pubkey__test_8c_source.html

/*

 * Copyright (C) 2024 Michael Brown <mbrown@fensystems.co.uk>.

 *

 * This program is free software; you can redistribute it and/or

 * modify it under the terms of the GNU General Public License as

 * published by the Free Software Foundation; either version 2 of the

 * License, or any later version.

 *

 * This program is distributed in the hope that it will be useful, but

 * WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

 * General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software

 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

 * 02110-1301, USA.

 *

 * You can also choose to distribute this program under the terms of

 * the Unmodified Binary Distribution Licence (as given in the file

 * COPYING.UBDL), provided that you have satisfied its requirements.

 */


FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );


/** @file

 *

 * Public key self-tests

 *

 */


/* Forcibly enable assertions */

#undef NDEBUG


#include <stdint.h>

#include <stdlib.h>

#include <string.h>

#include <assert.h>

#include <ipxe/crypto.h>

#include <ipxe/test.h>

#include "pubkey_test.h"


/**

 * Report public key encryption and decryption test result

 *

 * @v test              Public key encryption and decryption test

 * @v file              Test code file

 * @v line              Test code line

 */


void pubkey_okx ( struct pubkey_test *test, const char *file,

                  unsigned int line ) {

        struct pubkey_algorithm *pubkey = test->pubkey;

        struct asn1_builder plaintext;

        struct asn1_builder ciphertext;


        /* Test key matching */

        okx ( pubkey_match ( pubkey, &test->private, &test->public ) == 0,

              file, line );


        /* Test decrypting with private key to obtain known plaintext */

        plaintext.data = NULL;

        plaintext.len = 0;

        okx ( pubkey_decrypt ( pubkey, &test->private, &test->ciphertext,

                               &plaintext ) == 0, file, line );

        okx ( asn1_compare ( asn1_built ( &plaintext ),

                             &test->plaintext ) == 0, file, line );

        free ( plaintext.data );


        /* Test encrypting with private key and decrypting with public key */

        ciphertext.data = NULL;

        ciphertext.len = 0;

        plaintext.data = NULL;

        plaintext.len = 0;

        okx ( pubkey_encrypt ( pubkey, &test->private, &test->plaintext,

                               &ciphertext ) == 0, file, line );

        okx ( pubkey_decrypt ( pubkey, &test->public,

                               asn1_built ( &ciphertext ),

                               &plaintext ) == 0, file, line );

        okx ( asn1_compare ( asn1_built ( &plaintext ),

                             &test->plaintext ) == 0, file, line );

        free ( ciphertext.data );

        free ( plaintext.data );


        /* Test encrypting with public key and decrypting with private key */

        ciphertext.data = NULL;

        ciphertext.len = 0;

        plaintext.data = NULL;

        plaintext.len = 0;

        okx ( pubkey_encrypt ( pubkey, &test->public, &test->plaintext,

                               &ciphertext ) == 0, file, line );

        okx ( pubkey_decrypt ( pubkey, &test->private,

                               asn1_built ( &ciphertext ),

                               &plaintext ) == 0, file, line );

        okx ( asn1_compare ( asn1_built ( &plaintext ),

                             &test->plaintext ) == 0, file, line );

        free ( ciphertext.data );

        free ( plaintext.data );

}


/**

 * Report public key signature test result

 *

 * @v test              Public key signature test

 * @v file              Test code file

 * @v line              Test code line

 */


void pubkey_sign_okx ( struct pubkey_sign_test *test, const char *file,

                       unsigned int line ) {

        struct pubkey_algorithm *pubkey = test->pubkey;

        struct digest_algorithm *digest = test->digest;

        uint8_t digestctx[digest->ctxsize];

        uint8_t digestout[digest->digestsize];

        uint8_t signature[test->signature.len];

        struct asn1_cursor cursor = { signature, sizeof ( signature ) };

        struct asn1_builder builder = { NULL, 0 };

        uint8_t *bad;


        /* Test key matching */

        okx ( pubkey_match ( pubkey, &test->private, &test->public ) == 0,

              file, line );


        /* Construct digest over plaintext */

        digest_init ( digest, digestctx );

        digest_update ( digest, digestctx, test->plaintext,

                        test->plaintext_len );

        digest_final ( digest, digestctx, digestout );


