1a8e1175bSopenharmony_ciTesting strategy for `MBEDTLS_USE_PSA_CRYPTO`
2a8e1175bSopenharmony_ci=============================================
3a8e1175bSopenharmony_ci
4a8e1175bSopenharmony_ciThis document records the testing strategy used so far in implementing
5a8e1175bSopenharmony_ci`MBEDTLS_USE_PSA_CRYPTO`.
6a8e1175bSopenharmony_ci
7a8e1175bSopenharmony_ci
8a8e1175bSopenharmony_ciGeneral considerations
9a8e1175bSopenharmony_ci----------------------
10a8e1175bSopenharmony_ci
11a8e1175bSopenharmony_ciThere needs to be at least one build in `all.sh` that enables
12a8e1175bSopenharmony_ci`MBEDTLS_USE_PSA_CRYPTO` and runs the full battery of tests; currently that's
13a8e1175bSopenharmony_ciensured by the fact that `scripts/config.py full` enables
14a8e1175bSopenharmony_ci`MBEDTLS_USE_PSA_CRYPTO`. There needs to be at least one build with
15a8e1175bSopenharmony_ci`MBEDTLS_USE_PSA_CRYPTO` disabled (as long as it's optional); currently that's
16a8e1175bSopenharmony_ciensured by the fact that it's disabled in the default config.
17a8e1175bSopenharmony_ci
18a8e1175bSopenharmony_ciGenerally, code review is enough to ensure that PSA APIs are indeed used where
19a8e1175bSopenharmony_cithey should be when `MBEDTLS_USE_PSA_CRYPTO` is enabled.
20a8e1175bSopenharmony_ci
21a8e1175bSopenharmony_ciHowever, when it comes to TLS, we also have the option of using debug messages
22a8e1175bSopenharmony_cito confirm which code path is taken. This is generally unnecessary, except when
23a8e1175bSopenharmony_cia decision is made at run-time about whether to use the PSA or legacy code
24a8e1175bSopenharmony_cipath. (For example, for record protection, previously (until 3.1), some ciphers were supported
25a8e1175bSopenharmony_civia PSA while some others weren't, with a run-time fallback. In this case, it's
26a8e1175bSopenharmony_cigood to have a debug message checked by the test case to confirm that the
27a8e1175bSopenharmony_ciright decision was made at run-time, i. e. that we didn't use the fallback for
28a8e1175bSopenharmony_ciciphers that are supposed to be supported.)
29a8e1175bSopenharmony_ci
30a8e1175bSopenharmony_ci
31a8e1175bSopenharmony_ciNew APIs meant for application use
32a8e1175bSopenharmony_ci----------------------------------
33a8e1175bSopenharmony_ci
34a8e1175bSopenharmony_ciFor example, `mbedtls_pk_setup_opaque()` is meant to be used by applications
35a8e1175bSopenharmony_ciin order to create PK contexts that can then be passed to existing TLS and
36a8e1175bSopenharmony_ciX.509 APIs (which remain unchanged).
37a8e1175bSopenharmony_ci
38a8e1175bSopenharmony_ciIn that case, we want:
39a8e1175bSopenharmony_ci
40a8e1175bSopenharmony_ci- unit testing of the new API and directly-related APIs - for example:
41a8e1175bSopenharmony_ci  - in `test_suite_pk` we have a new test function `pk_psa_utils` that exercises
42a8e1175bSopenharmony_ci    `mbedtls_pk_setup_opaque()` and checks that various utility functions
43a8e1175bSopenharmony_ci  (`mbedtls_pk_get_type()` etc.) work and the functions that are expected to
44a8e1175bSopenharmony_ci  fail (`mbedtls_pk_verify()` etc) return the expected error.
45a8e1175bSopenharmony_ci  - in `test_suite_pk` we modified the existing `pk_psa_sign` test function to
46a8e1175bSopenharmony_ci    check that signature generation works as expected
47a8e1175bSopenharmony_ci  - in `test_suite_pkwrite` we should have a new test function checking that
48a8e1175bSopenharmony_ci    exporting (writing out) the public part of the key works as expected and
49a8e1175bSopenharmony_ci    that exporting the private key fails as expected.
