_idx].alg_id = TPM_ALG_SHA1;  in ima_calc_field_array_hash()
653 			alg_id = ima_tpm_chip->allocated_banks[i].alg_id;  in ima_calc_field_array_hash()
654 			entry->digests[i].alg_id = alg_id;  in ima_calc_field_array_hash()
659 			memcpy(entry->digests[i].digest,  in ima_calc_field_array_hash()
660 			       entry->digests[ima_sha1_idx].digest,  in ima_calc_field_array_hash()
681 	hash->length = crypto_ahash_digestsize(tfm);  in calc_buffer_ahash_atfm()
685 		return -ENOMEM;  in calc_buffer_ahash_atfm()
704 		ahash_request_set_crypt(req, NULL, hash->digest, 0);  in calc_buffer_ahash_atfm()
718 	tfm = ima_alloc_atfm(hash->algo);  in calc_buffer_ahash()
737 	shash->tfm = tfm;  in calc_buffer_shash_tfm()
739 	hash->length = crypto_shash_digestsize(tfm);  in calc_buffer_shash_tfm()
751 		size -= len;  in calc_buffer_shash_tfm()
755 		rc = crypto_shash_final(shash, hash->digest);  in calc_buffer_shash_tfm()
765 	tfm = ima_alloc_tfm(hash->algo);  in calc_buffer_shash()
799  * The boot_aggregate is a cumulative hash over TPM registers 0 - 7.  With
802  * allowing firmware to configure and enable different banks.
817 	shash->tfm = tfm;  in ima_calc_boot_aggregate_tfm()
819 	pr_devel("calculating the boot-aggregate based on TPM bank: %04x\n",  in ima_calc_boot_aggregate_tfm()
826 	/* cumulative digest over TPM registers 0-7 */  in ima_calc_boot_aggregate_tfm()
836 	 * Extend cumulative digest over TPM registers 8-9, which contain  in ima_calc_boot_aggregate_tfm()
838 	 * in a typical PCR allocation. Registers 8-9 are only included in  in ima_calc_boot_aggregate_tfm()
839 	 * non-SHA1 boot_aggregate digests to avoid ambiguity.  in ima_calc_boot_aggregate_tfm()
857 	int rc, i, bank_idx = -1;  in ima_calc_boot_aggregate()
859 	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) {  in ima_calc_boot_aggregate()
860 		crypto_id = ima_tpm_chip->allocated_banks[i].crypto_id;  in ima_calc_boot_aggregate()
861 		if (crypto_id == hash->algo) {  in ima_calc_boot_aggregate()
869 		if (bank_idx == -1 && crypto_id == HASH_ALGO_SHA1)  in ima_calc_boot_aggregate()
873 	if (bank_idx == -1) {  in ima_calc_boot_aggregate()
878 	hash->algo = ima_tpm_chip->allocated_banks[bank_idx].crypto_id;  in ima_calc_boot_aggregate()
880 	tfm = ima_alloc_tfm(hash->algo);  in ima_calc_boot_aggregate()
884 	hash->length = crypto_shash_digestsize(tfm);  in ima_calc_boot_aggregate()
885 	alg_id = ima_tpm_chip->allocated_banks[bank_idx].alg_id;  in ima_calc_boot_aggregate()
886 	rc = ima_calc_boot_aggregate_tfm(hash->digest, alg_id, tfm);  in ima_calc_boot_aggregate()