aboutsummaryrefslogtreecommitdiff
path: root/components/service/crypto/test/service/crypto_service_limit_tests.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'components/service/crypto/test/service/crypto_service_limit_tests.cpp')
-rw-r--r--components/service/crypto/test/service/crypto_service_limit_tests.cpp170
1 files changed, 170 insertions, 0 deletions
diff --git a/components/service/crypto/test/service/crypto_service_limit_tests.cpp b/components/service/crypto/test/service/crypto_service_limit_tests.cpp
new file mode 100644
index 000000000..53c856082
--- /dev/null
+++ b/components/service/crypto/test/service/crypto_service_limit_tests.cpp
@@ -0,0 +1,170 @@
+/*
+ * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <string>
+#include <vector>
+#include <cstring>
+#include <cstdint>
+#include <cassert>
+#include <service/crypto/client/cpp/crypto_client.h>
+#include <service_locator.h>
+#include <CppUTest/TestHarness.h>
+
+/*
+ * Service-level tests that focus on verifying that expected limits are met.
+ * e.g. number of keys, key sizes etc.
+ */
+TEST_GROUP(CryptoServiceLimitTests)
+{
+ void setup()
+ {
+ struct rpc_caller *caller;
+ int status;
+
+ m_rpc_session_handle = NULL;
+ m_crypto_service_context = NULL;
+ m_crypto_client = NULL;
+
+ service_locator_init();
+
+ m_crypto_service_context = service_locator_query("sn:trustedfirmware.org:crypto:0", &status);
+ assert(m_crypto_service_context);
+
+ m_rpc_session_handle = service_context_open(m_crypto_service_context, &caller);
+ assert(m_rpc_session_handle);
+
+ m_crypto_client = new crypto_client(caller);
+ }
+
+ void teardown()
+ {
+ delete m_crypto_client;
+ m_crypto_client = NULL;
+
+ service_context_close(m_crypto_service_context, m_rpc_session_handle);
+ m_rpc_session_handle = NULL;
+
+ service_context_relinquish(m_crypto_service_context);
+ m_crypto_service_context = NULL;
+ }
+
+ psa_status_t generateVolatileEccKeyPair(std::vector<psa_key_handle_t> &key_handles)
+ {
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
+ psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1));
+ psa_set_key_bits(&attributes, 521);
+
+ psa_key_handle_t key_handle;
+ status = m_crypto_client->generate_key(&attributes, &key_handle);
+
+ psa_reset_key_attributes(&attributes);
+
+ if (status == PSA_SUCCESS) key_handles.push_back(key_handle);
+
+ return status;
+ }
+
+ psa_status_t generateVolatileRsaKeyPair(std::vector<psa_key_handle_t> &key_handles)
+ {
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
+ psa_set_key_bits(&attributes, 512);
+
+ psa_key_handle_t key_handle;
+ status = m_crypto_client->generate_key(&attributes, &key_handle);
+
+ psa_reset_key_attributes(&attributes);
+
+ if (status == PSA_SUCCESS) key_handles.push_back(key_handle);
+
+ return status;
+ }
+
+ psa_status_t destroyKeys(const std::vector<psa_key_handle_t> &key_handles)
+ {
+ psa_status_t status = PSA_SUCCESS;
+ size_t key_index = 0;
+
+ while ((key_index < key_handles.size()) && (status == PSA_SUCCESS)) {
+
+ status = m_crypto_client->destroy_key(key_handles[key_index]);
+ ++key_index;
+ }
+
+ return status;
+ }
+
+ /*
+ * Maximum number of key slots in mbedcrypto
+ * is 32. We would expect it to be possible to
+ * generate keys up to that limit.
+ */
+ const size_t MAX_KEY_SLOTS = 32;
+
+ rpc_session_handle m_rpc_session_handle;
+ struct service_context *m_crypto_service_context;
+ crypto_client *m_crypto_client;
+};
+
+TEST(CryptoServiceLimitTests, volatileEccKeyPairLimit)
+{
+ size_t expected_limit = MAX_KEY_SLOTS;
+ size_t actual_limit = 0;
+ std::vector<psa_key_handle_t> key_handles;
+ psa_status_t generate_status = PSA_SUCCESS;
+ psa_status_t destroy_status;
+
+ while (actual_limit < expected_limit) {
+
+ generate_status = generateVolatileEccKeyPair(key_handles);
+
+ if (generate_status == PSA_SUCCESS)
+ ++actual_limit;
+ else
+ break;
+ }
+
+ destroy_status = destroyKeys(key_handles);
+
+ CHECK_EQUAL(PSA_SUCCESS, generate_status);
+ CHECK_EQUAL(PSA_SUCCESS, destroy_status);
+ CHECK_EQUAL(expected_limit, actual_limit);
+}
+
+TEST(CryptoServiceLimitTests, volatileRsaKeyPairLimit)
+{
+ size_t expected_limit = MAX_KEY_SLOTS;
+ size_t actual_limit = 0;
+ std::vector<psa_key_handle_t> key_handles;
+ psa_status_t generate_status = PSA_SUCCESS;
+ psa_status_t destroy_status;
+
+ while (actual_limit < expected_limit) {
+
+ generate_status = generateVolatileRsaKeyPair(key_handles);
+
+ if (generate_status == PSA_SUCCESS)
+ ++actual_limit;
+ else
+ break;
+ }
+
+ destroy_status = destroyKeys(key_handles);
+
+ CHECK_EQUAL(PSA_SUCCESS, generate_status);
+ CHECK_EQUAL(PSA_SUCCESS, destroy_status);
+ CHECK_EQUAL(expected_limit, actual_limit);
+} \ No newline at end of file