TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 3cee43e8ab8a81a002771d4dbf5d33fa3a6b4dee / . / tests / scripts / test_config_checks.py
blob: 2c6f6b3c81627dc03ec90bc147fb195a31621738 [file] [log] [blame]
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]1#!/usr/bin/env python3
2"""Test the configuration checks generated by generate_config_checks.py.
3"""
4
5## Copyright The Mbed TLS Contributors
6## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
7
8import unittest
9
10import scripts_path # pylint: disable=unused-import
11from mbedtls_framework import unittest_config_checks
12
13
14class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks):
15 """Mbed TLS unit tests for checks generated by config_checks_generator."""
16
17 #pylint: disable=invalid-name # uppercase letters make sense here
18
19 PROJECT_CONFIG_C = 'library/mbedtls_config.c'
20 PROJECT_SPECIFIC_INCLUDE_DIRECTORIES = [
21 'tf-psa-crypto/include',
22 'tf-psa-crypto/drivers/builtin/include',
23 ]
24
Gilles Peskine3cee43e2025-09-24 15:48:58 +0200[diff] [blame^]25 ## Method naming convention:
26 ## * test_crypto_xxx when testing a tweak of crypto_config.h
27 ## * test_mbedtls_xxx when testing a tweak of mbedtls_config.h
28
Gilles Peskine379d38d2025-04-25 18:30:47 +0200[diff] [blame]29 def test_crypto_config_read(self) -> None:
Gilles Peskine4bb82fd2025-09-24 10:30:13 +0200[diff] [blame]30 """Check that crypto_config.h is read in mbedtls."""
Gilles Peskine379d38d2025-04-25 18:30:47 +0200[diff] [blame]31 self.bad_case('#error witness',
32 None,
33 error='witness')
34
35 def test_mbedtls_config_read(self) -> None:
Gilles Peskine4bb82fd2025-09-24 10:30:13 +0200[diff] [blame]36 """Check that mbedtls_config.h is read in mbedtls."""
Gilles Peskine379d38d2025-04-25 18:30:47 +0200[diff] [blame]37 self.bad_case(''
38 '#error witness',
39 error='witness')
40
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]41 @unittest.skip("At this time, mbedtls does not go through crypto's check_config.h.")
Gilles Peskine379d38d2025-04-25 18:30:47 +0200[diff] [blame]42 def test_crypto_undef_MBEDTLS_FS_IO(self) -> None:
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]43 """A sample error expected from crypto's check_config.h."""
44 self.bad_case('#undef MBEDTLS_FS_IO',
Gilles Peskine379d38d2025-04-25 18:30:47 +0200[diff] [blame]45 error='MBEDTLS_PSA_ITS_FILE_C')
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]46
47 def test_mbedtls_no_session_tickets_for_early_data(self) -> None:
48 """An error expected from mbedtls_check_config.h based on the TLS configuration."""
49 self.bad_case(None,
50 '''
51 #define MBEDTLS_SSL_EARLY_DATA
52 #undef MBEDTLS_SSL_SESSION_TICKETS
53 ''',
Gilles Peskine379d38d2025-04-25 18:30:47 +0200[diff] [blame]54 error='MBEDTLS_SSL_EARLY_DATA')
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]55
Gilles Peskine3cee43e2025-09-24 15:48:58 +0200[diff] [blame^]56 def test_crypto_mbedtls_no_ecdsa(self) -> None:
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]57 """An error expected from mbedtls_check_config.h based on crypto+TLS configuration."""
58 self.bad_case('''
59 #undef PSA_WANT_ALG_ECDSA
60 #undef PSA_WANT_ALG_DETERMINISTIC_ECDSA
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]61 ''',
62 '''
63 #if defined(PSA_WANT_ALG_ECDSA)
64 #error PSA_WANT_ALG_ECDSA unexpected
65 #endif
66 #if defined(PSA_WANT_ALG_DETERMINSTIC_ECDSA)
67 #error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected
68 #endif
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]69 ''',
Gilles Peskine379d38d2025-04-25 18:30:47 +0200[diff] [blame]70 error='MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED')
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]71
Gilles Peskine3cee43e2025-09-24 15:48:58 +0200[diff] [blame^]72 def test_crypto_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None:
73 """Error when setting a removed option via crypto_config.h."""
Gilles Peskine379d38d2025-04-25 18:30:47 +0200[diff] [blame]74 self.bad_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
75 error='MBEDTLS_KEY_EXCHANGE_RSA_ENABLED was removed')
76
Gilles Peskine3cee43e2025-09-24 15:48:58 +0200[diff] [blame^]77 def test_mbedtls_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None:
78 """Error when setting a removed option via mbedtls_config.h."""