        /* Test verification using public key */

        okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,

                              &test->signature ) == 0, file, line );


        /* Test verification failure of modified signature */

        memcpy ( signature, test->signature.data, sizeof ( signature ) );

        bad = ( signature + ( sizeof ( signature ) / 2 ) );

        *bad ^= 0x40;

        okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,

                              &cursor ) != 0, file, line );

        *bad ^= 0x40;

        okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,

                              &cursor ) == 0, file, line );


        /* Test signing using private key */

        okx ( pubkey_sign ( pubkey, &test->private, digest, digestout,

                            &builder ) == 0, file, line );

        okx ( builder.len != 0, file, line );

        okx ( asn1_compare ( asn1_built ( &builder ), &test->signature ) == 0,

              file, line );


        /* Test verification of constructed signature */

        okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,

                              asn1_built ( &builder ) ) == 0, file, line );


        /* Free signature */

        free ( builder.data );

}


NULL
#define NULL
NULL pointer (VOID *)
Definition Base.h:322

signature
u8 signature
CPU signature.
Definition CIB_PRM.h:7

uint8_t
unsigned char uint8_t
Definition stdint.h:10

asn1_compare
int asn1_compare(const struct asn1_cursor *cursor1, const struct asn1_cursor *cursor2)
Compare two ASN.1 objects.
Definition asn1.c:458

asn1_built
static struct asn1_cursor * asn1_built(struct asn1_builder *builder)
Get cursor for built object.
Definition asn1.h:492

assert.h
Assertions.

test
static int test
Definition epic100.c:73

FILE_LICENCE
#define FILE_LICENCE(_licence)
Declare a particular licence as applying to a file.
Definition compiler.h:896

crypto.h
Cryptographic API.

pubkey_match
static int pubkey_match(struct pubkey_algorithm *pubkey, const struct asn1_cursor *private_key, const struct asn1_cursor *public_key)
Definition crypto.h:315

digest_init
static void digest_init(struct digest_algorithm *digest, void *ctx)
Definition crypto.h:219

digest_final
static void digest_final(struct digest_algorithm *digest, void *ctx, void *out)
Definition crypto.h:230

pubkey_encrypt
static int pubkey_encrypt(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, const struct asn1_cursor *plaintext, struct asn1_builder *ciphertext)
Definition crypto.h:287

pubkey_verify
static int pubkey_verify(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, const struct asn1_cursor *signature)
Definition crypto.h:308

digest_update
static void digest_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
Definition crypto.h:224

pubkey_decrypt
static int pubkey_decrypt(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, const struct asn1_cursor *ciphertext, struct asn1_builder *plaintext)
Definition crypto.h:294

pubkey_sign
static int pubkey_sign(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, struct asn1_builder *signature)
Definition crypto.h:301

stdint.h

string.h
String functions.

memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull

pubkey_okx
void pubkey_okx(struct pubkey_test *test, const char *file, unsigned int line)
Report public key encryption and decryption test result.
Definition pubkey_test.c:50

pubkey_sign_okx
void pubkey_sign_okx(struct pubkey_sign_test *test, const char *file, unsigned int line)
Report public key signature test result.
Definition pubkey_test.c:107

pubkey_test.h

free
static void(* free)(struct refcnt *refcnt))
Definition refcnt.h:55

stdlib.h

asn1_builder
An ASN.1 object builder.
Definition asn1.h:29

asn1_builder::data
void * data
Data.
Definition asn1.h:36

asn1_builder::len
size_t len
Length of data.
Definition asn1.h:38

asn1_cursor
An ASN.1 object cursor.
Definition asn1.h:21

digest_algorithm
A message digest algorithm.
Definition crypto.h:19

digest_algorithm::digestsize
size_t digestsize
Digest size.
Definition crypto.h:27

digest_algorithm::ctxsize
size_t ctxsize
Context size.
Definition crypto.h:23

pubkey_algorithm
A public key algorithm.
Definition crypto.h:122

pubkey_sign_test
A public-key signature test.
Definition pubkey_test.h:30

pubkey_test
A public-key encryption and decryption test.
Definition pubkey_test.h:11

test.h
Self-test infrastructure.

okx
#define okx(success, file, line)
Report test result.
Definition test.h:44