Re: [PATCH v6 8/8] integrity: Asymmetric digsig supports SM2-with-SM3 algorithm

Mimi Zohar Fri, 11 Sep 2020 12:24:26 -0700

On Thu, 2020-09-03 at 21:12 +0800, Tianjia Zhang wrote:
> Asymmetric digsig supports SM2-with-SM3 algorithm combination,
> so that IMA can also verify SM2's signature data.
> 
> Signed-off-by: Tianjia Zhang <tianjia.zh...@linux.alibaba.com>
> Tested-by: Xufeng Zhang <yunbo.xuf...@linux.alibaba.com>


Reviewed-by: Mimi Zohar <zo...@linux.ibm.com> (coding, not crypto
perspective)
> ---
>  security/integrity/digsig_asymmetric.c | 14 +++++++++++---
>  1 file changed, 11 insertions(+), 3 deletions(-)
> 
> diff --git a/security/integrity/digsig_asymmetric.c 
> b/security/integrity/digsig_asymmetric.c
> index cfa4127d0518..b86a4a8f61ab 100644
> --- a/security/integrity/digsig_asymmetric.c
> +++ b/security/integrity/digsig_asymmetric.c
> @@ -99,14 +99,22 @@ int asymmetric_verify(struct key *keyring, const char 
> *sig,
>       memset(&pks, 0, sizeof(pks));
>  
>       pks.hash_algo = hash_algo_name[hdr->hash_algo];
> -     if (hdr->hash_algo == HASH_ALGO_STREEBOG_256 ||
> -         hdr->hash_algo == HASH_ALGO_STREEBOG_512) {
> +     switch (hdr->hash_algo) {
> +     case HASH_ALGO_STREEBOG_256:
> +     case HASH_ALGO_STREEBOG_512:
>               /* EC-RDSA and Streebog should go together. */
>               pks.pkey_algo = "ecrdsa";
>               pks.encoding = "raw";
> -     } else {
> +             break;
> +     case HASH_ALGO_SM3_256:
> +             /* SM2 and SM3 should go together. */
> +             pks.pkey_algo = "sm2";
> +             pks.encoding = "raw";
> +             break;
> +     default:
>               pks.pkey_algo = "rsa";
>               pks.encoding = "pkcs1";
> +             break;
>       }
>       pks.digest = (u8 *)data;
>       pks.digest_size = datalen;

Re: [PATCH v6 8/8] integrity: Asymmetric digsig supports SM2-with-SM3 algorithm

Reply via email to