• Home
  • Raw
  • Download

Lines Matching full:driver

1 # Mbed TLS driver interface test strategy
3 This document describes the test strategy for the driver interfaces in Mbed TLS. Mbed TLS has inter…
5 The driver interfaces are standardized through PSA Cryptography functional specifications.
7 ## Secure element driver interface testing
9 ### Secure element driver interfaces
11 #### Opaque driver interface
13 The [unified driver interface](../../proposed/psa-driver-interface.md) supports both transparent dr…
17 #### Dynamic secure element driver interface
19 The dynamic secure element driver interface (SE interface for short) is defined by [`psa/crypto_se_…
21driver usable by Mbed TLS, the initialization code must call `psa_register_se_driver` with a struc…
23 ### SE driver interface unit tests
25 This section describes unit tests that must be implemented to validate the secure element driver in…
27 Many SE driver interface unit tests could be covered by running the existing API tests with a key i…
29 #### SE driver registration
37 #### Dispatch to SE driver
39 For each API function that can lead to a driver call (more precisely, for each driver method call s…
41 …ks that the driver method is called. A few API functions involve multiple driver methods; these sh…
42 * Make at least one test with a key that is not in a secure element that checks that the driver met…
43 * Make at least one test with a key in a secure element with a driver that does not have the requis…
44 * Make at least one test with a key in a secure element with a driver that does not have the substr…
45driver and check that the expected driver is called. This does not need to be done for all operati…
46 …least one test should register the same driver structure with multiple lifetime values and check t…
48 Some methods only make sense as a group (for example a driver that provides the MAC methods must pr…
50 #### SE driver inputs
52 For each API function that can lead to a driver call (more precisely, for each driver method call s…
55 …at are invalid and must not reach the driver, call the API function with such parameters and verif…
56 * Check that the expected inputs reach the driver. This may be implicit in a test that checks the o…
58 #### SE driver outputs
60 For each API function that leads to a driver call, call it with parameters that cause a driver to b…
65 * Unexpected errors. At least test that if the driver returns `PSA_ERROR_GENERIC_ERROR`, this is pr…
78 * Test that the driver's persistent data survives `mbedtls_psa_crypto_free(); psa_crypto_init()`.
89 * Two things need to be tested: the key that is being created or destroyed, and the driver's persis…
94 ### SE driver system tests
98 We must have at least one driver that is close to real-world conditions:
102 * Run the full driver validation test suite (which does not yet exist).
105 This requirement shall be fulfilled by the [Microchip ATECC508A driver](https://github.com/ARMmbed/…
107 #### Complete driver
109 We should have at least one driver that covers the whole interface:
113 * Run the full driver validation test suite (which does not yet exist).
115 A PKCS#11 driver would be a good candidate. It would be useful as part of our product offering.
117 ## Transparent driver interface testing
119 The [unified driver interface](../../proposed/psa-driver-interface.md) defines interfaces for accel…
123 #### Requirements for transparent driver testing
125 …ent driver interface exists (key creation, cryptographic operations, …) must be exercised in at le…
129driver interface includes a fallback mechanism so that a driver can reject a request at runtime an…