mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-12-27 12:21:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge tag 'libcrypto-conversions-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux

Browse Source 
Pull crypto library conversions from Eric Biggers:
 "Convert fsverity and apparmor to use the SHA-2 library functions
  instead of crypto_shash. This is simpler and also slightly faster"

* tag 'libcrypto-conversions-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux:
  fsverity: Switch from crypto_shash to SHA-2 library
  fsverity: Explicitly include <linux/export.h>
  apparmor: use SHA-256 library API instead of crypto_shash API
This commit is contained in:
Linus Torvalds
2025-07-28 18:05:46 -07:00
parent f2f573ebd4 998646b3c1
commit 4b65b859f5
11 changed files with 118 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Documentation/filesystems/fsverity.rst
View File

@@ -185,8 +185,7 @@ FS_IOC_ENABLE_VERITY can fail with the following errors:
- ``ENOKEY``: the ".fs-verity" keyring doesn't contain the certificate
needed to verify the builtin signature
- ``ENOPKG``: fs-verity recognizes the hash algorithm, but it's not
available in the kernel's crypto API as currently configured (e.g.
for SHA-512, missing CONFIG_CRYPTO_SHA512).
available in the kernel as currently configured
- ``ENOTTY``: this type of filesystem does not implement fs-verity
- ``EOPNOTSUPP``: the kernel was not configured with fs-verity
support; or the filesystem superblock has not had the 'verity'

6
fs/verity/Kconfig
View File

@@ -2,11 +2,9 @@
config FS_VERITY
bool "FS Verity (read-only file-based authenticity protection)"
select CRYPTO
select CRYPTO_HASH_INFO
# SHA-256 is selected as it's intended to be the default hash algorithm.
# To avoid bloat, other wanted algorithms must be selected explicitly.
select CRYPTO_SHA256
select CRYPTO_LIB_SHA256
select CRYPTO_LIB_SHA512
help
This option enables fs-verity. fs-verity is the dm-verity
mechanism implemented at the file level. On supported

9
fs/verity/enable.c
View File

@@ -7,7 +7,7 @@
#include "fsverity_private.h"
#include <crypto/hash.h>
#include <linux/export.h>
#include <linux/mount.h>
#include <linux/sched/signal.h>
#include <linux/uaccess.h>
@@ -24,7 +24,6 @@ static int hash_one_block(struct inode *inode,
struct block_buffer *cur)
{
struct block_buffer *next = cur + 1;
int err;
/*
* Safety check to prevent a buffer overflow in case of a filesystem bug
@@ -37,10 +36,8 @@ static int hash_one_block(struct inode *inode,
/* Zero-pad the block if it's shorter than the block size. */
memset(&cur->data[cur->filled], 0, params->block_size - cur->filled);
err = fsverity_hash_block(params, inode, cur->data,
&next->data[next->filled]);
if (err)
return err;
fsverity_hash_block(params, inode, cur->data,
&next->data[next->filled]);
next->filled += params->digest_size;
cur->filled = 0;
return 0;

24
fs/verity/fsverity_private.h
View File

@@ -20,7 +20,6 @@
/* A hash algorithm supported by fs-verity */
struct fsverity_hash_alg {
struct crypto_shash *tfm; /* hash tfm, allocated on demand */
const char *name; /* crypto API name, e.g. sha256 */
unsigned int digest_size; /* digest size in bytes, e.g. 32 for SHA-256 */
unsigned int block_size; /* block size in bytes, e.g. 64 for SHA-256 */
@@ -31,10 +30,16 @@ struct fsverity_hash_alg {
enum hash_algo algo_id;
};
union fsverity_hash_ctx {
struct sha256_ctx sha256;
struct sha512_ctx sha512;
};
/* Merkle tree parameters: hash algorithm, initial hash state, and topology */
struct merkle_tree_params {
const struct fsverity_hash_alg *hash_alg; /* the hash algorithm */
const u8 *hashstate; /* initial hash state or NULL */
/* initial hash state if salted, NULL if unsalted */
const union fsverity_hash_ctx *hashstate;
unsigned int digest_size; /* same as hash_alg->digest_size */
unsigned int block_size; /* size of data and tree blocks */
unsigned int hashes_per_block; /* number of hashes per tree block */
@@ -76,16 +81,17 @@ struct fsverity_info {
/* hash_algs.c */
extern struct fsverity_hash_alg fsverity_hash_algs[];
extern const struct fsverity_hash_alg fsverity_hash_algs[];
const struct fsverity_hash_alg *fsverity_get_hash_alg(const struct inode *inode,
unsigned int num);
const u8 *fsverity_prepare_hash_state(const struct fsverity_hash_alg *alg,
const u8 *salt, size_t salt_size);
int fsverity_hash_block(const struct merkle_tree_params *params,
const struct inode *inode, const void *data, u8 *out);
int fsverity_hash_buffer(const struct fsverity_hash_alg *alg,
const void *data, size_t size, u8 *out);
union fsverity_hash_ctx *
fsverity_prepare_hash_state(const struct fsverity_hash_alg *alg,
const u8 *salt, size_t salt_size);
void fsverity_hash_block(const struct merkle_tree_params *params,
const struct inode *inode, const void *data, u8 *out);
void fsverity_hash_buffer(const struct fsverity_hash_alg *alg,
const void *data, size_t size, u8 *out);
void __init fsverity_check_hash_algs(void);
/* init.c */

