Commit 0b7e44d3 authored by Tianjia Zhang's avatar Tianjia Zhang Committed by Herbert Xu
Browse files

integrity: Asymmetric digsig supports SM2-with-SM3 algorithm 



Asymmetric digsig supports SM2-with-SM3 algorithm combination,
so that IMA can also verify SM2's signature data.

Signed-off-by: default avatarTianjia Zhang <tianjia.zhang@linux.alibaba.com>
Tested-by: default avatarXufeng Zhang <yunbo.xufeng@linux.alibaba.com>
Reviewed-by: default avatarMimi Zohar <zohar@linux.ibm.com>
Reviewed-by: default avatarVitaly Chikunov <vt@altlinux.org>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 21552563

security/integrity/digsig_asymmetric.c

+11 −3
Original line number Diff line number Diff line
@@ -99,14 +99,22 @@ int asymmetric_verify(struct key *keyring, const char *sig, 
	memset(&pks, 0, sizeof(pks));



	pks.hash_algo = hash_algo_name[hdr->hash_algo];

	if (hdr->hash_algo == HASH_ALGO_STREEBOG_256 ||

	    hdr->hash_algo == HASH_ALGO_STREEBOG_512) {

	switch (hdr->hash_algo) {

	case HASH_ALGO_STREEBOG_256:

	case HASH_ALGO_STREEBOG_512:

		/* EC-RDSA and Streebog should go together. */

		pks.pkey_algo = "ecrdsa";

		pks.encoding = "raw";

	} else {

		break;

	case HASH_ALGO_SM3_256:

		/* SM2 and SM3 should go together. */

		pks.pkey_algo = "sm2";

		pks.encoding = "raw";

		break;

	default:

		pks.pkey_algo = "rsa";

		pks.encoding = "pkcs1";

		break;

	}

	pks.digest = (u8 *)data;

	pks.digest_size = datalen;