[test] Generalise public-key algorithm tests and use okx()

Generalise the existing support for performing RSA public-key
encryption, decryption, signature, and verification tests, and update
the code to use okx() for neater reporting of test results.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

3 files changed, 336 insertions, 309 deletions

diff --git a/src/tests/pubkey_test.c b/src/tests/pubkey_test.c
new file mode 100644
index 000000000..93962516a
--- /dev/null
+++ b/src/tests/pubkey_test.c
@@ -0,0 +1,187 @@
+/*
+ * Copyright (C) 2024 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+/** @file
+ *
+ * Public key self-tests
+ *
+ */
+
+/* Forcibly enable assertions */
+#undef NDEBUG
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <ipxe/crypto.h>
+#include <ipxe/test.h>
+#include "pubkey_test.h"
+
+/**
+ * Report public key encryption and decryption test result
+ *
+ * @v test		Public key encryption and decryption test
+ * @v file		Test code file
+ * @v line		Test code line
+ */
+void pubkey_okx ( struct pubkey_test *test, const char *file,
+		  unsigned int line ) {
+	struct pubkey_algorithm *pubkey = test->pubkey;
+	uint8_t private_ctx[pubkey->ctxsize];
+	uint8_t public_ctx[pubkey->ctxsize];
+	size_t max_len;
+
+	/* Initialize contexts */
+	okx ( pubkey_init ( pubkey, private_ctx, &test->private ) == 0,
+	      file, line );
+	okx ( pubkey_init ( pubkey, public_ctx, &test->public ) == 0,
+	      file, line );
+	max_len = pubkey_max_len ( pubkey, private_ctx );
+
+	/* Test decrypting with private key to obtain known plaintext */
+	{
+		uint8_t decrypted[max_len];
+		int decrypted_len;
+
+		decrypted_len = pubkey_decrypt ( pubkey, private_ctx,
+						 test->ciphertext,
+						 test->ciphertext_len,
+						 decrypted );
+		okx ( decrypted_len == ( ( int ) test->plaintext_len ),
+		      file, line );
+		okx ( memcmp ( decrypted, test->plaintext,
+			       test->plaintext_len ) == 0, file, line );
+	}
+
+	/* Test encrypting with private key and decrypting with public key */
+	{
+		uint8_t encrypted[max_len];
+		uint8_t decrypted[max_len];
+		int encrypted_len;
+		int decrypted_len;
+
+		encrypted_len = pubkey_encrypt ( pubkey, private_ctx,
+						 test->plaintext,
+						 test->plaintext_len,
+						 encrypted );
+		okx ( encrypted_len >= 0, file, line );
+		decrypted_len = pubkey_decrypt ( pubkey, public_ctx,
+						 encrypted, encrypted_len,
+						 decrypted );
+		okx ( decrypted_len == ( ( int ) test->plaintext_len ),
+		      file, line );
+		okx ( memcmp ( decrypted, test->plaintext,
+			       test->plaintext_len ) == 0, file, line );
+	}
+
+	/* Test encrypting with public key and decrypting with private key */
+	{
+		uint8_t encrypted[max_len];
+		uint8_t decrypted[max_len];
+		int encrypted_len;
+		int decrypted_len;
+
+		encrypted_len = pubkey_encrypt ( pubkey, public_ctx,
+						 test->plaintext,
+						 test->plaintext_len,
+						 encrypted );
+		okx ( encrypted_len >= 0, file, line );
+		decrypted_len = pubkey_decrypt ( pubkey, private_ctx,
+						 encrypted, encrypted_len,
+						 decrypted );
+		okx ( decrypted_len == ( ( int ) test->plaintext_len ),
+		      file, line );
+		okx ( memcmp ( decrypted, test->plaintext,
+			       test->plaintext_len ) == 0, file, line );
+	}
+
+	/* Free contexts */
+	pubkey_final ( pubkey, public_ctx );
+	pubkey_final ( pubkey, private_ctx );
+}
+
+/**
+ * Report public key signature test result
+ *
+ * @v test		Public key signature test
+ * @v file		Test code file
+ * @v line		Test code line
+ */
+void pubkey_sign_okx ( struct pubkey_sign_test *test, const char *file,
+		       unsigned int line ) {
+	struct pubkey_algorithm *pubkey = test->pubkey;
+	struct digest_algorithm *digest = test->digest;
+	uint8_t private_ctx[pubkey->ctxsize];
+	uint8_t public_ctx[pubkey->ctxsize];
+	uint8_t digestctx[digest->ctxsize ];
+	uint8_t digestout[digest->digestsize];
+	size_t max_len;
+
+	/* Initialize contexts */
+	okx ( pubkey_init ( pubkey, private_ctx, &test->private ) == 0,
+	      file, line );
+	okx ( pubkey_init ( pubkey, public_ctx, &test->public ) == 0,
+	      file, line );
+	max_len = pubkey_max_len ( pubkey, private_ctx );
+
+	/* Construct digest over plaintext */
+	digest_init ( digest, digestctx );
+	digest_update ( digest, digestctx, test->plaintext,
+			test->plaintext_len );
+	digest_final ( digest, digestctx, digestout );
+
+	/* Test signing using private key */
+	{
+		uint8_t signature[max_len];
+		int signature_len;
+
+		signature_len = pubkey_sign ( pubkey, private_ctx, digest,
+					      digestout, signature );
+		okx ( signature_len == ( ( int ) test->signature_len ),
+		      file, line );
+		okx ( memcmp ( signature, test->signature,
+			       test->signature_len ) == 0, file, line );
+	}
+
+	/* Test verification using public key */
+	okx ( pubkey_verify ( pubkey, public_ctx, digest, digestout,
+			      test->signature, test->signature_len ) == 0,
+	      file, line );
+
+	/* Test verification failure of modified signature */
+	{
+		uint8_t bad[test->signature_len];
+
+		memcpy ( bad, test->signature, test->signature_len );
+		bad[ test->signature_len / 2 ] ^= 0x40;
+		okx ( pubkey_verify ( pubkey, public_ctx, digest, digestout,
+				      bad, sizeof ( bad ) ) != 0, file, line );
+	}
+
+	/* Free contexts */
+	pubkey_final ( pubkey, public_ctx );
+	pubkey_final ( pubkey, private_ctx );
+}
diff --git a/src/tests/pubkey_test.h b/src/tests/pubkey_test.h
index 214992238..20bb94355 100644
--- a/src/tests/pubkey_test.h
+++ b/src/tests/pubkey_test.h
@@ -7,160 +7,151 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <ipxe/crypto.h>
 #include <ipxe/test.h>
 