79 self.bad_case(None,
80 '#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
81 error='MBEDTLS_KEY_EXCHANGE_RSA_ENABLED was removed')
82
83 def test_crypto_exempt_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None:
84 """Bypassed error when setting a removed option via crypto_config.h."""
Gilles Peskine379d38d2025-04-25 18:30:47 +0200[diff] [blame]85 self.good_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
86 extra_options=['-DMBEDTLS_CONFIG_CHECK_BYPASS'])
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]87
Gilles Peskine3cee43e2025-09-24 15:48:58 +0200[diff] [blame^]88 def test_mbedtls_exempt_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None:
89 """Bypassed error when setting a removed option via mbedtls_config.h."""
90 self.good_case(None,
91 '#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
92 extra_options=['-DMBEDTLS_CONFIG_CHECK_BYPASS'])
93
94 def test_mbedtls_define_MBEDTLS_MD5_C_redundant(self) -> None:
Gilles Peskine24273c02025-07-16 22:27:09 +0200[diff] [blame]95 """Error when redundantly setting a subproject internal option."""
96 self.bad_case('#define PSA_WANT_ALG_MD5 1',
97 '#define MBEDTLS_MD5_C',
Gilles Peskine8e44a942025-09-15 15:27:20 +0200[diff] [blame]98 error=r'MBEDTLS_MD5_C is an internal macro')
Gilles Peskine24273c02025-07-16 22:27:09 +0200[diff] [blame]99
Gilles Peskine3cee43e2025-09-24 15:48:58 +0200[diff] [blame^]100 def test_mbedtls_define_MBEDTLS_MD5_C_added(self) -> None:
Gilles Peskine24273c02025-07-16 22:27:09 +0200[diff] [blame]101 """Error when setting a subproject internal option that was disabled."""
102 self.bad_case('''
103 #undef PSA_WANT_ALG_MD5
104 #undef MBEDTLS_MD5_C
105 ''',
106 '#define MBEDTLS_MD5_C',
Gilles Peskine8e44a942025-09-15 15:27:20 +0200[diff] [blame]107 error=r'MBEDTLS_MD5_C is an internal macro')
Gilles Peskine24273c02025-07-16 22:27:09 +0200[diff] [blame]108
Gilles Peskine3cee43e2025-09-24 15:48:58 +0200[diff] [blame^]109 def test_mbedtls_define_MBEDTLS_BASE64_C_redundant(self) -> None:
Gilles Peskine24273c02025-07-16 22:27:09 +0200[diff] [blame]110 """Ok to redundantly set a subproject option."""
111 self.good_case(None,
112 '#define MBEDTLS_BASE64_C')
113
Gilles Peskine3cee43e2025-09-24 15:48:58 +0200[diff] [blame^]114 def test_mbedtls_define_MBEDTLS_BASE64_C_added(self) -> None:
Gilles Peskine24273c02025-07-16 22:27:09 +0200[diff] [blame]115 """Error when setting a subproject option that was disabled."""
116 self.bad_case('''
117 #undef MBEDTLS_BASE64_C
118 #undef MBEDTLS_PEM_PARSE_C
119 #undef MBEDTLS_PEM_WRITE_C
120 ''',
121 '#define MBEDTLS_BASE64_C',
122 error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h')
123
124 @unittest.skip("Checks for #undef are not implemented yet.")
Gilles Peskine3cee43e2025-09-24 15:48:58 +0200[diff] [blame^]125 def test_mbedtls_define_MBEDTLS_BASE64_C_unset(self) -> None:
Gilles Peskine24273c02025-07-16 22:27:09 +0200[diff] [blame]126 """Error when unsetting a subproject option that was enabled."""
127 self.bad_case(None,
128 '#undef MBEDTLS_BASE64_C',
129 error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h')
130
Gilles Peskinef7ed4e52025-09-24 10:32:55 +0200[diff] [blame]131 def test_crypto_define_MBEDTLS_USE_PSA_CRYPTO(self) -> None:
132 """It's ok to set MBEDTLS_USE_PSA_CRYPTO (now effectively always on)."""
133 self.good_case('#define MBEDTLS_USE_PSA_CRYPTO')
134
Gilles Peskine3cee43e2025-09-24 15:48:58 +0200[diff] [blame^]135 def test_mbedtls_define_MBEDTLS_USE_PSA_CRYPTO(self) -> None:
Gilles Peskinef7ed4e52025-09-24 10:32:55 +0200[diff] [blame]136 """It's ok to set MBEDTLS_USE_PSA_CRYPTO (now effectively always on)."""
137 self.good_case(None,
138 '#define MBEDTLS_USE_PSA_CRYPTO')
139
Gilles Peskine24273c02025-07-16 22:27:09 +0200[diff] [blame]140
Gilles Peskine01def642025-04-25 18:30:47 +0200[diff] [blame]141if __name__ == '__main__':
142 unittest.main()