The combination of SM2 and SM3 algorithms has been implemented in the
kernel. At present, the ima-evm-utils signature tool does not support
this combination of algorithms. Because in the current version of
OpenSSL 1.1.1, the SM2 algorithm and the public key using the EC
algorithm share the same ID 'EVP_PKEY_EC', and the specific algorithm
can only be distinguished by the curve name used. This patch supports
this feature.
Signed-off-by: Tianjia Zhang <tianjia.zhang@xxxxxxxxxxxxxxxxx>
---
src/libimaevm.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/src/libimaevm.c b/src/libimaevm.c
index fa6c278..589dd09 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -518,6 +518,16 @@ static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
return -1;
}
+#ifdef EVP_PKEY_SM2
+ /* If EC key are used, check whether it is SM2 key */
+ if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
+ EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+ int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+ if (curve == NID_sm2)
+ EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
+ }
+#endif
+
st = "EVP_PKEY_CTX_new";
if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
goto err;
@@ -932,6 +942,16 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash,
return -1;
}
+#ifdef EVP_PKEY_SM2
+ /* If EC key are used, check whether it is SM2 key */
+ if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
+ EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+ int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+ if (curve == NID_sm2)
+ EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
+ }
+#endif
+
calc_keyid_v2(&keyid, name, pkey);
hdr->keyid = keyid;
--
2.19.1.3.ge56e4f7