-/**
- * Report public key decryption test result
- *
- * @v pubkey		Public key algorithm
- * @v key		Key
- * @v ciphertext	Ciphertext
- * @v ciphertext_len	Ciphertext length
- * @v expected		Expected plaintext
- * @v expected_len	Expected plaintext length
- */
-#define pubkey_decrypt_ok( pubkey, key, ciphertext, ciphertext_len,	\
-			   expected, expected_len ) do {		\
-	uint8_t ctx[ (pubkey)->ctxsize ];				\
-									\
-	ok ( pubkey_init ( (pubkey), ctx, (key) ) == 0 );		\
-	{								\
-		size_t max_len = pubkey_max_len ( (pubkey), ctx );	\
-		uint8_t decrypted[ max_len ];				\
-		int decrypted_len;					\
-									\
-		decrypted_len = pubkey_decrypt ( (pubkey), ctx,		\
-						 (ciphertext),		\
-						 (ciphertext_len),	\
-						 decrypted );		\
-		ok ( decrypted_len == ( ( int ) (expected_len) ) );	\
-		ok ( memcmp ( decrypted, (expected),			\
-			      (expected_len) ) == 0 );			\
-	}								\
-	pubkey_final ( (pubkey), ctx );					\
-	} while ( 0 )
+/** A public-key encryption and decryption test */
+struct pubkey_test {
+	/** Public-key algorithm */
+	struct pubkey_algorithm *pubkey;
+	/** Private key */
+	const struct asn1_cursor private;
+	/** Public key */
+	const struct asn1_cursor public;
+	/** Plaintext */
+	const void *plaintext;
+	/** Length of plaintext */
+	size_t plaintext_len;
+	/** Ciphertext
+	 *
+	 * Note that the encryption process may include some random
+	 * padding, so a given plaintext will encrypt to multiple
+	 * different ciphertexts.
+	 */
+	const void *ciphertext;
+	/** Length of ciphertext */
+	size_t ciphertext_len;
+};
+
+/** A public-key signature test */
+struct pubkey_sign_test {
+	/** Public-key algorithm */
+	struct pubkey_algorithm *pubkey;
+	/** Private key */
+	const struct asn1_cursor private;
+	/** Public key */
+	const struct asn1_cursor public;
+	/** Plaintext */
+	const void *plaintext;
+	/** Plaintext length */
+	size_t plaintext_len;
+	/** Signature algorithm */
+	struct digest_algorithm *digest;
+	/** Signature */
+	const void *signature;
+	/** Signature length */
+	size_t signature_len;
+};
+
+/** Define inline private key data */
+#define PRIVATE(...) { __VA_ARGS__ }
+
+/** Define inline public key data */
+#define PUBLIC(...) { __VA_ARGS__ }
+
+/** Define inline plaintext data */
+#define PLAINTEXT(...) { __VA_ARGS__ }
+
+/** Define inline ciphertext data */
+#define CIPHERTEXT(...) { __VA_ARGS__ }
+
+/** Define inline signature data */
+#define SIGNATURE(...) { __VA_ARGS__ }
 
