List of existing tests

The code coverage information of some of Parsec repositories can be found here.

End-to-end testing

These tests are meant to be executed on a running Parsec service and using a Parsec client to communicate to it. The parsec/e2e_tests crate contains a test client based on the Rust client that is used inside the tests written in parsec/e2e_tests/tests.

The end-to-end tests contain tests to be executed:

  • with a Parsec service containing a single provider: per_provider tests
  • with a Parsec service containing all providers: all_providers

The parsec/e2e_tests/provider_cfg folder contain the configuration needed to run Parsec for the corresponding tests.

All providers normal e2e testsEnd-to-end tests on a service with all providers. Mostly to test core operations.
All providers cross-providers e2e testsTest that the output of various operations from different providers is accepted by the other providers.
All providers configuration e2e testsThese check if the behavior of the service is correct before and after reloading with a different configuration.
All providers multitenancy e2e testsTest that multiple tenants of Parsec using different authentication methods can not access each other's keys.
Per provider normal testsE2E tests checking most cryptographic operations on a single provider. Parsec results are also verified with third party software crypto implementations (ring, the rsa crate, etc...).
Per provider key mappings testsE2E tests checking that key created by an older version of Parsec can still be retrieved and used correctly. It also checks that wrong mappings are deleted.
Per provider stress testsStress tests executing a large number of canonical operations at high frequency on a single provider.
Old e2e testsTests executed from an old version of the Rust client to make sure the operation contracts are stable. The executed tests are the per provider normal tests.
Per-provider key-mappings testsTests that make use of previously-generated key mappings files along with the corresponding entries within the target providers, to ensure the stability of key mappings across versions.
OnDisk KIM testsTests the OnDisk KIM with the all-providers end-to-end tests to ensure the correct functioning of the KIM. All other tests are run using the SQLite KIM.
TPM reset testsTests that verify that keys created with the TPM provider can be used following a TPM reset (i.e., simulating a reboot for certain platforms).

Fuzz testing

Fuzz testingTests sending random requests to the service and waiting it to crash/timeout.

Unit testing

Direct authenticator testsTesting the Authenticate trait with this authenticator.
On-disk key info manager testsTesting the ManageKeyInfo trait with various strings for application and key names. The persistence is tested in the end-to-end tests.
SQLite key info manager testsTesting the ManageKeyInfo trait with various strings for application and key names. The persistence is tested in the end-to-end tests.

Cross-compilation tests

Given that Parsec is expected to run natively on as many platforms as possible, we have incorporated cross-compilation testing in our CI framework. These check that the service can be built for the following platform triples:

  • arm-linux-gnueabihf
  • aarch64-linux-gnu
  • i686-linux-gnu

Cross-compilation is tested for the PKCS11, Mbed Crypto, and TPM providers. The Trusted Service provider is included for cross-compilation to aarch64. You can see details of this test here. All other CI jobs run in x86_64-linux-gnu.

In dependencies

The dependencies that we maintain in the parallaxsecond organization also contain their own set of integration and unit tests: parsec-interface-rs, rust-psa-crypto, rust-tss-esapi, and rust-cryptoki.

Copyright 2020 Contributors to the Parsec project.