190
fs/verity/hash_algs.c
View File

@@ -7,10 +7,8 @@
#include "fsverity_private.h"
#include <crypto/hash.h>
/* The hash algorithms supported by fs-verity */
struct fsverity_hash_alg fsverity_hash_algs[] = {
const struct fsverity_hash_alg fsverity_hash_algs[] = {
[FS_VERITY_HASH_ALG_SHA256] = {
.name = "sha256",
.digest_size = SHA256_DIGEST_SIZE,
@@ -25,106 +23,42 @@ struct fsverity_hash_alg fsverity_hash_algs[] = {
},
};
static DEFINE_MUTEX(fsverity_hash_alg_init_mutex);
/**
* fsverity_get_hash_alg() - validate and prepare a hash algorithm
* fsverity_get_hash_alg() - get a hash algorithm by number
* @inode: optional inode for logging purposes
* @num: the hash algorithm number
*
* Get the struct fsverity_hash_alg for the given hash algorithm number, and
* ensure it has a hash transform ready to go. The hash transforms are
* allocated on-demand so that we don't waste resources unnecessarily, and
* because the crypto modules may be initialized later than fs/verity/.
* Get the struct fsverity_hash_alg for the given hash algorithm number.
*
* Return: pointer to the hash alg on success, else an ERR_PTR()
* Return: pointer to the hash alg if it's known, otherwise NULL.
*/
const struct fsverity_hash_alg *fsverity_get_hash_alg(const struct inode *inode,
unsigned int num)
{
struct fsverity_hash_alg *alg;
struct crypto_shash *tfm;
int err;
if (num >= ARRAY_SIZE(fsverity_hash_algs) ||
!fsverity_hash_algs[num].name) {
fsverity_warn(inode, "Unknown hash algorithm number: %u", num);
return ERR_PTR(-EINVAL);
return NULL;
}
alg = &fsverity_hash_algs[num];
/* pairs with smp_store_release() below */
if (likely(smp_load_acquire(&alg->tfm) != NULL))
return alg;
mutex_lock(&fsverity_hash_alg_init_mutex);
if (alg->tfm != NULL)
goto out_unlock;
tfm = crypto_alloc_shash(alg->name, 0, 0);
if (IS_ERR(tfm)) {
if (PTR_ERR(tfm) == -ENOENT) {
fsverity_warn(inode,
"Missing crypto API support for hash algorithm \"%s\"",
alg->name);
alg = ERR_PTR(-ENOPKG);
goto out_unlock;
}
fsverity_err(inode,
"Error allocating hash algorithm \"%s\": %ld",
alg->name, PTR_ERR(tfm));
alg = ERR_CAST(tfm);
goto out_unlock;
}
err = -EINVAL;
if (WARN_ON_ONCE(alg->digest_size != crypto_shash_digestsize(tfm)))
goto err_free_tfm;
if (WARN_ON_ONCE(alg->block_size != crypto_shash_blocksize(tfm)))
goto err_free_tfm;
pr_info("%s using implementation \"%s\"\n",
alg->name, crypto_shash_driver_name(tfm));
/* pairs with smp_load_acquire() above */
smp_store_release(&alg->tfm, tfm);
goto out_unlock;
err_free_tfm:
crypto_free_shash(tfm);
alg = ERR_PTR(err);
out_unlock:
mutex_unlock(&fsverity_hash_alg_init_mutex);
return alg;
return &fsverity_hash_algs[num];
}
/**
* fsverity_prepare_hash_state() - precompute the initial hash state
* @alg: hash algorithm
* @salt: a salt which is to be prepended to all data to be hashed
* @salt_size: salt size in bytes, possibly 0
* @salt_size: salt size in bytes
*
* Return: NULL if the salt is empty, otherwise the kmalloc()'ed precomputed
* initial hash state on success or an ERR_PTR() on failure.
* Return: the kmalloc()'ed initial hash state, or NULL if out of memory.
*/
const u8 *fsverity_prepare_hash_state(const struct fsverity_hash_alg *alg,
const u8 *salt, size_t salt_size)
union fsverity_hash_ctx *
fsverity_prepare_hash_state(const struct fsverity_hash_alg *alg,
const u8 *salt, size_t salt_size)
{
u8 *hashstate = NULL;
SHASH_DESC_ON_STACK(desc, alg->tfm);
u8 *padded_salt = NULL;
size_t padded_salt_size;
int err;
desc->tfm = alg->tfm;
if (salt_size == 0)
return NULL;
