ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-10-21 14:51:23 +08:00
Code Issues Releases Wiki Activity

Checks for crypto options or internal macros set in mbedtls

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2025-07-16 22:27:09 +02:00
parent 24d058bc6c
commit 24273c06db
2 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
scripts/generate_config_checks.py
View File

@@ -7,11 +7,19 @@ import framework_scripts_path # pylint: disable=unused-import
from mbedtls_framework.config_checks_generator import * \ from mbedtls_framework.config_checks_generator import * \
#pylint: disable=wildcard-import,unused-wildcard-import #pylint: disable=wildcard-import,unused-wildcard-import
class CryptoInternal(SubprojectInternal):
SUBPROJECT = 'TF-PSA-Crypto'
class CryptoOption(SubprojectOption):
SUBPROJECT = 'psa/crypto_config.h'
MBEDTLS_CHECKS = BranchData( MBEDTLS_CHECKS = BranchData(
header_directory='library', header_directory='library',
header_prefix='mbedtls_', header_prefix='mbedtls_',
project_cpp_prefix='MBEDTLS', project_cpp_prefix='MBEDTLS',
checkers=[ checkers=[
CryptoInternal('MBEDTLS_MD5_C', 'PSA_WANT_ALG_MD5 in psa/crypto_config.h'),
CryptoOption('MBEDTLS_BASE64_C'),
Removed('MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', 'Mbed TLS 4.0'), Removed('MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', 'Mbed TLS 4.0'),
Removed('MBEDTLS_PADLOCK_C', 'Mbed TLS 4.0'), Removed('MBEDTLS_PADLOCK_C', 'Mbed TLS 4.0'),
], ],

38
tests/scripts/test_config_checks.py
View File

@@ -55,5 +55,43 @@ class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks):
error=('MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED')) error=('MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'))
def test_define_MBEDTLS_MD5_C_redundant(self) -> None:
"""Error when redundantly setting a subproject internal option."""
self.bad_case('#define PSA_WANT_ALG_MD5 1',
'#define MBEDTLS_MD5_C',
error=r'MBEDTLS_MD5_C.* PSA_WANT_ALG_MD5 in psa/crypto_config\.h')
def test_define_MBEDTLS_MD5_C_added(self) -> None:
"""Error when setting a subproject internal option that was disabled."""
self.bad_case('''
#undef PSA_WANT_ALG_MD5
#undef MBEDTLS_MD5_C
''',
'#define MBEDTLS_MD5_C',
error=r'MBEDTLS_MD5_C.* PSA_WANT_ALG_MD5 in psa/crypto_config\.h')
def test_define_MBEDTLS_BASE64_C_redundant(self) -> None:
"""Ok to redundantly set a subproject option."""
self.good_case(None,
'#define MBEDTLS_BASE64_C')
def test_define_MBEDTLS_BASE64_C_added(self) -> None:
"""Error when setting a subproject option that was disabled."""
self.bad_case('''
#undef MBEDTLS_BASE64_C
#undef MBEDTLS_PEM_PARSE_C
#undef MBEDTLS_PEM_WRITE_C
''',
'#define MBEDTLS_BASE64_C',
error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h')
@unittest.skip("Checks for #undef are not implemented yet.")
def test_define_MBEDTLS_BASE64_C_unset(self) -> None:
"""Error when unsetting a subproject option that was enabled."""
self.bad_case(None,
'#undef MBEDTLS_BASE64_C',
error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h')
if __name__ == '__main__': if __name__ == '__main__':
unittest.main() unittest.main()