| Manuel Pégourié-Gonnard | 1b52d09 | 2021-09-29 12:28:57 +0200 | [diff] [blame] | 1 | Testing strategy for `MBEDTLS_USE_PSA_CRYPTO` |
| 2 | ============================================= |
| 3 | |
| 4 | This document records the testing strategy used so far in implementing |
| 5 | `MBEDTLS_USE_PSA_CRYPTO`. |
| 6 | |
| 7 | |
| 8 | General considerations |
| 9 | ---------------------- |
| 10 | |
| 11 | There needs to be at least one build in `all.sh` that enables |
| 12 | `MBEDTLS_USE_PSA_CRYPTO` and runs the full battery of tests. Currently that's |
| 13 | ensured by the fact that `scripts/config.py full` enables |
| 14 | `MBEDTLS_USE_PSA_CRYPTO`. |
| 15 | |
| 16 | Generally, code review is enough to ensure that PSA APIs are indeed used where |
| 17 | they should be when `MBEDTLS_USE_PSA_CRYPTO` is enabled. |
| 18 | |
| 19 | However, when it comes to TLS, we also have the option of using debug messages |
| 20 | to confirm which code path is taken. This is generaly un-necessary, except when |
| 21 | a decision is made at run-time about whether to use the PSA or legacy code |
| 22 | path. For example, for record protection, currently some ciphers are supported |
| 23 | via PSA while some others aren't, with a run-time fallback. In this case, it's |
| 24 | good to have a debug message checked by the test case to confirm that the |
| 25 | right decision was made at run-time, i. e. that we didn't use the fallback for |
| 26 | ciphers that are supposed to be supported. |
| 27 | |
| 28 | |
| 29 | New APIs meant for application use |
| 30 | ---------------------------------- |
| 31 | |
| 32 | For example, `mbedtls_pk_setup_opaque()` is meant to be used by applications |
| 33 | in order to create PK contexts that can then be passed to existing TLS and |
| 34 | X.509 APIs (which remain unchanged). |
| 35 | |
| 36 | In that case, we want: |
| 37 | |
| 38 | - unit testing of the new API and directly-related APIs - for example: |
| 39 | - in `test_suite_pk` we have a new test function `pk_psa_utils` that exercises |
| 40 | `mbedtls_pk_setup_opaque()` and checks that various utility functions |
| 41 | (`mbedtls_pk_get_type()` etc.) work and the functions that are expected to |
| 42 | fail (`mbedtls_pk_verify()` etc) return the expected error. |
| 43 | - in `test_suite_pk` we modified the existing `pk_psa_sign` test function to |
| 44 | check that signature generation works as expected |
| 45 | - in `test_suite_pkwrite` we should have a new test function checking that |
| 46 | exporting (writing out) the public part of the key works as expected and |
| 47 | that exporting the private key fails as expected. |
| 48 | - integration testing of the new API with each existing API which should |
| 49 | accepts a context created this way - for example: |
| 50 | - in `programs/ssl/ssl_client2` a new option `key_opaque` that causes the |
| 51 | new API to be used, and one or more tests in `ssl-opt.sh` using that. |
| 52 | (We should have the same server-side.) |
| 53 | - in `test_suite_x509write` we have a new test function |
| 54 | `x509_csr_check_opaque()` checking integration of the new API with the |
| 55 | existing `mbedtls_x509write_csr_set_key()`. |
| 56 | (We should have something similar for |
| 57 | `mbedtls_x509write_crt_set_issuer_key()`.) |
| 58 | |
| 59 | For some APIs, for example with `mbedtls_ssl_conf_psk_opaque()`, unit testing |
| 60 | does not make sense, so we only have integration testing. |
| 61 | |
| 62 | New APIs meant for internal use |
| 63 | ------------------------------- |
| 64 | |
| 65 | For example, `mbedtls_cipher_setup_psa()` is meant to be used by the TLS |
| 66 | layer, but probably not directly by applications. |
| 67 | |
| 68 | In that case, we want: |
| 69 | |
| 70 | - unit testing of the new API and directly-related APIs - for example: |
| 71 | - in `test_suite_cipher`, the existing test functions `auth_crypt_tv` and |
| 72 | `test_vec_crypt` gained a new parameter `use_psa` and corresponding test |
| 73 | cases |
| 74 | - integration testing: |
| 75 | - usually already covered by existing tests for higher-level modules: |
| 76 | - for example simple use of `mbedtls_cipher_setup_psa()` in TLS is already |
| 77 | covered by running the existing TLS tests in a build with |
| 78 | `MBEDTLS_USA_PSA_CRYPTO` enabled |
| 79 | - however if use of the new API in higher layers involves more logic that |
| 80 | use of the old API, specific integrations test may be required |
| 81 | - for example, the logic to fall back from `mbedtls_cipher_setup_psa()` to |
| 82 | `mbedtls_cipher_setup()` in TLS is tested by `run_test_psa` in |
| 83 | `ssl-opt.sh`. |
| 84 | |
| 85 | Internal changes |
| 86 | ---------------- |
| 87 | |
| 88 | For example, use of PSA to compute the TLS 1.2 PRF. |
| 89 | |
| 90 | Changes in this category rarely require specific testing, as everything should |
| 91 | be already be covered by running the existing tests in a build with |
| 92 | `MBEDTLS_USE_PSA_CRYPTO` enabled. |
| 93 | |
| 94 | However, if additional logic is involved, or there are run-time decisions about |
| 95 | whether to use the PSA or legacy code paths, specific tests might be in order. |