4 files changed, 135 insertions, 3 deletions
diff --git a/Documentation/digsig.txt b/Documentation/digsig.txt
new file mode 100644
index 000000000000..3f682889068b
--- /dev/null
+++ b/Documentation/digsig.txt
@@ -0,0 +1,96 @@
+Digital Signature Verification API
+CONTENTS
+1. Introduction
+2. API
+3. User-space utilities
+1. Introduction
+Digital signature verification API provides a method to verify digital signature.
+Currently digital signatures are used by the IMA/EVM integrity protection subsystem.
+Digital signature verification is implemented using cut-down kernel port of
+GnuPG multi-precision integers (MPI) library. The kernel port provides
+memory allocation errors handling, has been refactored according to kernel
+coding style, and checkpatch.pl reported errors and warnings have been fixed.
+Public key and signature consist of header and MPIs.
+struct pubkey_hdr {
+        uint8_t         version;        /* key format version */
+        time_t          timestamp;      /* key made, always 0 for now */
+        uint8_t         algo;
+        uint8_t         nmpi;
+        char            mpi[0];
+} __packed;
+struct signature_hdr {
+        uint8_t         version;        /* signature format version */
+        time_t          timestamp;      /* signature made */
+        uint8_t         algo;
+        uint8_t         hash;
+        uint8_t         keyid[8];
+        uint8_t         nmpi;
+        char            mpi[0];
+} __packed;
+keyid equals to SHA1[12-19] over the total key content.
+Signature header is used as an input to generate a signature.
+Such approach insures that key or signature header could not be changed.
+It protects timestamp from been changed and can be used for rollback
+protection.
+2. API
+API currently includes only 1 function:
+        digsig_verify() - digital signature verification with public key
+/**
+ * digsig_verify() - digital signature verification with public key
+ * @keyring:    keyring to search key in
+ * @sig:        digital signature
+ * @sigen:      length of the signature
+ * @data:       data
+ * @datalen:    length of the data
+ * @return:     0 on success, -EINVAL otherwise
+ *
+ * Verifies data integrity against digital signature.
+ * Currently only RSA is supported.
+ * Normally hash of the content is used as a data for this function.
+ *
+ */
+int digsig_verify(struct key *keyring, const char *sig, int siglen,
+                                                const char *data, int datalen);
+3. User-space utilities
+The signing and key management utilities evm-utils provide functionality
+to generate signatures, to load keys into the kernel keyring.
+Keys can be in PEM or converted to the kernel format.
+When the key is added to the kernel keyring, the keyid defines the name
+of the key: 5D2B05FC633EE3E8 in the example bellow.
+Here is example output of the keyctl utility.
+$ keyctl show
+Session Keyring
+       -3 --alswrv      0     0  keyring: _ses
+603976250 --alswrv      0    -1   \_ keyring: _uid.0
+817777377 --alswrv      0     0       \_ user: kmk
+891974900 --alswrv      0     0       \_ encrypted: evm-key
+170323636 --alswrv      0     0       \_ keyring: _module
+548221616 --alswrv      0     0       \_ keyring: _ima
+128198054 --alswrv      0     0       \_ keyring: _evm
+$ keyctl list 128198054
+1 key in keyring:
+620789745: --alswrv     0     0 user: 5D2B05FC633EE3E8
+Dmitry Kasatkin
+06.10.2011
diff --git a/Documentation/security/00-INDEX b/Documentation/security/00-INDEX
index 19bc49439cac..99b85d39751c 100644
--- a/Documentation/security/00-INDEX
+++ b/Documentation/security/00-INDEX
@@ -1,5 +1,7 @@
 00-INDEX
        - this file.
+LSM.txt
+        - description of the Linux Security Module framework.
 SELinux.txt
        - how to get started with the SELinux security enhancement.
 Smack.txt
diff --git a/Documentation/security/LSM.txt b/Documentation/security/LSM.txt
new file mode 100644
index 000000000000..c335a763a2ed
--- /dev/null
+++ b/Documentation/security/LSM.txt
@@ -0,0 +1,34 @@
+Linux Security Module framework
+-------------------------------
+The Linux Security Module (LSM) framework provides a mechanism for
+various security checks to be hooked by new kernel extensions. The name
+"module" is a bit of a misnomer since these extensions are not actually
+loadable kernel modules. Instead, they are selectable at build-time via
+CONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the
+"security=..." kernel command line argument, in the case where multiple
+LSMs were built into a given kernel.
