Unit tests for check_config.h
Ensure that `mbedtls_check_config.h` is taken into account.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh
index 85731a1..c7d8161 100644
--- a/tests/scripts/components-basic-checks.sh
+++ b/tests/scripts/components-basic-checks.sh
@@ -123,4 +123,7 @@
msg "unit test: translate_ciphers.py"
python3 -m unittest framework/scripts/translate_ciphers.py 2>&1
+
+ msg "unit test: generate_config_checks.py"
+ tests/scripts/test_config_checks.py 2>&1
}
diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py
new file mode 100755
index 0000000..5401449
--- /dev/null
+++ b/tests/scripts/test_config_checks.py
@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+"""Test the configuration checks generated by generate_config_checks.py.
+"""
+
+## Copyright The Mbed TLS Contributors
+## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+import unittest
+
+import scripts_path # pylint: disable=unused-import
+from mbedtls_framework import unittest_config_checks
+
+
+class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks):
+ """Mbed TLS unit tests for checks generated by config_checks_generator."""
+
+ #pylint: disable=invalid-name # uppercase letters make sense here
+
+ PROJECT_CONFIG_C = 'library/mbedtls_config.c'
+ PROJECT_SPECIFIC_INCLUDE_DIRECTORIES = [
+ 'tf-psa-crypto/include',
+ 'tf-psa-crypto/drivers/builtin/include',
+ ]
+
+ @unittest.skip("At this time, mbedtls does not go through crypto's check_config.h.")
+ def test_crypto_no_fs_io(self) -> None:
+ """A sample error expected from crypto's check_config.h."""
+ self.bad_case('#undef MBEDTLS_FS_IO',
+ None,
+ error=('MBEDTLS_PSA_ITS_FILE_C'))
+
+ def test_mbedtls_no_session_tickets_for_early_data(self) -> None:
+ """An error expected from mbedtls_check_config.h based on the TLS configuration."""
+ self.bad_case(None,
+ '''
+ #define MBEDTLS_SSL_EARLY_DATA
+ #undef MBEDTLS_SSL_SESSION_TICKETS
+ ''',
+ error=('MBEDTLS_SSL_EARLY_DATA'))
+
+ def test_mbedtls_no_ecdsa(self) -> None:
+ """An error expected from mbedtls_check_config.h based on crypto+TLS configuration."""
+ self.bad_case('''
+ #undef PSA_WANT_ALG_ECDSA
+ #undef PSA_WANT_ALG_DETERMINISTIC_ECDSA
+ #undef MBEDTLS_ECDSA_C
+ ''',
+ '''
+ #if defined(PSA_WANT_ALG_ECDSA)
+ #error PSA_WANT_ALG_ECDSA unexpected
+ #endif
+ #if defined(PSA_WANT_ALG_DETERMINSTIC_ECDSA)
+ #error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected
+ #endif
+ #if defined(MBEDTLS_ECDSA_C)
+ #error MBEDTLS_ECDSA_C unexpected
+ #endif
+ ''',
+ error=('MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'))
+
+
+if __name__ == '__main__':
+ unittest.main()