xref: /mbedtls-development/docs/architecture/testing/driver-interface-test-strategy.md

21 …a driver usable by Mbed Crypto, the initialization code must call `psa_register_se_driver` with a …
25 …the secure element driver interface. Note that a test case may cover multiple requirements; for ex…
27 …rface unit tests could be covered by running the existing API tests with a key in a secure element.
34 * Make at least one failing call to `psa_register_se_driver` followed by a successful call.
39 For each API function that can lead to a driver call (more precisely, for each driver method call s…
41 * Make at least one test with a key in a secure element that checks that the driver method is calle…
42 * Make at least one test with a key that is not in a secure element that checks that the driver met…
43 * Make at least one test with a key in a secure element with a driver that does not have the requis…
44 * Make at least one test with a key in a secure element with a driver that does not have the substr…
45 …e drivers with a key in each driver and check that the expected driver is called. This does not ne…
48 Some methods only make sense as a group (for example a driver that provides the MAC methods must pr…
52 For each API function that can lead to a driver call (more precisely, for each driver method call s…
56 * Check that the expected inputs reach the driver. This may be implicit in a test that checks the o…
60 For each API function that leads to a driver call, call it with parameters that cause a driver to b…
64 * Expected errors (e.g. `PSA_ERROR_INVALID_SIGNATURE` from a signature verification method).
70 …nds up in the expected state. At least make sure that no intermediate file remains after a failure.
76 * Test that keys in a secure element survive `psa_close_key(); psa_open_key()`.
77 * Test that keys in a secure element survive `mbedtls_psa_crypto_free(); psa_crypto_init()`.
83 …moving a key in a secure element involves multiple storage modifications (M<sub>1</sub>, ..., M<su…
87 * This must be done for each possible flow, including error cases (e.g. a key creation that fails m…
90 * Check both that the storage has the expected content (this can be done by e.g. using a key that i…
115 A PKCS#11 driver would be a good candidate. It would be useful as part of our product offering.
125 Every cryptographic mechanism for which a transparent driver interface exists (key creation, crypto…
129 …a fallback mechanism so that a driver can reject a request at runtime and let another driver handl…

Last Index update Sun Aug 20 00:18:20 CST 2023