+The primary users of the LSM interface are Mandatory Access Control
+(MAC) extensions which provide a comprehensive security policy. Examples
+include SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger
+MAC extensions, other extensions can be built using the LSM to provide
+specific changes to system operation when these tweaks are not available
+in the core functionality of Linux itself.
+Without a specific LSM built into the kernel, the default LSM will be the
+Linux capabilities system. Most LSMs choose to extend the capabilities
+system, building their checks on top of the defined capability hooks.
+For more details on capabilities, see capabilities(7) in the Linux
+man-pages project.
+Based on http://kerneltrap.org/Linux/Documenting_Security_Module_Intent,
+a new LSM is accepted into the kernel when its intent (a description of
+what it tries to protect against and in what cases one would expect to
+use it) has been appropriately documented in Documentation/security/.
+This allows an LSM's code to be easily compared to its goals, and so
+that end users and distros can make a more informed decision about which
+LSMs suit their requirements.
+For extensive documentation on the available LSM hook interfaces, please
+see include/linux/security.h.
diff --git a/Documentation/security/credentials.txt b/Documentation/security/credentials.txt
index fc0366cbd7ce..86257052e31a 100644
--- a/Documentation/security/credentials.txt
+++ b/Documentation/security/credentials.txt
@@ -221,10 +221,10 @@ The Linux kernel supports the following types of credentials:
 (5) LSM
     The Linux Security Module allows extra controls to be placed over the
-     operations that a task may do.  Currently Linux supports two main
+     operations that a task may do.  Currently Linux supports several LSM
-     alternate LSM options: SELinux and Smack.
+     options.
-     Both work by labelling the objects in a system and then applying sets of
+     Some work by labelling the objects in a system and then applying sets of
     rules (policies) that say what operations a task with one label may do to
     an object with another label.

diff --git a/Documentation/digsig.txt b/Documentation/digsig.txt new file mode 100644 index 000000000000..3f682889068b --- /dev/null +++ b/Documentation/digsig.txt
@@ -0,0 +1,96 @@
		1	Digital Signature Verification API
		2
		3	CONTENTS
		4
		5	1. Introduction
		6	2. API
		7	3. User-space utilities
		8
		9
		10	1. Introduction
		11
		12	Digital signature verification API provides a method to verify digital signature.
		13	Currently digital signatures are used by the IMA/EVM integrity protection subsystem.
		14
		15	Digital signature verification is implemented using cut-down kernel port of
		16	GnuPG multi-precision integers (MPI) library. The kernel port provides
		17	memory allocation errors handling, has been refactored according to kernel
		18	coding style, and checkpatch.pl reported errors and warnings have been fixed.
		19
		20	Public key and signature consist of header and MPIs.
		21
		22	struct pubkey_hdr {
		23	uint8_t version; /* key format version */
		24	time_t timestamp; /* key made, always 0 for now */
		25	uint8_t algo;
		26	uint8_t nmpi;
		27	char mpi[0];
		28	} __packed;
		29
		30	struct signature_hdr {
		31	uint8_t version; /* signature format version */
		32	time_t timestamp; /* signature made */
		33	uint8_t algo;
		34	uint8_t hash;
		35	uint8_t keyid[8];
		36	uint8_t nmpi;
		37	char mpi[0];
		38	} __packed;
		39
		40	keyid equals to SHA1[12-19] over the total key content.
		41	Signature header is used as an input to generate a signature.
		42	Such approach insures that key or signature header could not be changed.
		43	It protects timestamp from been changed and can be used for rollback
		44	protection.
		45
		46	2. API
		47
		48	API currently includes only 1 function:
		49
		50	digsig_verify() - digital signature verification with public key
		51
		52
		53	/**
		54	* digsig_verify() - digital signature verification with public key
		55	* @keyring: keyring to search key in
		56	* @sig: digital signature
		57	* @sigen: length of the signature
		58	* @data: data
		59	* @datalen: length of the data
		60	* @return: 0 on success, -EINVAL otherwise
		61	*
		62	* Verifies data integrity against digital signature.
		63	* Currently only RSA is supported.
		64	* Normally hash of the content is used as a data for this function.
		65	*
		66	*/
		67	int digsig_verify(struct key keyring, const char sig, int siglen,
		68	const char *data, int datalen);
		69
		70	3. User-space utilities
		71
		72	The signing and key management utilities evm-utils provide functionality
		73	to generate signatures, to load keys into the kernel keyring.
