[crypto] Remove the concept of a public-key algorithm reusable context

Instances of cipher and digest algorithms tend to get called
repeatedly to process substantial amounts of data.  This is not true
for public-key algorithms, which tend to get called only once or twice
for a given key.

Simplify the public-key algorithm API so that there is no reusable
algorithm context.  In particular, this allows callers to omit the
error handling currently required to handle memory allocation (or key
parsing) errors from pubkey_init(), and to omit the cleanup calls to
pubkey_final().

This change does remove the ability for a caller to distinguish
between a verification failure due to a memory allocation failure and
a verification failure due to a bad signature.  This difference is not
material in practice: in both cases, for whatever reason, the caller
was unable to verify the signature and so cannot proceed further, and
the cause of the error will be visible to the user via the return
status code.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

1 files changed, 43 insertions, 99 deletions

diff --git a/src/tests/pubkey_test.c b/src/tests/pubkey_test.c
index 93962516a..ff318bfb7 100644
--- a/src/tests/pubkey_test.c
+++ b/src/tests/pubkey_test.c
@@ -50,77 +50,41 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 void pubkey_okx ( struct pubkey_test *test, const char *file,
 		  unsigned int line ) {
 	struct pubkey_algorithm *pubkey = test->pubkey;
-	uint8_t private_ctx[pubkey->ctxsize];
-	uint8_t public_ctx[pubkey->ctxsize];
-	size_t max_len;
-
-	/* Initialize contexts */
-	okx ( pubkey_init ( pubkey, private_ctx, &test->private ) == 0,
-	      file, line );
-	okx ( pubkey_init ( pubkey, public_ctx, &test->public ) == 0,
-	      file, line );
-	max_len = pubkey_max_len ( pubkey, private_ctx );
+	size_t max_len = pubkey_max_len ( pubkey, &test->private );
+	uint8_t encrypted[max_len];
+	uint8_t decrypted[max_len];
+	int encrypted_len;
+	int decrypted_len;
 
 	/* Test decrypting with private key to obtain known plaintext */
-	{
-		uint8_t decrypted[max_len];
-		int decrypted_len;
-
-		decrypted_len = pubkey_decrypt ( pubkey, private_ctx,
-						 test->ciphertext,
-						 test->ciphertext_len,
-						 decrypted );
-		okx ( decrypted_len == ( ( int ) test->plaintext_len ),
-		      file, line );
-		okx ( memcmp ( decrypted, test->plaintext,
-			       test->plaintext_len ) == 0, file, line );
-	}
+	decrypted_len = pubkey_decrypt ( pubkey, &test->private,
+					 test->ciphertext, test->ciphertext_len,
+					 decrypted );
+	okx ( decrypted_len == ( ( int ) test->plaintext_len ), file, line );
+	okx ( memcmp ( decrypted, test->plaintext, test->plaintext_len ) == 0,
+	      file, line );
 
 	/* Test encrypting with private key and decrypting with public key */
-	{
-		uint8_t encrypted[max_len];
-		uint8_t decrypted[max_len];
-		int encrypted_len;
-		int decrypted_len;
-
-		encrypted_len = pubkey_encrypt ( pubkey, private_ctx,
-						 test->plaintext,
-						 test->plaintext_len,
-						 encrypted );
-		okx ( encrypted_len >= 0, file, line );
-		decrypted_len = pubkey_decrypt ( pubkey, public_ctx,
-						 encrypted, encrypted_len,
-						 decrypted );
-		okx ( decrypted_len == ( ( int ) test->plaintext_len ),
-		      file, line );
-		okx ( memcmp ( decrypted, test->plaintext,
-			       test->plaintext_len ) == 0, file, line );
-	}
+	encrypted_len = pubkey_encrypt ( pubkey, &test->private,
+					 test->plaintext, test->plaintext_len,
+					 encrypted );
+	okx ( encrypted_len >= 0, file, line );
+	decrypted_len = pubkey_decrypt ( pubkey, &test->public, encrypted,
+					 encrypted_len, decrypted );
+	okx ( decrypted_len == ( ( int ) test->plaintext_len ), file, line );
+	okx ( memcmp ( decrypted, test->plaintext, test->plaintext_len ) == 0,
+	      file, line );
 