 /**
- * Report public key encryption and decryption test result
+ * Define a public-key encryption and decryption test
  *
- * @v pubkey		Public key algorithm
- * @v encrypt_key	Encryption key
- * @v decrypt_key	Decryption key
- * @v plaintext		Plaintext
- * @v plaintext_len	Plaintext length
+ * @v name		Test name
+ * @v PUBKEY		Public-key algorithm
+ * @v PRIVATE		Private key
+ * @v PUBLIC		Public key
+ * @v PLAINTEXT		Plaintext
+ * @v CIPHERTEXT	Ciphertext
+ * @ret test		Encryption and decryption test
  */
-#define pubkey_encrypt_ok( pubkey, encrypt_key, decrypt_key, plaintext,	\
-			   plaintext_len ) do {				\
-	uint8_t ctx[ (pubkey)->ctxsize ];				\
-									\
-	ok ( pubkey_init ( (pubkey), ctx, (encrypt_key) ) == 0 );	\
-	{								\
-		size_t max_len = pubkey_max_len ( (pubkey), ctx );	\
-		uint8_t encrypted[ max_len ];				\
-		int encrypted_len;					\
-									\
-		encrypted_len = pubkey_encrypt ( (pubkey), ctx,		\
-						 (plaintext),		\
-						 (plaintext_len),	\
-						 encrypted );		\
-		ok ( encrypted_len >= 0 );				\
-		pubkey_decrypt_ok ( (pubkey), (decrypt_key),		\
-				    encrypted, encrypted_len,		\
-				    (plaintext), (plaintext_len) );	\
-	}								\
-	pubkey_final ( (pubkey), ctx );					\
-	} while ( 0 )
+#define PUBKEY_TEST( name, PUBKEY, PRIVATE, PUBLIC, PLAINTEXT,		\
+			   CIPHERTEXT )					\
+	static const uint8_t name ## _private[] = PRIVATE;		\
+	static const uint8_t name ## _public[] = PUBLIC;		\
+	static const uint8_t name ## _plaintext[] = PLAINTEXT;		\
+	static const uint8_t name ## _ciphertext[] = CIPHERTEXT;	\
+	static struct pubkey_test name = {				\
+		.pubkey = PUBKEY,					\
+		.private = {						\
+			.data = name ## _private,			\
+			.len = sizeof ( name ## _private ),		\
+		},							\
+		.public = {						\
+			.data = name ## _public,			\
+			.len = sizeof ( name ## _public ),		\
+		},							\
+		.plaintext = name ## _plaintext,			\
+		.plaintext_len = sizeof ( name ## _plaintext ),		\
+		.ciphertext = name ## _ciphertext,			\
+		.ciphertext_len = sizeof ( name ## _ciphertext ),	\
+	}
 
