[crypto] Construct asymmetric ciphered data using ASN.1 builders

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-01-21 18:30:56 +03:00 · 2025-12-02 13:12:25 +00:00
parent d4258272c6
commit 1ccc320ee9
7 changed files with 156 additions and 129 deletions
--- a/src/tests/pubkey_test.c
+++ b/src/tests/pubkey_test.c
@@ -50,41 +50,47 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 void pubkey_okx ( struct pubkey_test *test, const char *file,
 		  unsigned int line ) {
 	struct pubkey_algorithm *pubkey = test->pubkey;
-	size_t max_len = pubkey_max_len ( pubkey, &test->private );
-	uint8_t encrypted[max_len];
-	uint8_t decrypted[max_len];
-	int encrypted_len;
-	int decrypted_len;
+	struct asn1_builder plaintext;
+	struct asn1_builder ciphertext;

 	/* Test decrypting with private key to obtain known plaintext */
-	decrypted_len = pubkey_decrypt ( pubkey, &test->private,
-					 test->ciphertext, test->ciphertext_len,
-					 decrypted );
-	okx ( decrypted_len == ( ( int ) test->plaintext_len ), file, line );
-	okx ( memcmp ( decrypted, test->plaintext, test->plaintext_len ) == 0,
-	      file, line );
+	plaintext.data = NULL;
+	plaintext.len = 0;
+	okx ( pubkey_decrypt ( pubkey, &test->private, &test->ciphertext,
+			       &plaintext ) == 0, file, line );
+	okx ( asn1_compare ( asn1_built ( &plaintext ),
+			     &test->plaintext ) == 0, file, line );
+	free ( plaintext.data );

 	/* Test encrypting with private key and decrypting with public key */
-	encrypted_len = pubkey_encrypt ( pubkey, &test->private,
-					 test->plaintext, test->plaintext_len,
-					 encrypted );
-	okx ( encrypted_len >= 0, file, line );
-	decrypted_len = pubkey_decrypt ( pubkey, &test->public, encrypted,
-					 encrypted_len, decrypted );
-	okx ( decrypted_len == ( ( int ) test->plaintext_len ), file, line );
-	okx ( memcmp ( decrypted, test->plaintext, test->plaintext_len ) == 0,
-	      file, line );
+	ciphertext.data = NULL;
+	ciphertext.len = 0;
+	plaintext.data = NULL;
+	plaintext.len = 0;
+	okx ( pubkey_encrypt ( pubkey, &test->private, &test->plaintext,
+			       &ciphertext ) == 0, file, line );
+	okx ( pubkey_decrypt ( pubkey, &test->public,
+			       asn1_built ( &ciphertext ),
+			       &plaintext ) == 0, file, line );
+	okx ( asn1_compare ( asn1_built ( &plaintext ),
+			     &test->plaintext ) == 0, file, line );
+	free ( ciphertext.data );
+	free ( plaintext.data );

 	/* Test encrypting with public key and decrypting with private key */
-	encrypted_len = pubkey_encrypt ( pubkey, &test->public,
-					 test->plaintext, test->plaintext_len,
-					 encrypted );
-	okx ( encrypted_len >= 0, file, line );
-	decrypted_len = pubkey_decrypt ( pubkey, &test->private, encrypted,
-					 encrypted_len, decrypted );
-	okx ( decrypted_len == ( ( int ) test->plaintext_len ), file, line );
-	okx ( memcmp ( decrypted, test->plaintext, test->plaintext_len ) == 0,
-	      file, line );
+	ciphertext.data = NULL;
+	ciphertext.len = 0;
+	plaintext.data = NULL;
+	plaintext.len = 0;
+	okx ( pubkey_encrypt ( pubkey, &test->public, &test->plaintext,
+			       &ciphertext ) == 0, file, line );
+	okx ( pubkey_decrypt ( pubkey, &test->private,
+			       asn1_built ( &ciphertext ),
+			       &plaintext ) == 0, file, line );
+	okx ( asn1_compare ( asn1_built ( &plaintext ),
+			     &test->plaintext ) == 0, file, line );
+	free ( ciphertext.data );
+	free ( plaintext.data );
 }

 /**
--- a/src/tests/pubkey_test.h
+++ b/src/tests/pubkey_test.h
@@ -16,18 +16,14 @@ struct pubkey_test {
 	/** Public key */
 	const struct asn1_cursor public;
 	/** Plaintext */
-	const void *plaintext;
-	/** Length of plaintext */
-	size_t plaintext_len;
+	const struct asn1_cursor plaintext;
 	/** Ciphertext
 	 *
 	 * Note that the encryption process may include some random
 	 * padding, so a given plaintext will encrypt to multiple
 	 * different ciphertexts.
 	 */
-	const void *ciphertext;
-	/** Length of ciphertext */
-	size_t ciphertext_len;
+	const struct asn1_cursor ciphertext;
 };

 /** A public-key signature test */
@@ -90,10 +86,14 @@ struct pubkey_sign_test {
 			.data = name ## _public,			\
 			.len = sizeof ( name ## _public ),		\
 		},							\
-		.plaintext = name ## _plaintext,			\
-		.plaintext_len = sizeof ( name ## _plaintext ),		\
-		.ciphertext = name ## _ciphertext,			\
-		.ciphertext_len = sizeof ( name ## _ciphertext ),	\
+		.plaintext = {						\
+			.data = name ## _plaintext,			\
+			.len = sizeof ( name ## _plaintext ),		\
+		},							\
+		.ciphertext = {						\
+			.data = name ## _ciphertext,			\
+			.len = sizeof ( name ## _ciphertext ),		\
+		},							\
 	}

 /**