hashstate = kmalloc(crypto_shash_statesize(alg->tfm), GFP_KERNEL);
if (!hashstate)
return ERR_PTR(-ENOMEM);
union fsverity_hash_ctx ctx;
void *res = NULL;
/*
* Zero-pad the salt to the next multiple of the input size of the hash
@@ -135,30 +69,26 @@ const u8 *fsverity_prepare_hash_state(const struct fsverity_hash_alg *alg,
*/
padded_salt_size = round_up(salt_size, alg->block_size);
padded_salt = kzalloc(padded_salt_size, GFP_KERNEL);
if (!padded_salt) {
err = -ENOMEM;
goto err_free;
}
if (!padded_salt)
return NULL;
memcpy(padded_salt, salt, salt_size);
err = crypto_shash_init(desc);
if (err)
goto err_free;
err = crypto_shash_update(desc, padded_salt, padded_salt_size);
if (err)
goto err_free;
err = crypto_shash_export(desc, hashstate);
if (err)
goto err_free;
out:
switch (alg->algo_id) {
case HASH_ALGO_SHA256:
sha256_init(&ctx.sha256);
sha256_update(&ctx.sha256, padded_salt, padded_salt_size);
res = kmemdup(&ctx.sha256, sizeof(ctx.sha256), GFP_KERNEL);
break;
case HASH_ALGO_SHA512:
sha512_init(&ctx.sha512);
sha512_update(&ctx.sha512, padded_salt, padded_salt_size);
res = kmemdup(&ctx.sha512, sizeof(ctx.sha512), GFP_KERNEL);
break;
default:
WARN_ON_ONCE(1);
}
kfree(padded_salt);
return hashstate;
err_free:
kfree(hashstate);
hashstate = ERR_PTR(err);
goto out;
return res;
}
/**
@@ -170,31 +100,32 @@ const u8 *fsverity_prepare_hash_state(const struct fsverity_hash_alg *alg,
*
* Hash a single data or hash block. The hash is salted if a salt is specified
* in the Merkle tree parameters.
*
* Return: 0 on success, -errno on failure
*/
int fsverity_hash_block(const struct merkle_tree_params *params,
const struct inode *inode, const void *data, u8 *out)
void fsverity_hash_block(const struct merkle_tree_params *params,
const struct inode *inode, const void *data, u8 *out)
{
SHASH_DESC_ON_STACK(desc, params->hash_alg->tfm);
int err;
union fsverity_hash_ctx ctx;
desc->tfm = params->hash_alg->tfm;
if (params->hashstate) {
err = crypto_shash_import(desc, params->hashstate);
if (err) {
fsverity_err(inode,
"Error %d importing hash state", err);
return err;
}
err = crypto_shash_finup(desc, data, params->block_size, out);
} else {
err = crypto_shash_digest(desc, data, params->block_size, out);
if (!params->hashstate) {
fsverity_hash_buffer(params->hash_alg, data, params->block_size,
out);
return;
}
switch (params->hash_alg->algo_id) {
case HASH_ALGO_SHA256:
ctx.sha256 = params->hashstate->sha256;
sha256_update(&ctx.sha256, data, params->block_size);
sha256_final(&ctx.sha256, out);
return;
case HASH_ALGO_SHA512:
ctx.sha512 = params->hashstate->sha512;
sha512_update(&ctx.sha512, data, params->block_size);
sha512_final(&ctx.sha512, out);
return;
default:
BUG();
}
if (err)
fsverity_err(inode, "Error %d computing block hash", err);
return err;
}
/**
@@ -203,13 +134,20 @@ int fsverity_hash_block(const struct merkle_tree_params *params,
* @data: the data to hash
* @size: size of data to hash, in bytes
* @out: output digest, size 'alg->digest_size' bytes
*
* Return: 0 on success, -errno on failure
*/
int fsverity_hash_buffer(const struct fsverity_hash_alg *alg,
const void *data, size_t size, u8 *out)
void fsverity_hash_buffer(const struct fsverity_hash_alg *alg,
const void *data, size_t size, u8 *out)
{
return crypto_shash_tfm_digest(alg->tfm, data, size, out);
switch (alg->algo_id) {
case HASH_ALGO_SHA256:
sha256(data, size, out);
return;
case HASH_ALGO_SHA512:
sha512(data, size, out);
return;
default:
BUG();
}
}
void __init fsverity_check_hash_algs(void)