 /**
- * Report public key signature test result
+ * Define a public-key signature test
  *
- * @v pubkey		Public key algorithm
- * @v key		Key
- * @v digest		Digest algorithm
- * @v plaintext		Plaintext
- * @v plaintext_len	Plaintext length
- * @v expected		Expected signature
- * @v expected_len	Expected signature length
+ * @v name		Test name
+ * @v PUBKEY		Public-key algorithm
+ * @v PRIVATE		Private key
+ * @v PUBLIC		Public key
+ * @v PLAINTEXT		Plaintext
+ * @v DIGEST		Digest algorithm
+ * @v SIGNATURE		Signature
+ * @ret test		Signature test
  */
-#define pubkey_sign_ok( pubkey, key, digest, plaintext,	plaintext_len,	\
-			expected, expected_len ) do {			\
-	uint8_t ctx[ (pubkey)->ctxsize ];				\
-	uint8_t digestctx[ (digest)->ctxsize ];				\
-	uint8_t digestout[ (digest)->digestsize ];			\
-									\
-	digest_init ( (digest), digestctx );				\
-	digest_update ( (digest), digestctx, (plaintext),		\
-			(plaintext_len) );				\
-	digest_final ( (digest), digestctx, digestout );		\
-									\
-	ok ( pubkey_init ( (pubkey), ctx, (key) ) == 0 );		\
-	{								\
-		size_t max_len = pubkey_max_len ( (pubkey), ctx );	\
-		uint8_t signature[ max_len ];				\
-		int signature_len;					\
-									\
-		signature_len = pubkey_sign ( (pubkey), ctx, (digest),	\
-					      digestout, signature );	\
-		ok ( signature_len == ( ( int ) (expected_len) ) );	\
-		ok ( memcmp ( signature, (expected),			\
-			      (expected_len) ) == 0 );			\
-	}								\
-	pubkey_final ( (pubkey), ctx );					\
-	} while ( 0 )
+#define PUBKEY_SIGN_TEST( name, PUBKEY, PRIVATE, PUBLIC, PLAINTEXT,	\
+			  DIGEST, SIGNATURE )				\
+	static const uint8_t name ## _private[] = PRIVATE;		\
+	static const uint8_t name ## _public[] = PUBLIC;		\
+	static const uint8_t name ## _plaintext[] = PLAINTEXT;		\
+	static const uint8_t name ## _signature[] = SIGNATURE;		\
+	static struct pubkey_sign_test name = {				\
+		.pubkey = PUBKEY,					\
+		.private = {						\
+			.data = name ## _private,			\
+			.len = sizeof ( name ## _private ),		\
+		},							\
+		.public = {						\
+			.data = name ## _public,			\
+			.len = sizeof ( name ## _public ),		\
+		},							\
+		.plaintext = name ## _plaintext,			\
+		.plaintext_len = sizeof ( name ## _plaintext ),		\
+		.digest = DIGEST,					\
+		.signature = name ## _signature,			\
+		.signature_len = sizeof ( name ## _signature ),		\
+	}
+
+extern void pubkey_okx ( struct pubkey_test *test,
+			 const char *file, unsigned int line );
+extern void pubkey_sign_okx ( struct pubkey_sign_test *test,
+			      const char *file, unsigned int line );
 
 /**
- * Report public key verification test result
+ * Report a public key encryption and decryption test result
  *
- * @v pubkey		Public key algorithm
- * @v key		Key
- * @v digest		Digest algorithm
- * @v plaintext		Plaintext
- * @v plaintext_len	Plaintext length
- * @v signature		Signature
- * @v signature_len	Signature length
+ * @v test		Public key encryption and decryption test
  */
-#define pubkey_verify_ok( pubkey, key, digest, plaintext,		\
-			  plaintext_len, signature, signature_len ) do {\
-	uint8_t ctx[ (pubkey)->ctxsize ];				\
-	uint8_t digestctx[ (digest)->ctxsize ];				\
-	uint8_t digestout[ (digest)->digestsize ];			\
-									\
-	digest_init ( (digest), digestctx );				\
-	digest_update ( (digest), digestctx, (plaintext),		\
-			(plaintext_len) );				\
-	digest_final ( (digest), digestctx, digestout );		\
-									\
-	ok ( pubkey_init ( (pubkey), ctx, (key) ) == 0 );		\
-	ok ( pubkey_verify ( (pubkey), ctx, (digest), digestout,	\
-			     (signature), (signature_len) ) == 0 );	\
-	pubkey_final ( (pubkey), ctx );					\
-	} while ( 0 )
+#define pubkey_ok( test ) \
+	pubkey_okx ( test, __FILE__, __LINE__ )
 
