[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200609134855.21431-9-tianjia.zhang@linux.alibaba.com>
Date: Tue, 9 Jun 2020 21:48:55 +0800
From: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
To: herbert@...dor.apana.org.au, davem@...emloft.net,
dhowells@...hat.com, mcoquelin.stm32@...il.com,
alexandre.torgue@...com, jmorris@...ei.org, serge@...lyn.com,
nramas@...ux.microsoft.com, tusharsu@...ux.microsoft.com,
zohar@...ux.ibm.com, gilad@...yossef.com, pvanleeuwen@...bus.com
Cc: linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
keyrings@...r.kernel.org, linux-stm32@...md-mailman.stormreply.com,
linux-arm-kernel@...ts.infradead.org,
linux-security-module@...r.kernel.org, zhang.jia@...ux.alibaba.com,
tianjia.zhang@...ux.alibaba.com
Subject: [PATCH v3 8/8] integrity: Asymmetric digsig supports SM2-with-SM3 algorithm
Asymmetric digsig supports SM2-with-SM3 algorithm combination,
so that IMA can also verify SM2's signature data.
Signed-off-by: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
---
security/integrity/digsig_asymmetric.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 4e0d6778277e..9350fcfb9bf2 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -99,14 +99,22 @@ int asymmetric_verify(struct key *keyring, const char *sig,
memset(&pks, 0, sizeof(pks));
pks.hash_algo = hash_algo_name[hdr->hash_algo];
- if (hdr->hash_algo == HASH_ALGO_STREEBOG_256 ||
- hdr->hash_algo == HASH_ALGO_STREEBOG_512) {
+ switch (hdr->hash_algo) {
+ case HASH_ALGO_STREEBOG_256:
+ case HASH_ALGO_STREEBOG_512:
/* EC-RDSA and Streebog should go together. */
pks.pkey_algo = "ecrdsa";
pks.encoding = "raw";
- } else {
+ break;
+ case HASH_ALGO_SM3_256:
+ /* SM2 and SM3 should go together. */
+ pks.pkey_algo = "sm2";
+ pks.encoding = "raw";
+ break;
+ default:
pks.pkey_algo = "rsa";
pks.encoding = "pkcs1";
+ break;
}
pks.digest = (u8 *)data;
pks.digest_size = datalen;
--
2.17.1
Powered by blists - more mailing lists