// SPDX-License-Identifier: GPL-2.0-only
/*
 * AppArmor security module
 *
 * This file contains AppArmor policy loading interface function definitions.
 *
 * Copyright 2013 Canonical Ltd.
 *
 * Fns to provide a checksum of policy that has been loaded this can be
 * compared to userspace policy compiles to check loaded policy is what
 * it should be.
 */

#include <crypto/sha2.h>

#include "include/apparmor.h"
#include "include/crypto.h"

unsigned int aa_hash_size(void)
{
	return SHA256_DIGEST_SIZE;
}

char *aa_calc_hash(void *data, size_t len)
{
	char *hash;

	hash = kzalloc(SHA256_DIGEST_SIZE, GFP_KERNEL);
	if (!hash)
		return ERR_PTR(-ENOMEM);

	sha256(data, len, hash);
	return hash;
}

int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
			 size_t len)
{
	struct sha256_ctx sctx;
	__le32 le32_version = cpu_to_le32(version);

	if (!aa_g_hash_policy)
		return 0;

	profile->hash = kzalloc(SHA256_DIGEST_SIZE, GFP_KERNEL);
	if (!profile->hash)
		return -ENOMEM;

	sha256_init(&sctx);
	sha256_update(&sctx, (u8 *)&le32_version, 4);
	sha256_update(&sctx, (u8 *)start, len);
	sha256_final(&sctx, profile->hash);
	return 0;
}

static int __init init_profile_hash(void)
{
	if (apparmor_initialized)
		aa_info_message("AppArmor sha256 policy hashing enabled");
	return 0;
}
late_initcall(init_profile_hash);