 	/* Test encrypting with public key and decrypting with private key */
-	{
-		uint8_t encrypted[max_len];
-		uint8_t decrypted[max_len];
-		int encrypted_len;
-		int decrypted_len;
-
-		encrypted_len = pubkey_encrypt ( pubkey, public_ctx,
-						 test->plaintext,
-						 test->plaintext_len,
-						 encrypted );
-		okx ( encrypted_len >= 0, file, line );
-		decrypted_len = pubkey_decrypt ( pubkey, private_ctx,
-						 encrypted, encrypted_len,
-						 decrypted );
-		okx ( decrypted_len == ( ( int ) test->plaintext_len ),
-		      file, line );
-		okx ( memcmp ( decrypted, test->plaintext,
-			       test->plaintext_len ) == 0, file, line );
-	}
-
-	/* Free contexts */
-	pubkey_final ( pubkey, public_ctx );
-	pubkey_final ( pubkey, private_ctx );
+	encrypted_len = pubkey_encrypt ( pubkey, &test->public,
+					 test->plaintext, test->plaintext_len,
+					 encrypted );
+	okx ( encrypted_len >= 0, file, line );
+	decrypted_len = pubkey_decrypt ( pubkey, &test->private, encrypted,
+					 encrypted_len, decrypted );
+	okx ( decrypted_len == ( ( int ) test->plaintext_len ), file, line );
+	okx ( memcmp ( decrypted, test->plaintext, test->plaintext_len ) == 0,
+	      file, line );
 }
 
 /**
@@ -134,18 +98,12 @@ void pubkey_sign_okx ( struct pubkey_sign_test *test, const char *file,
 		       unsigned int line ) {
 	struct pubkey_algorithm *pubkey = test->pubkey;
 	struct digest_algorithm *digest = test->digest;
-	uint8_t private_ctx[pubkey->ctxsize];
-	uint8_t public_ctx[pubkey->ctxsize];
+	size_t max_len = pubkey_max_len ( pubkey, &test->private );
+	uint8_t bad[test->signature_len];
 	uint8_t digestctx[digest->ctxsize ];
 	uint8_t digestout[digest->digestsize];
-	size_t max_len;
-
-	/* Initialize contexts */
-	okx ( pubkey_init ( pubkey, private_ctx, &test->private ) == 0,
-	      file, line );
-	okx ( pubkey_init ( pubkey, public_ctx, &test->public ) == 0,
-	      file, line );
-	max_len = pubkey_max_len ( pubkey, private_ctx );
+	uint8_t signature[max_len];
+	int signature_len;
 
 	/* Construct digest over plaintext */
 	digest_init ( digest, digestctx );
@@ -154,34 +112,20 @@ void pubkey_sign_okx ( struct pubkey_sign_test *test, const char *file,
 	digest_final ( digest, digestctx, digestout );
 
 	/* Test signing using private key */
-	{
-		uint8_t signature[max_len];
-		int signature_len;
-
-		signature_len = pubkey_sign ( pubkey, private_ctx, digest,
-					      digestout, signature );
-		okx ( signature_len == ( ( int ) test->signature_len ),
-		      file, line );
-		okx ( memcmp ( signature, test->signature,
-			       test->signature_len ) == 0, file, line );
-	}
+	signature_len = pubkey_sign ( pubkey, &test->private, digest,
+				      digestout, signature );
+	okx ( signature_len == ( ( int ) test->signature_len ), file, line );
+	okx ( memcmp ( signature, test->signature, test->signature_len ) == 0,
+	      file, line );
 
 	/* Test verification using public key */
-	okx ( pubkey_verify ( pubkey, public_ctx, digest, digestout,
+	okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,
 			      test->signature, test->signature_len ) == 0,
 	      file, line );
 
 	/* Test verification failure of modified signature */
-	{
-		uint8_t bad[test->signature_len];
-
-		memcpy ( bad, test->signature, test->signature_len );
-		bad[ test->signature_len / 2 ] ^= 0x40;
-		okx ( pubkey_verify ( pubkey, public_ctx, digest, digestout,
-				      bad, sizeof ( bad ) ) != 0, file, line );
-	}
-
-	/* Free contexts */
-	pubkey_final ( pubkey, public_ctx );
-	pubkey_final ( pubkey, private_ctx );
+	memcpy ( bad, test->signature, test->signature_len );
+	bad[ test->signature_len / 2 ] ^= 0x40;
+	okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,
+			      bad, sizeof ( bad ) ) != 0, file, line );
 }