		74	Keys can be in PEM or converted to the kernel format.
		75	When the key is added to the kernel keyring, the keyid defines the name
		76	of the key: 5D2B05FC633EE3E8 in the example bellow.
		77
		78	Here is example output of the keyctl utility.
		79
		80	$ keyctl show
		81	Session Keyring
		82	-3 --alswrv 0 0 keyring: _ses
		83	603976250 --alswrv 0 -1 \_ keyring: _uid.0
		84	817777377 --alswrv 0 0 \_ user: kmk
		85	891974900 --alswrv 0 0 \_ encrypted: evm-key
		86	170323636 --alswrv 0 0 \_ keyring: _module
		87	548221616 --alswrv 0 0 \_ keyring: _ima
		88	128198054 --alswrv 0 0 \_ keyring: _evm
		89
		90	$ keyctl list 128198054
		91	1 key in keyring:
		92	620789745: --alswrv 0 0 user: 5D2B05FC633EE3E8
		93
		94
		95	Dmitry Kasatkin
		96	06.10.2011


diff --git a/Documentation/security/00-INDEX b/Documentation/security/00-INDEX index 19bc49439cac..99b85d39751c 100644 --- a/Documentation/security/00-INDEX +++ b/Documentation/security/00-INDEX
@@ -1,5 +1,7 @@
1	00-INDEX	1	00-INDEX
2	- this file.	2	- this file.
		3	LSM.txt
		4	- description of the Linux Security Module framework.
3	SELinux.txt	5	SELinux.txt
4	- how to get started with the SELinux security enhancement.	6	- how to get started with the SELinux security enhancement.
5	Smack.txt	7	Smack.txt


diff --git a/Documentation/security/LSM.txt b/Documentation/security/LSM.txt new file mode 100644 index 000000000000..c335a763a2ed --- /dev/null +++ b/Documentation/security/LSM.txt
@@ -0,0 +1,34 @@
		1	Linux Security Module framework
		2	-------------------------------
		3
		4	The Linux Security Module (LSM) framework provides a mechanism for
		5	various security checks to be hooked by new kernel extensions. The name
		6	"module" is a bit of a misnomer since these extensions are not actually
		7	loadable kernel modules. Instead, they are selectable at build-time via
		8	CONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the
		9	"security=..." kernel command line argument, in the case where multiple
		10	LSMs were built into a given kernel.
		11
		12	The primary users of the LSM interface are Mandatory Access Control
		13	(MAC) extensions which provide a comprehensive security policy. Examples
		14	include SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger
		15	MAC extensions, other extensions can be built using the LSM to provide
		16	specific changes to system operation when these tweaks are not available
		17	in the core functionality of Linux itself.
		18
		19	Without a specific LSM built into the kernel, the default LSM will be the
		20	Linux capabilities system. Most LSMs choose to extend the capabilities
		21	system, building their checks on top of the defined capability hooks.
		22	For more details on capabilities, see capabilities(7) in the Linux
		23	man-pages project.
		24
		25	Based on http://kerneltrap.org/Linux/Documenting_Security_Module_Intent,
		26	a new LSM is accepted into the kernel when its intent (a description of
		27	what it tries to protect against and in what cases one would expect to
		28	use it) has been appropriately documented in Documentation/security/.
		29	This allows an LSM's code to be easily compared to its goals, and so
		30	that end users and distros can make a more informed decision about which
		31	LSMs suit their requirements.
		32
		33	For extensive documentation on the available LSM hook interfaces, please
		34	see include/linux/security.h.


diff --git a/Documentation/security/credentials.txt b/Documentation/security/credentials.txt index fc0366cbd7ce..86257052e31a 100644 --- a/Documentation/security/credentials.txt +++ b/Documentation/security/credentials.txt
@@ -221,10 +221,10 @@ The Linux kernel supports the following types of credentials:
221	(5) LSM	221	(5) LSM
222		222
223	The Linux Security Module allows extra controls to be placed over the	223	The Linux Security Module allows extra controls to be placed over the
224	operations that a task may do. Currently Linux supports two main	224	operations that a task may do. Currently Linux supports several LSM
225	alternate LSM options: SELinux and Smack.	225	options.
226		226
227	Both work by labelling the objects in a system and then applying sets of	227	Some work by labelling the objects in a system and then applying sets of
228	rules (policies) that say what operations a task with one label may do to	228	rules (policies) that say what operations a task with one label may do to
229	an object with another label.	229	an object with another label.
230		230