1*62c56f98SSadaf EbrahimiTesting strategy for `MBEDTLS_USE_PSA_CRYPTO` 2*62c56f98SSadaf Ebrahimi============================================= 3*62c56f98SSadaf Ebrahimi 4*62c56f98SSadaf EbrahimiThis document records the testing strategy used so far in implementing 5*62c56f98SSadaf Ebrahimi`MBEDTLS_USE_PSA_CRYPTO`. 6*62c56f98SSadaf Ebrahimi 7*62c56f98SSadaf Ebrahimi 8*62c56f98SSadaf EbrahimiGeneral considerations 9*62c56f98SSadaf Ebrahimi---------------------- 10*62c56f98SSadaf Ebrahimi 11*62c56f98SSadaf EbrahimiThere needs to be at least one build in `all.sh` that enables 12*62c56f98SSadaf Ebrahimi`MBEDTLS_USE_PSA_CRYPTO` and runs the full battery of tests; currently that's 13*62c56f98SSadaf Ebrahimiensured by the fact that `scripts/config.py full` enables 14*62c56f98SSadaf Ebrahimi`MBEDTLS_USE_PSA_CRYPTO`. There needs to be at least one build with 15*62c56f98SSadaf Ebrahimi`MBEDTLS_USE_PSA_CRYPTO` disabled (as long as it's optional); currently that's 16*62c56f98SSadaf Ebrahimiensured by the fact that it's disabled in the default config. 17*62c56f98SSadaf Ebrahimi 18*62c56f98SSadaf EbrahimiGenerally, code review is enough to ensure that PSA APIs are indeed used where 19*62c56f98SSadaf Ebrahimithey should be when `MBEDTLS_USE_PSA_CRYPTO` is enabled. 20*62c56f98SSadaf Ebrahimi 21*62c56f98SSadaf EbrahimiHowever, when it comes to TLS, we also have the option of using debug messages 22*62c56f98SSadaf Ebrahimito confirm which code path is taken. This is generally unnecessary, except when 23*62c56f98SSadaf Ebrahimia decision is made at run-time about whether to use the PSA or legacy code 24*62c56f98SSadaf Ebrahimipath. (For example, for record protection, previously (until 3.1), some ciphers were supported 25*62c56f98SSadaf Ebrahimivia PSA while some others weren't, with a run-time fallback. In this case, it's 26*62c56f98SSadaf Ebrahimigood to have a debug message checked by the test case to confirm that the 27*62c56f98SSadaf Ebrahimiright decision was made at run-time, i. e. that we didn't use the fallback for 28*62c56f98SSadaf Ebrahimiciphers that are supposed to be supported.) 29*62c56f98SSadaf Ebrahimi 30*62c56f98SSadaf Ebrahimi 31*62c56f98SSadaf EbrahimiNew APIs meant for application use 32*62c56f98SSadaf Ebrahimi---------------------------------- 33*62c56f98SSadaf Ebrahimi 34*62c56f98SSadaf EbrahimiFor example, `mbedtls_pk_setup_opaque()` is meant to be used by applications 35*62c56f98SSadaf Ebrahimiin order to create PK contexts that can then be passed to existing TLS and 36*62c56f98SSadaf EbrahimiX.509 APIs (which remain unchanged). 37*62c56f98SSadaf Ebrahimi 38*62c56f98SSadaf EbrahimiIn that case, we want: 39*62c56f98SSadaf Ebrahimi 40*62c56f98SSadaf Ebrahimi- unit testing of the new API and directly-related APIs - for example: 41*62c56f98SSadaf Ebrahimi - in `test_suite_pk` we have a new test function `pk_psa_utils` that exercises 42*62c56f98SSadaf Ebrahimi `mbedtls_pk_setup_opaque()` and checks that various utility functions 43*62c56f98SSadaf Ebrahimi (`mbedtls_pk_get_type()` etc.) work and the functions that are expected to 44*62c56f98SSadaf Ebrahimi fail (`mbedtls_pk_verify()` etc) return the expected error. 45*62c56f98SSadaf Ebrahimi - in `test_suite_pk` we modified the existing `pk_psa_sign` test function to 46*62c56f98SSadaf Ebrahimi check that signature generation works as expected 47*62c56f98SSadaf Ebrahimi - in `test_suite_pkwrite` we should have a new test function checking that 48*62c56f98SSadaf Ebrahimi exporting (writing out) the public part of the key works as expected and 49*62c56f98SSadaf Ebrahimi that exporting the private key fails as expected. 