1
fs/verity/measure.c
View File

@@ -9,6 +9,7 @@
#include <linux/bpf.h>
#include <linux/btf.h>
#include <linux/export.h>
#include <linux/uaccess.h>
/**

37
fs/verity/open.c
View File

@@ -7,6 +7,7 @@
#include "fsverity_private.h"
#include <linux/export.h>
#include <linux/mm.h>
#include <linux/slab.h>
@@ -42,18 +43,18 @@ int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
memset(params, 0, sizeof(*params));
hash_alg = fsverity_get_hash_alg(inode, hash_algorithm);
if (IS_ERR(hash_alg))
return PTR_ERR(hash_alg);
if (!hash_alg)
return -EINVAL;
params->hash_alg = hash_alg;
params->digest_size = hash_alg->digest_size;
params->hashstate = fsverity_prepare_hash_state(hash_alg, salt,
salt_size);
if (IS_ERR(params->hashstate)) {
err = PTR_ERR(params->hashstate);
params->hashstate = NULL;
fsverity_err(inode, "Error %d preparing hash state", err);
goto out_err;
if (salt_size) {
params->hashstate =
fsverity_prepare_hash_state(hash_alg, salt, salt_size);
if (!params->hashstate) {
err = -ENOMEM;
goto out_err;
}
}
/*
@@ -158,18 +159,15 @@ int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
* Compute the file digest by hashing the fsverity_descriptor excluding the
* builtin signature and with the sig_size field set to 0.
*/
static int compute_file_digest(const struct fsverity_hash_alg *hash_alg,
struct fsverity_descriptor *desc,
u8 *file_digest)
static void compute_file_digest(const struct fsverity_hash_alg *hash_alg,
struct fsverity_descriptor *desc,
u8 *file_digest)
{
__le32 sig_size = desc->sig_size;
int err;
desc->sig_size = 0;
err = fsverity_hash_buffer(hash_alg, desc, sizeof(*desc), file_digest);
fsverity_hash_buffer(hash_alg, desc, sizeof(*desc), file_digest);
desc->sig_size = sig_size;
return err;
}
/*
@@ -201,12 +199,7 @@ struct fsverity_info *fsverity_create_info(const struct inode *inode,
memcpy(vi->root_hash, desc->root_hash, vi->tree_params.digest_size);
err = compute_file_digest(vi->tree_params.hash_alg, desc,
vi->file_digest);
if (err) {
fsverity_err(inode, "Error %d computing file digest", err);
goto fail;
}
compute_file_digest(vi->tree_params.hash_alg, desc, vi->file_digest);
err = fsverity_verify_signature(vi, desc->signature,
le32_to_cpu(desc->sig_size));

1
fs/verity/read_metadata.c
View File

@@ -8,6 +8,7 @@
#include "fsverity_private.h"
#include <linux/backing-dev.h>
#include <linux/export.h>
#include <linux/highmem.h>
#include <linux/sched/signal.h>
#include <linux/uaccess.h>

