Asymmetric digsig supports SM2-with-SM3 algorithm combination,
so that IMA can also verify SM2's signature data.

Signed-off-by: Tianjia Zhang <tianjia.zh...@linux.alibaba.com>
Tested-by: Xufeng Zhang <yunbo.xuf...@linux.alibaba.com>
Reviewed-by: Mimi Zohar <zo...@linux.ibm.com>
Reviewed-by: Vitaly Chikunov <v...@altlinux.org>
---
 security/integrity/digsig_asymmetric.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/security/integrity/digsig_asymmetric.c 
b/security/integrity/digsig_asymmetric.c
index cfa4127d0518..b86a4a8f61ab 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -99,14 +99,22 @@ int asymmetric_verify(struct key *keyring, const char *sig,
        memset(&pks, 0, sizeof(pks));
 
        pks.hash_algo = hash_algo_name[hdr->hash_algo];
-       if (hdr->hash_algo == HASH_ALGO_STREEBOG_256 ||
-           hdr->hash_algo == HASH_ALGO_STREEBOG_512) {
+       switch (hdr->hash_algo) {
+       case HASH_ALGO_STREEBOG_256:
+       case HASH_ALGO_STREEBOG_512:
                /* EC-RDSA and Streebog should go together. */
                pks.pkey_algo = "ecrdsa";
                pks.encoding = "raw";
-       } else {
+               break;
+       case HASH_ALGO_SM3_256:
+               /* SM2 and SM3 should go together. */
+               pks.pkey_algo = "sm2";
+               pks.encoding = "raw";
+               break;
+       default:
                pks.pkey_algo = "rsa";
                pks.encoding = "pkcs1";
+               break;
        }
        pks.digest = (u8 *)data;
        pks.digest_size = datalen;
-- 
2.19.1.3.ge56e4f7

Reply via email to