 /**
- * Report public key verification test result
+ * Report a public key signature test result
  *
- * @v pubkey		Public key algorithm
- * @v key		Key
- * @v digest		Digest algorithm
- * @v plaintext		Plaintext
- * @v plaintext_len	Plaintext length
- * @v signature		Signature
- * @v signature_len	Signature length
+ * @v test		Public key signature test
  */
-#define pubkey_verify_fail_ok( pubkey, key, digest, plaintext,		\
-			       plaintext_len, signature,		\
-			       signature_len ) do {			\
-	uint8_t ctx[ (pubkey)->ctxsize ];				\
-	uint8_t digestctx[ (digest)->ctxsize ];				\
-	uint8_t digestout[ (digest)->digestsize ];			\
-									\
-	digest_init ( (digest), digestctx );				\
-	digest_update ( (digest), digestctx, (plaintext),		\
-			(plaintext_len) );				\
-	digest_final ( (digest), digestctx, digestout );		\
-									\
-	ok ( pubkey_init ( (pubkey), ctx, (key) ) == 0 );		\
-	ok ( pubkey_verify ( (pubkey), ctx, (digest), digestout,	\
-			     (signature), (signature_len) ) != 0 );	\
-	pubkey_final ( (pubkey), ctx );					\
-	} while ( 0 )
+#define pubkey_sign_ok( test ) \
+	pubkey_sign_okx ( test, __FILE__, __LINE__ )
 
 #endif /* _PUBKEY_TEST_H */
diff --git a/src/tests/rsa_test.c b/src/tests/rsa_test.c
index b1d522bc0..13160934a 100644
--- a/src/tests/rsa_test.c
+++ b/src/tests/rsa_test.c
@@ -43,165 +43,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <ipxe/test.h>
 #include "pubkey_test.h"
 