8
fs/verity/verify.c
View File

@@ -7,8 +7,8 @@
#include "fsverity_private.h"
#include <crypto/hash.h>
#include <linux/bio.h>
#include <linux/export.h>
static struct workqueue_struct *fsverity_read_workqueue;
@@ -202,8 +202,7 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi,
unsigned long hblock_idx = hblocks[level - 1].index;
unsigned int hoffset = hblocks[level - 1].hoffset;
if (fsverity_hash_block(params, inode, haddr, real_hash) != 0)
goto error;
fsverity_hash_block(params, inode, haddr, real_hash);
if (memcmp(want_hash, real_hash, hsize) != 0)
goto corrupted;
/*
@@ -222,8 +221,7 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi,
}
/* Finally, verify the data block. */
if (fsverity_hash_block(params, inode, data, real_hash) != 0)
goto error;
fsverity_hash_block(params, inode, data, real_hash);
if (memcmp(want_hash, real_hash, hsize) != 0)
goto corrupted;
return true;

3
security/apparmor/Kconfig
View File

@@ -59,8 +59,7 @@ config SECURITY_APPARMOR_INTROSPECT_POLICY
config SECURITY_APPARMOR_HASH
bool "Enable introspection of sha256 hashes for loaded profiles"
depends on SECURITY_APPARMOR_INTROSPECT_POLICY
select CRYPTO
select CRYPTO_SHA256
select CRYPTO_LIB_SHA256
default y
help
This option selects whether introspection of loaded policy

85
security/apparmor/crypto.c
View File

@@ -11,113 +11,52 @@
* it should be.
*/
#include <crypto/hash.h>
#include <crypto/sha2.h>
#include "include/apparmor.h"
#include "include/crypto.h"
static unsigned int apparmor_hash_size;
static struct crypto_shash *apparmor_tfm;
unsigned int aa_hash_size(void)
{
return apparmor_hash_size;
return SHA256_DIGEST_SIZE;
}
char *aa_calc_hash(void *data, size_t len)
{
SHASH_DESC_ON_STACK(desc, apparmor_tfm);
char *hash;
int error;
if (!apparmor_tfm)
return NULL;
hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
hash = kzalloc(SHA256_DIGEST_SIZE, GFP_KERNEL);
if (!hash)
return ERR_PTR(-ENOMEM);
desc->tfm = apparmor_tfm;
error = crypto_shash_init(desc);
if (error)
goto fail;
error = crypto_shash_update(desc, (u8 *) data, len);
if (error)
goto fail;
error = crypto_shash_final(desc, hash);
if (error)
goto fail;
sha256(data, len, hash);
return hash;
fail:
kfree(hash);
return ERR_PTR(error);
}
int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
size_t len)
{
SHASH_DESC_ON_STACK(desc, apparmor_tfm);
int error;
struct sha256_ctx sctx;
__le32 le32_version = cpu_to_le32(version);
if (!aa_g_hash_policy)
return 0;
if (!apparmor_tfm)
return 0;
profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
profile->hash = kzalloc(SHA256_DIGEST_SIZE, GFP_KERNEL);
if (!profile->hash)
return -ENOMEM;
desc->tfm = apparmor_tfm;
error = crypto_shash_init(desc);
if (error)
goto fail;
error = crypto_shash_update(desc, (u8 *) &le32_version, 4);
if (error)
goto fail;
error = crypto_shash_update(desc, (u8 *) start, len);
if (error)
goto fail;
error = crypto_shash_final(desc, profile->hash);
if (error)
goto fail;
sha256_init(&sctx);
sha256_update(&sctx, (u8 *)&le32_version, 4);
sha256_update(&sctx, (u8 *)start, len);
sha256_final(&sctx, profile->hash);
return 0;
fail:
kfree(profile->hash);
profile->hash = NULL;
return error;
}
static int __init init_profile_hash(void)
{
struct crypto_shash *tfm;
if (!apparmor_initialized)
return 0;
tfm = crypto_alloc_shash("sha256", 0, 0);
if (IS_ERR(tfm)) {
int error = PTR_ERR(tfm);
AA_ERROR("failed to setup profile sha256 hashing: %d\n", error);
return error;
}
apparmor_tfm = tfm;
apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm);
aa_info_message("AppArmor sha256 policy hashing enabled");
if (apparmor_initialized)
aa_info_message("AppArmor sha256 policy hashing enabled");
return 0;
}
late_initcall(init_profile_hash);