1 // SPDX-License-Identifier: GPL-2.0-only
7  * Kylene Hall <kjhall@us.ibm.com>
10  *	Calculates md5/sha1 file hash, template hash, boot-aggreate hash
30 /* default is 0 - 1 page. */
42 		return -EINVAL;  in param_set_bufsize()
125 	ima_sha1_idx = -1;  in ima_init_crypto()
126 	ima_hash_algo_idx = -1;  in ima_init_crypto()
129 		algo = ima_tpm_chip->allocated_banks[i].crypto_id;  in ima_init_crypto()
149 		rc = -ENOMEM;  in ima_init_crypto()
154 		algo = ima_tpm_chip->allocated_banks[i].crypto_id;  in ima_init_crypto()
228  * ima_alloc_pages() - Allocate contiguous pages.
252 	for (; order; order--) {  in ima_alloc_pages()
260 	/* order is zero - one page */  in ima_alloc_pages()
278  * ima_free_pages() - Free pages allocated by ima_alloc_pages().
340 	hash->length = crypto_ahash_digestsize(tfm);  in ima_calc_file_hash_atfm()
344 		return -ENOMEM;  in ima_calc_file_hash_atfm()
366 		rc = -ENOMEM;  in ima_calc_file_hash_atfm()
377 		rbuf[1] = ima_alloc_pages(i_size - rbuf_size[0],  in ima_calc_file_hash_atfm()
392 		rbuf_len = min_t(loff_t, i_size - offset, rbuf_size[active]);  in ima_calc_file_hash_atfm()
397 				rc = -EINVAL;  in ima_calc_file_hash_atfm()
431 		ahash_request_set_crypt(req, NULL, hash->digest, 0);  in ima_calc_file_hash_atfm()
444 	tfm = ima_alloc_atfm(hash->algo);  in ima_calc_file_ahash()
464 	shash->tfm = tfm;  in ima_calc_file_hash_tfm()
466 	hash->length = crypto_shash_digestsize(tfm);  in ima_calc_file_hash_tfm()
479 		return -ENOMEM;  in ima_calc_file_hash_tfm()
490 			rc = -EINVAL;  in ima_calc_file_hash_tfm()
502 		rc = crypto_shash_final(shash, hash->digest);  in ima_calc_file_hash_tfm()
511 	tfm = ima_alloc_tfm(hash->algo);  in ima_calc_file_shash()
523  * ima_calc_file_hash - calculate file hash
546 	if (file->f_flags & O_DIRECT) {  in ima_calc_file_hash()
547 		hash->length = hash_digest_size[ima_hash_algo];  in ima_calc_file_hash()
548 		hash->algo = ima_hash_algo;  in ima_calc_file_hash()
549 		return -EINVAL;  in ima_calc_file_hash()
553 	if (!(file->f_mode & FMODE_READ)) {  in ima_calc_file_hash()
554 		int flags = file->f_flags & ~(O_WRONLY | O_APPEND |  in ima_calc_file_hash()
557 		f = dentry_open(&file->f_path, flags, file->f_cred);  in ima_calc_file_hash()
587 	struct ima_template_desc *td = entry->template_desc;  in ima_calc_field_array_hash_tfm()
588 	int num_fields = entry->template_desc->num_fields;  in ima_calc_field_array_hash_tfm()
591 	shash->tfm = ima_algo_array[tfm_idx].tfm;  in ima_calc_field_array_hash_tfm()
604 		if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {  in ima_calc_field_array_hash_tfm()
610 		} else if (strcmp(td->fields[i]->field_id, "n") == 0) {  in ima_calc_field_array_hash_tfm()
621 		rc = crypto_shash_final(shash, entry->digests[tfm_idx].digest);  in ima_calc_field_array_hash_tfm()
636 	entry->digests[ima_sha1_idx].alg_id = TPM_ALG_SHA1;  in ima_calc_field_array_hash()
643 			alg_id = ima_tpm_chip->allocated_banks[i].alg_id;  in ima_calc_field_array_hash()
644 			entry->digests[i].alg_id = alg_id;  in ima_calc_field_array_hash()
649 			memcpy(entry->digests[i].digest,  in ima_calc_field_array_hash()
650 			       entry->digests[ima_sha1_idx].digest,  in ima_calc_field_array_hash()
671 	hash->length = crypto_ahash_digestsize(tfm);  in calc_buffer_ahash_atfm()
675 		return -ENOMEM;  in calc_buffer_ahash_atfm()
694 		ahash_request_set_crypt(req, NULL, hash->digest, 0);  in calc_buffer_ahash_atfm()
708 	tfm = ima_alloc_atfm(hash->algo);  in calc_buffer_ahash()
727 	shash->tfm = tfm;  in calc_buffer_shash_tfm()
729 	hash->length = crypto_shash_digestsize(tfm);  in calc_buffer_shash_tfm()
741 		size -= len;  in calc_buffer_shash_tfm()
745 		rc = crypto_shash_final(shash, hash->digest);  in calc_buffer_shash_tfm()
755 	tfm = ima_alloc_tfm(hash->algo);  in calc_buffer_shash()
789  * The boot_aggregate is a cumulative hash over TPM registers 0 - 7.  With
792  * allowing firmware to configure and enable different banks.
807 	shash->tfm = tfm;  in ima_calc_boot_aggregate_tfm()
809 	pr_devel("calculating the boot-aggregate based on TPM bank: %04x\n",  in ima_calc_boot_aggregate_tfm()
816 	/* cumulative digest over TPM registers 0-7 */  in ima_calc_boot_aggregate_tfm()
826 	 * Extend cumulative digest over TPM registers 8-9, which contain  in ima_calc_boot_aggregate_tfm()
828 	 * in a typical PCR allocation. Registers 8-9 are only included in  in ima_calc_boot_aggregate_tfm()
829 	 * non-SHA1 boot_aggregate digests to avoid ambiguity.  in ima_calc_boot_aggregate_tfm()
847 	int rc, i, bank_idx = -1;  in ima_calc_boot_aggregate()
849 	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) {  in ima_calc_boot_aggregate()
850 		crypto_id = ima_tpm_chip->allocated_banks[i].crypto_id;  in ima_calc_boot_aggregate()
851 		if (crypto_id == hash->algo) {  in ima_calc_boot_aggregate()
859 		if (bank_idx == -1 && crypto_id == HASH_ALGO_SHA1)  in ima_calc_boot_aggregate()
863 	if (bank_idx == -1) {  in ima_calc_boot_aggregate()
868 	hash->algo = ima_tpm_chip->allocated_banks[bank_idx].crypto_id;  in ima_calc_boot_aggregate()
870 	tfm = ima_alloc_tfm(hash->algo);  in ima_calc_boot_aggregate()
874 	hash->length = crypto_shash_digestsize(tfm);  in ima_calc_boot_aggregate()
875 	alg_id = ima_tpm_chip->allocated_banks[bank_idx].alg_id;  in ima_calc_boot_aggregate()
876 	rc = ima_calc_boot_aggregate_tfm(hash->digest, alg_id, tfm);  in ima_calc_boot_aggregate()