-/** Define inline private key data */
-#define PRIVATE(...) { __VA_ARGS__ }
-
-/** Define inline public key data */
-#define PUBLIC(...) { __VA_ARGS__ }
-
-/** Define inline plaintext data */
-#define PLAINTEXT(...) { __VA_ARGS__ }
-
-/** Define inline ciphertext data */
-#define CIPHERTEXT(...) { __VA_ARGS__ }
-
-/** Define inline signature data */
-#define SIGNATURE(...) { __VA_ARGS__ }
-
-/** An RSA encryption and decryption self-test */
-struct rsa_encrypt_decrypt_test {
-	/** Private key */
-	const struct asn1_cursor private;
-	/** Public key */
-	const struct asn1_cursor public;
-	/** Plaintext */
-	const void *plaintext;
-	/** Plaintext length */
-	size_t plaintext_len;
-	/** Ciphertext
-	 *
-	 * Note that the encryption process includes some random
-	 * padding, so a given plaintext will encrypt to multiple
-	 * different ciphertexts.
-	 */
-	const void *ciphertext;
-	/** Ciphertext length */
-	size_t ciphertext_len;
-};
-
-/**
- * Define an RSA encryption and decryption test
- *
- * @v name		Test name
- * @v PRIVATE		Private key
- * @v PUBLIC		Public key
- * @v PLAINTEXT		Plaintext
- * @v CIPHERTEXT	Ciphertext
- * @ret test		Encryption and decryption test
- */
-#define RSA_ENCRYPT_DECRYPT_TEST( name, PRIVATE, PUBLIC, PLAINTEXT,	\
-				  CIPHERTEXT )				\
-	static const uint8_t name ## _private[] = PRIVATE;		\
-	static const uint8_t name ## _public[] = PUBLIC;		\
-	static const uint8_t name ## _plaintext[] = PLAINTEXT;		\
-	static const uint8_t name ## _ciphertext[] = CIPHERTEXT;	\
-	static struct rsa_encrypt_decrypt_test name = {			\
-		.private = {						\
-			.data = name ## _private,			\
-			.len = sizeof ( name ## _private ),		\
-		},							\
-		.public = {						\
-			.data = name ## _public,			\
-			.len = sizeof ( name ## _public ),		\
-		},							\
-		.plaintext = name ## _plaintext,			\
-		.plaintext_len = sizeof ( name ## _plaintext ),		\
-		.ciphertext = name ## _ciphertext,			\
-		.ciphertext_len = sizeof ( name ## _ciphertext ),	\
-	}
-
-/** An RSA signature self-test */
-struct rsa_signature_test {
-	/** Private key */
-	const struct asn1_cursor private;
-	/** Public key */
-	const struct asn1_cursor public;
-	/** Plaintext */
-	const void *plaintext;
-	/** Plaintext length */
-	size_t plaintext_len;
-	/** Signature algorithm */
-	struct asn1_algorithm *algorithm;
-	/** Signature */
-	const void *signature;
-	/** Signature length */
-	size_t signature_len;
-};
-
-/**
- * Define an RSA signature test
- *
- * @v name		Test name
- * @v PRIVATE		Private key
- * @v PUBLIC		Public key
- * @v PLAINTEXT		Plaintext
- * @v ALGORITHM		Signature algorithm
- * @v SIGNATURE		Signature
- * @ret test		Signature test
- */
-#define RSA_SIGNATURE_TEST( name, PRIVATE, PUBLIC, PLAINTEXT,		\
-			    ALGORITHM, SIGNATURE )			\
-	static const uint8_t name ## _private[] = PRIVATE;		\
-	static const uint8_t name ## _public[] = PUBLIC;		\
-	static const uint8_t name ## _plaintext[] = PLAINTEXT;		\
-	static const uint8_t name ## _signature[] = SIGNATURE;		\
-	static struct rsa_signature_test name = {			\
-		.private = {						\
-			.data = name ## _private,			\
-			.len = sizeof ( name ## _private ),		\
-		},							\
-		.public = {						\
-			.data = name ## _public,			\
-			.len = sizeof ( name ## _public ),		\
-		},							\
-		.plaintext = name ## _plaintext,			\
-		.plaintext_len = sizeof ( name ## _plaintext ),		\
-		.algorithm = ALGORITHM,					\
-		.signature = name ## _signature,			\
-		.signature_len = sizeof ( name ## _signature ),		\
-	}
-
-/**
- * Report RSA encryption and decryption test result
- *
- * @v test		RSA encryption and decryption test
- */
-#define rsa_encrypt_decrypt_ok( test ) do {				\
-	pubkey_decrypt_ok ( &rsa_algorithm, &(test)->private,		\
-			    (test)->ciphertext,	(test)->ciphertext_len,	\
-			    (test)->plaintext,  (test)->plaintext_len );\
-	pubkey_encrypt_ok ( &rsa_algorithm, &(test)->private,		\
-			    &(test)->public, (test)->plaintext,		\
-			    (test)->plaintext_len );			\
-	pubkey_encrypt_ok ( &rsa_algorithm, &(test)->public,		\
-			    &(test)->private, (test)->plaintext,	\
-			    (test)->plaintext_len );			\
-	} while ( 0 )
-
-
-/**
- * Report RSA signature test result
- *
- * @v test		RSA signature test
- */
-#define rsa_signature_ok( test ) do {					\
-	struct digest_algorithm *digest = (test)->algorithm->digest;	\
-	uint8_t bad_signature[ (test)->signature_len ];			\
-	pubkey_sign_ok ( &rsa_algorithm, &(test)->private, digest,	\
-			 (test)->plaintext, (test)->plaintext_len,	\
-			 (test)->signature, (test)->signature_len );	\
-	pubkey_verify_ok ( &rsa_algorithm, &(test)->public, digest,	\
-			   (test)->plaintext, (test)->plaintext_len,	\
-			   (test)->signature, (test)->signature_len );	\
-	memset ( bad_signature, 0, sizeof ( bad_signature ) );		\
-	pubkey_verify_fail_ok ( &rsa_algorithm, &(test)->public,	\
-				digest, (test)->plaintext,		\
-				(test)->plaintext_len, bad_signature,	\
-				sizeof ( bad_signature ) );		\
-	} while ( 0 )
-
 /** "Hello world" encryption and decryption test (traditional PKCS#1 key) */
-RSA_ENCRYPT_DECRYPT_TEST ( hw_test,
+PUBKEY_TEST ( hw_test, &rsa_algorithm,
 	PRIVATE ( 0x30, 0x82, 0x01, 0x3b, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
 		  0xd2, 0xf1, 0x04, 0x67, 0xf6, 0x2c, 0x96, 0x07, 0xa6, 0xbd,
 		  0x85, 0xac, 0xc1, 0x17, 0x5d, 0xe8, 0xf0, 0x93, 0x94, 0x0c,
@@ -255,7 +98,7 @@ RSA_ENCRYPT_DECRYPT_TEST ( hw_test,
 		     0x38, 0x43, 0xf9, 0x41 ) );
 
