Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650_ksu
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: S9210ZCU4AXK4
Branches Tags
android_kernel_...
/
security
/
integrity
/
ima
/
ima_asymmetric_keys.c

ima_asymmetric_keys.c 2.0 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. // SPDX-License-Identifier: GPL-2.0+
    2. 

  2. /*
    3. 

  3.  * Copyright (C) 2019 Microsoft Corporation
    4. 

  4.  *
    5. 

  5.  * Author: Lakshmi Ramasubramanian ([email protected])
    6. 

  6.  *
    7. 

  7.  * File: ima_asymmetric_keys.c
    8. 

  8.  *       Defines an IMA hook to measure asymmetric keys on key
    9. 

  9.  *       create or update.
    10. 

  10.  */
    11. 

  11. 

  12. #include <keys/asymmetric-type.h>
    13. 

  13. #include <linux/user_namespace.h>
    14. 

  14. #include <linux/ima.h>
    15. 

  15. #include "ima.h"
    16. 

  16. 

  17. /**
    18. 

  18.  * ima_post_key_create_or_update - measure asymmetric keys
    19. 

  19.  * @keyring: keyring to which the key is linked to
    20. 

  20.  * @key: created or updated key
    21. 

  21.  * @payload: The data used to instantiate or update the key.
    22. 

  22.  * @payload_len: The length of @payload.
    23. 

  23.  * @flags: key flags
    24. 

  24.  * @create: flag indicating whether the key was created or updated
    25. 

  25.  *
    26. 

  26.  * Keys can only be measured, not appraised.
    27. 

  27.  * The payload data used to instantiate or update the key is measured.
    28. 

  28.  */
    29. 

  29. void ima_post_key_create_or_update(struct key *keyring, struct key *key,
    30. 

  30. 				   const void *payload, size_t payload_len,
    31. 

  31. 				   unsigned long flags, bool create)
    32. 

  32. {
    33. 

  33. 	bool queued = false;
    34. 

  34. 

  35. 	/* Only asymmetric keys are handled by this hook. */
    36. 

  36. 	if (key->type != &key_type_asymmetric)
    37. 

  37. 		return;
    38. 

  38. 

  39. 	if (!payload || (payload_len == 0))
    40. 

  40. 		return;
    41. 

  41. 

  42. 	if (ima_should_queue_key())
    43. 

  43. 		queued = ima_queue_key(keyring, payload, payload_len);
    44. 

  44. 

  45. 	if (queued)
    46. 

  46. 		return;
    47. 

  47. 

  48. 	/*
    49. 

  49. 	 * keyring->description points to the name of the keyring
    50. 

  50. 	 * (such as ".builtin_trusted_keys", ".ima", etc.) to
    51. 

  51. 	 * which the given key is linked to.
    52. 

  52. 	 *
    53. 

  53. 	 * The name of the keyring is passed in the "eventname"
    54. 

  54. 	 * parameter to process_buffer_measurement() and is set
    55. 

  55. 	 * in the "eventname" field in ima_event_data for
    56. 

  56. 	 * the key measurement IMA event.
    57. 

  57. 	 *
    58. 

  58. 	 * The name of the keyring is also passed in the "keyring"
    59. 

  59. 	 * parameter to process_buffer_measurement() to check
    60. 

  60. 	 * if the IMA policy is configured to measure a key linked
    61. 

  61. 	 * to the given keyring.
    62. 

  62. 	 */
    63. 

  63. 	process_buffer_measurement(&init_user_ns, NULL, payload, payload_len,
    64. 

  64. 				   keyring->description, KEY_CHECK, 0,
    65. 

  65. 				   keyring->description, false, NULL, 0);
    66. 

  66. }
    67.