IBM 10 SP1 EAL4 manual Internet Control Message Protocol Icmp, Link layer protocols

5.4.3.4.1.8Cryptographic subsystem

IPSec uses the cryptographic subsystem described in this section. The cryptographic subsystem performs several cryptographic-related assignments, including Digital Signature Algorithm (DSA) signature verification, in-kernel key management, arbitrary-precision integer arithmetic, and verification of kernel modules signatures.

This subsystem was initially designed as a general-purpose mechanism, preserving the design ideas of simplicity and flexibility, including security-relevant network and file system services such as encrypted files and file systems, network file system security, strong file system integrity, and other kernel networking services where cryptography was required.

The ability to enforce cryptographic signatures on loadable modules has a couple of security uses:

•It prevents the kernel from loading corrupted modules

•It makes it difficult for an attacker to install a rootkit on a system

The kernel can be configured for checking or not checking the signatures of modules, so these signatures are only useful once the system is able to check it. For a signature to be checked and the new module accepted, it is first necessary that the kernel decrypt the signature with a public key. This public key is contained within the kernel, and the key must also to have the same checksum.

The in-kernel key management service allows cryptographic keys, authentication tokens, cross-domain user mappings, and other related security information to be cached in the kernel for the file systems to use other kernel services.

A special kind of key, called a keyring, which contains a list of keys and support links to others keys, is also permitted. The keys represent cryptographic data, authentication tokens, keyrings, and similar information.

The in-kernel key management service possesses two special types of keys: the above-mentioned keyring, and the user key. Userspace programs can directly create and manipulate keys and keyrings through a system call interface, using three new system calls: add_key(), request_key(), and keyctl(). Services can register types and search for keys through a kernel interface. There also exists an optional file system in which the key database can be manipulated and viewed.

For manipulating the key attributes and permissions it is necessary to be the key owner or to have administrative privileges.

5.4.4Internet Control Message Protocol (ICMP)

Internet Control Message Protocol (ICMP) is an extension to IP that provides a messaging service. The purpose of these control messages is to provide feedback about problems in the communication environment. ICMP messages are sent in following situations:

•When a datagram cannot reach its destination.

•When the gateway does not have the buffering capacity to forward a datagram.

•When the gateway can direct the host to send traffic on a shorter route.

For more information about the ICMP, refer to RFC 792.

5.4.4.1Link layer protocols

The Address Resolution Protocol (ARP) is the link layer protocol that is supported on the SLES system.

78