summaryrefslogtreecommitdiffstats
path: root/src/tests/pubkey_test.c
Commit message (Collapse)AuthorAgeFilesLines
* [test] Test verification of constructed signatureMichael Brown2025-12-191-0/+4
| | | | | | | | | | | Some signature schemes (such as ECDSA) allow for non-deterministic signatures. Provide more information in test results by performing verification of the constructed signature even when it does not match the expected test case result: this allows us to distinguish between a bug that is generating invalid signatures and a bug that is generating valid but non-canonical signatures. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [test] Test signature verification independently of signingMichael Brown2025-12-171-13/+17
| | | | | | | | Copy and modify the signature defined within the test case for verification tests, rather than relying on the modifiable signature constructed by the signing portion of the same test. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [test] Include key matching in existing public-key testsMichael Brown2025-12-031-0/+8
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Construct asymmetric ciphered data using ASN.1 buildersMichael Brown2025-12-021-29/+35
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Construct signatures using ASN.1 buildersMichael Brown2025-12-011-15/+15
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Pass signatures for verification as ASN.1 cursorsMichael Brown2025-12-011-9/+11
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Remove the concept of a public-key algorithm reusable contextMichael Brown2024-08-211-99/+43Star
| | | | | | | | | | | | | | | | | | | | | | | Instances of cipher and digest algorithms tend to get called repeatedly to process substantial amounts of data. This is not true for public-key algorithms, which tend to get called only once or twice for a given key. Simplify the public-key algorithm API so that there is no reusable algorithm context. In particular, this allows callers to omit the error handling currently required to handle memory allocation (or key parsing) errors from pubkey_init(), and to omit the cleanup calls to pubkey_final(). This change does remove the ability for a caller to distinguish between a verification failure due to a memory allocation failure and a verification failure due to a bad signature. This difference is not material in practice: in both cases, for whatever reason, the caller was unable to verify the signature and so cannot proceed further, and the cause of the error will be visible to the user via the return status code. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [test] Generalise public-key algorithm tests and use okx()Michael Brown2024-08-191-0/+187
Generalise the existing support for performing RSA public-key encryption, decryption, signature, and verification tests, and update the code to use okx() for neater reporting of test results. Signed-off-by: Michael Brown <mcb30@ipxe.org>
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2026-03-05 00:55:25 +0100