TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 379d38de1cfc99d6c5c4f82dc5d9d17557332d98 / . / tests / scripts / test_config_checks.py
blob: dceadf6b7ca66e3f83078db4d96ab35059fd7b85 [file] [log] [blame]
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]1#!/usr/bin/env python3
2"""Test the configuration checks generated by generate_config_checks.py.
3"""
4
5## Copyright The Mbed TLS Contributors
6## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
7
8import unittest
9
10import scripts_path # pylint: disable=unused-import
11from mbedtls_framework import unittest_config_checks
12
13
14class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks):
15 """Mbed TLS unit tests for checks generated by config_checks_generator."""
16
17 #pylint: disable=invalid-name # uppercase letters make sense here
18
19 PROJECT_CONFIG_C = 'library/mbedtls_config.c'
20 PROJECT_SPECIFIC_INCLUDE_DIRECTORIES = [
21 'tf-psa-crypto/include',
22 'tf-psa-crypto/drivers/builtin/include',
23 ]
24
Gilles Peskine379d38d2025-04-25 18:30:47 +0200[diff] [blame^]25 def test_crypto_config_read(self) -> None:
26 """Check that crypto_config.h is read in crypto."""
27 self.bad_case('#error witness',
28 None,
29 error='witness')
30
31 def test_mbedtls_config_read(self) -> None:
32 """Check that mbedtls_config.h is read in crypto."""
33 self.bad_case(''
34 '#error witness',
35 error='witness')
36
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]37 @unittest.skip("At this time, mbedtls does not go through crypto's check_config.h.")
Gilles Peskine379d38d2025-04-25 18:30:47 +0200[diff] [blame^]38 def test_crypto_undef_MBEDTLS_FS_IO(self) -> None:
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]39 """A sample error expected from crypto's check_config.h."""
40 self.bad_case('#undef MBEDTLS_FS_IO',
Gilles Peskine379d38d2025-04-25 18:30:47 +0200[diff] [blame^]41 error='MBEDTLS_PSA_ITS_FILE_C')
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]42
43 def test_mbedtls_no_session_tickets_for_early_data(self) -> None:
44 """An error expected from mbedtls_check_config.h based on the TLS configuration."""
45 self.bad_case(None,
46 '''
47 #define MBEDTLS_SSL_EARLY_DATA
48 #undef MBEDTLS_SSL_SESSION_TICKETS
49 ''',
Gilles Peskine379d38d2025-04-25 18:30:47 +0200[diff] [blame^]50 error='MBEDTLS_SSL_EARLY_DATA')
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]51
52 def test_mbedtls_no_ecdsa(self) -> None:
53 """An error expected from mbedtls_check_config.h based on crypto+TLS configuration."""
54 self.bad_case('''
55 #undef PSA_WANT_ALG_ECDSA
56 #undef PSA_WANT_ALG_DETERMINISTIC_ECDSA
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]57 ''',
58 '''
59 #if defined(PSA_WANT_ALG_ECDSA)
60 #error PSA_WANT_ALG_ECDSA unexpected
61 #endif
62 #if defined(PSA_WANT_ALG_DETERMINSTIC_ECDSA)
63 #error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected
64 #endif
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]65 ''',
Gilles Peskine379d38d2025-04-25 18:30:47 +0200[diff] [blame^]66 error='MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED')
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]67
Gilles Peskine379d38d2025-04-25 18:30:47 +0200[diff] [blame^]68 def test_mbedtls_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None:
69 """Error when setting a removed option."""
70 self.bad_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
71 error='MBEDTLS_KEY_EXCHANGE_RSA_ENABLED was removed')
72
73 def test_mbedtls_exempt_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None:
74 """Bypassed error when setting a removed option."""
75 self.good_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
76 extra_options=['-DMBEDTLS_CONFIG_CHECK_BYPASS'])
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]77
Gilles Peskine24273c02025-07-16 22:27:09 +0200[diff] [blame]78 def test_define_MBEDTLS_MD5_C_redundant(self) -> None:
79 """Error when redundantly setting a subproject internal option."""
80 self.bad_case('#define PSA_WANT_ALG_MD5 1',
81 '#define MBEDTLS_MD5_C',
Gilles Peskine8e44a942025-09-15 15:27:20 +0200[diff] [blame]82 error=r'MBEDTLS_MD5_C is an internal macro')
Gilles Peskine24273c02025-07-16 22:27:09 +0200[diff] [blame]83
84 def test_define_MBEDTLS_MD5_C_added(self) -> None:
85 """Error when setting a subproject internal option that was disabled."""
86 self.bad_case('''
87 #undef PSA_WANT_ALG_MD5
88 #undef MBEDTLS_MD5_C
89 ''',
90 '#define MBEDTLS_MD5_C',
Gilles Peskine8e44a942025-09-15 15:27:20 +0200[diff] [blame]91 error=r'MBEDTLS_MD5_C is an internal macro')
Gilles Peskine24273c02025-07-16 22:27:09 +0200[diff] [blame]92
93 def test_define_MBEDTLS_BASE64_C_redundant(self) -> None:
94 """Ok to redundantly set a subproject option."""
95 self.good_case(None,
96 '#define MBEDTLS_BASE64_C')
97
98 def test_define_MBEDTLS_BASE64_C_added(self) -> None:
99 """Error when setting a subproject option that was disabled."""
100 self.bad_case('''
101 #undef MBEDTLS_BASE64_C
102 #undef MBEDTLS_PEM_PARSE_C
103 #undef MBEDTLS_PEM_WRITE_C
104 ''',
105 '#define MBEDTLS_BASE64_C',
106 error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h')
107
108 @unittest.skip("Checks for #undef are not implemented yet.")
109 def test_define_MBEDTLS_BASE64_C_unset(self) -> None:
110 """Error when unsetting a subproject option that was enabled."""
111 self.bad_case(None,
112 '#undef MBEDTLS_BASE64_C',
113 error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h')
114
115
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]116if __name__ == '__main__':
117 unittest.main()