 /** "Hello world" encryption and decryption test (PKCS#8 key) */
-RSA_ENCRYPT_DECRYPT_TEST ( hw_test_pkcs8,
+PUBKEY_TEST ( hw_test_pkcs8, &rsa_algorithm,
 	PRIVATE ( 0x30, 0x82, 0x01, 0x55, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06,
 		  0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
 		  0x05, 0x00, 0x04, 0x82, 0x01, 0x3f, 0x30, 0x82, 0x01, 0x3b,
@@ -312,7 +155,7 @@ RSA_ENCRYPT_DECRYPT_TEST ( hw_test_pkcs8,
 		     0x38, 0x43, 0xf9, 0x41 ) );
 
 /** Random message MD5 signature test */
-RSA_SIGNATURE_TEST ( md5_test,
+PUBKEY_SIGN_TEST ( md5_test, &rsa_algorithm,
 	PRIVATE ( 0x30, 0x82, 0x01, 0x3b, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
 		  0xf9, 0x3f, 0x78, 0x44, 0xe2, 0x0e, 0x25, 0xf1, 0x0e, 0x94,
 		  0xcd, 0xca, 0x6f, 0x9e, 0xea, 0x6d, 0xdf, 0xcd, 0xa0, 0x7c,
@@ -375,7 +218,7 @@ RSA_SIGNATURE_TEST ( md5_test,
 		    0xf2, 0x8d, 0xfc, 0xfc, 0x37, 0xf7, 0xc7, 0x6d, 0x6c, 0xd8,
 		    0x24, 0x0c, 0x6a, 0xec, 0x82, 0x5c, 0x72, 0xf1, 0xfc, 0x05,
 		    0xed, 0x8e, 0xe8, 0xd9, 0x8b, 0x8b, 0x67, 0x02, 0x95 ),
-	&md5_with_rsa_encryption_algorithm,
+	&md5_algorithm,
 	SIGNATURE ( 0xdb, 0x56, 0x3d, 0xea, 0xae, 0x81, 0x4b, 0x3b, 0x2e, 0x8e,
 		    0xb8, 0xee, 0x13, 0x61, 0xc6, 0xe7, 0xd7, 0x50, 0xcd, 0x0d,
 		    0x34, 0x3a, 0xfe, 0x9a, 0x8d, 0xf8, 0xfb, 0xd6, 0x7e, 0xbd,
@@ -385,7 +228,7 @@ RSA_SIGNATURE_TEST ( md5_test,
 		    0xac, 0x45, 0x00, 0xa8 ) );
 
