mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-11-03 20:33:16 +03:00
3cee43e8ab
Indicate which config file has the most relevant tweak. Duplicate a few test cases so that both the crypto config and the mbedtls config are tested. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
143 lines
6.1 KiB
Python
Executable File
143 lines
6.1 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
"""Test the configuration checks generated by generate_config_checks.py.
|
|
"""
|
|
|
|
## Copyright The Mbed TLS Contributors
|
|
## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
|
|
|
import unittest
|
|
|
|
import scripts_path # pylint: disable=unused-import
|
|
from mbedtls_framework import unittest_config_checks
|
|
|
|
|
|
class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks):
|
|
"""Mbed TLS unit tests for checks generated by config_checks_generator."""
|
|
|
|
#pylint: disable=invalid-name # uppercase letters make sense here
|
|
|
|
PROJECT_CONFIG_C = 'library/mbedtls_config.c'
|
|
PROJECT_SPECIFIC_INCLUDE_DIRECTORIES = [
|
|
'tf-psa-crypto/include',
|
|
'tf-psa-crypto/drivers/builtin/include',
|
|
]
|
|
|
|
## Method naming convention:
|
|
## * test_crypto_xxx when testing a tweak of crypto_config.h
|
|
## * test_mbedtls_xxx when testing a tweak of mbedtls_config.h
|
|
|
|
def test_crypto_config_read(self) -> None:
|
|
"""Check that crypto_config.h is read in mbedtls."""
|
|
self.bad_case('#error witness',
|
|
None,
|
|
error='witness')
|
|
|
|
def test_mbedtls_config_read(self) -> None:
|
|
"""Check that mbedtls_config.h is read in mbedtls."""
|
|
self.bad_case(''
|
|
'#error witness',
|
|
error='witness')
|
|
|
|
@unittest.skip("At this time, mbedtls does not go through crypto's check_config.h.")
|
|
def test_crypto_undef_MBEDTLS_FS_IO(self) -> None:
|
|
"""A sample error expected from crypto's check_config.h."""
|
|
self.bad_case('#undef MBEDTLS_FS_IO',
|
|
error='MBEDTLS_PSA_ITS_FILE_C')
|
|
|
|
def test_mbedtls_no_session_tickets_for_early_data(self) -> None:
|
|
"""An error expected from mbedtls_check_config.h based on the TLS configuration."""
|
|
self.bad_case(None,
|
|
'''
|
|
#define MBEDTLS_SSL_EARLY_DATA
|
|
#undef MBEDTLS_SSL_SESSION_TICKETS
|
|
''',
|
|
error='MBEDTLS_SSL_EARLY_DATA')
|
|
|
|
def test_crypto_mbedtls_no_ecdsa(self) -> None:
|
|
"""An error expected from mbedtls_check_config.h based on crypto+TLS configuration."""
|
|
self.bad_case('''
|
|
#undef PSA_WANT_ALG_ECDSA
|
|
#undef PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
|
''',
|
|
'''
|
|
#if defined(PSA_WANT_ALG_ECDSA)
|
|
#error PSA_WANT_ALG_ECDSA unexpected
|
|
#endif
|
|
#if defined(PSA_WANT_ALG_DETERMINSTIC_ECDSA)
|
|
#error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected
|
|
#endif
|
|
''',
|
|
error='MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED')
|
|
|
|
def test_crypto_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None:
|
|
"""Error when setting a removed option via crypto_config.h."""
|
|
self.bad_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
|
|
error='MBEDTLS_KEY_EXCHANGE_RSA_ENABLED was removed')
|
|
|
|
def test_mbedtls_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None:
|
|
"""Error when setting a removed option via mbedtls_config.h."""
|
|
self.bad_case(None,
|
|
'#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
|
|
error='MBEDTLS_KEY_EXCHANGE_RSA_ENABLED was removed')
|
|
|
|
def test_crypto_exempt_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None:
|
|
"""Bypassed error when setting a removed option via crypto_config.h."""
|
|
self.good_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
|
|
extra_options=['-DMBEDTLS_CONFIG_CHECK_BYPASS'])
|
|
|
|
def test_mbedtls_exempt_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None:
|
|
"""Bypassed error when setting a removed option via mbedtls_config.h."""
|
|
self.good_case(None,
|
|
'#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
|
|
extra_options=['-DMBEDTLS_CONFIG_CHECK_BYPASS'])
|
|
|
|
def test_mbedtls_define_MBEDTLS_MD5_C_redundant(self) -> None:
|
|
"""Error when redundantly setting a subproject internal option."""
|
|
self.bad_case('#define PSA_WANT_ALG_MD5 1',
|
|
'#define MBEDTLS_MD5_C',
|
|
error=r'MBEDTLS_MD5_C is an internal macro')
|
|
|
|
def test_mbedtls_define_MBEDTLS_MD5_C_added(self) -> None:
|
|
"""Error when setting a subproject internal option that was disabled."""
|
|
self.bad_case('''
|
|
#undef PSA_WANT_ALG_MD5
|
|
#undef MBEDTLS_MD5_C
|
|
''',
|
|
'#define MBEDTLS_MD5_C',
|
|
error=r'MBEDTLS_MD5_C is an internal macro')
|
|
|
|
def test_mbedtls_define_MBEDTLS_BASE64_C_redundant(self) -> None:
|
|
"""Ok to redundantly set a subproject option."""
|
|
self.good_case(None,
|
|
'#define MBEDTLS_BASE64_C')
|
|
|
|
def test_mbedtls_define_MBEDTLS_BASE64_C_added(self) -> None:
|
|
"""Error when setting a subproject option that was disabled."""
|
|
self.bad_case('''
|
|
#undef MBEDTLS_BASE64_C
|
|
#undef MBEDTLS_PEM_PARSE_C
|
|
#undef MBEDTLS_PEM_WRITE_C
|
|
''',
|
|
'#define MBEDTLS_BASE64_C',
|
|
error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h')
|
|
|
|
@unittest.skip("Checks for #undef are not implemented yet.")
|
|
def test_mbedtls_define_MBEDTLS_BASE64_C_unset(self) -> None:
|
|
"""Error when unsetting a subproject option that was enabled."""
|
|
self.bad_case(None,
|
|
'#undef MBEDTLS_BASE64_C',
|
|
error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h')
|
|
|
|
def test_crypto_define_MBEDTLS_USE_PSA_CRYPTO(self) -> None:
|
|
"""It's ok to set MBEDTLS_USE_PSA_CRYPTO (now effectively always on)."""
|
|
self.good_case('#define MBEDTLS_USE_PSA_CRYPTO')
|
|
|
|
def test_mbedtls_define_MBEDTLS_USE_PSA_CRYPTO(self) -> None:
|
|
"""It's ok to set MBEDTLS_USE_PSA_CRYPTO (now effectively always on)."""
|
|
self.good_case(None,
|
|
'#define MBEDTLS_USE_PSA_CRYPTO')
|
|
|
|
|
|
if __name__ == '__main__':
|
|
unittest.main()
|