Document driver testing status

[mpg]

Description

This PR's main goal is to document the strategy used to test the PSA Crypto driver interface, as well as the current implementation status of that strategy.

Along the way, a couple of minor things are modified, but the PR's goal is not to fix things, or even to provide a complete plan for action - only to document the current state of things (which could be the first step towards an action plan).

Main gaps identified:

• Opaque is mostly not tested at all (only a few key management entry points are tested but not even all of them (edit: and now asymmetric encrypt/decrypt), and not simulating an opaque driver with internal storage).
• Key derivation is not tested at all.
• Fallback to other entry points for operations that support it (like using mulit-part entry points for one-short API when the driver doesn't provide one-shot) is not tested at all - see also Support PSA drivers without verify entry points #4570
• Two gaps in driver-only testing (compared to what we're supposed to support). Fixed in the meantime: 8616, 8734.
• A number of gaps in test_suite_psa_crypto_driver_wrapper.data.

PR checklist

• changelog not required - only documentation and testing
• backport not required - only useful for new development
• tests not required - only documentation and testing changes

[mpg]

@gilles-peskine-arm @ronald-cron-arm Since you're probably the most familiar with this, I'd appreciate if you could take a look - maybe not a complete review but at high-level view to see if this looks reasonable or if you notice any misunderstanding or obvious omissions here.

[valeriosetti]

I only found 1 typo, the rest is fine for me. However the CI is not fully happy about the change made to generate_ec_key

[valeriosetti]

LGTM

[valeriosetti]

I think that at least 3 out of 4 errors found in test_psa_crypto_config_accel_cipher_aead belong to the fact that CTR-DRBG is using AES through PSA now:

[2023-12-18T11:12:54.941Z] generate_ec_key through transparent driver: fake .................. FAILED
[2023-12-18T11:12:54.941Z]   mbedtls_test_driver_key_management_hooks.hits == 1
[2023-12-18T11:12:54.941Z]   at line 791, suites/test_suite_psa_crypto_driver_wrappers.function
[2023-12-18T11:12:54.941Z]   lhs = 0x0000000000000005 = 5
[2023-12-18T11:12:54.941Z]   rhs = 0x0000000000000001 = 1
[2023-12-18T11:12:54.941Z] generate_ec_key through transparent driver: in-driver ............. FAILED
[2023-12-18T11:12:54.941Z]   mbedtls_test_driver_key_management_hooks.hits == 1
[2023-12-18T11:12:54.941Z]   at line 791, suites/test_suite_psa_crypto_driver_wrappers.function
[2023-12-18T11:12:54.941Z]   lhs = 0x0000000000000008 = 8
[2023-12-18T11:12:54.941Z]   rhs = 0x0000000000000001 = 1
[2023-12-18T11:12:54.941Z] generate_ec_key through transparent driver: fallback .............. FAILED
[2023-12-18T11:12:54.941Z]   mbedtls_test_driver_key_management_hooks.hits == 1
[2023-12-18T11:12:54.941Z]   at line 791, suites/test_suite_psa_crypto_driver_wrappers.function
[2023-12-18T11:12:54.941Z]   lhs = 0x0000000000000008 = 8
[2023-12-18T11:12:54.941Z]   rhs = 0x0000000000000001 = 1

I think we should fix this (as we did recently) by adding a specific hit counter instead of mbedtls_test_driver_key_management_hooks.hits. Wdyt?

[mpg]

I think we should fix this (as we did recently) by adding a specific hit counter instead of mbedtls_test_driver_key_management_hooks.hits. Wdyt?

Sounds good, thanks for the suggestion! I hadn't even looked at the CI results yet, thanks for analyzing the failures!

[valeriosetti]

I only found 1 typo which I didn't see before. The rest is fine for me :)

[valeriosetti]

Suggested change

	* with the parts not implmented by the test driver commented out. */
	* with the parts not implemented by the test driver commented out. */

[mpg]

Note to self: update names of cipher/aead components when #8641 has been merged.

[mpg]

@gilles-peskine-arm Thanks for your review! I believe I have addressed your feedback.

I've also had to rebase to resolve a conflict. Turns out the commit "Fix failure in some configs by being more precise" was no longer needed as something similar had been done in development in the meantime.

[gilles-peskine-arm]

LGTM except for a typo, and maybe one bit of explanation to add.

As before, I haven't reviewed the details of which entry points are covered, and I intend to approve regardless. I'm confident that even if there are mistakes, they're minor, and no worse than what this document is likely to become over time when people improve the tests and forget to update the document.

[gilles-peskine-arm]

Suggested change

	to specify which entry points are support for a given mechanism.)
	to specify which entry points are supported for a given mechanism.)

[gilles-peskine-arm]

From a chat with Ronald: hits is actually probably an obsolete concern. With the internal backend, hits were how we knew that the driver was called, as opposed to directly calling the built-in code. With libtestdriver1, we check that by ensuring that the built-in code is not present, so if the operation gives the correct result, only a driver call can have calculated that result. So there is low value in checking the hit count. There is still some value for hit counts, e.g. checking that we don't call a multipart entry point when we intended to call the one-shot entry point, but it's limited.

[gilles-peskine-arm]

LGTM

[valeriosetti]

LGTM ;)