 /** Random message SHA-1 signature test */
-RSA_SIGNATURE_TEST ( sha1_test,
+PUBKEY_SIGN_TEST ( sha1_test, &rsa_algorithm,
 	PRIVATE ( 0x30, 0x82, 0x01, 0x3b, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
 		  0xe0, 0x3a, 0x8d, 0x35, 0xe1, 0x92, 0x2f, 0xea, 0x0d, 0x82,
 		  0x60, 0x2e, 0xb6, 0x0b, 0x02, 0xd3, 0xf4, 0x39, 0xfb, 0x06,
@@ -448,7 +291,7 @@ RSA_SIGNATURE_TEST ( sha1_test,
 		    0x30, 0x91, 0x1c, 0xaa, 0x6c, 0x24, 0x42, 0x1b, 0x1a, 0xba,
 		    0x30, 0x40, 0x49, 0x83, 0xd9, 0xd7, 0x66, 0x7e, 0x5c, 0x1a,
 		    0x4b, 0x7f, 0xa6, 0x8e, 0x8a, 0xd6, 0x0c, 0x65, 0x75 ),
-	&sha1_with_rsa_encryption_algorithm,
+	&sha1_algorithm,
 	SIGNATURE ( 0xa5, 0x5a, 0x8a, 0x67, 0x81, 0x76, 0x7e, 0xad, 0x99, 0x22,
 		    0xf1, 0x47, 0x64, 0xd2, 0xfb, 0x81, 0x45, 0xeb, 0x85, 0x56,
 		    0xf8, 0x7d, 0xb8, 0xec, 0x41, 0x17, 0x84, 0xf7, 0x2b, 0xbb,
@@ -458,7 +301,7 @@ RSA_SIGNATURE_TEST ( sha1_test,
 		    0x0e, 0x3d, 0x80, 0x80 ) );
 
 /** Random message SHA-256 signature test */
-RSA_SIGNATURE_TEST ( sha256_test,
+PUBKEY_SIGN_TEST ( sha256_test, &rsa_algorithm,
 	PRIVATE ( 0x30, 0x82, 0x01, 0x3a, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
 		  0xa5, 0xe9, 0xdb, 0xa9, 0x1a, 0x6e, 0xd6, 0x4c, 0x25, 0x50,
 		  0xfe, 0x61, 0x77, 0x08, 0x7a, 0x80, 0x36, 0xcb, 0x88, 0x49,
@@ -521,7 +364,7 @@ RSA_SIGNATURE_TEST ( sha256_test,
 		    0x91, 0x71, 0xd6, 0x2d, 0xa1, 0xae, 0x81, 0x0c, 0xed, 0x54,
 		    0x48, 0x79, 0x8a, 0x78, 0x05, 0x74, 0x4d, 0x4f, 0xf0, 0xe0,
 		    0x3c, 0x41, 0x5c, 0x04, 0x0b, 0x68, 0x57, 0xc5, 0xd6 ),
-	&sha256_with_rsa_encryption_algorithm,
+	&sha256_algorithm,
 	SIGNATURE ( 0x02, 0x2e, 0xc5, 0x2a, 0x2b, 0x7f, 0xb4, 0x80, 0xca, 0x9d,
 		    0x96, 0x5b, 0xaf, 0x1f, 0x72, 0x5b, 0x6e, 0xf1, 0x69, 0x7f,
 		    0x4d, 0x41, 0xd5, 0x9f, 0x00, 0xdc, 0x47, 0xf4, 0x68, 0x8f,
@@ -536,11 +379,11 @@ RSA_SIGNATURE_TEST ( sha256_test,
  */
 static void rsa_test_exec ( void ) {
 
-	rsa_encrypt_decrypt_ok ( &hw_test );
-	rsa_encrypt_decrypt_ok ( &hw_test_pkcs8 );
-	rsa_signature_ok ( &md5_test );
-	rsa_signature_ok ( &sha1_test );
-	rsa_signature_ok ( &sha256_test );
+	pubkey_ok ( &hw_test );
+	pubkey_ok ( &hw_test_pkcs8 );
+	pubkey_sign_ok ( &md5_test );
+	pubkey_sign_ok ( &sha1_test );
+	pubkey_sign_ok ( &sha256_test );
 }
 
 /** RSA self-test */
@@ -548,3 +391,9 @@ struct self_test rsa_test __self_test = {
 	.name = "rsa",
 	.exec = rsa_test_exec,
 };
+
+/* Drag in required ASN.1 OID-identified algorithms */
+REQUIRING_SYMBOL ( rsa_test );
+REQUIRE_OBJECT ( rsa_md5 );
+REQUIRE_OBJECT ( rsa_sha1 );
+REQUIRE_OBJECT ( rsa_sha256 );