50*62c56f98SSadaf Ebrahimi- integration testing of the new API with each existing API which should 51*62c56f98SSadaf Ebrahimi accepts a context created this way - for example: 52*62c56f98SSadaf Ebrahimi - in `programs/ssl/ssl_client2` a new option `key_opaque` that causes the 53*62c56f98SSadaf Ebrahimi new API to be used, and one or more tests in `ssl-opt.sh` using that. 54*62c56f98SSadaf Ebrahimi (We should have the same server-side.) 55*62c56f98SSadaf Ebrahimi - in `test_suite_x509write` we have a new test function 56*62c56f98SSadaf Ebrahimi `x509_csr_check_opaque()` checking integration of the new API with the 57*62c56f98SSadaf Ebrahimi existing `mbedtls_x509write_csr_set_key()`. (And also 58*62c56f98SSadaf Ebrahimi `mbedtls_x509write_crt_set_issuer_key()` since #5710.) 59*62c56f98SSadaf Ebrahimi 60*62c56f98SSadaf EbrahimiFor some APIs, for example with `mbedtls_ssl_conf_psk_opaque()`, testing in 61*62c56f98SSadaf Ebrahimi`test_suite_ssl` was historically not possible, so we only have testing in 62*62c56f98SSadaf Ebrahimi`ssl-opt.sh`. 63*62c56f98SSadaf Ebrahimi 64*62c56f98SSadaf EbrahimiNew APIs meant for internal use 65*62c56f98SSadaf Ebrahimi------------------------------- 66*62c56f98SSadaf Ebrahimi 67*62c56f98SSadaf EbrahimiFor example, `mbedtls_cipher_setup_psa()` (no longer used, soon to be 68*62c56f98SSadaf Ebrahimideprecated - #5261) was meant to be used by the TLS layer, but probably not 69*62c56f98SSadaf Ebrahimidirectly by applications. 70*62c56f98SSadaf Ebrahimi 71*62c56f98SSadaf EbrahimiIn that case, we want: 72*62c56f98SSadaf Ebrahimi 73*62c56f98SSadaf Ebrahimi- unit testing of the new API and directly-related APIs - for example: 74*62c56f98SSadaf Ebrahimi - in `test_suite_cipher`, the existing test functions `auth_crypt_tv` and 75*62c56f98SSadaf Ebrahimi `test_vec_crypt` gained a new parameter `use_psa` and corresponding test 76*62c56f98SSadaf Ebrahimi cases 77*62c56f98SSadaf Ebrahimi- integration testing: 78*62c56f98SSadaf Ebrahimi - usually already covered by existing tests for higher-level modules: 79*62c56f98SSadaf Ebrahimi - for example simple use of `mbedtls_cipher_setup_psa()` in TLS is already 80*62c56f98SSadaf Ebrahimi covered by running the existing TLS tests in a build with 81*62c56f98SSadaf Ebrahimi `MBEDTLS_USA_PSA_CRYPTO` enabled 82*62c56f98SSadaf Ebrahimi - however if use of the new API in higher layers involves more logic that 83*62c56f98SSadaf Ebrahimi use of the old API, specific integrations test may be required 84*62c56f98SSadaf Ebrahimi - for example, the logic to fall back from `mbedtls_cipher_setup_psa()` to 85*62c56f98SSadaf Ebrahimi `mbedtls_cipher_setup()` in TLS is tested by `run_test_psa` in 86*62c56f98SSadaf Ebrahimi `ssl-opt.sh`. 87*62c56f98SSadaf Ebrahimi 88*62c56f98SSadaf EbrahimiInternal changes 89*62c56f98SSadaf Ebrahimi---------------- 90*62c56f98SSadaf Ebrahimi 91*62c56f98SSadaf EbrahimiFor example, use of PSA to compute the TLS 1.2 PRF. 92*62c56f98SSadaf Ebrahimi 93*62c56f98SSadaf EbrahimiChanges in this category rarely require specific testing, as everything should 94*62c56f98SSadaf Ebrahimibe already be covered by running the existing tests in a build with 95*62c56f98SSadaf Ebrahimi`MBEDTLS_USE_PSA_CRYPTO` enabled; however we need to make sure the existing 96*62c56f98SSadaf Ebrahimitest have sufficient coverage, and improve them if necessary. 97*62c56f98SSadaf Ebrahimi 98*62c56f98SSadaf EbrahimiHowever, if additional logic is involved, or there are run-time decisions about 99*62c56f98SSadaf Ebrahimiwhether to use the PSA or legacy code paths, specific tests might be in order. 100