mirror of
https://github.com/ipxe/ipxe
synced 2026-01-23 04:29:01 +03:00
46937a9df6
Instances of cipher and digest algorithms tend to get called repeatedly to process substantial amounts of data. This is not true for public-key algorithms, which tend to get called only once or twice for a given key. Simplify the public-key algorithm API so that there is no reusable algorithm context. In particular, this allows callers to omit the error handling currently required to handle memory allocation (or key parsing) errors from pubkey_init(), and to omit the cleanup calls to pubkey_final(). This change does remove the ability for a caller to distinguish between a verification failure due to a memory allocation failure and a verification failure due to a bad signature. This difference is not material in practice: in both cases, for whatever reason, the caller was unable to verify the signature and so cannot proceed further, and the cause of the error will be visible to the user via the return status code. Signed-off-by: Michael Brown <mcb30@ipxe.org>
132 lines
4.5 KiB
C
132 lines
4.5 KiB
C
/*
|
|
* Copyright (C) 2024 Michael Brown <mbrown@fensystems.co.uk>.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License as
|
|
* published by the Free Software Foundation; either version 2 of the
|
|
* License, or any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
* 02110-1301, USA.
|
|
*
|
|
* You can also choose to distribute this program under the terms of
|
|
* the Unmodified Binary Distribution Licence (as given in the file
|
|
* COPYING.UBDL), provided that you have satisfied its requirements.
|
|
*/
|
|
|
|
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
|
|
|
|
/** @file
|
|
*
|
|
* Public key self-tests
|
|
*
|
|
*/
|
|
|
|
/* Forcibly enable assertions */
|
|
#undef NDEBUG
|
|
|
|
#include <stdint.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <assert.h>
|
|
#include <ipxe/crypto.h>
|
|
#include <ipxe/test.h>
|
|
#include "pubkey_test.h"
|
|
|
|
/**
|
|
* Report public key encryption and decryption test result
|
|
*
|
|
* @v test Public key encryption and decryption test
|
|
* @v file Test code file
|
|
* @v line Test code line
|
|
*/
|
|
void pubkey_okx ( struct pubkey_test *test, const char *file,
|
|
unsigned int line ) {
|
|
struct pubkey_algorithm *pubkey = test->pubkey;
|
|
size_t max_len = pubkey_max_len ( pubkey, &test->private );
|
|
uint8_t encrypted[max_len];
|
|
uint8_t decrypted[max_len];
|
|
int encrypted_len;
|
|
int decrypted_len;
|
|
|
|
/* Test decrypting with private key to obtain known plaintext */
|
|
decrypted_len = pubkey_decrypt ( pubkey, &test->private,
|
|
test->ciphertext, test->ciphertext_len,
|
|
decrypted );
|
|
okx ( decrypted_len == ( ( int ) test->plaintext_len ), file, line );
|
|
okx ( memcmp ( decrypted, test->plaintext, test->plaintext_len ) == 0,
|
|
file, line );
|
|
|
|
/* Test encrypting with private key and decrypting with public key */
|
|
encrypted_len = pubkey_encrypt ( pubkey, &test->private,
|
|
test->plaintext, test->plaintext_len,
|
|
encrypted );
|
|
okx ( encrypted_len >= 0, file, line );
|
|
decrypted_len = pubkey_decrypt ( pubkey, &test->public, encrypted,
|
|
encrypted_len, decrypted );
|
|
okx ( decrypted_len == ( ( int ) test->plaintext_len ), file, line );
|
|
okx ( memcmp ( decrypted, test->plaintext, test->plaintext_len ) == 0,
|
|
file, line );
|
|
|
|
/* Test encrypting with public key and decrypting with private key */
|
|
encrypted_len = pubkey_encrypt ( pubkey, &test->public,
|
|
test->plaintext, test->plaintext_len,
|
|
encrypted );
|
|
okx ( encrypted_len >= 0, file, line );
|
|
decrypted_len = pubkey_decrypt ( pubkey, &test->private, encrypted,
|
|
encrypted_len, decrypted );
|
|
okx ( decrypted_len == ( ( int ) test->plaintext_len ), file, line );
|
|
okx ( memcmp ( decrypted, test->plaintext, test->plaintext_len ) == 0,
|
|
file, line );
|
|
}
|
|
|
|
/**
|
|
* Report public key signature test result
|
|
*
|
|
* @v test Public key signature test
|
|
* @v file Test code file
|
|
* @v line Test code line
|
|
*/
|
|
void pubkey_sign_okx ( struct pubkey_sign_test *test, const char *file,
|
|
unsigned int line ) {
|
|
struct pubkey_algorithm *pubkey = test->pubkey;
|
|
struct digest_algorithm *digest = test->digest;
|
|
size_t max_len = pubkey_max_len ( pubkey, &test->private );
|
|
uint8_t bad[test->signature_len];
|
|
uint8_t digestctx[digest->ctxsize ];
|
|
uint8_t digestout[digest->digestsize];
|
|
uint8_t signature[max_len];
|
|
int signature_len;
|
|
|
|
/* Construct digest over plaintext */
|
|
digest_init ( digest, digestctx );
|
|
digest_update ( digest, digestctx, test->plaintext,
|
|
test->plaintext_len );
|
|
digest_final ( digest, digestctx, digestout );
|
|
|
|
/* Test signing using private key */
|
|
signature_len = pubkey_sign ( pubkey, &test->private, digest,
|
|
digestout, signature );
|
|
okx ( signature_len == ( ( int ) test->signature_len ), file, line );
|
|
okx ( memcmp ( signature, test->signature, test->signature_len ) == 0,
|
|
file, line );
|
|
|
|
/* Test verification using public key */
|
|
okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,
|
|
test->signature, test->signature_len ) == 0,
|
|
file, line );
|
|
|
|
/* Test verification failure of modified signature */
|
|
memcpy ( bad, test->signature, test->signature_len );
|
|
bad[ test->signature_len / 2 ] ^= 0x40;
|
|
okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,
|
|
bad, sizeof ( bad ) ) != 0, file, line );
|
|
}
|