commit 01def64425c4a1477a2dcf08c473ca18abb293ce
author Gilles Peskine <Gilles.Peskine@arm.com> Fri Apr 25 18:30:47 2025 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Mon Jul 28 15:46:06 2025 +0200
tree 7d55f1b5a4d9651b49e630d39f5a79d1ae50d1a3
parent aca3b5ec79d2cea605de2d8c28d0725e6acec6af

Unit tests for check_config.h

Ensure that `mbedtls_check_config.h` is taken into account.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/scripts/test_config_checks.py

diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py
new file mode 100755
index 0000000..5401449
--- /dev/null
+++ b/tests/scripts/test_config_checks.py
@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+"""Test the configuration checks generated by generate_config_checks.py.
+"""
+
+## Copyright The Mbed TLS Contributors
+## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+import unittest
+
+import scripts_path # pylint: disable=unused-import
+from mbedtls_framework import unittest_config_checks
+
+
+class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks):
+    """Mbed TLS unit tests for checks generated by config_checks_generator."""
+
+    #pylint: disable=invalid-name # uppercase letters make sense here
+
+    PROJECT_CONFIG_C = 'library/mbedtls_config.c'
+    PROJECT_SPECIFIC_INCLUDE_DIRECTORIES = [
+        'tf-psa-crypto/include',
+        'tf-psa-crypto/drivers/builtin/include',
+    ]
+
+    @unittest.skip("At this time, mbedtls does not go through crypto's check_config.h.")
+    def test_crypto_no_fs_io(self) -> None:
+        """A sample error expected from crypto's check_config.h."""
+        self.bad_case('#undef MBEDTLS_FS_IO',
+                      None,
+                      error=('MBEDTLS_PSA_ITS_FILE_C'))
+
+    def test_mbedtls_no_session_tickets_for_early_data(self) -> None:
+        """An error expected from mbedtls_check_config.h based on the TLS configuration."""
+        self.bad_case(None,
+                      '''
+                      #define MBEDTLS_SSL_EARLY_DATA
+                      #undef MBEDTLS_SSL_SESSION_TICKETS
+                      ''',
+                      error=('MBEDTLS_SSL_EARLY_DATA'))
+
+    def test_mbedtls_no_ecdsa(self) -> None:
+        """An error expected from mbedtls_check_config.h based on crypto+TLS configuration."""
+        self.bad_case('''
+                      #undef PSA_WANT_ALG_ECDSA
+                      #undef PSA_WANT_ALG_DETERMINISTIC_ECDSA
+                      #undef MBEDTLS_ECDSA_C
+                      ''',
+                      '''
+                      #if defined(PSA_WANT_ALG_ECDSA)
+                      #error PSA_WANT_ALG_ECDSA unexpected
+                      #endif
+                      #if defined(PSA_WANT_ALG_DETERMINSTIC_ECDSA)
+                      #error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected
+                      #endif
+                      #if defined(MBEDTLS_ECDSA_C)
+                      #error MBEDTLS_ECDSA_C unexpected
+                      #endif
+                      ''',
+                      error=('MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'))
+
+
+if __name__ == '__main__':
+    unittest.main()