1// SPDX-License-Identifier: GPL-2.0+ 2/* 3 * Copyright (C) 2019 Microsoft Corporation 4 * 5 * Author: Lakshmi Ramasubramanian (nramas@linux.microsoft.com) 6 * 7 * File: ima_asymmetric_keys.c 8 * Defines an IMA hook to measure asymmetric keys on key 9 * create or update. 10 */ 11 12#include <keys/asymmetric-type.h> 13#include "ima.h" 14 15/** 16 * ima_post_key_create_or_update - measure asymmetric keys 17 * @keyring: keyring to which the key is linked to 18 * @key: created or updated key 19 * @payload: The data used to instantiate or update the key. 20 * @payload_len: The length of @payload. 21 * @flags: key flags 22 * @create: flag indicating whether the key was created or updated 23 * 24 * Keys can only be measured, not appraised. 25 * The payload data used to instantiate or update the key is measured. 26 */ 27void ima_post_key_create_or_update(struct key *keyring, struct key *key, 28 const void *payload, size_t payload_len, 29 unsigned long flags, bool create) 30{ 31 bool queued = false; 32 33 /* Only asymmetric keys are handled by this hook. */ 34 if (key->type != &key_type_asymmetric) 35 return; 36 37 if (!payload || (payload_len == 0)) 38 return; 39 40 if (ima_should_queue_key()) 41 queued = ima_queue_key(keyring, payload, payload_len); 42 43 if (queued) 44 return; 45 46 /* 47 * keyring->description points to the name of the keyring 48 * (such as ".builtin_trusted_keys", ".ima", etc.) to 49 * which the given key is linked to. 50 * 51 * The name of the keyring is passed in the "eventname" 52 * parameter to process_buffer_measurement() and is set 53 * in the "eventname" field in ima_event_data for 54 * the key measurement IMA event. 55 * 56 * The name of the keyring is also passed in the "keyring" 57 * parameter to process_buffer_measurement() to check 58 * if the IMA policy is configured to measure a key linked 59 * to the given keyring. 60 */ 61 process_buffer_measurement(NULL, payload, payload_len, 62 keyring->description, KEY_CHECK, 0, 63 keyring->description); 64} 65