On Thu, Sep 03, 2020 at 09:12:42PM +0800, Tianjia Zhang wrote: > Asymmetric digsig supports SM2-with-SM3 algorithm combination, > so that IMA can also verify SM2's signature data. > > Signed-off-by: Tianjia Zhang <tianjia.zhang@xxxxxxxxxxxxxxxxx> > Tested-by: Xufeng Zhang <yunbo.xufeng@xxxxxxxxxxxxxxxxx> > Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> (coding, not crypto It looks not breaking ecrdsa/streebog handling and accords to rfc draft: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 5.1.4.2. Hash Functions The sm2 digital signature algorithm requires the hash functions approved by Chinese Commercial Cryptography Administration Office, such as sm3. Reviewed-by: Vitaly Chikunov <vt@xxxxxxxxxxxx> Thanks, > --- > security/integrity/digsig_asymmetric.c | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > > diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c > index cfa4127d0518..b86a4a8f61ab 100644 > --- a/security/integrity/digsig_asymmetric.c > +++ b/security/integrity/digsig_asymmetric.c > @@ -99,14 +99,22 @@ int asymmetric_verify(struct key *keyring, const char *sig, > memset(&pks, 0, sizeof(pks)); > > pks.hash_algo = hash_algo_name[hdr->hash_algo]; > - if (hdr->hash_algo == HASH_ALGO_STREEBOG_256 || > - hdr->hash_algo == HASH_ALGO_STREEBOG_512) { > + switch (hdr->hash_algo) { > + case HASH_ALGO_STREEBOG_256: > + case HASH_ALGO_STREEBOG_512: > /* EC-RDSA and Streebog should go together. */ > pks.pkey_algo = "ecrdsa"; > pks.encoding = "raw"; > - } else { > + break; > + case HASH_ALGO_SM3_256: > + /* SM2 and SM3 should go together. */ > + pks.pkey_algo = "sm2"; > + pks.encoding = "raw"; > + break; > + default: > pks.pkey_algo = "rsa"; > pks.encoding = "pkcs1"; > + break; > } > pks.digest = (u8 *)data; > pks.digest_size = datalen;