From d4258272c679c8bd42430fc2df57402cdc03d711 Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Mon, 1 Dec 2025 16:02:54 +0000
Subject: [crypto] Construct signatures using ASN.1 builders

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/tests/pubkey_test.c | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

(limited to 'src/tests')

diff --git a/src/tests/pubkey_test.c b/src/tests/pubkey_test.c
index 2e0eeb116..e3fbc3b3f 100644
--- a/src/tests/pubkey_test.c
+++ b/src/tests/pubkey_test.c
@@ -98,13 +98,10 @@ void pubkey_sign_okx ( struct pubkey_sign_test *test, const char *file,
 		       unsigned int line ) {
 	struct pubkey_algorithm *pubkey = test->pubkey;
 	struct digest_algorithm *digest = test->digest;
-	size_t max_len = pubkey_max_len ( pubkey, &test->private );
-	uint8_t bad[test->signature.len];
 	uint8_t digestctx[digest->ctxsize ];
 	uint8_t digestout[digest->digestsize];
-	uint8_t signature[max_len];
-	struct asn1_cursor cursor;
-	int signature_len;
+	struct asn1_builder signature = { NULL, 0 };
+	uint8_t *bad;
 
 	/* Construct digest over plaintext */
 	digest_init ( digest, digestctx );
@@ -113,21 +110,24 @@ void pubkey_sign_okx ( struct pubkey_sign_test *test, const char *file,
 	digest_final ( digest, digestctx, digestout );
 
 	/* Test signing using private key */
-	signature_len = pubkey_sign ( pubkey, &test->private, digest,
-				      digestout, signature );
-	okx ( signature_len == ( ( int ) test->signature.len ), file, line );
-	okx ( memcmp ( signature, test->signature.data,
-		       test->signature.len ) == 0, file, line );
+	okx ( pubkey_sign ( pubkey, &test->private, digest, digestout,
+			    &signature ) == 0, file, line );
+	okx ( signature.len != 0, file, line );
+	okx ( asn1_compare ( asn1_built ( &signature ),
+			     &test->signature ) == 0, file, line );
 
 	/* Test verification using public key */
 	okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,
 			      &test->signature ) == 0, file, line );
 
 	/* Test verification failure of modified signature */
-	memcpy ( bad, test->signature.data, test->signature.len );
-	bad[ test->signature.len / 2 ] ^= 0x40;
-	cursor.data = bad;
-	cursor.len = test->signature.len;
+	bad = ( signature.data + ( test->signature.len / 2 ) );
+	okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,
+			      asn1_built ( &signature ) ) == 0, file, line );
+	*bad ^= 0x40;
 	okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,
-			      &cursor ) != 0, file, line );
+			      asn1_built ( &signature ) ) != 0, file, line );
+
+	/* Free signature */
+	free ( signature.data );
 }
-- 
cgit v1.2.3-55-g7522