From patchwork Thu Feb 11 05:22:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "tianjia.zhang" X-Patchwork-Id: 12082289 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DDC54C433DB for ; Thu, 11 Feb 2021 05:23:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id ADA8964E30 for ; Thu, 11 Feb 2021 05:23:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229679AbhBKFXZ (ORCPT ); Thu, 11 Feb 2021 00:23:25 -0500 Received: from out30-132.freemail.mail.aliyun.com ([115.124.30.132]:44307 "EHLO out30-132.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229674AbhBKFXY (ORCPT ); Thu, 11 Feb 2021 00:23:24 -0500 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R381e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04394;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=5;SR=0;TI=SMTPD_---0UOOwYsg_1613020961; Received: from localhost(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0UOOwYsg_1613020961) by smtp.aliyun-inc.com(127.0.0.1); Thu, 11 Feb 2021 13:22:41 +0800 From: Tianjia Zhang To: Mimi Zohar , Vitaly Chikunov , linux-integrity@vger.kernel.org, Jia Zhang Cc: tianjia.zhang@linux.alibaba.com Subject: [PATCH ima-evm-utils v2] ima-evm-utils: Support SM2 algorithm for sign and verify Date: Thu, 11 Feb 2021 13:22:41 +0800 Message-Id: <20210211052241.91068-1-tianjia.zhang@linux.alibaba.com> X-Mailer: git-send-email 2.19.1.3.ge56e4f7 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The combination of SM2 and SM3 algorithms has been implemented in the kernel. At present, the ima-evm-utils signature tool does not support this combination of algorithms. Because in the current version of OpenSSL 1.1.1, the SM2 algorithm and the public key using the EC algorithm share the same ID 'EVP_PKEY_EC', and the specific algorithm can only be distinguished by the curve name used. This patch supports this feature. Signed-off-by: Tianjia Zhang --- src/libimaevm.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/libimaevm.c b/src/libimaevm.c index fa6c278..589dd09 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -518,6 +518,16 @@ static int verify_hash_v2(const char *file, const unsigned char *hash, int size, return -1; } +#ifdef EVP_PKEY_SM2 + /* If EC key are used, check whether it is SM2 key */ + if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + if (curve == NID_sm2) + EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); + } +#endif + st = "EVP_PKEY_CTX_new"; if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL))) goto err; @@ -932,6 +942,16 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash, return -1; } +#ifdef EVP_PKEY_SM2 + /* If EC key are used, check whether it is SM2 key */ + if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + if (curve == NID_sm2) + EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); + } +#endif + calc_keyid_v2(&keyid, name, pkey); hdr->keyid = keyid;