50a8e1175bSopenharmony_ci- integration testing of the new API with each existing API which should
51a8e1175bSopenharmony_ci  accepts a context created this way - for example:
52a8e1175bSopenharmony_ci  - in `programs/ssl/ssl_client2` a new option `key_opaque` that causes the
53a8e1175bSopenharmony_ci    new API to be used, and one or more tests in `ssl-opt.sh` using that.
54a8e1175bSopenharmony_ci    (We should have the same server-side.)
55a8e1175bSopenharmony_ci  - in `test_suite_x509write` we have a new test function
56a8e1175bSopenharmony_ci    `x509_csr_check_opaque()` checking integration of the new API with the
57a8e1175bSopenharmony_ci    existing `mbedtls_x509write_csr_set_key()`. (And also
58a8e1175bSopenharmony_ci    `mbedtls_x509write_crt_set_issuer_key()` since #5710.)
59a8e1175bSopenharmony_ci
60a8e1175bSopenharmony_ciFor some APIs, for example with `mbedtls_ssl_conf_psk_opaque()`, testing in
61a8e1175bSopenharmony_ci`test_suite_ssl` was historically not possible, so we only have testing in
62a8e1175bSopenharmony_ci`ssl-opt.sh`.
63a8e1175bSopenharmony_ci
64a8e1175bSopenharmony_ciNew APIs meant for internal use
65a8e1175bSopenharmony_ci-------------------------------
66a8e1175bSopenharmony_ci
67a8e1175bSopenharmony_ciFor example, `mbedtls_cipher_setup_psa()` (no longer used, soon to be
68a8e1175bSopenharmony_cideprecated - #5261) was meant to be used by the TLS layer, but probably not
69a8e1175bSopenharmony_cidirectly by applications.
70a8e1175bSopenharmony_ci
71a8e1175bSopenharmony_ciIn that case, we want:
72a8e1175bSopenharmony_ci
73a8e1175bSopenharmony_ci- unit testing of the new API and directly-related APIs - for example:
74a8e1175bSopenharmony_ci  - in `test_suite_cipher`, the existing test functions `auth_crypt_tv` and
75a8e1175bSopenharmony_ci    `test_vec_crypt` gained a new parameter `use_psa` and corresponding test
76a8e1175bSopenharmony_ci    cases
77a8e1175bSopenharmony_ci- integration testing:
78a8e1175bSopenharmony_ci  - usually already covered by existing tests for higher-level modules:
79a8e1175bSopenharmony_ci    - for example simple use of `mbedtls_cipher_setup_psa()` in TLS is already
80a8e1175bSopenharmony_ci      covered by running the existing TLS tests in a build with
81a8e1175bSopenharmony_ci      `MBEDTLS_USA_PSA_CRYPTO` enabled
82a8e1175bSopenharmony_ci  - however if use of the new API in higher layers involves more logic that
83a8e1175bSopenharmony_ci    use of the old API, specific integrations test may be required
84a8e1175bSopenharmony_ci    - for example, the logic to fall back from `mbedtls_cipher_setup_psa()` to
85a8e1175bSopenharmony_ci      `mbedtls_cipher_setup()` in TLS is tested by `run_test_psa` in
86a8e1175bSopenharmony_ci      `ssl-opt.sh`.
87a8e1175bSopenharmony_ci
88a8e1175bSopenharmony_ciInternal changes
89a8e1175bSopenharmony_ci----------------
90a8e1175bSopenharmony_ci
91a8e1175bSopenharmony_ciFor example, use of PSA to compute the TLS 1.2 PRF.
92a8e1175bSopenharmony_ci
93a8e1175bSopenharmony_ciChanges in this category rarely require specific testing, as everything should
94a8e1175bSopenharmony_cibe already be covered by running the existing tests in a build with
95a8e1175bSopenharmony_ci`MBEDTLS_USE_PSA_CRYPTO` enabled; however we need to make sure the existing
96a8e1175bSopenharmony_citest have sufficient coverage, and improve them if necessary.
97a8e1175bSopenharmony_ci
98a8e1175bSopenharmony_ciHowever, if additional logic is involved, or there are run-time decisions about
99a8e1175bSopenharmony_ciwhether to use the PSA or legacy code paths, specific tests might be in order.
100