diff options
author | Tianjia Zhang <tianjia.zhang@linux.alibaba.com> | 2020-09-21 00:21:03 +0800 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2020-09-25 17:48:55 +1000 |
commit | 0b7e44d39c8aa7536352b57af2265e92fc253e4f (patch) | |
tree | d1250e01f990599ed3f262eb3d0171b9f2199b66 /security | |
parent | 215525639631ade1d67e879fe2c3d7195daa9f59 (diff) | |
download | linux-stable-0b7e44d39c8aa7536352b57af2265e92fc253e4f.tar.gz linux-stable-0b7e44d39c8aa7536352b57af2265e92fc253e4f.tar.bz2 linux-stable-0b7e44d39c8aa7536352b57af2265e92fc253e4f.zip |
integrity: Asymmetric digsig supports SM2-with-SM3 algorithm
Asymmetric digsig supports SM2-with-SM3 algorithm combination,
so that IMA can also verify SM2's signature data.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Tested-by: Xufeng Zhang <yunbo.xufeng@linux.alibaba.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/digsig_asymmetric.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c index cfa4127d0518..b86a4a8f61ab 100644 --- a/security/integrity/digsig_asymmetric.c +++ b/security/integrity/digsig_asymmetric.c @@ -99,14 +99,22 @@ int asymmetric_verify(struct key *keyring, const char *sig, memset(&pks, 0, sizeof(pks)); pks.hash_algo = hash_algo_name[hdr->hash_algo]; - if (hdr->hash_algo == HASH_ALGO_STREEBOG_256 || - hdr->hash_algo == HASH_ALGO_STREEBOG_512) { + switch (hdr->hash_algo) { + case HASH_ALGO_STREEBOG_256: + case HASH_ALGO_STREEBOG_512: /* EC-RDSA and Streebog should go together. */ pks.pkey_algo = "ecrdsa"; pks.encoding = "raw"; - } else { + break; + case HASH_ALGO_SM3_256: + /* SM2 and SM3 should go together. */ + pks.pkey_algo = "sm2"; + pks.encoding = "raw"; + break; + default: pks.pkey_algo = "rsa"; pks.encoding = "pkcs1"; + break; } pks.digest = (u8 *)data; pks.digest_size = datalen; |